public void Saml2LogoutResponse_AppendTo_AllSupported()
{
var subject = new Saml2LogoutResponse(Saml2StatusCode.Requester)
{
Issuer = new EntityId("https://ServiceProvider.com/SAML"),
DestinationUrl = new Uri("https://IdentityProvider.com/Logout"),
InResponseTo = new Saml2Id()
};
var expectedXml =
$@"<samlp:LogoutResponse xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns=""urn:oasis:names:tc:SAML:2.0:assertion""
ID=""{subject.Id}""
InResponseTo=""{subject.InResponseTo.Value}""
IssueInstant=""{subject.IssueInstant.ToSaml2DateTimeString()}"" Version=""2.0""
Destination=""https://IdentityProvider.com/Logout"">
<Issuer>https://ServiceProvider.com/SAML</Issuer>
<samlp:Status>
<samlp:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Requester""/>
</samlp:Status>
</samlp:LogoutResponse>";
var expectedElement = XmlHelpers.XmlDocumentFromString(expectedXml).DocumentElement;
var xmlDoc = XmlHelpers.CreateSafeXmlDocument();
subject.AppendTo(xmlDoc);
xmlDoc.DocumentElement.Should().BeEquivalentTo(expectedElement, "XML should be full LogoutResponse");
}
public void XmlHelpers_RemoveChild_NullcheckXmlElement()
{
XmlHelpers.CreateSafeXmlDocument().DocumentElement.Invoking(
e => e.RemoveChild("name", "ns"))
.Should().Throw <ArgumentNullException>()
.And.ParamName.Should().Be("xmlElement");
}
/// <summary>
/// Serializes the message into wellformed Xml.
/// </summary>
/// <returns>string containing the Xml data.</returns>
public override string ToXml()
{
var doc = XmlHelpers.CreateSafeXmlDocument();
AppendTo(doc);
return(doc.DocumentElement.OuterXml);
}
public void XmlHelpers_Encrypt_NullCert()
{
XmlHelpers.CreateSafeXmlDocument().DocumentElement.Invoking(
e => e.Encrypt(false, null))
.ShouldThrow <ArgumentNullException>()
.And.ParamName.Should().Be("certificate");
}
public void XmlHelpers_GetTrimmedTextIfNotNull_ValueOnNotNull()
{
var xd = XmlHelpers.CreateSafeXmlDocument();
var e = xd.CreateElement("someElement");
e.InnerText = "\r\n Some Text";
e.GetTrimmedTextIfNotNull().Should().Be("Some Text");
}
public void XmlHelpers_GetValueIfNotNull_ValueOnNotNull()
{
var xd = XmlHelpers.CreateSafeXmlDocument();
var a = xd.CreateAttribute("someAttribute");
a.Value = "SomeValue";
a.GetValueIfNotNull().Should().Be("SomeValue");
}
public void XmlHelpers_CreateSafeXmlDocument()
{
var actual = XmlHelpers.CreateSafeXmlDocument();
typeof(XmlDocument).GetField("resolver", BindingFlags.NonPublic | BindingFlags.Instance)
.GetValue(actual).Should().BeNull();
actual.PreserveWhitespace.Should().BeTrue();
}
public void XmlHelpers_CreateSafeXmlDocument()
{
var actual = XmlHelpers.CreateSafeXmlDocument();
string fieldName = (EnvironmentHelpers.IsNetCore ? "_": "") + "resolver";
typeof(XmlDocument).GetField(fieldName, BindingFlags.NonPublic | BindingFlags.Instance)
.GetValue(actual).Should().BeNull();
actual.PreserveWhitespace.Should().BeTrue();
}
public void Saml2LogoutResponse_ToXml()
{
var subject = new Saml2LogoutResponse(Saml2StatusCode.Requester)
{
Issuer = new EntityId("https://ServiceProvider.com/SAML"),
DestinationUrl = new Uri("https://IdentityProvider.com/Logout"),
InResponseTo = new Saml2Id()
};
var xmlDoc = XmlHelpers.CreateSafeXmlDocument();
subject.AppendTo(xmlDoc);
var expected = xmlDoc.OuterXml;
subject.ToXml().Should().Be(expected);
}
public void XmlHelpers_PrettyPrint()
{
var xmlDoc = XmlHelpers.CreateSafeXmlDocument();
xmlDoc.LoadXml("<a><b>c</b></a>");
var result = xmlDoc.DocumentElement.PrettyPrint();
var parsed = XmlHelpers.XmlDocumentFromString(result);
var expected = "<a>\r\n <b>c</b>\r\n</a>";
parsed.OuterXml.Should().Be(expected);
// Don't change semantics.
