public void AcsCommand_Run_HandlesExceptionWhenUnbindResultIsStillNull()
{
var issuer = new EntityId("http://bad.idp.example.com");
var artifact = Saml2ArtifactBinding.CreateArtifact(issuer, 0);
// Just spoil it to force an exception.
artifact[3] = 5;
var artifactString = Convert.ToBase64String(artifact);
var r = new HttpRequestData(
"POST",
new Uri("http://localhost"),
"/ModulePath",
new KeyValuePair <string, string[]>[]
{
new KeyValuePair <string, string[]>("SAMLart", new string[] { artifactString })
},
Enumerable.Empty <KeyValuePair <string, string> >(),
null);
Action a = () => new AcsCommand().Run(r, Options.FromConfiguration);
// The real exception was masked by a NullRef in the exception
// handler in AcsCommand.Run
a.ShouldThrow <InvalidOperationException>();
}
public void Saml2ArtifactBinding_Bind_CreateArtifact_NullcheckIssuer()
{
Action a = () => Saml2ArtifactBinding.CreateArtifact(null, 17);
a.ShouldThrow <ArgumentNullException>()
.And.ParamName.Should().Be("issuer");
}
public void Saml2ArtifactBinding_Unbind_FromGet()
{
var issuer = new EntityId("https://idp.example.com");
var artifact = Uri.EscapeDataString(
Convert.ToBase64String(
Saml2ArtifactBinding.CreateArtifact(issuer, 0x1234)));
var relayState = "relayState";
var r = new HttpRequestData(
"GET",
new Uri($"http://example.com/path/acs?SAMLart={artifact}&RelayState={relayState}"),
null,
null,
new StoredRequestState(issuer, null, null, null));
StubServer.LastArtifactResolutionSoapActionHeader = null;
var result = Saml2Binding.Get(Saml2BindingType.Artifact).Unbind(r, StubFactory.CreateOptions());
var xmlDocument = new XmlDocument()
{
PreserveWhitespace = true
};
xmlDocument.LoadXml("<message> <child-node /> </message>");
var expected = new UnbindResult(xmlDocument.DocumentElement, relayState, TrustLevel.None);
result.ShouldBeEquivalentTo(expected);
StubServer.LastArtifactResolutionSoapActionHeader.Should().Be(
"http://www.oasis-open.org/committees/security");
StubServer.LastArtifactResolutionWasSigned.Should().BeFalse();
}
public void Saml2ArtifactBinding_Unbind_FromPostWithoutRelayState()
{
var issuer = new EntityId("https://idp.example.com");
var artifact = Convert.ToBase64String(
Saml2ArtifactBinding.CreateArtifact(issuer, 0x1234));
var r = new HttpRequestData(
"POST",
new Uri("http://example.com"),
"/ModulePath",
new KeyValuePair <string, string[]>[]
{
new KeyValuePair <string, string[]>("SAMLart", new[] { artifact }),
},
null,
null);
StubServer.LastArtifactResolutionSoapActionHeader = null;
var result = Saml2Binding.Get(Saml2BindingType.Artifact).Unbind(r, StubFactory.CreateOptions());
var xmlDocument = new XmlDocument()
{
PreserveWhitespace = true
};
xmlDocument.LoadXml("<message> <child-node /> </message>");
var expected = new UnbindResult(xmlDocument.DocumentElement, null, TrustLevel.None);
result.ShouldBeEquivalentTo(expected);
StubServer.LastArtifactResolutionSoapActionHeader.Should().Be(
"http://www.oasis-open.org/committees/security");
}
public void Saml2ArtifactBinding_Bind_CreateArtifact()
{
var issuer = new EntityId("http://idp.example.com");
var index = 0x1234;
var artifact = Saml2ArtifactBinding.CreateArtifact(issuer, index);
// Header
artifact[0].Should().Be(0);
artifact[1].Should().Be(4);
//Endpoint index
artifact[2].Should().Be(0x12);
artifact[3].Should().Be(0x34);
artifact.Length.Should().Be(44);
var sourceID = new byte[20];
Array.Copy(artifact, 4, sourceID, 0, 20);
sourceID.ShouldBeEquivalentTo(
SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(issuer.Id)));
// Can't test a random value, but check it's not 0 all over.
