internal static void BuildContacts(RoleDescriptor roleDescriptor, RoleDescriptorConfiguration roleDescriptorConfiguration)
        {
            if (roleDescriptor == null)
            {
                throw new ArgumentNullException("roleDescriptor");
            }
            if (roleDescriptorConfiguration == null)
            {
                throw new ArgumentNullException("roleDescriptorConfiguration");
            }

            var contacts = roleDescriptorConfiguration.Organisation.OrganisationContacts.PersonContact;

            contacts.Aggregate(roleDescriptor.Contacts, (c, next) =>
            {
                ContactType contactType;
                if (!Enum.TryParse <ContactType>(next.ContactType.ToString(), out contactType))
                {
                    throw new InvalidCastException(String.Format("No corespondenting value for Contact type: {0}.", next.ContactType));
                }
                var cp = new ContactPerson(contactType)
                {
                    Surname   = next.SurName,
                    GivenName = next.ForeName,
                };
                next.Emails.Aggregate(cp.EmailAddresses, (p, nextEmail) => { p.Add(nextEmail); return(p); });
                next.PhoneNumbers.Aggregate(cp.TelephoneNumbers, (p, nextNumber) => { p.Add(nextNumber); return(p); });
                c.Add(cp);
                return(c);
            });
        }
        protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
        {
            if (configuration.KeyDescriptors == null)
            {
                throw new ArgumentNullException("keyDescriptors");
            }

            foreach (var key in configuration.KeyDescriptors)
            {
                var certConfiguration = new X509StoreCertificateConfiguration(key.CertificateContext);
                var certificate       = certConfiguration.GetX509Certificate2();

                var     keyDescriptor = new KeyDescriptor();
                KeyType keyType;
                if (!Enum.TryParse <KeyType>(key.Use.ToString(), out keyType))
                {
                    throw new InvalidCastException(String.Format("Parsing to type{0} failed. Value having been tried:{1}", typeof(KeyType), key.Use));
                }

                keyDescriptor.Use = keyType;

                keyDescriptor.KeyInfo = new SecurityKeyIdentifier(new X509RawDataKeyIdentifierClause(certificate));

                descriptor.Keys.Add(keyDescriptor);
            }
        }
        internal static void BuildOrganisation(RoleDescriptor roleDescriptor, RoleDescriptorConfiguration roleDescriptorConfiguration)
        {
            if (roleDescriptor == null)
            {
                throw new ArgumentNullException("roleDescriptor");
            }
            if (roleDescriptorConfiguration == null)
            {
                throw new ArgumentNullException("roleDescriptorConfiguration");
            }

            var organisationConfigration = roleDescriptorConfiguration.Organisation;

            if (organisationConfigration == null)
            {
                return;
            }
            roleDescriptor.Organization = new Organization();
            organisationConfigration.Names.Aggregate(roleDescriptor.Organization, (o, next) =>
            {
                o.Names.Add(new LocalizedName(next.Name, next.Language));
                o.DisplayNames.Add(new LocalizedName(next.DisplayName, next.Language));
                return(o);
            });
            organisationConfigration.Urls.Aggregate(roleDescriptor.Organization, (o, next) =>
            {
                o.Urls.Add(new LocalizedUri(next.Url, next.Language));
                return(o);
            });
        }
Beispiel #4
0
        public string Authenticate(string username, string password, UserRoles role)
        {
            string token = null;

            if (_authRepo.AuthenticateUser(username, password, role))
            {
                var tokenHandler    = new JwtSecurityTokenHandler();
                var tokenKey        = Encoding.ASCII.GetBytes(_signingKey);
                var tokenDescriptor = new SecurityTokenDescriptor
                {
                    Subject = new ClaimsIdentity(new Claim[]
                    {
                        new Claim(ClaimTypes.Name, username),
                        new Claim(ClaimTypes.Role, RoleDescriptor.Describe(role))
                    }),
                    SigningCredentials = new SigningCredentials(
                        new SymmetricSecurityKey(tokenKey),
                        SecurityAlgorithms.HmacSha256Signature),
                    IssuedAt = DateTime.UtcNow,
                    Expires  = DateTime.UtcNow.AddMinutes(90)
                };
                token = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor));
            }
            return(token);
        }
Beispiel #5
0
 protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
 {
     if (configuration.Organisation == null)
     {
         throw new ArgumentNullException("organisation");
     }
     SSODescriptorBuilderHelper.BuildOrganisation(descriptor, configuration);
 }
Beispiel #6
0
 protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
 {
     if (configuration.Organisation == null)
     {
         return;
     }
     SSODescriptorBuilderHelper.BuildOrganisation(descriptor, configuration);
 }
Beispiel #7
0
        private static IEnumerable <string> GetSigningKeyThumbprint(RoleDescriptor ssod)
        {
            var x509DataClauses = ssod.Keys.Where(key => key.KeyInfo != null && key.Use == KeyType.Signing)
                                  .Select(key => key.KeyInfo.OfType <X509RawDataKeyIdentifierClause>().First());
            var tokens = new List <X509SecurityToken>();

            tokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData()))));
            Logger.Info($"Get signing keys: {tokens.Count}");
            return(tokens.Select(x => x.Certificate.Thumbprint.ToLowerInvariant()));
        }
        private TRole BuildAll(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
        {
            var builders = MemberBuilderFactory.GetBuilders();

            builders.Aggregate(descriptor, (d, next) =>
            {
                next.Build(descriptor, configuration);
                return(descriptor);
            });
            return((TRole)descriptor);
        }
        protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
        {
            if (configuration.ProtocolSupported == null)
            {
                throw new ArgumentNullException("protocolSupported");
            }

            configuration.ProtocolSupported.Aggregate(descriptor.ProtocolsSupported, (t, next) =>
            {
                t.Add(next);
                return(t);
            });
        }
        public virtual void Build(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
        {
            if (descriptor == null)
            {
                throw new ArgumentNullException("descriptor");
            }
            if (configuration == null)
            {
                throw new ArgumentNullException("configuration");
            }

            this.BuildInternal(descriptor, configuration);
        }
Beispiel #11
0
        protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
        {
            if (configuration.Organisation == null)
            {
                return;
            }
            Organization organisation;

            if (SSODescriptorBuilderHelper.TryBuildOrganisation(configuration.Organisation, out organisation))
            {
                descriptor.Organization = organisation;
            }
        }
        public void ShouldReadCorrectRoleType(Type descriptorType)
        {
            var typeName = $"{descriptorType.Name.Replace("Descriptor", string.Empty)}Type";
            var xml      = @$ "
<RoleDescriptor 
  xmlns=" "urn:oasis:names:tc:SAML:2.0:metadata" "
  xmlns:fed=" "http://docs.oasis-open.org/wsfed/federation/200706" "
  xmlns:xsi=" "http://www.w3.org/2001/XMLSchema-instance" "
  xsi:type=" "fed:{typeName}" "
>
</RoleDescriptor>";

            var metadata = _serializer.ReadRoleDescriptor(xml);

            Assert.IsType(descriptorType, metadata);
        }
Beispiel #13
0
        public static XmlElement ToXml(this RoleDescriptor descriptor, XmlDocument xmlDocument)
        {
            //ServiceProviderSingleSignOnDescriptor
            XmlElement element1 = xmlDocument.CreateElement("md", Saml2MetadataConstants.Elements.SpssoDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata");

            //this.ToXml(element1);
            //element1.SetAttribute("AuthnRequestsSigned", this.authnRequestsSigned ? "true" : "false");
            //element1.SetAttribute("WantAssertionsSigned", this.wantAssertionsSigned ? "true" : "false");
            //foreach (IndexedEndpointType assertionConsumerService in (IEnumerable<IndexedEndpointType>)this.assertionConsumerServices)
            //{
            //    XmlElement element2 = element1.OwnerDocument.CreateElement("md", "AssertionConsumerService", "urn:oasis:names:tc:SAML:2.0:metadata");
            //    assertionConsumerService.ToXml(element2);
            //    element1.AppendChild((XmlNode)element2);
            //}
            //foreach (AttributeConsumingService consumingService in (IEnumerable<AttributeConsumingService>)this.attributeConsumingServices)
            //    element1.AppendChild((XmlNode)consumingService.ToXml(xmlDocument));
            return(element1);
        }
        protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
        {
            var sSODescriptorConfiguration = configuration as SSODescriptorConfiguration;

            if (sSODescriptorConfiguration == null)
            {
                throw new InvalidOperationException(String.Format("Configuration type expected: {0}.", typeof(SSODescriptorConfiguration).Name));
            }

            if (sSODescriptorConfiguration.NameIdentifierFormats == null)
            {
                throw new ArgumentNullException("singleLogoutServices");
            }
            sSODescriptorConfiguration.NameIdentifierFormats.Aggregate(descriptor, (d, next) =>
            {
                ((SingleSignOnDescriptor)d).NameIdentifierFormats.Add(next);
                return(d);
            });
        }
        protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
        {
            var sSODescriptorConfiguration = configuration as SSODescriptorConfiguration;

            if (sSODescriptorConfiguration == null)
            {
                throw new InvalidOperationException(String.Format("Configuration type expected: {0}.", typeof(SSODescriptorConfiguration).Name));
            }
            if (sSODescriptorConfiguration.ArtifactResolutionServices == null)
            {
                throw new ArgumentNullException("crtifactResolutionServices");
            }

            sSODescriptorConfiguration.ArtifactResolutionServices.Aggregate(descriptor, (d, next) =>
            {
                ((SingleSignOnDescriptor)d).ArtifactResolutionServices.Add(next.Index, new IndexedProtocolEndpoint(next.Index, next.Binding, next.Location));
                return(d);
            });
        }
        protected override bool TryReadRoleDescriptor(XmlDictionaryReader reader, out RoleDescriptor role)
        {
            if (!reader.IsStartElement(Saml2MetadataConstants.Elements.RoleDescriptor, Saml2MetadataConstants.Namespace))
            {
                return(Out.False(out role));
            }

