Beispiel #1
0
        public void RemoteCertificateValidationRulesTest()
        {
            //ARRANGE
            var configuration = new CertificateValidationConfiguration
            {
                UsePinningValidation          = false,
                X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
            };
            var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
            var validator             = new BackchannelCertificateValidator(configurationProvider);

            var certificateStore = new X509Store("TestCertStore", StoreLocation.LocalMachine);
            var validationResult = false;

            //ACT
            try
            {
                certificateStore.Open(OpenFlags.ReadOnly);
                var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0];
                var x509Chain   = new X509Chain(true);
                x509Chain.Build(certificate);
                validationResult = validator.Validate(this, certificate, x509Chain, SslPolicyErrors.None);
            }
            finally
            {
                certificateStore.Close();
                certificateStore.Dispose();
            }
            //ASSERT
            Assert.True(validationResult);
        }
        public void SerialiseMetadataTest()
        {
            //ARRANGE
            var logger          = new LogProviderMock();
            var contextBuilder  = new InlineMetadataContextBuilder();
            var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
            var context         = contextBuilder.BuildContext(metadataRequest);

            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certificateValidator  = new CertificateValidator(configurationProvider, logger);
            var metadata = context.EntityDesriptorConfiguration;
            var spDescriptorConfigurtion = context.EntityDesriptorConfiguration.RoleDescriptors.First() as SPSSODescriptorConfiguration;
            var descriptorBuilder        = new ServiceProviderSingleSignOnDescriptorBuilder();

            var descriptor       = descriptorBuilder.BuildDescriptor(spDescriptorConfigurtion);
            var entityDescriptor = new EntityDescriptor(new EntityId("EntityIdTest"));

            entityDescriptor.RoleDescriptors.Add(descriptor);

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
            //ACT
            var sb = new StringBuilder();

            using (var xmlWriter = XmlWriter.Create(sb))
            {
                metadataSerialiser.Serialise(xmlWriter, entityDescriptor);
            }
            var xmlResult = sb.ToString();

            //ASSERT
            Assert.IsFalse(String.IsNullOrWhiteSpace(xmlResult));
        }
Beispiel #3
0
        public async Task WsFederationConfigurationRetrieverTest()
        {
            //ARRANGE
            var webRequestHandler = new WebRequestHandler();

            webRequestHandler.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback((_, __, ___, ____) => true);
            var httpClient            = new HttpClient(webRequestHandler);
            var documentRetrieer      = new HttpDocumentRetriever(() => httpClient);
            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certValidator         = new CertificateValidator(configurationProvider);
            var logger                 = new LogProviderMock();
            var serialiser             = new FederationMetadataSerialiser(certValidator, logger);
            var configurationRetriever = new WsFederationConfigurationRetriever(documentRetrieer, serialiser);



            //ACT
            //var baseMetadata = await WsFederationConfigurationRetriever.GetAsync("https://dg-mfb/idp/shibboleth", documentRetrieer, new CancellationToken());
            var context      = new FederationPartyConfiguration("local", "https://www.testshib.org/metadata/testshib-providers.xml");
            var baseMetadata = await configurationRetriever.GetAsync(context, new CancellationToken());

            var metadata = baseMetadata as EntitiesDescriptor;

            //ASSERT
            Assert.IsTrue(metadata != null);
            Assert.AreEqual(2, metadata.ChildEntities.Count);
        }
Beispiel #4
0
        public void SPMetadata_serialise_deserialise_Test()
        {
            ////ARRANGE
            var    logger         = new LogProviderMock();
            string metadataXml    = String.Empty;
            var    metadataWriter = new TestMetadatWriter(el => metadataXml = el.OuterXml);

            var contextBuilder  = new InlineMetadataContextBuilder();
            var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
            var metadataContext = contextBuilder.BuildContext(metadataRequest);
            var context         = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");

            context.MetadataContext = metadataContext;

            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certificateValidator  = new CertificateValidator(configurationProvider);
            var ssoCryptoProvider     = new CertificateManager(logger);

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);

            var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });

            var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);

            //ACT
            sPSSOMetadataProvider.CreateMetadata(metadataRequest);
            var xmlReader            = XmlReader.Create(new StringReader(metadataXml));
            var deserialisedMetadata = metadataSerialiser.ReadMetadata(xmlReader) as EntityDescriptor;

