现在我完全不知道如何从我的证书生成 Keyinfo 并进入 SAML Schema 类。我的互联网搜索几乎没有结果。我没有使用任何第 3 方组件,也无法使用。我需要使用可用的加密 .net 类在直接的 c# 中进行此操作,也不需要 WIF。我正在尝试将具有断言加密的 SSO 身份提供者的工作代码库调整为支持断言加密的代码库。谁能指出我一些解释如何去做的资源?
我需要生成 SAML2 令牌的以下部分:
<saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
MIIEyzCCBDSgAwIBAgIQJw04cdtYORKGDtzhzZj1gjANBgkqhkiG9w0BAQUFADCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0wODA2MDQwMDAwMDBaFw0xMTA2MDQyMzU5NTlaMIHPMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcUB0NoaWNhZ28xEzARBgNVBAoUCkJTV0lGVCBMTEMxNTAzBgNVBAsULElUVGVybXMgb2YgdXNlIGF0IHd3dy52ZXJpc2lnbi5jb20vcnBhIChjKTAwMTMwMQYDVQQLFCpUZXJtcyBvZiB1c2UgYXQgd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDUxGjAYBgNVBAMUEXNlY3VyZS5ic3dpZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+/7/2effMEkqUPQHlrrGJfYnkhucEu+hTjK0P9FEavfM/y57mDXVaN7Qn1BjnfUwC9sDlI4qOdwKDx02zsy9CEJBmvFjXvkivGZPirrdGpITD5sPQHNOkANHfVW5sL0QPNyEBrWt9cex1udeEaqZDALLImRYxx9CGvhWqaNWmrQIDAQABo4IBuTCCAbUwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9TVlJJbnRsLWNybC52ZXJpc2lnbi5jb20vU1ZSSW50bC5jcmwwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEGCisGAQQBgjcKAwMwcQYIKwYBBQUHAQEEZTBjMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9TVlJJbnRsLWFpYS52ZXJpc2lnbi5jb20vU1ZSSW50bC1haWEuY2VyMG4GCCsGAQUFBwEMBGIwYKFeoFwwWjBYMFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruSiWBgy70FI4mymsSweLIQUYMCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xLmdpZjANBgkqhkiG9w0BAQUFAAOBgQBh7xTf+MBRNcgKIuJjz6tuyHp9KfhoYFidXNrbb1Tdso41iMLOkrd6gdONd4wjA2DCDzn6OFharKkEUdVYilINW+I57MvYIZaxwUskfivaOUEPdU/5gBmTlxJVQqQr2UM1zi70DpWmAR46zFfwqAxrMoqFjkP+Z2iWGyYipM8Weg==
</X509Certificate>
</X509Data>
</KeyInfo>
<CipherData>
<CipherValue>
PVKYYTNGIjuYQCCTyS4LriEyIq1njqotkyJvmoO+WvQSc34plBcfUvGS/zDoKj329528gwctTikXxsCPXJJvISdFdew/t+qIVISnob5TzxSjmhlWJVHOzhx2UAbfqxvVkpCPIJr2uskYzRdeHez77g1UZe82BTGGG9S2SXZI9fM=
</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>
QQeOIBWvGnI7dYR2o2TMGdh6NfG3V26Y2USKNuj5j3z5woUTu8wYR77ddSMlQjZ+fL6dB3Ozr6RzPYOevkX67uXWAlGVOOcz0OH48RajJBfGRZNHWHQfjF4liLsLZ9yOj2rMiXsEBZzVjkpxBQ5kb3/a3Mfi6xQb8/kQnrBpDyaidP2VVW1AmplqV9aYyWgM+CBTXndkFY1xS52YqmWIP5AYT04Hl5m/e3SmY0/QmUWBV+di75VFP3yv+iWtAqjZoxEtmiGXdzZLqDbbVUgbvzZjLl2oEfXDh/7gEslb3aB0wx5iK7n4vCeSSZYJxrndbNPIpqRXL+1bgAdrHdiTVrDYfsrK3GRp3nEjqxRFrAald/GyrU1RH2q3q4qOvwLpHAE1oD0SekErDM8With5tZ3a3IUhaUu6gVIp2nCWRVC3PzdRGpld6ZRJ03h8QFGqPuabbbFWPJJf233N0yuueB52s5gw3RPiUYKEQVoqkh0ZkXUUDmvXdr6cE4z2ztCX5W4rplJ3j8qowScilmKGveU6HIM+1KBKD9Xgw2ph1YQ4CTLKGEl1VNmvjGIjvLBmr6oj453BCnJZ/IFVhCScdDn+4yYG9SKenzuarv+//ZnoUkybOQDNvzyFiV3/pT1xIPXN6MQWLqZVO3OmoTdGdhFcKHbUxRwVd4GJeri64h0fCsC8Po4HG+FtbaJtoJRmGEfaNqnv7S8lapxLjAINon6XO6uyFsdEGaLpc5zx0oVrY/rNrZGerVXb2y91dp89A/y3Z/pdlXCDRr5aa4UYQ4BELHHzTqNa9LowStBKiIQBs954X/b0E2W1miy7u2gdS44pfzlReh6xKH5FJV1gqqEWAlyFoXcNlFcpAzQ5cp3u3sS4k5HmScvs0U1TkrX0ldW3uNe2gKbJZzRiiSkoN1uVzSBlOcjU5fBf4fL+P/JdZir3zbg7jK4PcwdBFUm7wATf/n+PBv9xkAUtatDNdnpy83Us8oDjTlyuClt28osFM/WU+NWko+6+ggYx/nTPAENYL454CTemg8vpmtizOzZGtC+SWMU+hWTExCtcDIDjb/vdbQ/8NMn87Esic0P0AtnMBnt50z1xeZxy3Nbgs7py+EwI//CjXjmjVD1LYawXDiIxpuTjaHf05AxoolBdHYkA41tK2uh9CN7G4DmdWdqVA46kiOZLHwpzCk1OV+bGn6xiLsp9lYU7lCKU8Lj56VtKvNoetJUbDxsPOnJLbYYnqm2feqVhSMVl7wUSMIbMdWg0nxI8EhDLfVAVirPLOL1yl8Kp749Cr9peDkrUGN0tWLwnU1Eg4mBZ9Iyj9be32KSXVjoqJzdzaD6W+oycJC68gnE/+67AKsKiJXaB6stywfND+QXeuDDO2FveGaKfaAfY+d5HFLWcjh0ojSL8MQzOr92fX51tQhviw+xXWCme1SPFc1p9K8A9WrcHo/MCY9J48Cx4pm/uc1nKnl50bQMCOLs9ttgD+jRaaNpBMBsBh2M4/pmp6LSUdULif4UeBajvI1Zu/czFyhx/7rnMQzC9++du/w8b7CDm1a2q54VPOHBbOHPBtEwk05ovdwrV1pVAVNuNk7QcIq5mK0UQXVLuCNVqNRLwr76Bjp9988UewzQXVUSM8DPkAQW3ZufKi0fnsnJ6JL6jw8ey3vrqZ/fVAq06So/nh1dXWg/cfZzN0VLbwEM2RlFl3s3rnVkNuuCYFgKJ+5o6Lm68eeIE1aeiJpTd4W3I1tBgkG1nAhmrMOGJVho/6QXboxWcHCd+pApNwlmeiNmtzp8mqJBn03rT6mo8svqY2ph0fOEq83d5mxVFze1hd9DigOlZH5kILnC09XI/epZry3c4VX9/r8Pz1KoQXOfd1OVyWvXRuwfgVF7xj2MeP2EyL9j2Y65o6Ip5Ps1GzV51gnO97PCN6P+pB9iMiy9RNlFf32F1ycZ2EZ78BQGPfpA91QzTRO/hsL9BsF66LIWPaMUSGKdN9sxzY3V8HxxE6SH8wDq+1c5kpfHdWQBVjQqWruTKbAbc0sO7rkZvfW3bILst7F6Uqn4nHZ9g23KtyXzEDWZkXQW3U2CXEpytUEfEn9X2xToIJZVbcr6V0bxABw7GspghilkmXrKyKqjJ9lUQZq1kN5Za/tVdFh2WQMeztqwTibi9DZyZHh/h43ILC/Kv7RTlQ18TUi0kQS8Ll1Rx1yQ9atpk3XRSTQZBMc77nkzOkApIgRh+gHyBeUG3tDdKyHId
</CipherValue>
</CipherData>
</EncryptedData>
</saml:EncryptedAssertion>
到目前为止,我已经达到了这一点:
EncryptedElementType encryptedAssertion = new EncryptedElementType();
EncryptedDataType encryptedData = new EncryptedDataType();
encryptedData.Type = "http://www.w3.org/2001/04/xmlenc#Element";
EncryptionMethodType encryptionMethod = new EncryptionMethodType();
encryptionMethod.Algorithm = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
KeyInfoType keyInfoRoot = new KeyInfoType();
EncryptedKeyType encryptedKey = new EncryptedKeyType();
X509Certificate2 encryptingCert = null;
if (findValueSigning.ToString() == findValueEncryption.ToString()) encryptingCert = signingCert;
else encryptingCert = GetCertBySerialNumber(storeLocation, storeName, findType, findValueEncryption);
KeyInfo keyInfo = new KeyInfo();
KeyInfoX509Data keyData = new KeyInfoX509Data(encryptingCert);
keyInfo.AddClause(keyData);
//keyInfoRoot.Items = object[] { encryptedKey };
encryptedData.EncryptionMethod = encryptionMethod;
encryptedData.KeyInfo = keyInfoRoot;
encryptedAssertion.EncryptedData = encryptedData;
response.Items = new EncryptedElementType[] { encryptedAssertion };