<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:

1. <?xml version="1.0" encoding="UTF-8"?>
2. <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://cct.bananaqa.net/SignIn/SamlAcs" ID="_584d6720576184d6a6f7c396f850b019" InResponseTo="Banana_7a26613a-b24e-461c-af39-b5ea8e11be89" IssueInstant="2016-04-13T18:10:00.709Z" Version="2.0">
3. <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://scb1.cct.edu/idp/shibboleth</saml2:Issuer>
4. <saml2p:Status>
5. <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></saml2p:Status>
6. <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
7. <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_4cd6916c8c1adc98c371a202c6c50f4f" Type="http://www.w3.org/2001/04/xmlenc#Element">
8. <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" />
9. <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
10. <xenc:EncryptedKey Id="_aa1cb5932dd3ed1a5d968e09f41c79e8" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
11. <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
12. <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
13. </xenc:EncryptionMethod>
14. <ds:KeyInfo>
15. <ds:X509Data>
16. <ds:X509Certificate>MIIFODCCBCCgAwIBAgIJAOqAYZiaSD9SMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2.......BgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wMwYDVR0RBCwwKoIUKi5hd2FyZHNwcmluZy1xYS5uZXSCEmF3YXJkc3ByaW5nLXFhLm5ldDAdBgNVHQ4EFgQUADqtjmhLN8HW6DDSOJ5PE2UVNKgwDQY.......Eh6G+GMByWVvSi80WXqnzV2oGTthFx3a2hyT3ndcr9RL17GE7wT5nw=</ds:X509Certificate>
17. </ds:X509Data>
18. </ds:KeyInfo>
19. <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
20. <xenc:CipherValue>......w8QEZG0qI/asmzbIDcP4ahkfeKQ96pUDg7xTtcPhKseRlOxUW7alwe2PHVYP9O0bWWxz/4Ih6kvl2cVPDql6QRpJAimmdY...==</xenc:CipherValue>
21. </xenc:CipherData>
22. </xenc:EncryptedKey>
23. </ds:KeyInfo>
24. <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
25. <xenc:CipherValue>.........SEGgqL4Kxr/Ddon78edBK4tSLUyLS12bmYHKQQRCauL9kuIskAQJdx8dMEW0dKC+r+n445Gc5k2fGuvIReIKRU4SgUloWhqme29SYC3La5t1k9QvGFuh7qc1/KrH/UAdtA47NfnxE4ZXdjTmAAwxrf41ARHFCEb5it9F8zvv21vfkACExYVQFY8Kgcww2augZldehH/Ycx4IdDVgGQmLz46HGrHfFM3y9Yy1GET1jELQ/R/HLc35KbFdzHa8fxKB4/boS+Yp2e6Sme62FCVJkSljP1XOGhfX/K+p6X67YR9Atyqova4UqNP+8Fv8qAlPM5kQC75WqKI2LtpjvngTG5MjqCUphZM/wKFKWFjH8D5YatK31xIcG9hqdxpDcq3Eh84tRPWKG+WF2Rl3kmjCy1XvyTPhcAqGna/BRtqcrtFrDY4GyOAJTtj.......</xenc:CipherValue>
26. </xenc:CipherData>
27. </xenc:EncryptedData>
28. </saml2:EncryptedAssertion>
29. </saml2p:Response>
30.  
31. using System;
32. using System.IO;
33. using System.Linq;
34. using System.Security.Cryptography;
35. using System.Security.Cryptography.X509Certificates;
36. using System.Security.Cryptography.Xml;
37. using System.Text;
38. using System.Xml;
39.  
40. namespace Service.SSO
41. {
42. public class Saml2DecryptResponse
43. {
44. private XmlNamespaceManager _nsManager;
45. private XmlDocument _xmlDoc;
46.  
47. public Saml2DecryptResponse(XmlDocument xmlDocument)
48. {
49. _xmlDoc = xmlDocument;
50.  
51. _nsManager = new XmlNamespaceManager(_xmlDoc.NameTable);
52. _nsManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
53. _nsManager.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
54. _nsManager.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
55. _nsManager.AddNamespace("xenc", "http://www.w3.org/2001/04/xmlenc#");
56. }
57.  
58. public XmlNode GetDecryptedAssertion(X509Certificate2 myCert)
59. {
60. RSACryptoServiceProvider privateCsp = (RSACryptoServiceProvider)myCert.PrivateKey;
61.  
62. // load the xmlDoc
63. EncryptedXml encXml = new EncryptedXml(_xmlDoc);
64. XmlElement encryptedDataElement = _xmlDoc.GetElementsByTagName("xenc:EncryptedData")[0] as XmlElement;
65. EncryptedData encryptedData = new EncryptedData();
66. encryptedData.LoadXml(encryptedDataElement);
67.  