            //ASSERT
            Assert.IsFalse(String.IsNullOrWhiteSpace(metadataXml));
            Assert.AreEqual(1, deserialisedMetadata.RoleDescriptors.Count);
        }
Beispiel #5
0
        public async Task SPMetadataGenerationTest()
        {
            ////ARRANGE

            var result         = String.Empty;
            var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml);

            var logger          = new LogProviderMock();
            var contextBuilder  = new InlineMetadataContextBuilder();
            var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
            var metadataContext = contextBuilder.BuildContext(metadataRequest);
            var context         = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");

            context.MetadataContext = metadataContext;
            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certificateValidator  = new CertificateValidator(configurationProvider, logger);
            var ssoCryptoProvider     = new CertificateManager(logger);

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
            var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });

            var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);

            //ACT
            await sPSSOMetadataProvider.CreateMetadata(metadataRequest);

            //ASSERT
            Assert.IsFalse(String.IsNullOrWhiteSpace(result));
        }
Beispiel #6
0
        public void SPMetadata_serialise_deserialise_Test()
        {
            ////ARRANGE

            string metadataXml    = String.Empty;
            var    metadataWriter = new TestMetadatWriter(el => metadataXml = el.OuterXml);

            var contextBuilder = new InlineMetadataContextBuilder();
            var context        = contextBuilder.BuildContext();

            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certificateValidator  = new CertificateValidator(configurationProvider);
            var ssoCryptoProvider     = new CertificateManager();

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator);

            var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataWriter, ssoCryptoProvider, metadataSerialiser, g => context);

            //ACT
            sPSSOMetadataProvider.CreateMetadata(MetadataType.SP);
            var xmlReader            = XmlReader.Create(new StringReader(metadataXml));
            var deserialisedMetadata = metadataSerialiser.ReadMetadata(xmlReader) as EntityDescriptor;

            //ASSERT
            Assert.IsFalse(String.IsNullOrWhiteSpace(metadataXml));
            Assert.AreEqual(1, deserialisedMetadata.RoleDescriptors.Count);
        }
Beispiel #7
0
        public void SPMetadataGenerationTest()
        {
            ////ARRANGE

            var result         = String.Empty;
            var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml);
            //var metadataWriter = new TestMetadatWriter(el =>
            //{
            //    using (var writer = XmlWriter.Create(@"D:\Dan\Software\Apira\SPMetadata\SPMetadata.xml"))
            //    {
            //        el.WriteTo(writer);
            //        writer.Flush();
            //    }

            //});


            var contextBuilder = new InlineMetadataContextBuilder();
            var context        = contextBuilder.BuildContext();

            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certificateValidator  = new CertificateValidator(configurationProvider);
            var ssoCryptoProvider     = new CertificateManager();

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator);

            var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataWriter, ssoCryptoProvider, metadataSerialiser, g => context);

            //ACT
            sPSSOMetadataProvider.CreateMetadata(MetadataType.SP);
            //ASSERT
            Assert.IsFalse(String.IsNullOrWhiteSpace(result));
        }
Beispiel #8
0
        public void RemoteCertificateValidationCallbackTest()
        {
            //ARRANGE
            var configurationProvider = new CertificateValidationConfigurationProvider();
            var validator             = new CertificateValidator(configurationProvider);

            //ACT

            //ASSERT
            Assert.Throws <NotImplementedException>(() => validator.Validate(null, null, null, System.Net.Security.SslPolicyErrors.None));
        }
Beispiel #9
0
        public void MetadataSerialisationCertificateTest()
        {
            //ARRANGE
            var configurationProvider = new CertificateValidationConfigurationProvider();
            var validator             = new CertificateValidator(configurationProvider);

            //ACT

            //ASSERT
            Assert.Throws <NotImplementedException>(() => validator.Validate((X509Certificate2)null));
        }
        public void SPMetadataGenerationTest_sql_source()
        {
            ////ARRANGE

            var result         = false;
            var metadataWriter = new TestMetadatWriter(el =>
            {
                result = true;
            });

            var cacheProvider            = new CacheProviderMock();
            var customConfiguration      = new DbCustomConfiguration();
            var connectionStringProvider = new MetadataConnectionStringProviderMock();
            var models = ReflectionHelper.GetAllTypes(new[] { typeof(MetadataContextBuilder).Assembly })
                         .Where(t => !t.IsAbstract && !t.IsInterface && typeof(BaseModel).IsAssignableFrom(t));

            customConfiguration.ModelsFactory = () => models;

            var seeders = ReflectionHelper.GetAllTypes(new[] { typeof(MetadataContextBuilder).Assembly })
                          .Where(t => !t.IsAbstract && !t.IsInterface && typeof(ISeeder).IsAssignableFrom(t))
                          .Select(x => (ISeeder)Activator.CreateInstance(x));

