public void TestCertificateExtraction_01() { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(@"Saml20\Protocol\MetadataDocs\metadata-ADLER.xml"); Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc); List<KeyDescriptor> keys = metadata.Keys; Assert.That(keys[0].use == KeyTypes.signing); Assert.That(keys[1].use == KeyTypes.encryption); Assert.That(metadata.GetKeys(KeyTypes.signing).Count == 1); Assert.That(metadata.GetKeys(KeyTypes.encryption).Count == 1); // The two certs in the metadata document happen to be identical, and are also // used for signing the entire document. // Extract the certificate and verify the document. KeyInfo keyinfo = (KeyInfo) keys[0].KeyInfo; Assert.That(XmlSignatureUtils.CheckSignature(doc, keyinfo)); Assert.AreEqual("ADLER_SAML20_ID", metadata.EntityId); }
/// <summary> /// Checks the signature of a message received using the redirect binding using the keys found in the /// metadata of the federation partner that sent the request. /// </summary> protected static bool CheckRedirectSignature(HttpRedirectBindingParser parser, Saml20MetadataDocument metadata) { List<KeyDescriptor> keys = metadata.GetKeys(KeyTypes.signing); // Go through the list of signing keys (usually only one) and use it to verify the REDIRECT request. foreach (KeyDescriptor key in keys) { KeyInfo keyinfo = (KeyInfo)key.KeyInfo; foreach (KeyInfoClause keyInfoClause in keyinfo) { AsymmetricAlgorithm signatureKey = XmlSignatureUtils.ExtractKey(keyInfoClause); if (signatureKey != null && parser.CheckSignature(signatureKey)) return true; } } return false; }