public JwtSecurityTokenTestVariation()
{
_notbefore = DateTime.UtcNow;
_expires = DateTime.UtcNow + TimeSpan.FromHours( 1 );
_jwtHandler = new JwtSecurityTokenHandler();
_expectedException = ExpectedException.NoExceptionExpected;
}
private void ValidateAudience()
{
Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
ExpectedException expectedException;
string samlString = IdentityUtilities.CreateSaml2Token();
TokenValidationParameters validationParameters =
new TokenValidationParameters
{
IssuerSigningToken = IdentityUtilities.DefaultAsymmetricSigningToken,
RequireExpirationTime = false,
RequireSignedTokens = false,
ValidIssuer = IdentityUtilities.DefaultIssuer,
};
// Do not validate audience
validationParameters.ValidateAudience = false;
expectedException = ExpectedException.NoExceptionExpected;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
// no valid audiences
validationParameters.ValidateAudience = true;
expectedException = ExpectedException.SecurityTokenInvalidAudienceException("IDX10208");
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.ValidateAudience = true;
validationParameters.ValidAudience = "John";
expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214");
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
// UriKind.Absolute, no match.
validationParameters.ValidateAudience = true;
validationParameters.ValidAudience = IdentityUtilities.NotDefaultAudience;
expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214");
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
expectedException = ExpectedException.NoExceptionExpected;
validationParameters.ValidAudience = IdentityUtilities.DefaultAudience;
validationParameters.ValidAudiences = null;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
// !UriKind.Absolute
List <string> audiences = new List <string> {
"John", "Paul", "George", "Ringo"
};
validationParameters.ValidAudience = null;
validationParameters.ValidAudiences = audiences;
validationParameters.ValidateAudience = false;
expectedException = ExpectedException.NoExceptionExpected;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
// UriKind.Absolute, no match
audiences = new List <string> {
"http://www.John.com", "http://www.Paul.com", "http://www.George.com", "http://www.Ringo.com", " "
};
validationParameters.ValidAudience = null;
validationParameters.ValidAudiences = audiences;
validationParameters.ValidateAudience = false;
expectedException = ExpectedException.NoExceptionExpected;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.ValidateAudience = true;
expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214");
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.ValidateAudience = true;
expectedException = ExpectedException.NoExceptionExpected;
audiences.Add(IdentityUtilities.DefaultAudience);
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.AudienceValidator =
(aud, token, tvp) =>
{
return(false);
};
expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10231:");
audiences.Add(IdentityUtilities.DefaultAudience);
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException);
validationParameters.ValidateAudience = false;
validationParameters.AudienceValidator = IdentityUtilities.AudienceValidatorThrows;
TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: ExpectedException.NoExceptionExpected);
}
public void Saml2SecurityTokenHandler_ValidateToken()
{
// parameter validation
Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
TestUtilities.ValidateToken(securityToken: null, validationParameters: new TokenValidationParameters(), tokenValidator: tokenHandler, expectedException: ExpectedException.ArgumentNullException(substringExpected: "name: securityToken"));
TestUtilities.ValidateToken(securityToken: "s", validationParameters: null, tokenValidator: tokenHandler, expectedException: ExpectedException.ArgumentNullException(substringExpected: "name: validationParameters"));
tokenHandler.MaximumTokenSizeInBytes = 1;
TestUtilities.ValidateToken(securityToken: "ss", validationParameters: new TokenValidationParameters(), tokenValidator: tokenHandler, expectedException: ExpectedException.ArgumentException(substringExpected: "IDX10209"));
tokenHandler.MaximumTokenSizeInBytes = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
string samlToken = IdentityUtilities.CreateSaml2Token();
