Ejemplo n.º 1
0
		private void prepareRequest(IAuthenticationRequest request) {
			// Collect the PAPE policies requested by the user.
			List<string> policies = new List<string>();
			foreach (ListItem item in this.papePolicies.Items) {
				if (item.Selected) {
					policies.Add(item.Value);
				}
			}

			// Add the PAPE extension if any policy was requested.
			var pape = new PolicyRequest();
			if (policies.Count > 0) {
				foreach (string policy in policies) {
					pape.PreferredPolicies.Add(policy);
				}
			}

			if (this.maxAuthTimeBox.Text.Length > 0) {
				pape.MaximumAuthenticationAge = TimeSpan.FromSeconds(double.Parse(this.maxAuthTimeBox.Text));
			}

			if (pape.PreferredPolicies.Count > 0 || pape.MaximumAuthenticationAge.HasValue) {
				request.AddExtension(pape);
			}
		}
Ejemplo n.º 2
0
		/// <summary>
		/// Called when an authentication request is about to be sent.
		/// </summary>
		/// <param name="request">The request.</param>
		void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request) {
			RelyingParty.AuthenticationRequest requestInternal = (RelyingParty.AuthenticationRequest)request;
			ErrorUtilities.VerifyProtocol(string.Equals(request.Realm.Scheme, Uri.UriSchemeHttps, StringComparison.Ordinal) || DisableSslRequirement, BehaviorStrings.RealmMustBeHttps);

			var pape = requestInternal.AppliedExtensions.OfType<PolicyRequest>().SingleOrDefault();
			if (pape == null) {
				request.AddExtension(pape = new PolicyRequest());
			}

			if (!pape.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) {
				pape.PreferredPolicies.Add(AuthenticationPolicies.PrivatePersonalIdentifier);
			}

			if (!pape.PreferredPolicies.Contains(AuthenticationPolicies.USGovernmentTrustLevel1)) {
				pape.PreferredPolicies.Add(AuthenticationPolicies.USGovernmentTrustLevel1);
			}

			if (!AllowPersonallyIdentifiableInformation && !pape.PreferredPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation)) {
				pape.PreferredPolicies.Add(AuthenticationPolicies.NoPersonallyIdentifiableInformation);
			}

			if (pape.PreferredPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation)) {
				ErrorUtilities.VerifyProtocol(
					(!requestInternal.AppliedExtensions.OfType<ClaimsRequest>().Any() &&
					!requestInternal.AppliedExtensions.OfType<FetchRequest>().Any()),
					BehaviorStrings.PiiIncludedWithNoPiiPolicy);
			}

			Reporting.RecordEventOccurrence(this, "RP");
		}
Ejemplo n.º 3
0
		public void AddPolicies() {
			PolicyRequest resp = new PolicyRequest();
			resp.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
			resp.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
			Assert.AreEqual(2, resp.PreferredPolicies.Count);
			Assert.AreEqual(AuthenticationPolicies.MultiFactor, resp.PreferredPolicies[0]);
			Assert.AreEqual(AuthenticationPolicies.PhishingResistant, resp.PreferredPolicies[1]);
		}
Ejemplo n.º 4
0
		public void MaximumAuthenticationAgeTest() {
			PolicyRequest req = new PolicyRequest();
			req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
			Assert.IsNotNull(req.MaximumAuthenticationAge);
			Assert.AreEqual(TimeSpan.FromHours(1), req.MaximumAuthenticationAge);
			req.MaximumAuthenticationAge = null;
			Assert.IsNull(req.MaximumAuthenticationAge);
		}
Ejemplo n.º 5
0
		public void AddPolicyMultipleTimes() {
			// Although this isn't really the desired behavior (we'd prefer to see an
			// exception thrown), since we're using a List<string> internally we can't
			// expect anything better (for now).  But if this is ever fixed, by all means
			// change this test to expect an exception or something else.
			PolicyRequest resp = new PolicyRequest();
			resp.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
			resp.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
			Assert.AreEqual(2, resp.PreferredPolicies.Count);
		}
Ejemplo n.º 6
0
		public void Full() {
			var request = new PolicyRequest();
			request.MaximumAuthenticationAge = TimeSpan.FromMinutes(10);
			request.PreferredAuthLevelTypes.Add(Constants.AssuranceLevels.NistTypeUri);
			request.PreferredAuthLevelTypes.Add("customAuthLevel");
			request.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
			request.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);

