【问题标题】:How to Decrypt EncryptedAssertion using System.Cryptography如何使用 System.Cryptography 解密 EncryptedAssertion
【发布时间】:2017-03-23 16:28:01
【问题描述】:

身份提供者正在使用组件 pro 的功能对 Saml 断言进行加密

Dim encryptedSamlAssertion As New EncryptedAssertion(samlAssertion, encryptingCert, New System.Security.Cryptography.Xml.EncryptionMethod(SamlKeyAlgorithm.Aes256Cbc))

在服务提供商处,我正在尝试解密断言。但我不能使用组件专业版。我必须使用 System.Security.Cryptography

  • X509Certificate用于加解密
  • Aes256Cbc 是加密算法

请帮助我提供更多信息,了解如何使用 X509Certificate 和 Aes256Cbc 算法实现 SamlAssertions 解密

【问题讨论】:

    标签: c# .net saml-2.0 x509certificate2 aescryptoserviceprovider


    【解决方案1】:
    private class Saml2SSOSecurityTokenResolver : SecurityTokenResolver
    {
        List<SecurityToken> _tokens;
    
        public Saml2SSOSecurityTokenResolver(List<SecurityToken> tokens)
        {
            _tokens = tokens;
        }
        protected override bool TryResolveSecurityKeyCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, out System.IdentityModel.Tokens.SecurityKey key)
        {
            var token = _tokens[0] as X509SecurityToken;
    
            var myCert = token.Certificate;
    
            key = null;
    
            var ekec = keyIdentifierClause as EncryptedKeyIdentifierClause;
    
            if (ekec != null)
            {
                if (ekec.EncryptionMethod == "http://www.w3.org/2001/04/xmlenc#rsa-1_5")
                {
                    var encKey = ekec.GetEncryptedKey();
                    var rsa = myCert.PrivateKey as RSACryptoServiceProvider;
                    var decKey = rsa.Decrypt(encKey, false);
                    key = new InMemorySymmetricSecurityKey(decKey);
                    return true;
                }
    
                var data = ekec.GetEncryptedKey();
                var id = ekec.EncryptingKeyIdentifier;
            }
    
            return true;
        }
    
        protected override bool TryResolveTokenCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, out System.IdentityModel.Tokens.SecurityToken token)
        {
            throw new NotImplementedException();
        }
    
        protected override bool TryResolveTokenCore(System.IdentityModel.Tokens.SecurityKeyIdentifier keyIdentifier, out System.IdentityModel.Tokens.SecurityToken token)
        {
            throw new NotImplementedException();
        }
    }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2011-03-07
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2015-06-12
      • 2012-06-10
      • 1970-01-01
      相关资源
      最近更新 更多