TestUtilities.ValidateToken(samlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
// EncryptedAssertion
SecurityTokenDescriptor tokenDescriptor =
new SecurityTokenDescriptor
{
AppliesToAddress = IdentityUtilities.DefaultAudience,
EncryptingCredentials = new EncryptedKeyEncryptingCredentials(KeyingMaterial.DefaultAsymmetricCert_2048),
Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(1)),
SigningCredentials = KeyingMaterial.DefaultAsymmetricSigningCreds_2048_RsaSha2_Sha2,
Subject = IdentityUtilities.DefaultClaimsIdentity,
TokenIssuerName = IdentityUtilities.DefaultIssuer,
};
samlToken = IdentityUtilities.CreateSaml2Token(tokenDescriptor);
TestUtilities.ValidateToken(samlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, tokenHandler, new ExpectedException(typeExpected: typeof(EncryptedTokenDecryptionFailedException), substringExpected: "ID4022"));
TokenValidationParameters validationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters;
validationParameters.ClientDecryptionTokens = new List <SecurityToken> {
KeyingMaterial.DefaultX509Token_2048
}.AsReadOnly();
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
TestUtilities.ValidateTokenReplay(samlToken, tokenHandler, validationParameters);
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
validationParameters.LifetimeValidator =
(nb, exp, st, tvp) =>
{
return(false);
};
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, new ExpectedException(typeExpected: typeof(SecurityTokenInvalidLifetimeException), substringExpected: "IDX10230:"));
validationParameters.ValidateLifetime = false;
validationParameters.LifetimeValidator = IdentityUtilities.LifetimeValidatorThrows;
TestUtilities.ValidateToken(securityToken: samlToken, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: ExpectedException.NoExceptionExpected);
}
private string ValidateIssuer(string issuer, TokenValidationParameters validationParameters, DerivedSamlSecurityTokenHandler samlSecurityTokenHandler, ExpectedException expectedException)
{
string returnVal = string.Empty;
try
{
returnVal = samlSecurityTokenHandler.ValidateIssuerPublic(issuer, new DerivedSaml2SecurityToken(), validationParameters);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
return(returnVal);
}
private void ValidateIssuer()
{
DerivedSamlSecurityTokenHandler samlSecurityTokenHandler = new DerivedSamlSecurityTokenHandler();
ExpectedException expectedException = ExpectedException.NoExceptionExpected;
ValidateIssuer(null, new TokenValidationParameters {
ValidateIssuer = false
}, samlSecurityTokenHandler, expectedException);
expectedException = ExpectedException.ArgumentNullException(substringExpected: "Parameter name: validationParameters");
ValidateIssuer("bob", null, samlSecurityTokenHandler, expectedException);
expectedException = ExpectedException.SecurityTokenInvalidIssuerException(substringExpected: "IDX10204");
ValidateIssuer("bob", new TokenValidationParameters {
}, samlSecurityTokenHandler, expectedException);
expectedException = ExpectedException.NoExceptionExpected;
string issuer = ValidateIssuer("bob", new TokenValidationParameters {
ValidIssuer = "bob"
}, samlSecurityTokenHandler, expectedException);
Assert.IsTrue(issuer == "bob", "issuer mismatch");
expectedException = ExpectedException.SecurityTokenInvalidIssuerException(substringExpected: "IDX10205");
ValidateIssuer("bob", new TokenValidationParameters {
ValidIssuer = "frank"
}, samlSecurityTokenHandler, expectedException);
List <string> validIssuers = new List <string> {
"john", "paul", "george", "ringo"
};
expectedException = ExpectedException.SecurityTokenInvalidIssuerException(substringExpected: "IDX10205");
ValidateIssuer("bob", new TokenValidationParameters {
ValidIssuers = validIssuers
}, samlSecurityTokenHandler, expectedException);
expectedException = ExpectedException.NoExceptionExpected;
ValidateIssuer("bob", new TokenValidationParameters {
ValidateIssuer = false
}, samlSecurityTokenHandler, expectedException);
validIssuers.Add("bob");
expectedException = ExpectedException.NoExceptionExpected;
issuer = ValidateIssuer("bob", new TokenValidationParameters {
ValidIssuers = validIssuers
}, samlSecurityTokenHandler, expectedException);
Assert.IsTrue(issuer == "bob", "issuer mismatch");
expectedException = ExpectedException.SecurityTokenInvalidIssuerException(substringExpected: "IDX10204");
