internal static void BuildContacts(RoleDescriptor roleDescriptor, RoleDescriptorConfiguration roleDescriptorConfiguration)
{
if (roleDescriptor == null)
{
throw new ArgumentNullException("roleDescriptor");
}
if (roleDescriptorConfiguration == null)
{
throw new ArgumentNullException("roleDescriptorConfiguration");
}
var contacts = roleDescriptorConfiguration.Organisation.OrganisationContacts.PersonContact;
contacts.Aggregate(roleDescriptor.Contacts, (c, next) =>
{
ContactType contactType;
if (!Enum.TryParse <ContactType>(next.ContactType.ToString(), out contactType))
{
throw new InvalidCastException(String.Format("No corespondenting value for Contact type: {0}.", next.ContactType));
}
var cp = new ContactPerson(contactType)
{
Surname = next.SurName,
GivenName = next.ForeName,
};
next.Emails.Aggregate(cp.EmailAddresses, (p, nextEmail) => { p.Add(nextEmail); return(p); });
next.PhoneNumbers.Aggregate(cp.TelephoneNumbers, (p, nextNumber) => { p.Add(nextNumber); return(p); });
c.Add(cp);
return(c);
});
}
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
if (configuration.KeyDescriptors == null)
{
throw new ArgumentNullException("keyDescriptors");
}
foreach (var key in configuration.KeyDescriptors)
{
var certConfiguration = new X509StoreCertificateConfiguration(key.CertificateContext);
var certificate = certConfiguration.GetX509Certificate2();
var keyDescriptor = new KeyDescriptor();
KeyType keyType;
if (!Enum.TryParse <KeyType>(key.Use.ToString(), out keyType))
{
throw new InvalidCastException(String.Format("Parsing to type{0} failed. Value having been tried:{1}", typeof(KeyType), key.Use));
}
keyDescriptor.Use = keyType;
keyDescriptor.KeyInfo = new SecurityKeyIdentifier(new X509RawDataKeyIdentifierClause(certificate));
descriptor.Keys.Add(keyDescriptor);
}
}
internal static void BuildOrganisation(RoleDescriptor roleDescriptor, RoleDescriptorConfiguration roleDescriptorConfiguration)
{
if (roleDescriptor == null)
{
throw new ArgumentNullException("roleDescriptor");
}
if (roleDescriptorConfiguration == null)
{
throw new ArgumentNullException("roleDescriptorConfiguration");
}
var organisationConfigration = roleDescriptorConfiguration.Organisation;
if (organisationConfigration == null)
{
return;
}
roleDescriptor.Organization = new Organization();
organisationConfigration.Names.Aggregate(roleDescriptor.Organization, (o, next) =>
{
o.Names.Add(new LocalizedName(next.Name, next.Language));
o.DisplayNames.Add(new LocalizedName(next.DisplayName, next.Language));
return(o);
});
organisationConfigration.Urls.Aggregate(roleDescriptor.Organization, (o, next) =>
{
o.Urls.Add(new LocalizedUri(next.Url, next.Language));
return(o);
});
}
public string Authenticate(string username, string password, UserRoles role)
{
string token = null;
if (_authRepo.AuthenticateUser(username, password, role))
{
var tokenHandler = new JwtSecurityTokenHandler();
var tokenKey = Encoding.ASCII.GetBytes(_signingKey);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, username),
new Claim(ClaimTypes.Role, RoleDescriptor.Describe(role))
}),
SigningCredentials = new SigningCredentials(
new SymmetricSecurityKey(tokenKey),
SecurityAlgorithms.HmacSha256Signature),
IssuedAt = DateTime.UtcNow,
Expires = DateTime.UtcNow.AddMinutes(90)
};
token = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor));
}
return(token);
}
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
if (configuration.Organisation == null)
{
throw new ArgumentNullException("organisation");
}
SSODescriptorBuilderHelper.BuildOrganisation(descriptor, configuration);
}
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
if (configuration.Organisation == null)
{
return;
}
SSODescriptorBuilderHelper.BuildOrganisation(descriptor, configuration);
}
private static IEnumerable <string> GetSigningKeyThumbprint(RoleDescriptor ssod)
{
var x509DataClauses = ssod.Keys.Where(key => key.KeyInfo != null && key.Use == KeyType.Signing)
.Select(key => key.KeyInfo.OfType <X509RawDataKeyIdentifierClause>().First());
var tokens = new List <X509SecurityToken>();
tokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData()))));
Logger.Info($"Get signing keys: {tokens.Count}");
return(tokens.Select(x => x.Certificate.Thumbprint.ToLowerInvariant()));
}
private TRole BuildAll(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
var builders = MemberBuilderFactory.GetBuilders();
builders.Aggregate(descriptor, (d, next) =>
{
next.Build(descriptor, configuration);
return(descriptor);
});
return((TRole)descriptor);
}
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
if (configuration.ProtocolSupported == null)
{
