public async Task ParseTokenResponse_post_binding_sp_initiated()
{
//ARRANGE
var inResponseTo = Guid.NewGuid().ToString();
var response = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo, StatusCodes.Success);
var logger = new LogProviderMock();
var serialised = ResponseFactoryMock.Serialize(response);
var xmlSignatureManager = new XmlSignatureManager();
var document = new XmlDocument();
document.LoadXml(serialised);
var cert = AssertionFactroryMock.GetMockCertificate();
xmlSignatureManager.SignXml(document, response.ID, cert.PrivateKey, null);
var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(document.DocumentElement.OuterXml));
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayState = await relayStateSerialiser.Serialize(new Dictionary <string, object> {
{ "Key", "Value" }
});
var form = new SAMLForm();
form.SetResponse(base64Encoded);
form.SetRelatState(relayState);
Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler();
var certManager = new CertificateManager(logger);
var signatureManager = new XmlSignatureManager();
Func <IEnumerable <ResponseValidationRule> > rulesResolver = () => new[] { new ResponseSignatureRule(logger, certManager, signatureManager) };
var validator = new Federation.Protocols.Response.Validation.ResponseValidator(logger, new RuleFactory(rulesResolver));
var configurationRetrieverMock = new ConfigurationRetrieverMock();
var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock();
var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock);
var relayStateHandler = new RelayStateHandler(relayStateSerialiser, logger);
var responseParser = new ResponseParser(metadataHandlerFactory, t => new SamlTokenResponseParser(logger),
configurationManger, relayStateHandler, logger, validator);
var postBindingDecoder = new PostBindingDecoder(logger);
var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value));
var context = new SamlInboundContext
{
Message = message,
DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single()
};
//ACT
var result = await responseParser.Parse(context);
//ASSERT
Assert.IsTrue(result.IsValidated);
}
public static async Task <SAMLForm> BuildRequestBindingContext(RequestContext requestContext)
{
string url = String.Empty;
var builders = new List <IPostClauseBuilder>();
requestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
var xmlSinatureManager = new XmlSignatureManager();
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager);
builders.Add(signatureBuilder);
var bindingContext = new RequestPostBindingContext(requestContext);
foreach (var b in builders)
{
await b.Build(bindingContext);
}
var form = new SAMLForm();
var request = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest];
var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(request));
var relyingStateSerialised = bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState];
form.ActionURL = bindingContext.DestinationUri.AbsoluteUri;
form.SetRequest(base64Encoded);
form.SetRelatState(relyingStateSerialised);
return(form);
}
public static async Task <RequestBindingContext> BuildRequestBindingContext(RequestContext requestContext)
{
string url = String.Empty;
var builders = new List <IRedirectClauseBuilder>();
requestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//request compression builder
var encodingBuilder = new RequestEncoderBuilder(encoder);
builders.Add(encodingBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger);
builders.Add(signatureBuilder);
var bindingContext = new RequestBindingContext(requestContext);
foreach (var b in builders)
{
await b.Build(bindingContext);
}
return(bindingContext);
}
public async Task SerialiseDeserialiseTest()
{
//ARRANGE
var relayState = new Dictionary <string, object> {
{ "relayState", "Test state" }
};
var compressor = new DeflateCompressor();
var messageEncoder = new MessageEncoding(compressor);
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var logger = new LogProviderMock();
var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser;
//ACT
var serialised = await serialiser.Serialize(relayState);
var deserialised = await serialiser.Deserialize(serialised) as Dictionary <string, object>;
//ASSERT
Assert.AreEqual(relayState.Count, deserialised.Count);
Assert.AreEqual(relayState["relayState"], deserialised["relayState"]);
}
public async Task RelayStateBuilder_test()
{
////ARRANGE
var relayState = new Dictionary <string, object> {
{ "relayState", "Test state" }
};
var compressor = new DeflateCompressor();
var messageEncoder = new MessageEncoding(compressor);
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var logger = new LogProviderMock();
var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser;
var context = new BindingContext(relayState, new Uri("localhost:"));
var builder = new RelayStateBuilder(serialiser);
//ACT
await builder.Build(context);
////ASSERT
Assert.AreEqual(1, context.RequestParts.Count);
Assert.IsTrue(context.RequestParts.ContainsKey(HttpRedirectBindingConstants.RelayState));
}
public async Task RelayStateBuilder_test()
{
//ARRANGE
var relayState = new Dictionary <string, object> {
{ "relayState", "Test state" }
};
var compressor = new DeflateCompressor();
var messageEncoder = new MessageEncoding(compressor);
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var logger = new LogProviderMock();
var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser;
var context = new BindingContext(relayState, new Uri("localhost:"));
var builder = new RelayStateBuilder(serialiser);
//ACT
await builder.Build(context);
var result = context.ClauseBuilder.ToString();
//ASSERT
Assert.IsTrue(result.StartsWith(String.Format("&{0}", HttpRedirectBindingConstants.RelayState)));
}
public async Task GetRelayStateFromFormDataTest()
{
//ARRANGE
var relayState = new Dictionary <string, object> {
{ "relayState", "Test state" }
};
var form = new Dictionary <string, string>();
var compressor = new DeflateCompressor();
var messageEncoder = new MessageEncoding(compressor);
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var logger = new LogProviderMock();
var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser;
