public void Decrypt(XmlDocument document, X509Certificate2 encryptionCert) { var assertion = document.FindChild(EncryptedAssertion); if (assertion == null) return; // Not encrypted, shame on them. var data = document.EncryptedChild("EncryptedData"); var keyElement = assertion.EncryptedChild("EncryptedKey"); var encryptedData = new EncryptedData(); encryptedData.LoadXml(data); var encryptedKey = new EncryptedKey(); encryptedKey.LoadXml(keyElement); var encryptedXml = new EncryptedXml(document); // Get encryption secret key used by decrypting with the encryption certificate's private key var secretKey = GetSecretKey(encryptedKey, encryptionCert.PrivateKey); // Seed the decryption algorithm with secret key and then decrypt var algorithm = GetSymmetricBlockEncryptionAlgorithm(encryptedData.EncryptionMethod.KeyAlgorithm); algorithm.Key = secretKey; var decryptedBytes = encryptedXml.DecryptData(encryptedData, algorithm); // Put decrypted xml elements back into the document in place of the encrypted data encryptedXml.ReplaceData(assertion, decryptedBytes); }
public AuthenticationStatement(XmlDocument document) { var element = document.FindChild(AuthnStatement); if (element == null) return; Instant = element.ReadAttribute<DateTimeOffset>(AuthnInstant); SessionIndex = element.ReadAttribute<string>(SessionIndexAtt); SessionNotOnOrAfter = element.ReadAttribute<DateTimeOffset>(SessionNotOnOrAfterAtt); var context = element.FindChild(AuthnContext, AssertionXsd); DeclarationReference = context.ReadChildText<Uri>(AuthnContextDeclRef); ClassReference = context.ReadChildText<Uri>(AuthnContextClassRef); }
public void ApplySignature(SamlResponse response, X509Certificate2 certificate, XmlDocument document) { var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(certificate)); var signedXml = new SignedXml(document) { SigningKey = certificate.PrivateKey, KeyInfo = keyInfo }; var reference = new Reference(AssertionIdPrefix + response.Id); reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); signedXml.AddReference(reference); signedXml.ComputeSignature(); var xml = signedXml.GetXml(); document.FindChild(AssertionElem).AppendChild(xml); }
public void Encrypt(XmlDocument document, X509Certificate2 certificate) { var element = document.FindChild(AssertionElem); var encryptedXml = new EncryptedXml {Encoding = Encoding.UTF8}; // TODO -- make this pluggable with settings? //Create the Symmetric Key for encrypting var key = new RijndaelManaged { KeySize = 128, Mode = CipherMode.CBC, Padding = PaddingMode.None }; var encryptedData = ToEncryptedData(encryptedXml, element, key); var encryptedKey = ToEncryptedKey(certificate, key); var wrapper = document.CreateElement(EncryptedAssertion, AssertionXsd); wrapper.AppendChild(document.ImportNode(encryptedData.GetXml(), true)); wrapper.AppendChild(document.ImportNode(encryptedKey.GetXml(), true)); element.ParentNode.ReplaceChild(wrapper, element); }