throw new ArgumentNullException("protocolSupported");
}
configuration.ProtocolSupported.Aggregate(descriptor.ProtocolsSupported, (t, next) =>
{
t.Add(next);
return(t);
});
}
public virtual void Build(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
if (descriptor == null)
{
throw new ArgumentNullException("descriptor");
}
if (configuration == null)
{
throw new ArgumentNullException("configuration");
}
this.BuildInternal(descriptor, configuration);
}
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
if (configuration.Organisation == null)
{
return;
}
Organization organisation;
if (SSODescriptorBuilderHelper.TryBuildOrganisation(configuration.Organisation, out organisation))
{
descriptor.Organization = organisation;
}
}
public void ShouldReadCorrectRoleType(Type descriptorType)
{
var typeName = $"{descriptorType.Name.Replace("Descriptor", string.Empty)}Type";
var xml = @$ "
<RoleDescriptor
xmlns=" "urn:oasis:names:tc:SAML:2.0:metadata" "
xmlns:fed=" "http://docs.oasis-open.org/wsfed/federation/200706" "
xmlns:xsi=" "http://www.w3.org/2001/XMLSchema-instance" "
xsi:type=" "fed:{typeName}" "
>
</RoleDescriptor>";
var metadata = _serializer.ReadRoleDescriptor(xml);
Assert.IsType(descriptorType, metadata);
}
public static XmlElement ToXml(this RoleDescriptor descriptor, XmlDocument xmlDocument)
{
//ServiceProviderSingleSignOnDescriptor
XmlElement element1 = xmlDocument.CreateElement("md", Saml2MetadataConstants.Elements.SpssoDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata");
//this.ToXml(element1);
//element1.SetAttribute("AuthnRequestsSigned", this.authnRequestsSigned ? "true" : "false");
//element1.SetAttribute("WantAssertionsSigned", this.wantAssertionsSigned ? "true" : "false");
//foreach (IndexedEndpointType assertionConsumerService in (IEnumerable<IndexedEndpointType>)this.assertionConsumerServices)
//{
// XmlElement element2 = element1.OwnerDocument.CreateElement("md", "AssertionConsumerService", "urn:oasis:names:tc:SAML:2.0:metadata");
// assertionConsumerService.ToXml(element2);
// element1.AppendChild((XmlNode)element2);
//}
//foreach (AttributeConsumingService consumingService in (IEnumerable<AttributeConsumingService>)this.attributeConsumingServices)
// element1.AppendChild((XmlNode)consumingService.ToXml(xmlDocument));
return(element1);
}
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
var sSODescriptorConfiguration = configuration as SSODescriptorConfiguration;
if (sSODescriptorConfiguration == null)
{
throw new InvalidOperationException(String.Format("Configuration type expected: {0}.", typeof(SSODescriptorConfiguration).Name));
}
if (sSODescriptorConfiguration.NameIdentifierFormats == null)
{
throw new ArgumentNullException("singleLogoutServices");
}
sSODescriptorConfiguration.NameIdentifierFormats.Aggregate(descriptor, (d, next) =>
{
((SingleSignOnDescriptor)d).NameIdentifierFormats.Add(next);
return(d);
});
}
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
var sSODescriptorConfiguration = configuration as SSODescriptorConfiguration;
if (sSODescriptorConfiguration == null)
{
throw new InvalidOperationException(String.Format("Configuration type expected: {0}.", typeof(SSODescriptorConfiguration).Name));
}
if (sSODescriptorConfiguration.ArtifactResolutionServices == null)
{
throw new ArgumentNullException("crtifactResolutionServices");
}
sSODescriptorConfiguration.ArtifactResolutionServices.Aggregate(descriptor, (d, next) =>
{
((SingleSignOnDescriptor)d).ArtifactResolutionServices.Add(next.Index, new IndexedProtocolEndpoint(next.Index, next.Binding, next.Location));
return(d);
});
}
protected override bool TryReadRoleDescriptor(XmlDictionaryReader reader, out RoleDescriptor role)
{
if (!reader.IsStartElement(Saml2MetadataConstants.Elements.RoleDescriptor, Saml2MetadataConstants.Namespace))
{
return(Out.False(out role));
}
var d = null as RoleDescriptor;
if (reader.TryReadFederationEndpointType(out var type))
{
if (type == FederationEndpointType.ApplicationService)
{
d = new ApplicationServiceDescriptor();
}
if (type == FederationEndpointType.AttributeService)
{
d = new AttributeServiceDescriptor();
}
if (type == FederationEndpointType.PseudonymService)
{
d = new PseudonymServiceDescriptor();
}
if (type == FederationEndpointType.SecurityTokenService)
{
d = new SecurityTokenServiceDescriptor();
}
}
if (d == null)
{
d = new RoleDescriptor();
}
ReadRoleDescriptorAttributes(reader, d);
reader.ForEachChild(r => TryReadRoleDescriptorChild(r, d), out var signature);
d.Signature = signature;
role = d;
return(true);
}
/// <summary>
/// Extract KeyDescriptors from the metadata document represented by this instance.
