[Ignore] // TODO: test data needs fixing public void TestSigning_03() { // Load an unsigned assertion. Saml20Assertion assertion = new Saml20Assertion(AssertionUtil.GetTestAssertion_01().DocumentElement, null, false); // Check that the assertion is not considered valid in any way. try { assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer)); Assert.Fail("Unsigned assertion was passed off as valid."); } catch { //Added to make resharper happy Assert.That(true); } X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); Assert.That(cert.HasPrivateKey, "Certificate no longer contains a private key. Modify test."); assertion.Sign(cert); // Check that the signature is now valid assertion.CheckValid(new AsymmetricAlgorithm[] { cert.PublicKey.Key }); WriteToFile(@"\signedassertion.xml", assertion.GetXml()); }
/// <summary> /// Decrypts an assertion we received from "fælles-offentlige brugerstyring". /// </summary> private static void DecryptFOBSAssertion(string file) { string assertionBase64 = File.ReadAllText(file); byte[] assertionBytes = Convert.FromBase64String(assertionBase64); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(new MemoryStream(assertionBytes)); XmlNodeList encryptedList = doc.GetElementsByTagName(EncryptedAssertion.ELEMENT_NAME, Saml20Constants.ASSERTION); Assert.That(encryptedList.Count == 1); // Do some mock configuration. FederationConfig config = FederationConfig.GetConfig(); config.AllowedAudienceUris.Audiences.Add("https://saml.safewhere.net"); SAML20FederationConfig descr = SAML20FederationConfig.GetConfig(); descr.Endpoints.MetadataLocation = @"Saml20\Protocol\MetadataDocs\FOBS"; // Set it manually. Assert.That(Directory.Exists(descr.Endpoints.MetadataLocation)); X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\SafewhereTest_SFS.pfx", "test1234"); Saml20EncryptedAssertion encass = new Saml20EncryptedAssertion((RSA)cert.PrivateKey); encass.LoadXml((XmlElement)encryptedList[0]); encass.Decrypt(); // Retrieve metadata Saml20Assertion assertion = new Saml20Assertion(encass.Assertion.DocumentElement, null, false); IDPEndPoint endp = descr.FindEndPoint(assertion.Issuer); Assert.IsNotNull(endp, "Endpoint not found"); Assert.IsNotNull(endp.metadata, "Metadata not found"); try { assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer)); Assert.Fail("Verification should fail. Token does not include its signing key."); } catch (InvalidOperationException) {} Assert.IsNull(assertion.SigningKey, "Signing key is already present on assertion. Modify test."); IEnumerable <string> validationFailures; Assert.That(assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endp.metadata.GetKeys(KeyTypes.signing), endp, out validationFailures))); Assert.IsNotNull(assertion.SigningKey, "Signing key was not set on assertion instance."); }
public void DecryptPingAssertion() { // Load the assertion XmlDocument doc = new XmlDocument(); doc.Load(File.OpenRead(@"c:\tmp\pingassertion.txt")); XmlElement xe = GetElement(EncryptedAssertion.ELEMENT_NAME, Saml20Constants.ASSERTION, doc); XmlDocument doc2 = new XmlDocument(); doc2.AppendChild(doc2.ImportNode(xe, true)); X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, "CN=SafewhereTest_SFS, O=Safewhere, C=DK", true); Assert.That(coll.Count == 1); X509Certificate2 cert = coll[0]; Saml20EncryptedAssertion encass = new Saml20EncryptedAssertion((RSA)cert.PrivateKey, doc2); encass.Decrypt(); XmlTextWriter writer = new XmlTextWriter(Console.Out); writer.Formatting = Formatting.Indented; writer.Indentation = 3; writer.IndentChar = ' '; encass.Assertion.WriteTo(writer); writer.Flush(); Saml20Assertion assertion = new Saml20Assertion(encass.Assertion.DocumentElement, AssertionUtil.GetTrustedSigners(encass.Assertion.Attributes["Issuer"].Value), false); Assert.That(encass.Assertion != null); Console.WriteLine(); foreach (SamlAttribute attribute in assertion.Attributes) { Console.WriteLine(attribute.Name + " : " + attribute.AttributeValue[0]); } }
/// <summary> /// Loads an assertion and tries to deserialize it using the <code>Assertion</code> class. /// </summary> public static Saml20Assertion DeserializeToken(string assertionFile) { FileStream fs = File.OpenRead(assertionFile); XmlDocument document = new XmlDocument(); document.PreserveWhitespace = true; document.Load(fs); fs.Close(); XmlNodeList nodes = document.DocumentElement.GetElementsByTagName("Issuer", Saml20Constants.ASSERTION); Saml20Assertion assertion = new Saml20Assertion(document.DocumentElement, AssertionUtil.GetTrustedSigners(nodes[0].Value), false); return(assertion); }