public void ShouldRoundTripEncryptedTokenToXmlWriterUsingCertificates()
{
var handler = new Saml2EncryptedSecurityTokenHandler();
var signingCertificate = _fixture.GenerateCertificate();
var decryptionCertificate = _fixture.GenerateCertificate();
var verificationCertificate = new X509Certificate2(signingCertificate.Export(X509ContentType.Cert));
var encryptionCertificate = new X509Certificate2(decryptionCertificate.Export(X509ContentType.Cert));
var descriptor = _fixture.CreateDescriptor(signingKey: new X509SecurityKey(signingCertificate), encryptionKey: new X509SecurityKey(encryptionCertificate));
var token = handler.CreateToken(descriptor);
using (var stream = new MemoryStream())
{
using (var writer = XmlWriter.Create(stream, new XmlWriterSettings {
CloseOutput = false
}))
handler.WriteToken(writer, token);
stream.Position = 0;
using (var reader = XmlReader.Create(stream))
{
var parameters = _fixture.CreateTokenValidationParameters(signatureVerificationKey: new X509SecurityKey(verificationCertificate), decryptionKey: new X509SecurityKey(decryptionCertificate), validateLifetime: true);
var user = handler.ValidateToken(reader, parameters, out var validatedToken);
Assert.NotNull(user);
Assert.NotNull(validatedToken);
}
}
}
public void ShouldWriteEncryptedToken()
{
var handler = new Saml2EncryptedSecurityTokenHandler();
var descriptor = _fixture.CreateDescriptor();
var token = handler.CreateToken(descriptor);
var value = handler.WriteToken(token);
Assert.NotNull(value);
Assert.StartsWith("<saml:EncryptedAssertion", value);
}
public void ShouldCreateEncryptedTokenWithoutNameId()
{
var handler = new Saml2EncryptedSecurityTokenHandler();
var descriptor = _fixture.CreateDescriptor(nameIdentifier: null);
var token = handler.CreateToken(descriptor);
Assert.NotNull(token);
Assert.IsType <Saml2EncryptedSecurityToken>(token);
var encrypted = token as Saml2EncryptedSecurityToken;
Assert.NotNull(encrypted.Assertion);
Assert.NotNull(encrypted.EncryptingCredentials);
Assert.Null(encrypted.EncryptedData);
}
public void ShouldValidateEncryptedToken()
{
var handler = new Saml2EncryptedSecurityTokenHandler();
using var signatureVerificationCertificate = new X509Certificate2(Convert.FromBase64String(_signatureVerificationCertificateBase64));
using var decryptionCertificate = new X509Certificate2(Convert.FromBase64String(_decryptionCertificateBase64));
var parameters = _fixture.CreateTokenValidationParameters(decryptionKey: new X509SecurityKey(decryptionCertificate), signatureVerificationKey: new X509SecurityKey(signatureVerificationCertificate));
var user = handler.ValidateToken(_encryptedAssertion, parameters, out var token);
Assert.NotNull(token);
Assert.IsType <Saml2EncryptedSecurityToken>(token);
var encrypted = token as Saml2EncryptedSecurityToken;
Assert.NotNull(encrypted.Assertion);
Assert.Null(encrypted.EncryptingCredentials);
Assert.NotNull(encrypted.EncryptedData);
}
public void ShouldWriteEncryptedTokenToXmlWriter()
{
var handler = new Saml2EncryptedSecurityTokenHandler();
var descriptor = _fixture.CreateDescriptor();
var token = handler.CreateToken(descriptor);
using (var stream = new MemoryStream())
{
using (var writer = XmlWriter.Create(stream, new XmlWriterSettings {
CloseOutput = false
}))
handler.WriteToken(writer, token);
stream.Position = 0;
using (var reader = XmlReader.Create(stream))
{
reader.MoveToContent();
Assert.True(reader.IsStartElement("EncryptedAssertion", Saml2Constants.Namespace));
Assert.False(reader.IsEmptyElement);
}
}
}
public void ShouldRoundTripEncryptedTokenToXmlWriter()
{
var handler = new Saml2EncryptedSecurityTokenHandler();
var descriptor = _fixture.CreateDescriptor();
var token = handler.CreateToken(descriptor);
using (var stream = new MemoryStream())
{
using (var writer = XmlWriter.Create(stream, new XmlWriterSettings {
CloseOutput = false
}))
handler.WriteToken(writer, token);
stream.Position = 0;
using (var reader = XmlReader.Create(stream))
{
var parameters = _fixture.CreateTokenValidationParameters(validateLifetime: true);
var user = handler.ValidateToken(reader, parameters, out var validatedToken);
Assert.NotNull(user);
Assert.NotNull(validatedToken);
}
}
}
public void ShouldBeAbleToReadEncryptedToken()
{
var handler = new Saml2EncryptedSecurityTokenHandler();
Assert.True(handler.CanReadToken(_encryptedAssertion));
}
