We have a tool that is not in .net and it decrypts a SAML xml request, I 'm trying to replicate the behavior in .net, however, I'm not sure the correct way to do it, I see the X509 and cipher in the xml body, using that I need to decrypt it??
SAML XML Body
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://uat.com/" ID="_fee80033-e30f-4104-a149-a0387a751b50" IssueInstant="2022-11-04T06:12:39.266Z" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">TEST:SAML2.0:DEV</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#_fee80033-e30f-4104-a149-a0387a751b50">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>JQfbd3hmIoYA0GiKQnS/iWLOZMk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ZVlFqS+BHn5jPvyLgf3k0G6/p9l52jLTivNpJsfn9IaTqyVxo8R+PeH59yxeR58XoYybtjn2FXlv
tB66sJUIdwJRAAFQQxBVsG8eLmDF23rVAr1VXVVeisKhs/A4NlJ+1hirilxhXIeV8ig16hjiTylC
vnVAyGGWMAcBCUFlrL9X9I2dkRgiZTQvjtFBJ4QBM+5lSoy8nho8hOvwNL2Oj4LemQWIoAuc65rI
pZbaA0IXRT8x5iedFca7N/xJVCiaIZh5SobGRB8iIXh0kDdKNUNyyaxxvQCEFt+JDnGwSCKvgHDb
HImEqNmMgcMuSgE9P3zffFDr4Rw+6VKN5KuIYw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>certificatekey</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></samlp:StatusCode>
</samlp:Status>
<saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>certificatekey</X509Certificate>
</X509Data>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>cipherValue</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>cipherValue</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml:EncryptedAssertion>
</samlp:Response>
I'm not sure whether the below code is correct for me.
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
XmlDocument doc = new XmlDocument();
doc.Load("/Data/SAML.xml");
Decrypt(doc);
public static void Decrypt(XmlDocument Doc)
{
// Check the arguments.
if (Doc == null)
throw new ArgumentNullException("Doc");
// Create a new EncryptedXml object.
EncryptedXml exml = new EncryptedXml(Doc);
var cspParams = new CspParameters();
cspParams.KeyContainerName = "XML_ENC_RSA_KEY";
var rsaKey = new RSACryptoServiceProvider(cspParams);
// Decrypt the XML document.
exml.AddKeyNameMapping("rsaKey", rsaKey);
exml.DecryptDocument();
}