			var response = new PolicyResponse();
			response.ActualPolicies.Add(AuthenticationPolicies.MultiFactor);
			response.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
			response.AuthenticationTimeUtc = DateTime.UtcNow - TimeSpan.FromMinutes(5);
			response.AssuranceLevels[Constants.AssuranceLevels.NistTypeUri] = "1";
			response.AssuranceLevels["customlevel"] = "ABC";
			response.NistAssuranceLevel = NistAssuranceLevel.Level2;

			ExtensionTestUtilities.Roundtrip(Protocol.Default, new[] { request }, new[] { response });
		}
Ejemplo n.º 7
0
        /// <summary>
        /// Determines whether the specified <see cref="T:System.Object"/> is equal to the current <see cref="T:System.Object"/>.
        /// </summary>
        /// <param name="obj">The <see cref="T:System.Object"/> to compare with the current <see cref="T:System.Object"/>.</param>
        /// <returns>
        /// true if the specified <see cref="T:System.Object"/> is equal to the current <see cref="T:System.Object"/>; otherwise, false.
        /// </returns>
        /// <exception cref="T:System.NullReferenceException">
        /// The <paramref name="obj"/> parameter is null.
        /// </exception>
        public override bool Equals(object obj)
        {
            PolicyRequest other = obj as PolicyRequest;

            if (other == null)
            {
                return(false);
            }

            if (this.MaximumAuthenticationAge != other.MaximumAuthenticationAge)
            {
                return(false);
            }

            if (this.PreferredPolicies.Count != other.PreferredPolicies.Count)
            {
                return(false);
            }

            foreach (string policy in this.PreferredPolicies)
            {
                if (!other.PreferredPolicies.Contains(policy))
                {
                    return(false);
                }
            }

            if (this.PreferredAuthLevelTypes.Count != other.PreferredAuthLevelTypes.Count)
            {
                return(false);
            }

            foreach (string authLevel in this.PreferredAuthLevelTypes)
            {
                if (!other.PreferredAuthLevelTypes.Contains(authLevel))
                {
                    return(false);
                }
            }

            return(true);
        }
Ejemplo n.º 8
0
        private void prepareRequest(IAuthenticationRequest request)
        {
            // Collect the PAPE policies requested by the user.
            List<string> policies = new List<string>();
            foreach (ListItem item in this.papePolicies.Items) {
                if (item.Selected) {
                    policies.Add(item.Value);
                }
            }

            // Add the PAPE extension if any policy was requested.
            if (policies.Count > 0) {
                var pape = new PolicyRequest();
                foreach (string policy in policies) {
                    pape.PreferredPolicies.Add(policy);
                }

                request.AddExtension(pape);
            }
        }
Ejemplo n.º 9
0
		public void EqualsTest() {
			PolicyRequest req = new PolicyRequest();
			PolicyRequest req2 = new PolicyRequest();
			Assert.AreEqual(req, req2);
			Assert.AreNotEqual(req, null);
			Assert.AreNotEqual(null, req);

			// Test PreferredPolicies list comparison
			req.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
			Assert.AreNotEqual(req, req2);
			req2.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
			Assert.AreNotEqual(req, req2);
			req2.PreferredPolicies.Clear();
			req2.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
			Assert.AreEqual(req, req2);

			// Test PreferredPolicies list comparison when that list is not in the same order.
			req.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
			Assert.AreNotEqual(req, req2);
			req2.PreferredPolicies.Insert(0, AuthenticationPolicies.MultiFactor);
			Assert.AreEqual(req, req2);

			// Test MaximumAuthenticationAge comparison.
			req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
			Assert.AreNotEqual(req, req2);
			req2.MaximumAuthenticationAge = req.MaximumAuthenticationAge;
			Assert.AreEqual(req, req2);