            var d = null as RoleDescriptor;

            if (reader.TryReadFederationEndpointType(out var type))
            {
                if (type == FederationEndpointType.ApplicationService)
                {
                    d = new ApplicationServiceDescriptor();
                }
                if (type == FederationEndpointType.AttributeService)
                {
                    d = new AttributeServiceDescriptor();
                }
                if (type == FederationEndpointType.PseudonymService)
                {
                    d = new PseudonymServiceDescriptor();
                }
                if (type == FederationEndpointType.SecurityTokenService)
                {
                    d = new SecurityTokenServiceDescriptor();
                }
            }
            if (d == null)
            {
                d = new RoleDescriptor();
            }
            ReadRoleDescriptorAttributes(reader, d);

            reader.ForEachChild(r => TryReadRoleDescriptorChild(r, d), out var signature);
            d.Signature = signature;

            role = d;
            return(true);
        }
Beispiel #17
0
        /// <summary>
        /// Extract KeyDescriptors from the metadata document represented by this instance.
        /// </summary>
        private void ExtractKeyDescriptors()
        {
            if (_keys != null)
            {
                return;
            }

            if (_entity != null)
            {
                _keys = new List <KeyDescriptor>();
                foreach (object item in _entity.Items)
                {
                    if (item is RoleDescriptor)
                    {
                        RoleDescriptor rd = (RoleDescriptor)item;
                        foreach (KeyDescriptor keyDescriptor in rd.KeyDescriptor)
                        {
                            _keys.Add(keyDescriptor);
                        }
                    }
                }
            }
        }
        protected override void ReadRoleDescriptorAttributes(XmlDictionaryReader reader, RoleDescriptor role)
        {
            if (role is AttributeServiceDescriptor attributeServiceDescriptor)
            {
                ReadAttributeServiceDescriptorAttributes(reader, attributeServiceDescriptor);
            }

            if (role is ApplicationServiceDescriptor applicationServiceDescriptor)
            {
                ReadApplicationServiceDescriptorAttributes(reader, applicationServiceDescriptor);
            }

            if (role is PseudonymServiceDescriptor pseudonymServiceDescriptor)
            {
                ReadPseudonymServiceDescriptorAttributes(reader, pseudonymServiceDescriptor);
            }

            if (role is SecurityTokenServiceDescriptor securityTokenServiceDescriptor)
            {
                ReadSecurityTokenServiceDescriptorAttributes(reader, securityTokenServiceDescriptor);
            }

            base.ReadRoleDescriptorAttributes(reader, role);
        }
 protected abstract void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration);
        protected override bool TryReadRoleDescriptorChild(XmlDictionaryReader reader, RoleDescriptor role)
        {
            if (base.TryReadRoleDescriptorChild(reader, role))
            {
                return(true);
            }

            if (role is AttributeServiceDescriptor attributeServiceDescriptor)
            {
                return(TryReadAttributeServiceDescriptorChild(reader, attributeServiceDescriptor));
            }

            if (role is ApplicationServiceDescriptor applicationServiceDescriptor)
            {
                return(TryReadApplicationServiceDescriptorChild(reader, applicationServiceDescriptor));
            }

            if (role is PseudonymServiceDescriptor pseudonymServiceDescriptor)
            {
                return(TryReadPseudonymServiceDescriptorChild(reader, pseudonymServiceDescriptor));
            }

            if (role is SecurityTokenServiceDescriptor securityTokenServiceDescriptor)
            {
                return(TryReadSecurityTokenServiceDescriptorChild(reader, securityTokenServiceDescriptor));
            }

            return(false);
        }
        protected override void WriteRoleDescriptorChildren(XmlDictionaryWriter writer, RoleDescriptor role)
        {
            base.WriteRoleDescriptorChildren(writer, role);
            if (role is ApplicationServiceDescriptor applicationServiceDescriptor)
            {
                WriteApplicationServiceDescriptorChildren(writer, applicationServiceDescriptor);
            }

            if (role is AttributeServiceDescriptor attributeServiceDescriptor)
            {
                WriteAttributeServiceDescriptorChildren(writer, attributeServiceDescriptor);
            }

            if (role is PseudonymServiceDescriptor pseudonymServiceDescriptor)
            {
                WritePseudonymServiceDescriptorChildren(writer, pseudonymServiceDescriptor);
            }

            if (role is SecurityTokenServiceDescriptor securityTokenServiceDescriptor)
            {
                WriteSecurityTokenServiceDescriptorChildren(writer, securityTokenServiceDescriptor);
            }
        }
Beispiel #22
0
 protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
 {
     descriptor.ErrorUrl   = configuration.ErrorUrl;
     descriptor.ValidUntil = configuration.ValidUntil.DateTime;
 }
 public string WriteRoleDescriptor(RoleDescriptor roleDescriptor)
 => WriteElement(writer => WriteRoleDescriptor(writer, roleDescriptor));