var handler = new RelayStateHandler(serialiser, logger);
//ACT
var serialised = await serialiser.Serialize(relayState);
form.Add("RelayState", serialised);
var deserialised = await handler.GetRelayStateFromFormData(form) as Dictionary <string, object>;
//ASSERT
Assert.AreEqual(relayState.Count, deserialised.Count);
Assert.AreEqual(relayState["relayState"], deserialised["relayState"]);
}
public async Task SerialiseDeserialise_with_data_protectionTest()
{
//ARRANGE
var relayState = new Dictionary <string, object> {
{ "relayState", "Test state" }
};
var compressor = new DeflateCompressor();
var messageEncoder = new MessageEncoding(compressor);
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var logger = new LogProviderMock();
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger);
//ToDo: uncomment the line when .net core data protector has been implemented
//relayStateSerialiser.DataProtector = new Kernel.Cryptography.DataProtection.DpapiDataProtector("SSO", "saml", "relaystate");
var serialiser = relayStateSerialiser as IRelayStateSerialiser;
//ACT
var serialised = await serialiser.Serialize(relayState);
var deserialised = await serialiser.Deserialize(serialised) as Dictionary <string, object>;
//ASSERT
Assert.AreEqual(relayState.Count, deserialised.Count);
Assert.AreEqual(relayState["relayState"], deserialised["relayState"]);
}
public async Task DecodeTest()
{
//ARRANGE
var inResponseTo = Guid.NewGuid().ToString();
var response = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo, StatusCodes.Success);
var logger = new LogProviderMock();
var serialised = ResponseFactoryMock.Serialize(response);
var responseToBase64 = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(serialised));
var relayState = new Dictionary <string, object> {
{ "relayState", "Test state" }
};
var compressor = new DeflateCompressor();
var messageEncoder = new MessageEncoding(compressor);
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser;
var serialisedRelaySatate = await serialiser.Serialize(relayState);
var relayStateHandler = new RelayStateHandler(serialiser, logger);
var form = new Dictionary <string, string>
{
{ HttpRedirectBindingConstants.SamlResponse, responseToBase64 },
{ HttpRedirectBindingConstants.RelayState, serialisedRelaySatate }
};
var decoder = new PostBindingDecoder(logger);
//ACT
var message = await decoder.Decode(form);
var stateFromResult = message.Elements[HttpRedirectBindingConstants.RelayState];
//ASSERT
Assert.IsNotNull(stateFromResult);
Assert.AreEqual(serialised, message.Elements[HttpRedirectBindingConstants.SamlResponse]);
Assert.AreEqual(serialisedRelaySatate, message.Elements[HttpRedirectBindingConstants.RelayState]);
}
public async Task Post_end_to_end_test()
{
//ARRANGE
var isValid = false;
string url = String.Empty;
IDictionary <string, object> relayState = null;
var builders = new List <IPostClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var xmlSinatureManager = new XmlSignatureManager();
var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager);
builders.Add(signatureBuilder);
//context
var outboundContext = new HttpPostRequestContext(new SAMLForm())
{
BindingContext = new RequestPostBindingContext(authnRequestContext),
DespatchDelegate = form =>
{
url = form.ActionURL;
var request = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.SamlRequest];
var state = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.RelayState];
var task = relayStateSerialiser.Deserialize(state);
task.Wait();
relayState = task.Result as IDictionary <string, object>;
var cert = certificateManager.GetCertificateFromContext(certContext);
isValid = this.VerifySignature(request, cert);
return(Task.CompletedTask);
}
};
//dispatcher
var dispatcher = new PostRequestDispatcher(() => builders, logger);
//ACT
await dispatcher.SendAsync(outboundContext);
//ASSERT
Assert.AreEqual(url, requestUri.AbsoluteUri);
Assert.IsTrue(Enumerable.SequenceEqual(relayState, authnRequestContext.RelyingState));
Assert.IsTrue(isValid);
}
public async Task DecodeTest()
{
string url = String.Empty;
var builders = new List <IRedirectClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//request compression builder
var encodingBuilder = new RequestEncoderBuilder(encoder);
builders.Add(encodingBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger);
builders.Add(signatureBuilder);
var bindingContext = new RequestBindingContext(authnRequestContext);
foreach (var b in builders)
{
await b.Build(bindingContext);
}
var decoder = new RedirectBindingDecoder(logger, encoder);
//ACT
var message = await decoder.Decode(bindingContext.GetDestinationUrl());
var stateFromResult = message.Elements[HttpRedirectBindingConstants.RelayState];
var requestFromContext = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest];
var decoded = await encoder.DecodeMessage(requestFromContext);
//ASSERT
Assert.IsNotNull(stateFromResult);
Assert.AreEqual(bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState], message.Elements[HttpRedirectBindingConstants.RelayState]);
Assert.AreEqual(decoded, message.Elements[HttpRedirectBindingConstants.SamlRequest]);
}
public async Task Redirect_end_to_end_test()
{
//ARRANGE
var isValid = false;
string url = String.Empty;
var builders = new List <IRedirectClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//request compression builder
var encodingBuilder = new RequestEncoderBuilder(encoder);
builders.Add(encodingBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger);
builders.Add(signatureBuilder);
//context
var outboundContext = new HttpRedirectRequestContext
{
BindingContext = new RequestBindingContext(authnRequestContext),
DespatchDelegate = redirectUri =>
{
url = redirectUri.GetLeftPart(UriPartial.Path);
var query = redirectUri.Query.TrimStart('?');
var cert = certificateManager.GetCertificateFromContext(certContext);
isValid = this.VerifySignature(query, cert, certificateManager);
return(Task.CompletedTask);
}
};
//dispatcher
var dispatcher = new RedirectRequestDispatcher(() => builders);
//ACT
await dispatcher.SendAsync(outboundContext);
//ASSERT
Assert.AreEqual(url, requestUri.AbsoluteUri);
Assert.IsTrue(isValid);
}