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerValidator = IdentityUtilities.IssuerValidatorEcho,
};
ValidateIssuer("bob", validationParameters, samlSecurityTokenHandler, expectedException);
// no delegate secondary should still succeed
expectedException = ExpectedException.NoExceptionExpected;
validationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidIssuers = validIssuers,
};
issuer = ValidateIssuer("bob", validationParameters, samlSecurityTokenHandler, expectedException);
Assert.IsTrue(issuer == "bob", "issuer mismatch");
// no delegate, secondary should fail
validIssuers = new List <string> {
"john", "paul", "george", "ringo"
};
expectedException = ExpectedException.SecurityTokenInvalidIssuerException(substringExpected: "IDX10205");
validationParameters = new TokenValidationParameters
{
IssuerSigningKey = new X509SecurityKey(KeyingMaterial.DefaultCert_2048),
ValidateAudience = false,
ValidIssuer = "http://Bob",
};
ValidateIssuer("bob", validationParameters, samlSecurityTokenHandler, expectedException);
validationParameters.ValidateIssuer = false;
validationParameters.IssuerValidator = IdentityUtilities.IssuerValidatorThrows;
ValidateIssuer("bob", validationParameters, samlSecurityTokenHandler, ExpectedException.NoExceptionExpected);
}
private bool CanReadToken(string securityToken, Saml2SecurityTokenHandler samlSecurityTokenHandler, ExpectedException expectedException)
{
bool canReadToken = false;
try
{
canReadToken = samlSecurityTokenHandler.CanReadToken(securityToken);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
return(canReadToken);
}
private void CreateClaims(SamlSecurityToken samlToken, string issuer, TokenValidationParameters validationParameters, PublicSamlSecurityTokenHandler samlSecurityTokenHandler, ExpectedException expectedException)
{
try
{
samlSecurityTokenHandler.CreateClaimsPublic(samlToken, issuer, validationParameters);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
}
private async Task <OpenIdConnectConfiguration> GetConfigurationAsync(string uri, ExpectedException expectedException, OpenIdConnectConfiguration expectedConfiguration = null)
{
OpenIdConnectConfiguration openIdConnectConfiguration = null;
try
{
openIdConnectConfiguration = await OpenIdConnectConfigurationRetriever.GetAsync(uri, CancellationToken.None);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
if (expectedConfiguration != null)
{
Assert.IsTrue(IdentityComparer.AreEqual(openIdConnectConfiguration, expectedConfiguration));
}
return(openIdConnectConfiguration);
}
public void ConfigurationManager_GetSets()
{
ConfigurationManager <OpenIdConnectConfiguration> configManager = new ConfigurationManager <OpenIdConnectConfiguration>("OpenIdConnectMetadata.json");
Type type = typeof(ConfigurationManager <OpenIdConnectConfiguration>);
PropertyInfo[] properties = type.GetProperties();
if (properties.Length != 2)
{
Assert.Fail("Number of properties has changed from 2 to: " + properties.Length + ", adjust tests");
}
TimeSpan defaultAutomaticRefreshInterval = ConfigurationManager <OpenIdConnectConfiguration> .DefaultAutomaticRefreshInterval;
TimeSpan defaultRefreshInterval = ConfigurationManager <OpenIdConnectConfiguration> .DefaultRefreshInterval;
GetSetContext context =
new GetSetContext
{
PropertyNamesAndSetGetValue = new List <KeyValuePair <string, List <object> > >
{
new KeyValuePair <string, List <object> >("AutomaticRefreshInterval", new List <object> {
defaultAutomaticRefreshInterval, TimeSpan.FromHours(1), TimeSpan.FromHours(10)
}),
new KeyValuePair <string, List <object> >("RefreshInterval", new List <object> {
defaultRefreshInterval, TimeSpan.FromHours(1), TimeSpan.FromHours(10)
}),
},
Object = configManager,
};
TestUtilities.GetSet(context);
TestUtilities.AssertFailIfErrors(MethodInfo.GetCurrentMethod().Name, context.Errors);
TestUtilities.SetGet(configManager, "AutomaticRefreshInterval", TimeSpan.FromMilliseconds(1), ExpectedException.ArgumentOutOfRangeException(substringExpected: "IDX10107:"));
TestUtilities.SetGet(configManager, "RefreshInterval", TimeSpan.FromMilliseconds(1), ExpectedException.ArgumentOutOfRangeException(substringExpected: "IDX10106:"));
TestUtilities.SetGet(configManager, "RefreshInterval", Timeout.InfiniteTimeSpan, ExpectedException.ArgumentOutOfRangeException(substringExpected: "IDX10106:"));
// AutomaticRefreshInterval interval should return same config.