            seeders
            .OrderBy(x => x.SeedingOrder)
            .Aggregate(customConfiguration.Seeders, (c, next) => { c.Add(next); return(c); });

            object dbcontext = new DBContext(connectionStringProvider, customConfiguration);

            var metadataContextBuilder = new MetadataContextBuilder((IDbContext)dbcontext, cacheProvider);
            var metadataRequest        = new MetadataGenerateRequest(MetadataType.SP, "local");
            var metadatContext         = metadataContextBuilder.BuildContext(metadataRequest);
            var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost")
            {
                MetadataContext = metadatContext
            };
            var logger = new LogProviderMock();

            var configurationProvider = new CertificateValidationConfigurationProvider((IDbContext)dbcontext, cacheProvider);
            var certificateValidator  = new CertificateValidator(configurationProvider, logger);
            var ssoCryptoProvider     = new CertificateManager(logger);

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
            var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });

            var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);

            //ACT
            sPSSOMetadataProvider.CreateMetadata(metadataRequest).Wait();
            //ASSERT
            Assert.IsTrue(result);
        }
Beispiel #11
0
        public void RemoteCertificateValidationCallbackTest()
        {
            //ARRANGE
            var configuration = new CertificateValidationConfiguration
            {
                UsePinningValidation          = false,
                X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
            };
            var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
            var validator             = new BackchannelCertificateValidator(configurationProvider);

            //ACT

            //ASSERT
            Assert.Throws <NotImplementedException>(() => validator.Validate(null, null, null, System.Net.Security.SslPolicyErrors.None));
        }
Beispiel #12
0
        public void SPMetadataGeneration_create_file()
        {
            ////ARRANGE

            var result         = false;
            var path           = @"D:\Dan\Software\Apira\SPMetadata\SPMetadataTest.xml";
            var metadataWriter = new TestMetadatWriter(el =>
            {
                if (File.Exists(path))
                {
                    File.Delete(path);
                }

                using (var writer = XmlWriter.Create(path))
                {
                    el.WriteTo(writer);
                    writer.Flush();
                }
                result = true;
            });

            var logger                = new LogProviderMock();
            var contextBuilder        = new InlineMetadataContextBuilder();
            var metadataRequest       = new MetadataGenerateRequest(MetadataType.SP, "local");
            var metadatContext        = contextBuilder.BuildContext(metadataRequest);
            var context               = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certificateValidator  = new CertificateValidator(configurationProvider);
            var ssoCryptoProvider     = new CertificateManager(logger);

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
            var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });

            var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);

            //ACT
            sPSSOMetadataProvider.CreateMetadata(metadataRequest);
            //ASSERT
            Assert.IsTrue(result);
        }
Beispiel #13
0
        public void SPMetadataGeneration_create_file()
        {
            ////ARRANGE

            var result         = false;
            var path           = @"D:\Dan\Software\Apira\SPMetadata\SPMetadataTest.xml";
            var metadataWriter = new TestMetadatWriter(el =>
            {
                if (File.Exists(path))
                {
                    File.Delete(path);
                }

                using (var writer = XmlWriter.Create(path))
                {
                    el.WriteTo(writer);
                    writer.Flush();
                }
                result = true;
            });


            var contextBuilder = new InlineMetadataContextBuilder();
            var context        = contextBuilder.BuildContext();

            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certificateValidator  = new CertificateValidator(configurationProvider);
            var ssoCryptoProvider     = new CertificateManager();

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator);

            var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataWriter, ssoCryptoProvider, metadataSerialiser, g => context);

            //ACT
            sPSSOMetadataProvider.CreateMetadata(MetadataType.SP);
            //ASSERT
            Assert.IsTrue(result);
        }
        public async Task WsFederationConfigurationRetrieverTest()
        {
            //ARRANGE
            var logger = new LogProviderMock();
            var bckChannelcertValidator = new CertificateValidatorMock();

            var documentRetrieer      = new HttpDocumentRetrieverMock(bckChannelcertValidator);
            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certValidator         = new CertificateValidator(configurationProvider, logger);

            var serialiser             = new FederationMetadataSerialiser(certValidator, logger);
            var configurationRetriever = new WsFederationConfigurationRetriever(_ => documentRetrieer, serialiser);

            //ACT
            var context      = new FederationPartyConfiguration("local", "https://localhost");
            var baseMetadata = await configurationRetriever.GetAsync(context, new CancellationToken());

            var metadata = baseMetadata as EntityDescriptor;

