/// <summary> /// Encrypts the Assertion in the assertion property and creates an <code>EncryptedAssertion</code> element /// that can be retrieved using the <code>GetXml</code> method. /// </summary> public void Encrypt() { if (TransportKey == null) { throw new InvalidOperationException("The \"TransportKey\" property is required to encrypt the assertion."); } if (Assertion == null) { throw new InvalidOperationException("The \"Assertion\" property is required for this operation."); } var encryptedData = new EncryptedData { Type = EncryptedXml.XmlEncElementUrl, EncryptionMethod = new EncryptionMethod(_sessionKeyAlgorithm) }; // Encrypt the assertion and add it to the encryptedData instance. var encryptedXml = new EncryptedXml(); var encryptedElement = encryptedXml.EncryptData(Assertion.DocumentElement, SessionKey, false); encryptedData.CipherData.CipherValue = encryptedElement; // Add an encrypted version of the key used. encryptedData.KeyInfo = new KeyInfo(); var encryptedKey = new EncryptedKey { EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url), CipherData = new CipherData(EncryptedXml.EncryptKey(SessionKey.Key, TransportKey, false)) }; encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); // Create an empty EncryptedAssertion to hook into. var encryptedAssertion = new EncryptedAssertion { EncryptedData = new Schema.XEnc.EncryptedData() }; var result = new XmlDocument(); result.LoadXml(Serialization.SerializeToXmlString(encryptedAssertion)); var encryptedDataElement = GetElement(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc, result.DocumentElement); EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false); _encryptedAssertion = result; }
/// <summary> /// Generates an encrypted assertion and writes it to disk. /// </summary> public static void GenerateEncryptedAssertion() { var assertion = AssertionUtil.GetTestAssertion(); // Create an EncryptedData instance to hold the results of the encryption.o var encryptedData = new EncryptedData { Type = EncryptedXml.XmlEncElementUrl, EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url) }; // Create a symmetric key. var aes = new RijndaelManaged { KeySize = 256 }; aes.GenerateKey(); // Encrypt the assertion and add it to the encryptedData instance. var encryptedXml = new EncryptedXml(); var encryptedElement = encryptedXml.EncryptData(assertion.DocumentElement, aes, false); encryptedData.CipherData.CipherValue = encryptedElement; // Add an encrypted version of the key used. encryptedData.KeyInfo = new KeyInfo(); var encryptedKey = new EncryptedKey(); // Use this certificate to encrypt the key. var cert = new X509Certificate2(@"Certificates\sts_dev_certificate.pfx", "test1234"); var publicKeyRsa = cert.PublicKey.Key as RSA; Assert.IsNotNull(publicKeyRsa, "Public key of certificate was not an RSA key. Modify test."); encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(aes.Key, publicKeyRsa, false)); encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); // Create the resulting Xml-document to hook into. var encryptedAssertion = new EncryptedAssertion { EncryptedData = new Schema.XEnc.EncryptedData(), EncryptedKey = new Schema.XEnc.EncryptedKey[1] }; encryptedAssertion.EncryptedKey[0] = new Schema.XEnc.EncryptedKey(); var result = Serialization.Serialize(encryptedAssertion); var encryptedDataElement = GetElement(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc, result); EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false); // At this point, result can be output to text }