OpenIdConnectConfiguration configuration = configManager.GetConfigurationAsync().Result;
TestUtilities.SetField(configManager, "_metadataAddress", "OpenIdConnectMetadata2.json");
OpenIdConnectConfiguration configuration2 = configManager.GetConfigurationAsync().Result;
Assert.IsTrue(IdentityComparer.AreEqual <OpenIdConnectConfiguration>(configuration, configuration2));
Assert.IsTrue(object.ReferenceEquals(configuration, configuration2));
// AutomaticRefreshInterval should pick up new bits.
configManager = new ConfigurationManager <OpenIdConnectConfiguration>("OpenIdConnectMetadata.json");
TestUtilities.SetField(configManager, "_automaticRefreshInterval", TimeSpan.FromMilliseconds(1));
configuration = configManager.GetConfigurationAsync().Result;
Thread.Sleep(1);
TestUtilities.SetField(configManager, "_metadataAddress", "OpenIdConnectMetadata2.json");
configuration2 = configManager.GetConfigurationAsync().Result;
Assert.IsFalse(IdentityComparer.AreEqual <OpenIdConnectConfiguration>(configuration, configuration2));
Assert.IsFalse(object.ReferenceEquals(configuration, configuration2));
// RefreshInterval is set to MaxValue
configManager = new ConfigurationManager <OpenIdConnectConfiguration>("OpenIdConnectMetadata.json");
configuration = configManager.GetConfigurationAsync().Result;
configManager.RefreshInterval = TimeSpan.MaxValue;
TestUtilities.SetField(configManager, "_metadataAddress", "OpenIdConnectMetadata2.json");
configuration2 = configManager.GetConfigurationAsync().Result;
Assert.IsTrue(IdentityComparer.AreEqual <OpenIdConnectConfiguration>(configuration, configuration2));
Assert.IsTrue(object.ReferenceEquals(configuration, configuration2));
// Refresh should have no effect
configManager = new ConfigurationManager <OpenIdConnectConfiguration>("OpenIdConnectMetadata.json");
configuration = configManager.GetConfigurationAsync().Result;
configManager.RefreshInterval = TimeSpan.FromHours(10);
configManager.RequestRefresh();
configuration2 = configManager.GetConfigurationAsync().Result;
Assert.IsTrue(IdentityComparer.AreEqual <OpenIdConnectConfiguration>(configuration, configuration2));
Assert.IsTrue(object.ReferenceEquals(configuration, configuration2));
// Refresh should force pickup of new config
configManager = new ConfigurationManager <OpenIdConnectConfiguration>("OpenIdConnectMetadata.json");
configuration = configManager.GetConfigurationAsync().Result;
TestUtilities.SetField(configManager, "_refreshInterval", TimeSpan.FromMilliseconds(1));
Thread.Sleep(1);
configManager.RequestRefresh();
TestUtilities.SetField(configManager, "_metadataAddress", "OpenIdConnectMetadata2.json");
configuration2 = configManager.GetConfigurationAsync().Result;
Assert.IsFalse(object.ReferenceEquals(configuration, configuration2));
Assert.IsFalse(IdentityComparer.AreEqual <OpenIdConnectConfiguration>(configuration, configuration2));
// Refresh set to MaxValue
configManager.RefreshInterval = TimeSpan.MaxValue;
configuration = configManager.GetConfigurationAsync().Result;
Assert.IsTrue(object.ReferenceEquals(configuration, configuration2));
Assert.IsTrue(IdentityComparer.AreEqual <OpenIdConnectConfiguration>(configuration, configuration2));
}
private void RunConfigTest(ConfigurationManager <OpenIdConnectConfiguration> configManager, ExpectedException ee)
{
}
public async Task OpenIdConnectConfigurationRetriever_FromText()
{
OpenIdConnectConfiguration configuration;
configuration = await GetConfigurationFromMixedAsync(OpenIdConfigData.OpenIdConnectMetadataPingString, expectedException : ExpectedException.NoExceptionExpected);
configuration = await GetConfigurationFromMixedAsync(OpenIdConfigData.OpenIdConnectMetadataPingLabsJWKSString, expectedException : ExpectedException.NoExceptionExpected);
Assert.IsTrue(IdentityComparer.AreEqual(configuration, OpenIdConfigData.OpenIdConnectConfigurationPingLabsJWKS));
configuration = await GetConfigurationFromMixedAsync(OpenIdConfigData.OpenIdConnectMetadataString, expectedException : ExpectedException.NoExceptionExpected);
