Encryption ITfoxtec SAML 2.0加密断言

Encryption ITfoxtec SAML 2.0加密断言,encryption,saml-2.0,itfoxtec-identity-saml2,Encryption,Saml 2.0,Itfoxtec Identity Saml2,是否可以使用ITfoxtec Identity Saml2开源代码对断言响应进行加密?我什么也没找到 GitHub站点提到解密,但没有提到加密。似乎也没有任何关于加密的例子 感谢您的帮助。谢谢。很抱歉,目前不支持断言-响应加密 欢迎您在缺少的encryption funktionalitet上创建。 如果您实现了该功能,请共享代码。很抱歉,目前不支持断言-响应加密 欢迎您在缺少的encryption funktionalitet上创建。 如果您实现了该功能,请共享代码。在saml2postbin

是否可以使用ITfoxtec Identity Saml2开源代码对断言响应进行加密?我什么也没找到

GitHub站点提到解密,但没有提到加密。似乎也没有任何关于加密的例子


感谢您的帮助。谢谢。

很抱歉,目前不支持断言-响应加密

欢迎您在缺少的encryption funktionalitet上创建。
如果您实现了该功能,请共享代码。

很抱歉,目前不支持断言-响应加密

欢迎您在缺少的encryption funktionalitet上创建。
如果您实现了该功能,请共享代码。

在saml2postbinding类中,将BindInternal方法替换为以下代码

protected override Saml2PostBinding BindInternal(Saml2Request saml2RequestResponse, string messageName)
    {
        BindInternal(saml2RequestResponse);

        var element1 = XmlDocument.CreateElement("saml2", "EncryptedAssertion", "urn:oasis:names:tc:SAML:2.0:assertion");
        XmlDocument xmlDoc = new XmlDocument();
        var assertionElements = XmlDocument.DocumentElement.SelectNodes($"//*[local-name()='{Saml2Constants.Message.Assertion}']");
        var assertionElement = (assertionElements[0] as XmlElement).ToXmlDocument().DocumentElement;
        var certificate = ITfoxtec.Identity.Saml2.Util.CertificateUtil.Load(@"F:\IT-FoxTec-Core Copy\ITfoxtec.Identity.Saml2-master (1)\ITfoxtec.Identity.Saml2-master\test\TestIdPCore\itfoxtec.identity.saml2.testwebappcore_Certificate.crt");



        var wrappedAssertion = $@"<saml2:EncryptedAssertion xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"">{assertionElement.OuterXml}</saml2:EncryptedAssertion>";
        xmlDoc.LoadXml(wrappedAssertion);
        var elementToEncrypt = (XmlElement)xmlDoc.GetElementsByTagName("Assertion", Saml2Constants.AssertionNamespace.OriginalString)[0];
        element1.InnerXml = wrappedAssertion.ToXmlDocument().DocumentElement.SelectNodes($"//*[local-name()='{Saml2Constants.Message.Assertion}']")[0].OuterXml;
        var element2 = wrappedAssertion.ToXmlDocument().DocumentElement;
        var childNode = XmlDocument.GetElementsByTagName("Assertion", Saml2Constants.AssertionNamespace.OriginalString)[0];
        XmlDocument.DocumentElement.RemoveChild(childNode);
        var status = XmlDocument.DocumentElement[Saml2Constants.Message.Status, Saml2Constants.ProtocolNamespace.OriginalString];
        XmlDocument.DocumentElement.InsertAfter(element1, status);




        if (certificate == null) throw new ArgumentNullException(nameof(certificate));

        var encryptedData = new EncryptedData
        {
            Type = EncryptedXml.XmlEncElementUrl,
            EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url)
        };

        var algorithm = true ? EncryptedXml.XmlEncRSAOAEPUrl : EncryptedXml.XmlEncRSA15Url;
        var encryptedKey = new EncryptedKey
        {
            EncryptionMethod = new EncryptionMethod(algorithm),
        };

        var encryptedXml = new EncryptedXml();
        byte[] encryptedElement;
        using (var encryptionAlgorithm = new AesCryptoServiceProvider())
        {
            encryptionAlgorithm.KeySize = 256;

            encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(encryptionAlgorithm.Key, (RSA)certificate.PublicKey.Key, true));
            encryptedElement = encryptedXml.EncryptData(elementToEncrypt, encryptionAlgorithm, false);
        }
        encryptedData.CipherData.CipherValue = encryptedElement;



        encryptedData.KeyInfo = new KeyInfo();
        encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
        EncryptedXml.ReplaceElement((XmlElement)xmlDoc.GetElementsByTagName("Assertion", Saml2Constants.AssertionNamespace.OriginalString)[0], encryptedData, false);
        EncryptedXml.ReplaceElement((XmlElement)XmlDocument.GetElementsByTagName("Assertion", Saml2Constants.AssertionNamespace.OriginalString)[0], encryptedData, false);

        if ((!(saml2RequestResponse is Saml2AuthnRequest) || saml2RequestResponse.Config.SignAuthnRequest) && saml2RequestResponse.Config.SigningCertificate != null)
        {
            Cryptography.SignatureAlgorithm.ValidateAlgorithm(saml2RequestResponse.Config.SignatureAlgorithm);
            XmlDocument = XmlDocument.SignDocument(saml2RequestResponse.Config.SigningCertificate, saml2RequestResponse.Config.SignatureAlgorithm, CertificateIncludeOption, saml2RequestResponse.Id.Value);