68. //get your cipher data from the encrypted assertion key info
69. byte[] cipherBytes = GetKeyCipherValue();
70.  
71. // use the RSACryptoServiceProvider to decrypt it
72. var symKey = privateCsp.Decrypt(cipherBytes, true);
73.  
74. // get the assertion data
75. byte[] dataCipherBytes = GetEncryptedAssertionData();
76.  
77. // and the encryption method
78. string encMethod = GetEncryptionMethod();
79.  
80. // build your symmetric algorythm, used to decrypt your assertion data
81. SymmetricAlgorithm symAlg = null;
82. symAlg = GetAlgorithm(encMethod);
83. symAlg.IV = encXml.GetDecryptionIV(encryptedData, encMethod);
84.  
85. // decrypt the assertion data
86. byte[] decryptedAssertionData = DecryptBytes(symAlg, dataCipherBytes, symKey, symAlg.IV);
87. string rawText = Encoding.UTF8.GetString(decryptedAssertionData);
88.  
89. // clean up the unencrypted text
90. int samlStart = rawText.IndexOf("<saml:Assertion");
91. int samlEnd = rawText.IndexOf("</saml:Assertion>") + 17 - samlStart;
92. string cleanText = rawText.Substring(samlStart, samlEnd);
93.  
94. // turn it into an xml element and return it
95. XmlDocumentFragment fragment = _xmlDoc.CreateDocumentFragment();
96. fragment.InnerXml = cleanText;
97. return fragment;
98. }
99.  
100. public static byte[] DecryptBytes(SymmetricAlgorithm algorithm, byte[] encryptedData, byte[] keyBytes, byte[] iv)
101. {
102. byte[] plainTextBytes;
103.  
104. int decryptedBytesCount;
105.  
106. using (var decryptor = algorithm.CreateDecryptor(keyBytes, iv))
107. {
108. using (var memoryStream = new MemoryStream(encryptedData))
109. {
110. using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
111. {
112. plainTextBytes = new byte[encryptedData.Length];
113. decryptedBytesCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
114.  
115. memoryStream.Close();
116. cryptoStream.Close();
117. }
118. }
119. }
120.  
121. return plainTextBytes;
122. }
123.  
124. public byte[] GetKeyCipherValue()
125. {
126. var node = GetNode("//xenc:EncryptedKey//xenc:CipherData//xenc:CipherValue");
127. return Convert.FromBase64String(node.InnerText);
128. }
129.  
130. public byte[] GetEncryptedAssertionData()
131. {
132. var node = GetNode("//xenc:EncryptedData//xenc:CipherData//xenc:CipherValue");
133. return Convert.FromBase64String(node.InnerText);
134. }
135.  
136. public string GetEncryptionMethod()
137. {
138. XmlNode node = GetNode("//xenc:EncryptionMethod");
139. return node.Attributes["Algorithm"].Value.Trim();
140. }
141.  
142. public XmlNode GetNode(string xpath)
143. {
144. return _xmlDoc.SelectSingleNode(xpath, _nsManager);
145. }
146.  
147. private static SymmetricAlgorithm GetAlgorithm(string symAlgUri)
148. {
149. SymmetricAlgorithm symAlg = null;
150.  
151. switch (symAlgUri)
152. {
153. case EncryptedXml.XmlEncAES128Url:
154. case EncryptedXml.XmlEncAES128KeyWrapUrl:
155. symAlg = SymmetricAlgorithm.Create("Rijndael");
156. symAlg.KeySize = 128;
157. symAlg.Padding = PaddingMode.None;
158. break;
159. case EncryptedXml.XmlEncAES192Url:
160. case EncryptedXml.XmlEncAES192KeyWrapUrl:
161. symAlg = SymmetricAlgorithm.Create("Rijndael");
162. symAlg.KeySize = 192;
163. break;
164. case EncryptedXml.XmlEncAES256Url:
165. case EncryptedXml.XmlEncAES256KeyWrapUrl:
166. symAlg = SymmetricAlgorithm.Create("Rijndael");
167. symAlg.KeySize = 256;
168. break;
169. case EncryptedXml.XmlEncDESUrl:
170. symAlg = SymmetricAlgorithm.Create("DES");
171. break;
172. case EncryptedXml.XmlEncTripleDESUrl:
173. case EncryptedXml.XmlEncTripleDESKeyWrapUrl:
174. symAlg = SymmetricAlgorithm.Create("TripleDES");
175. break;
176. default:
177. throw new ArgumentException("symAlgUri");
178. }
179.  
180. return symAlg;
181. }
182. }
183. }