Assert.IsTrue(IdentityComparer.AreEqual(configuration, OpenIdConfigData.OpenIdConnectConfigurationWithKeys1));
// jwt_uri is not reachable
await GetConfigurationFromTextAsync(OpenIdConfigData.OpenIdConnectMetadataBadUriKeysString, string.Empty, expectedException : ExpectedException.IOException());
// stream is not well formated
await GetConfigurationFromTextAsync(OpenIdConfigData.OpenIdConnectMetadataBadFormatString, string.Empty, expectedException : new ExpectedException(typeExpected: typeof(ArgumentException)));
configuration = await GetConfigurationFromMixedAsync(OpenIdConfigData.OpenIdConnectMetadataSingleX509DataString, expectedException : ExpectedException.NoExceptionExpected);
Assert.IsTrue(IdentityComparer.AreEqual(configuration, OpenIdConfigData.OpenIdConnectConfigurationSingleX509Data1));
await GetConfigurationFromMixedAsync(OpenIdConfigData.OpenIdConnectMetadataBadX509DataString, expectedException : ExpectedException.InvalidOperationException(inner: typeof(CryptographicException)));
await GetConfigurationFromMixedAsync(OpenIdConfigData.OpenIdConnectMetadataBadBase64DataString, expectedException : ExpectedException.InvalidOperationException(inner: typeof(FormatException)));
}
public async Task OpenIdConnectConfigurationRetriever_FromFile()
{
OpenIdConnectConfiguration configuration;
configuration = await GetConfigurationAsync(OpenIdConfigData.OpenIdConnectMetadataFile, expectedException : ExpectedException.NoExceptionExpected);
Assert.IsTrue(IdentityComparer.AreEqual(configuration, OpenIdConfigData.OpenIdConnectConfigurationWithKeys1));
// jwt_uri points to bad formated JSON
configuration = await GetConfigurationAsync(OpenIdConfigData.OpenIdConnectMetadataJsonWebKeySetBadUriFile, expectedException : ExpectedException.IOException(inner: typeof(WebException)));
}
public async Task OpenIdConnectConfigurationRetriever_FromNetwork()
{
OpenIdConnectConfiguration configuration = await GetConfigurationFromHttpAsync(OpenIdConfigData.AADCommonUrl, expectedException : ExpectedException.NoExceptionExpected);
Assert.IsNotNull(configuration);
await GetConfigurationFromHttpAsync(string.Empty, expectedException : ExpectedException.ArgumentNullException());
await GetConfigurationFromHttpAsync(OpenIdConfigData.BadUri, expectedException : ExpectedException.IOException(inner: typeof(InvalidOperationException)));
}
private async Task <OpenIdConnectConfiguration> GetConfigurationFromMixedAsync(string primaryDocument, ExpectedException expectedException, OpenIdConnectConfiguration expectedConfiguration = null)
{
OpenIdConnectConfiguration openIdConnectConfiguration = null;
try
{
openIdConnectConfiguration = await OpenIdConnectConfigurationRetriever.GetAsync("primary",
new TestDocumentRetriever(primaryDocument, new GenericDocumentRetriever()), CancellationToken.None);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
if (expectedConfiguration != null)
{
Assert.IsTrue(IdentityComparer.AreEqual(openIdConnectConfiguration, expectedConfiguration));
}
return(openIdConnectConfiguration);
}
public void Saml2SecurityTokenHandler_GetSets()
{
Saml2SecurityTokenHandler samlSecurityTokenHandler = new Saml2SecurityTokenHandler();
TestUtilities.SetGet(samlSecurityTokenHandler, "MaximumTokenSizeInBytes", (object)0, ExpectedException.ArgumentOutOfRangeException(substringExpected: "IDX10101"));
TestUtilities.SetGet(samlSecurityTokenHandler, "MaximumTokenSizeInBytes", (object)1, ExpectedException.NoExceptionExpected);
}
private void ValidateIssuer()
{
PublicSamlSecurityTokenHandler samlSecurityTokenHandler = new PublicSamlSecurityTokenHandler();
SamlSecurityToken samlToken = IdentityUtilities.CreateSamlSecurityToken();
ValidateIssuer(IdentityUtilities.DefaultIssuer, null, samlToken, samlSecurityTokenHandler, ExpectedException.ArgumentNullException(substringExpected: "name: validationParameters"));
ValidateIssuer("bob", null, samlToken, samlSecurityTokenHandler, ExpectedException.ArgumentNullException(substringExpected: "name: validationParameters"));
ValidateIssuer("bob", new TokenValidationParameters {
ValidateIssuer = false