			// Test PreferredAuthLevelTypes comparison.
			req.PreferredAuthLevelTypes.Add("authlevel1");
			Assert.AreNotEqual(req, req2);
			req2.PreferredAuthLevelTypes.Add("authlevel2");
			Assert.AreNotEqual(req, req2);
			req.PreferredAuthLevelTypes.Add("authlevel2");
			req2.PreferredAuthLevelTypes.Add("authlevel1");
			Assert.AreEqual(req, req2);
		}
Ejemplo n.º 10
0
		public void AddAuthLevelTypes() {
			PolicyRequest req = new PolicyRequest();
			req.PreferredAuthLevelTypes.Add(Constants.AssuranceLevels.NistTypeUri);
			Assert.AreEqual(1, req.PreferredAuthLevelTypes.Count);
			Assert.IsTrue(req.PreferredAuthLevelTypes.Contains(Constants.AssuranceLevels.NistTypeUri));
		}
Ejemplo n.º 11
0
		public void Ctor() {
			PolicyRequest req = new PolicyRequest();
			Assert.IsNull(req.MaximumAuthenticationAge);
			Assert.IsNotNull(req.PreferredPolicies);
			Assert.AreEqual(0, req.PreferredPolicies.Count);
		}
Ejemplo n.º 12
0
		public void Serialize() {
			PolicyRequest req = new PolicyRequest();
			IMessageWithEvents reqEvents = req;

			var fields = this.MessageDescriptions.GetAccessor(req);
			reqEvents.OnSending();
			Assert.AreEqual(1, fields.Count);
			Assert.IsTrue(fields.ContainsKey("preferred_auth_policies"));
			Assert.AreEqual(string.Empty, fields["preferred_auth_policies"]);

			req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
			reqEvents.OnSending();
			Assert.AreEqual(2, fields.Count);
			Assert.IsTrue(fields.ContainsKey("max_auth_age"));
			Assert.AreEqual(TimeSpan.FromHours(1).TotalSeconds.ToString(CultureInfo.InvariantCulture), fields["max_auth_age"]);

			req.PreferredPolicies.Add("http://pol1/");
			reqEvents.OnSending();
			Assert.AreEqual("http://pol1/", fields["preferred_auth_policies"]);

			req.PreferredPolicies.Add("http://pol2/");
			reqEvents.OnSending();
			Assert.AreEqual("http://pol1/ http://pol2/", fields["preferred_auth_policies"]);

			req.PreferredAuthLevelTypes.Add("http://authtype1/");
			reqEvents.OnSending();
			Assert.AreEqual(4, fields.Count);
			Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias1"));
			Assert.AreEqual("http://authtype1/", fields["auth_level.ns.alias1"]);
			Assert.IsTrue(fields.ContainsKey("preferred_auth_level_types"));
			Assert.AreEqual("alias1", fields["preferred_auth_level_types"]);

			req.PreferredAuthLevelTypes.Add(Constants.AssuranceLevels.NistTypeUri);
			reqEvents.OnSending();
			Assert.AreEqual(5, fields.Count);
			Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias2"));
			Assert.AreEqual("http://authtype1/", fields["auth_level.ns.alias2"]);
			Assert.IsTrue(fields.ContainsKey("auth_level.ns.nist"));
			Assert.AreEqual(Constants.AssuranceLevels.NistTypeUri, fields["auth_level.ns.nist"]);
			Assert.AreEqual("alias2 nist", fields["preferred_auth_level_types"]);
		}
Ejemplo n.º 13
0
		public void Trivial() {
			var request = new PolicyRequest();
			var response = new PolicyResponse();
			ExtensionTestUtilities.Roundtrip(Protocol.Default, new[] { request }, new[] { response });
		}
Ejemplo n.º 14
0
		public async Task Trivial() {
			var request = new PolicyRequest();
			var response = new PolicyResponse();
			await this.RoundtripAsync(Protocol.Default, new[] { request }, new[] { response });
		}