/// </summary>
private void ExtractKeyDescriptors()
{
if (_keys != null)
{
return;
}
if (_entity != null)
{
_keys = new List <KeyDescriptor>();
foreach (object item in _entity.Items)
{
if (item is RoleDescriptor)
{
RoleDescriptor rd = (RoleDescriptor)item;
foreach (KeyDescriptor keyDescriptor in rd.KeyDescriptor)
{
_keys.Add(keyDescriptor);
}
}
}
}
}
protected override void ReadRoleDescriptorAttributes(XmlDictionaryReader reader, RoleDescriptor role)
{
if (role is AttributeServiceDescriptor attributeServiceDescriptor)
{
ReadAttributeServiceDescriptorAttributes(reader, attributeServiceDescriptor);
}
if (role is ApplicationServiceDescriptor applicationServiceDescriptor)
{
ReadApplicationServiceDescriptorAttributes(reader, applicationServiceDescriptor);
}
if (role is PseudonymServiceDescriptor pseudonymServiceDescriptor)
{
ReadPseudonymServiceDescriptorAttributes(reader, pseudonymServiceDescriptor);
}
if (role is SecurityTokenServiceDescriptor securityTokenServiceDescriptor)
{
ReadSecurityTokenServiceDescriptorAttributes(reader, securityTokenServiceDescriptor);
}
base.ReadRoleDescriptorAttributes(reader, role);
}
protected abstract void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration);
protected override bool TryReadRoleDescriptorChild(XmlDictionaryReader reader, RoleDescriptor role)
{
if (base.TryReadRoleDescriptorChild(reader, role))
{
return(true);
}
if (role is AttributeServiceDescriptor attributeServiceDescriptor)
{
return(TryReadAttributeServiceDescriptorChild(reader, attributeServiceDescriptor));
}
if (role is ApplicationServiceDescriptor applicationServiceDescriptor)
{
return(TryReadApplicationServiceDescriptorChild(reader, applicationServiceDescriptor));
}
if (role is PseudonymServiceDescriptor pseudonymServiceDescriptor)
{
return(TryReadPseudonymServiceDescriptorChild(reader, pseudonymServiceDescriptor));
}
if (role is SecurityTokenServiceDescriptor securityTokenServiceDescriptor)
{
return(TryReadSecurityTokenServiceDescriptorChild(reader, securityTokenServiceDescriptor));
}
return(false);
}
protected override void WriteRoleDescriptorChildren(XmlDictionaryWriter writer, RoleDescriptor role)
{
base.WriteRoleDescriptorChildren(writer, role);
if (role is ApplicationServiceDescriptor applicationServiceDescriptor)
{
WriteApplicationServiceDescriptorChildren(writer, applicationServiceDescriptor);
}
if (role is AttributeServiceDescriptor attributeServiceDescriptor)
{
WriteAttributeServiceDescriptorChildren(writer, attributeServiceDescriptor);
}
if (role is PseudonymServiceDescriptor pseudonymServiceDescriptor)
{
WritePseudonymServiceDescriptorChildren(writer, pseudonymServiceDescriptor);
}
if (role is SecurityTokenServiceDescriptor securityTokenServiceDescriptor)
{
WriteSecurityTokenServiceDescriptorChildren(writer, securityTokenServiceDescriptor);
}
}
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration)
{
descriptor.ErrorUrl = configuration.ErrorUrl;
descriptor.ValidUntil = configuration.ValidUntil.DateTime;
}
public string WriteRoleDescriptor(RoleDescriptor roleDescriptor) => WriteElement(writer => WriteRoleDescriptor(writer, roleDescriptor));