}, samlToken, samlSecurityTokenHandler, ExpectedException.NoExceptionExpected);
ValidateIssuer("bob", new TokenValidationParameters {
}, samlToken, samlSecurityTokenHandler, ExpectedException.SecurityTokenInvalidIssuerException(substringExpected: "IDX10204"));
ValidateIssuer(IdentityUtilities.DefaultIssuer, new TokenValidationParameters {
ValidIssuer = IdentityUtilities.DefaultIssuer
}, samlToken, samlSecurityTokenHandler, ExpectedException.NoExceptionExpected);
ValidateIssuer("bob", new TokenValidationParameters {
ValidIssuer = "frank"
}, samlToken, samlSecurityTokenHandler, ExpectedException.SecurityTokenInvalidIssuerException(substringExpected: "IDX10205"));
List <string> validIssuers = new List <string> {
"john", "paul", "george", "ringo"
};
ValidateIssuer("bob", new TokenValidationParameters {
ValidIssuers = validIssuers
}, samlToken, samlSecurityTokenHandler, ExpectedException.SecurityTokenInvalidIssuerException(substringExpected: "IDX10205"));
ValidateIssuer("bob", new TokenValidationParameters {
ValidateIssuer = false
}, samlToken, samlSecurityTokenHandler, ExpectedException.NoExceptionExpected);
validIssuers.Add(IdentityUtilities.DefaultIssuer);
string issuer = ValidateIssuer(IdentityUtilities.DefaultIssuer, new TokenValidationParameters {
ValidIssuers = validIssuers
}, samlToken, samlSecurityTokenHandler, ExpectedException.NoExceptionExpected);
Assert.IsTrue(issuer == IdentityUtilities.DefaultIssuer, "issuer mismatch");
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerValidator = IdentityUtilities.IssuerValidatorEcho,
};
ValidateIssuer("bob", validationParameters, samlToken, samlSecurityTokenHandler, ExpectedException.SecurityTokenInvalidIssuerException(substringExpected: "IDX10204"));
validationParameters.ValidateIssuer = false;
validationParameters.IssuerValidator = IdentityUtilities.IssuerValidatorThrows;
ValidateIssuer("bob", validationParameters, samlToken, samlSecurityTokenHandler, ExpectedException.NoExceptionExpected);
}
public void AuthenticationProtocolMessage_Publics()
{
string value1 = "value1";
string value2 = "value2";
string param1 = "param1";
string param2 = "param2";
AuthenticationProtocolMessage authenticationProtocolMessage = new DerivedAuthenticationProtocolMessage();
ExpectedException expectedException = ExpectedException.ArgumentNullException(substringExpected: "parameter");
try
{
authenticationProtocolMessage.GetParameter(null);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
expectedException = ExpectedException.ArgumentNullException(substringExpected: "parameter");
try
{
authenticationProtocolMessage.RemoveParameter(null);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
expectedException = ExpectedException.ArgumentNullException(substringExpected: "parameter");
try
{
authenticationProtocolMessage.SetParameter(null, null);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
authenticationProtocolMessage.SetParameter(param1, value1);
authenticationProtocolMessage.RemoveParameter(param2);
Assert.AreEqual(authenticationProtocolMessage.GetParameter(param1), value1);
authenticationProtocolMessage.RemoveParameter(param1);
Assert.IsNull(authenticationProtocolMessage.GetParameter(param1));
authenticationProtocolMessage.SetParameter(param1, value1);
authenticationProtocolMessage.SetParameter(param1, value2);
authenticationProtocolMessage.SetParameter(param2, value2);
authenticationProtocolMessage.SetParameter(param2, value1);
Assert.AreEqual(authenticationProtocolMessage.GetParameter(param1), value2);
Assert.AreEqual(authenticationProtocolMessage.GetParameter(param2), value1);
authenticationProtocolMessage = new DerivedAuthenticationProtocolMessage(@"http://www.gotjwt.com");
authenticationProtocolMessage.SetParameter("bob", " ");
string queryString = authenticationProtocolMessage.BuildRedirectUrl();
Assert.IsNotNull(queryString);
Assert.IsTrue(queryString.Contains("bob"));
authenticationProtocolMessage.IssuerAddress = string.Empty;
queryString = authenticationProtocolMessage.BuildRedirectUrl();
Assert.IsNotNull(queryString);
}