parsed.DocumentElement.Should().BeEquivalentTo(xmlDoc.DocumentElement);
}
public static string EncryptAssertion(string assertionXml, bool useOaep = false, X509Certificate2 certificate = null)
{
if (certificate == null)
{
certificate = TestCert2;
}
var xmlDoc = XmlHelpers.CreateSafeXmlDocument();
var wrappedAssertion = $@"<saml2:EncryptedAssertion xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"">{assertionXml}</saml2:EncryptedAssertion>";
xmlDoc.LoadXml(wrappedAssertion);
var elementToEncrypt = (XmlElement)xmlDoc.GetElementsByTagName("Assertion", Saml2Namespaces.Saml2Name)[0];
elementToEncrypt.Encrypt(useOaep, certificate);
return(xmlDoc.OuterXml);
}
private void CreateXmlElement()
{
var xml = XmlHelpers.CreateSafeXmlDocument();
var responseElement = xml.CreateElement("saml2p", "Response", Saml2Namespaces.Saml2PName);
if (DestinationUrl != null)
{
responseElement.SetAttributeNode("Destination", "").Value = DestinationUrl.ToString();
}
responseElement.SetAttributeNode("ID", "").Value = id.Value;
responseElement.SetAttributeNode("Version", "").Value = "2.0";
responseElement.SetAttributeNode("IssueInstant", "").Value =
DateTime.UtcNow.ToSaml2DateTimeString();
if (InResponseTo != null)
{
responseElement.SetAttributeNode("InResponseTo", "").Value = InResponseTo.Value;
}
xml.AppendChild(responseElement);
var issuerElement = xml.CreateElement("saml2", "Issuer", Saml2Namespaces.Saml2Name);
issuerElement.InnerText = Issuer.Id;
responseElement.AppendChild(issuerElement);
var statusElement = xml.CreateElement("saml2p", "Status", Saml2Namespaces.Saml2PName);
var statusCodeElement = xml.CreateElement("saml2p", "StatusCode", Saml2Namespaces.Saml2PName);
statusCodeElement.SetAttributeNode("Value", "").Value = StatusCodeHelper.FromCode(Status);
statusElement.AppendChild(statusCodeElement);
responseElement.AppendChild(statusElement);
foreach (var ci in claimsIdentities)
{
responseElement.AppendChild(xml.ReadNode(
ci.ToSaml2Assertion(Issuer, audience, InResponseTo, DestinationUrl).ToXElement().CreateReader()));
}
xmlElement = xml.DocumentElement;
}
private static XmlDictionaryReader ValidateSignature(
XmlDictionaryReader reader,
IEnumerable <SecurityKeyIdentifierClause> signingKeys,
bool validateCertificate,
string minIncomingSigningAlgorithm)
{
var xmlDoc = XmlHelpers.CreateSafeXmlDocument();
xmlDoc.Load(reader);
if (!xmlDoc.DocumentElement.IsSignedByAny(
signingKeys,
validateCertificate,
minIncomingSigningAlgorithm))
{
throw new InvalidSignatureException("Signature validation failed for federation metadata.");
}
return(XmlDictionaryReader.CreateDictionaryReader(
new XmlNodeReader(xmlDoc)));
}
public static string ToXmlString(
this MetadataBase metadata,
X509Certificate2 signingCertificate,
string signingAlgorithm)
{
var serializer = ExtendedMetadataSerializer.WriterInstance;
var xmlDoc = XmlHelpers.CreateSafeXmlDocument();
using (var xmlWriter = xmlDoc.CreateNavigator().AppendChild())
{
serializer.WriteMetadata(xmlWriter, metadata);
}
if (signingCertificate != null)
{
xmlDoc.Sign(signingCertificate, true, signingAlgorithm);
}
return(xmlDoc.OuterXml);
}
public static string SignXml(
string xml,
bool includeKeyInfo = false,
bool preserveWhitespace = true,
string signingAlgorithmName = null)
{
var xmlDoc = XmlHelpers.CreateSafeXmlDocument();
xmlDoc.PreserveWhitespace = preserveWhitespace;
xmlDoc.LoadXml(xml);
if (string.IsNullOrEmpty(signingAlgorithmName))
{
xmlDoc.Sign(TestCert, includeKeyInfo);
}
else
{
xmlDoc.Sign(TestCert, includeKeyInfo, signingAlgorithmName);
}
return(xmlDoc.OuterXml);
}
public void Saml2LogoutResponse_AppendTo_Minimal()
{
var subject = new Saml2LogoutResponse(Saml2StatusCode.Success);
var expectedXml =
$@"<samlp:LogoutResponse
xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns=""urn:oasis:names:tc:SAML:2.0:assertion""
ID=""{subject.Id}""
Version=""2.0""
IssueInstant=""{subject.IssueInstant.ToSaml2DateTimeString()}"">
<samlp:Status>
<samlp:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success""/>
</samlp:Status>
</samlp:LogoutResponse>";
var expectedNode = XmlHelpers.XmlDocumentFromString(expectedXml).DocumentElement;
var xmlDoc = XmlHelpers.CreateSafeXmlDocument();
subject.AppendTo(xmlDoc);
xmlDoc.DocumentElement.Should().BeEquivalentTo(expectedNode, "XML should be a valid LogoutResponse");
}