            //ASSERT
            Assert.IsTrue(metadata != null);
            Assert.AreEqual(1, metadata.RoleDescriptors.Count);
        }
Beispiel #15
0
        public void SPMetadataGenerationTest()
        {
            ////ARRANGE

            var result         = String.Empty;
            var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml);
            //var metadataWriter = new TestMetadatWriter(el =>
            //{
            //    using (var writer = XmlWriter.Create(@"D:\Dan\Software\Apira\SPMetadata\SPMetadata.xml"))
            //    {
            //        el.WriteTo(writer);
            //        writer.Flush();
            //    }

            //});

            var logger          = new LogProviderMock();
            var contextBuilder  = new InlineMetadataContextBuilder();
            var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
            var metadataContext = contextBuilder.BuildContext(metadataRequest);
            var context         = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");

            context.MetadataContext = metadataContext;
            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certificateValidator  = new CertificateValidator(configurationProvider);
            var ssoCryptoProvider     = new CertificateManager(logger);

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
            var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });

            var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);

            //ACT
            sPSSOMetadataProvider.CreateMetadata(metadataRequest);
            //ASSERT
            Assert.IsFalse(String.IsNullOrWhiteSpace(result));
        }
Beispiel #16
0
        public void MetadataSerialisationCertificateTest_failed()
        {
            //ARRANGE
            var store = new X509Store("TestCertStore");

            try
            {
                store.Open(OpenFlags.ReadOnly);
                var certificate   = store.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0];
                var configuration = new CertificateValidationConfiguration
                {
                    UsePinningValidation          = false,
                    X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
                };

                var rule1           = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
                var rule2           = typeof(CertificateValidationRuleFailedMock).AssemblyQualifiedName;
                var ruleDescriptor  = new ValidationRuleDescriptor(rule1);
                var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
                configuration.ValidationRules.Add(ruleDescriptor);
                configuration.ValidationRules.Add(ruleDescriptor2);

                configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1));
                var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);

                var validator = new CertificateValidator(configurationProvider);
                //ACT

                //ASSERT
                Assert.Throws <InvalidOperationException>(() => validator.Validate(certificate));
            }
            finally
            {
                store.Close();
                store.Dispose();
            }
        }
        public void MetadataSerialisationCertificateTest_success()
        {
            //ARRANGE
            var logger = new LogProviderMock();
            var store  = new X509Store("TestCertStore");

            try
            {
                store.Open(OpenFlags.ReadOnly);
                var certificate   = store.Certificates.Find(X509FindType.FindBySubjectName, "www.eca-international.com", false)[0];
                var configuration = new CertificateValidationConfiguration
                {
                    X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
                };

                var rule1           = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
                var rule2           = typeof(CertificateValidationRuleMock).AssemblyQualifiedName;
                var ruleDescriptor  = new ValidationRuleDescriptor(rule1);
                var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
                configuration.ValidationRules.Add(ruleDescriptor);
                configuration.ValidationRules.Add(ruleDescriptor2);

                configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1));
                var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);

                var validator = new CertificateValidator(configurationProvider, logger);
                //ACT
                validator.Validate(certificate);
                //ASSERT
            }
            finally
            {
                store.Close();
                store.Dispose();
            }
        }
        public async Task IdPMetadata_serialise_deserialise_Test()
        {
            ////ARRANGE
            var    logger         = new LogProviderMock();
            string metadataXml    = String.Empty;
            var    metadataWriter = new TestMetadatWriter(el => metadataXml = el.OuterXml);

            CertificateValidationRulesFactory.InstanceCreator = ValidationRuleInstanceCreatorMock.CreateInstance;
            var contextBuilder  = new InlineMetadataContextBuilder();
            var metadataRequest = new MetadataGenerateRequest(MetadataType.Idp, "local");
            var metadataContext = contextBuilder.BuildContext(metadataRequest);
            var context         = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");

            context.MetadataContext = metadataContext;

            var configurationProvider = new CertificateValidationConfigurationProvider();
            var certificateValidator  = new CertificateValidator(configurationProvider, logger);
            var ssoCryptoProvider     = new CertificateManager(logger);

            var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);

            var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });

            var idPSSOMetadataProvider = new IdpSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);

            //ACT
            await idPSSOMetadataProvider.CreateMetadata(metadataRequest);

            var xmlReader            = XmlReader.Create(new StringReader(metadataXml));
            var deserialisedMetadata = metadataSerialiser.Deserialise(xmlReader) as EntityDescriptor;

            //ASSERT
            Assert.IsFalse(String.IsNullOrWhiteSpace(metadataXml));
            Assert.AreEqual(1, deserialisedMetadata.RoleDescriptors.Count);
            Assert.IsInstanceOf <IdentityProviderSingleSignOnDescriptor>(deserialisedMetadata.RoleDescriptors.Single());
        }