artifact.Skip(24).Count(c => c == 0).Should().BeLessThan(10);
}
public void Saml2ArtifactBinding_Unbind_FromPost()
{
var issuer = new EntityId("https://idp.example.com");
var artifact = Convert.ToBase64String(
Saml2ArtifactBinding.CreateArtifact(issuer, 0x1234));
var relayState = MethodBase.GetCurrentMethod().Name;
var r = new HttpRequestData(
"POST",
new Uri("http://example.com"),
"/ModulePath",
new KeyValuePair <string, IEnumerable <string> >[]
{
new KeyValuePair <string, IEnumerable <string> >("SAMLart", new[] { artifact }),
new KeyValuePair <string, IEnumerable <string> >("RelayState", new[] { relayState })
},
new StoredRequestState(issuer, null, null, null));
StubServer.LastArtifactResolutionSoapActionHeader = null;
var result = Saml2Binding.Get(Saml2BindingType.Artifact).Unbind(r, StubFactory.CreateOptions());
var xmlDocument = XmlHelpers.XmlDocumentFromString(
"<message> <child-node /> </message>");
var expected = new UnbindResult(xmlDocument.DocumentElement, relayState, TrustLevel.None);
result.ShouldBeEquivalentTo(expected);
StubServer.LastArtifactResolutionSoapActionHeader.Should().Be(
"http://www.oasis-open.org/committees/security");
}
public void Saml2ArtifactBinding_Unbind_FromGet_ArtifactIsntHashOfEntityId()
{
var issuer = new EntityId("https://idp.example.com");
var artifact = Uri.EscapeDataString(
Convert.ToBase64String(
Saml2ArtifactBinding.CreateArtifact(
new EntityId("https://this.entityid.is.invalid"),
0x1234)));
var relayState = "relayState";
var r = new HttpRequestData(
"GET",
new Uri($"http://example.com/path/acs?SAMLart={artifact}&RelayState={relayState}"),
null,
null,
new StoredRequestState(issuer, null, null, null));
var result = Saml2Binding.Get(Saml2BindingType.Artifact).Unbind(r, StubFactory.CreateOptions());
var xmlDocument = XmlHelpers.XmlDocumentFromString(
"<message> <child-node /> </message>");
var expected = new UnbindResult(xmlDocument.DocumentElement, relayState, TrustLevel.None);
result.Should().BeEquivalentTo(expected);
StubServer.LastArtifactResolutionWasSigned.Should().BeFalse();
}
public void Saml2ArtifactBinding_Unbind_FromGetUsesIdpFromNotification()
{
var issuer = new EntityId("https://idp.example.com");
var artifact = Uri.EscapeDataString(
Convert.ToBase64String(
Saml2ArtifactBinding.CreateArtifact(issuer, 0x1234)));
var relayState = "relayState";
var relayData = new Dictionary <string, string>
{
{ "key", "value" }
};
var r = new HttpRequestData(
"GET",
new Uri($"http://example.com/path/acs?SAMLart={artifact}&RelayState={relayState}"),
null,
null,
new StoredRequestState(issuer, null, null, relayData));
var options = StubFactory.CreateOptions();
var idp = options.IdentityProviders.Default;
options.IdentityProviders.Remove(idp.EntityId);
var getIdentityProviderCalled = false;
options.Notifications.GetIdentityProvider = (ei, rd, opt) =>
{
getIdentityProviderCalled = true;
rd["key"].Should().Be("value");
return(idp);
};
var result = Saml2Binding.Get(Saml2BindingType.Artifact).Unbind(r, options);
getIdentityProviderCalled.Should().BeTrue();
}
public void Saml2ArtifactBinding_Unbind_FromGet_SignsArtifactResolve()
{
var issuer = new EntityId("https://idp.example.com");
var artifact = Uri.EscapeDataString(
Convert.ToBase64String(
Saml2ArtifactBinding.CreateArtifact(issuer, 0x1234)));
var r = new HttpRequestData(
"GET",
new Uri($"http://example.com/path/acs?SAMLart={artifact}"));
var options = StubFactory.CreateOptions();
options.SPOptions.ServiceCertificates.Add(new ServiceCertificate
{
Certificate = SignedXmlHelper.TestCert
});
var result = Saml2Binding.Get(Saml2BindingType.Artifact).Unbind(r, options);
StubServer.LastArtifactResolutionWasSigned.Should().BeTrue();
}
public void Saml2ArtifactBinding_Unbind_FromGetWithoutRelayState()
{
var issuer = new EntityId("https://idp.example.com");
var artifact = Uri.EscapeDataString(
Convert.ToBase64String(
Saml2ArtifactBinding.CreateArtifact(issuer, 0x1234)));
var r = new HttpRequestData(
"GET",
new Uri($"http://example.com/path/acs?SAMLart={artifact}"));
StubServer.LastArtifactResolutionSoapActionHeader = null;
var result = Saml2Binding.Get(Saml2BindingType.Artifact).Unbind(r, StubFactory.CreateOptions());
var xmlDocument = XmlHelpers.XmlDocumentFromString(
"<message> <child-node /> </message>");
var expected = new UnbindResult(xmlDocument.DocumentElement, null, TrustLevel.None);
result.Should().BeEquivalentTo(expected);
}