        }
        PostContent = string.Concat(HtmlPostPage(saml2RequestResponse.Destination, messageName));
        return this;
    }

这里的证书是任何依赖方的公钥证书。

在saml2postbinding类中,用以下代码替换BindInternal方法

protected override Saml2PostBinding BindInternal(Saml2Request saml2RequestResponse, string messageName)
    {
        BindInternal(saml2RequestResponse);

        var element1 = XmlDocument.CreateElement("saml2", "EncryptedAssertion", "urn:oasis:names:tc:SAML:2.0:assertion");
        XmlDocument xmlDoc = new XmlDocument();
        var assertionElements = XmlDocument.DocumentElement.SelectNodes($"//*[local-name()='{Saml2Constants.Message.Assertion}']");
        var assertionElement = (assertionElements[0] as XmlElement).ToXmlDocument().DocumentElement;
        var certificate = ITfoxtec.Identity.Saml2.Util.CertificateUtil.Load(@"F:\IT-FoxTec-Core Copy\ITfoxtec.Identity.Saml2-master (1)\ITfoxtec.Identity.Saml2-master\test\TestIdPCore\itfoxtec.identity.saml2.testwebappcore_Certificate.crt");



        var wrappedAssertion = $@"<saml2:EncryptedAssertion xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"">{assertionElement.OuterXml}</saml2:EncryptedAssertion>";
        xmlDoc.LoadXml(wrappedAssertion);
        var elementToEncrypt = (XmlElement)xmlDoc.GetElementsByTagName("Assertion", Saml2Constants.AssertionNamespace.OriginalString)[0];
        element1.InnerXml = wrappedAssertion.ToXmlDocument().DocumentElement.SelectNodes($"//*[local-name()='{Saml2Constants.Message.Assertion}']")[0].OuterXml;
        var element2 = wrappedAssertion.ToXmlDocument().DocumentElement;
        var childNode = XmlDocument.GetElementsByTagName("Assertion", Saml2Constants.AssertionNamespace.OriginalString)[0];
        XmlDocument.DocumentElement.RemoveChild(childNode);
        var status = XmlDocument.DocumentElement[Saml2Constants.Message.Status, Saml2Constants.ProtocolNamespace.OriginalString];
        XmlDocument.DocumentElement.InsertAfter(element1, status);




        if (certificate == null) throw new ArgumentNullException(nameof(certificate));

        var encryptedData = new EncryptedData
        {
            Type = EncryptedXml.XmlEncElementUrl,
            EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url)
        };

        var algorithm = true ? EncryptedXml.XmlEncRSAOAEPUrl : EncryptedXml.XmlEncRSA15Url;
        var encryptedKey = new EncryptedKey
        {
            EncryptionMethod = new EncryptionMethod(algorithm),
        };

        var encryptedXml = new EncryptedXml();
        byte[] encryptedElement;
        using (var encryptionAlgorithm = new AesCryptoServiceProvider())
        {
            encryptionAlgorithm.KeySize = 256;

            encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(encryptionAlgorithm.Key, (RSA)certificate.PublicKey.Key, true));
            encryptedElement = encryptedXml.EncryptData(elementToEncrypt, encryptionAlgorithm, false);
        }
        encryptedData.CipherData.CipherValue = encryptedElement;



        encryptedData.KeyInfo = new KeyInfo();
        encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
        EncryptedXml.ReplaceElement((XmlElement)xmlDoc.GetElementsByTagName("Assertion", Saml2Constants.AssertionNamespace.OriginalString)[0], encryptedData, false);
        EncryptedXml.ReplaceElement((XmlElement)XmlDocument.GetElementsByTagName("Assertion", Saml2Constants.AssertionNamespace.OriginalString)[0], encryptedData, false);

        if ((!(saml2RequestResponse is Saml2AuthnRequest) || saml2RequestResponse.Config.SignAuthnRequest) && saml2RequestResponse.Config.SigningCertificate != null)
        {
            Cryptography.SignatureAlgorithm.ValidateAlgorithm(saml2RequestResponse.Config.SignatureAlgorithm);
            XmlDocument = XmlDocument.SignDocument(saml2RequestResponse.Config.SigningCertificate, saml2RequestResponse.Config.SignatureAlgorithm, CertificateIncludeOption, saml2RequestResponse.Id.Value);

        }
        PostContent = string.Concat(HtmlPostPage(saml2RequestResponse.Destination, messageName));
        return this;
    }

这里的证书是任何依赖方的公钥证书。

这太可惜了。谢谢你让我知道。真遗憾。谢谢你让我知道。