public void ShouldRoundTripEncryptedTokenToXmlWriterUsingCertificates() { var handler = new Saml2EncryptedSecurityTokenHandler(); var signingCertificate = _fixture.GenerateCertificate(); var decryptionCertificate = _fixture.GenerateCertificate(); var verificationCertificate = new X509Certificate2(signingCertificate.Export(X509ContentType.Cert)); var encryptionCertificate = new X509Certificate2(decryptionCertificate.Export(X509ContentType.Cert)); var descriptor = _fixture.CreateDescriptor(signingKey: new X509SecurityKey(signingCertificate), encryptionKey: new X509SecurityKey(encryptionCertificate)); var token = handler.CreateToken(descriptor); using (var stream = new MemoryStream()) { using (var writer = XmlWriter.Create(stream, new XmlWriterSettings { CloseOutput = false })) handler.WriteToken(writer, token); stream.Position = 0; using (var reader = XmlReader.Create(stream)) { var parameters = _fixture.CreateTokenValidationParameters(signatureVerificationKey: new X509SecurityKey(verificationCertificate), decryptionKey: new X509SecurityKey(decryptionCertificate), validateLifetime: true); var user = handler.ValidateToken(reader, parameters, out var validatedToken); Assert.NotNull(user); Assert.NotNull(validatedToken); } } }
public void ShouldWriteEncryptedToken() { var handler = new Saml2EncryptedSecurityTokenHandler(); var descriptor = _fixture.CreateDescriptor(); var token = handler.CreateToken(descriptor); var value = handler.WriteToken(token); Assert.NotNull(value); Assert.StartsWith("<saml:EncryptedAssertion", value); }
public void ShouldCreateEncryptedTokenWithoutNameId() { var handler = new Saml2EncryptedSecurityTokenHandler(); var descriptor = _fixture.CreateDescriptor(nameIdentifier: null); var token = handler.CreateToken(descriptor); Assert.NotNull(token); Assert.IsType <Saml2EncryptedSecurityToken>(token); var encrypted = token as Saml2EncryptedSecurityToken; Assert.NotNull(encrypted.Assertion); Assert.NotNull(encrypted.EncryptingCredentials); Assert.Null(encrypted.EncryptedData); }
public void ShouldValidateEncryptedToken() { var handler = new Saml2EncryptedSecurityTokenHandler(); using var signatureVerificationCertificate = new X509Certificate2(Convert.FromBase64String(_signatureVerificationCertificateBase64)); using var decryptionCertificate = new X509Certificate2(Convert.FromBase64String(_decryptionCertificateBase64)); var parameters = _fixture.CreateTokenValidationParameters(decryptionKey: new X509SecurityKey(decryptionCertificate), signatureVerificationKey: new X509SecurityKey(signatureVerificationCertificate)); var user = handler.ValidateToken(_encryptedAssertion, parameters, out var token); Assert.NotNull(token); Assert.IsType <Saml2EncryptedSecurityToken>(token); var encrypted = token as Saml2EncryptedSecurityToken; Assert.NotNull(encrypted.Assertion); Assert.Null(encrypted.EncryptingCredentials); Assert.NotNull(encrypted.EncryptedData); }
public void ShouldWriteEncryptedTokenToXmlWriter() { var handler = new Saml2EncryptedSecurityTokenHandler(); var descriptor = _fixture.CreateDescriptor(); var token = handler.CreateToken(descriptor); using (var stream = new MemoryStream()) { using (var writer = XmlWriter.Create(stream, new XmlWriterSettings { CloseOutput = false })) handler.WriteToken(writer, token); stream.Position = 0; using (var reader = XmlReader.Create(stream)) { reader.MoveToContent(); Assert.True(reader.IsStartElement("EncryptedAssertion", Saml2Constants.Namespace)); Assert.False(reader.IsEmptyElement); } } }
public void ShouldRoundTripEncryptedTokenToXmlWriter() { var handler = new Saml2EncryptedSecurityTokenHandler(); var descriptor = _fixture.CreateDescriptor(); var token = handler.CreateToken(descriptor); using (var stream = new MemoryStream()) { using (var writer = XmlWriter.Create(stream, new XmlWriterSettings { CloseOutput = false })) handler.WriteToken(writer, token); stream.Position = 0; using (var reader = XmlReader.Create(stream)) { var parameters = _fixture.CreateTokenValidationParameters(validateLifetime: true); var user = handler.ValidateToken(reader, parameters, out var validatedToken); Assert.NotNull(user); Assert.NotNull(validatedToken); } } }
public void ShouldBeAbleToReadEncryptedToken() { var handler = new Saml2EncryptedSecurityTokenHandler(); Assert.True(handler.CanReadToken(_encryptedAssertion)); }