public void RemoteCertificateValidationRulesTest()
{
//ARRANGE
var configuration = new CertificateValidationConfiguration
{
UsePinningValidation = false,
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
var validator = new BackchannelCertificateValidator(configurationProvider);
var certificateStore = new X509Store("TestCertStore", StoreLocation.LocalMachine);
var validationResult = false;
//ACT
try
{
certificateStore.Open(OpenFlags.ReadOnly);
var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0];
var x509Chain = new X509Chain(true);
x509Chain.Build(certificate);
validationResult = validator.Validate(this, certificate, x509Chain, SslPolicyErrors.None);
}
finally
{
certificateStore.Close();
certificateStore.Dispose();
}
//ASSERT
Assert.True(validationResult);
}
public void SerialiseMetadataTest()
{
//ARRANGE
var logger = new LogProviderMock();
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var context = contextBuilder.BuildContext(metadataRequest);
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider, logger);
var metadata = context.EntityDesriptorConfiguration;
var spDescriptorConfigurtion = context.EntityDesriptorConfiguration.RoleDescriptors.First() as SPSSODescriptorConfiguration;
var descriptorBuilder = new ServiceProviderSingleSignOnDescriptorBuilder();
var descriptor = descriptorBuilder.BuildDescriptor(spDescriptorConfigurtion);
var entityDescriptor = new EntityDescriptor(new EntityId("EntityIdTest"));
entityDescriptor.RoleDescriptors.Add(descriptor);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
//ACT
var sb = new StringBuilder();
using (var xmlWriter = XmlWriter.Create(sb))
{
metadataSerialiser.Serialise(xmlWriter, entityDescriptor);
}
var xmlResult = sb.ToString();
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(xmlResult));
}
public async Task WsFederationConfigurationRetrieverTest()
{
//ARRANGE
var webRequestHandler = new WebRequestHandler();
webRequestHandler.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback((_, __, ___, ____) => true);
var httpClient = new HttpClient(webRequestHandler);
var documentRetrieer = new HttpDocumentRetriever(() => httpClient);
var configurationProvider = new CertificateValidationConfigurationProvider();
var certValidator = new CertificateValidator(configurationProvider);
var logger = new LogProviderMock();
var serialiser = new FederationMetadataSerialiser(certValidator, logger);
var configurationRetriever = new WsFederationConfigurationRetriever(documentRetrieer, serialiser);
//ACT
//var baseMetadata = await WsFederationConfigurationRetriever.GetAsync("https://dg-mfb/idp/shibboleth", documentRetrieer, new CancellationToken());
var context = new FederationPartyConfiguration("local", "https://www.testshib.org/metadata/testshib-providers.xml");
var baseMetadata = await configurationRetriever.GetAsync(context, new CancellationToken());
var metadata = baseMetadata as EntitiesDescriptor;
//ASSERT
Assert.IsTrue(metadata != null);
Assert.AreEqual(2, metadata.ChildEntities.Count);
}
public void SPMetadata_serialise_deserialise_Test()
{
////ARRANGE
var logger = new LogProviderMock();
string metadataXml = String.Empty;
var metadataWriter = new TestMetadatWriter(el => metadataXml = el.OuterXml);
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadataContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
context.MetadataContext = metadataContext;
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
sPSSOMetadataProvider.CreateMetadata(metadataRequest);
var xmlReader = XmlReader.Create(new StringReader(metadataXml));
var deserialisedMetadata = metadataSerialiser.ReadMetadata(xmlReader) as EntityDescriptor;
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(metadataXml));
Assert.AreEqual(1, deserialisedMetadata.RoleDescriptors.Count);
}
public async Task SPMetadataGenerationTest()
{
////ARRANGE
var result = String.Empty;
var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml);
var logger = new LogProviderMock();
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadataContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
context.MetadataContext = metadataContext;
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider, logger);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
await sPSSOMetadataProvider.CreateMetadata(metadataRequest);
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(result));
}
public void SPMetadata_serialise_deserialise_Test()
{
////ARRANGE
string metadataXml = String.Empty;
var metadataWriter = new TestMetadatWriter(el => metadataXml = el.OuterXml);
var contextBuilder = new InlineMetadataContextBuilder();
var context = contextBuilder.BuildContext();
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider);
var ssoCryptoProvider = new CertificateManager();
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator);
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataWriter, ssoCryptoProvider, metadataSerialiser, g => context);
//ACT
sPSSOMetadataProvider.CreateMetadata(MetadataType.SP);
var xmlReader = XmlReader.Create(new StringReader(metadataXml));
var deserialisedMetadata = metadataSerialiser.ReadMetadata(xmlReader) as EntityDescriptor;
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(metadataXml));
Assert.AreEqual(1, deserialisedMetadata.RoleDescriptors.Count);
}
public void SPMetadataGenerationTest()
{
////ARRANGE
var result = String.Empty;
var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml);
//var metadataWriter = new TestMetadatWriter(el =>
//{
// using (var writer = XmlWriter.Create(@"D:\Dan\Software\Apira\SPMetadata\SPMetadata.xml"))
// {
// el.WriteTo(writer);
// writer.Flush();
// }
//});
var contextBuilder = new InlineMetadataContextBuilder();
var context = contextBuilder.BuildContext();
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider);
var ssoCryptoProvider = new CertificateManager();
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator);
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataWriter, ssoCryptoProvider, metadataSerialiser, g => context);
//ACT
sPSSOMetadataProvider.CreateMetadata(MetadataType.SP);
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(result));
}
public void RemoteCertificateValidationCallbackTest()
{
//ARRANGE
var configurationProvider = new CertificateValidationConfigurationProvider();
var validator = new CertificateValidator(configurationProvider);
//ACT
//ASSERT
Assert.Throws <NotImplementedException>(() => validator.Validate(null, null, null, System.Net.Security.SslPolicyErrors.None));
}
public void MetadataSerialisationCertificateTest()
{
//ARRANGE
var configurationProvider = new CertificateValidationConfigurationProvider();
var validator = new CertificateValidator(configurationProvider);
//ACT
//ASSERT
Assert.Throws <NotImplementedException>(() => validator.Validate((X509Certificate2)null));
}
public void SPMetadataGenerationTest_sql_source()
{
////ARRANGE
var result = false;
var metadataWriter = new TestMetadatWriter(el =>
{
result = true;
});
var cacheProvider = new CacheProviderMock();
var customConfiguration = new DbCustomConfiguration();
var connectionStringProvider = new MetadataConnectionStringProviderMock();
var models = ReflectionHelper.GetAllTypes(new[] { typeof(MetadataContextBuilder).Assembly })
.Where(t => !t.IsAbstract && !t.IsInterface && typeof(BaseModel).IsAssignableFrom(t));
customConfiguration.ModelsFactory = () => models;
var seeders = ReflectionHelper.GetAllTypes(new[] { typeof(MetadataContextBuilder).Assembly })
.Where(t => !t.IsAbstract && !t.IsInterface && typeof(ISeeder).IsAssignableFrom(t))
.Select(x => (ISeeder)Activator.CreateInstance(x));
seeders
.OrderBy(x => x.SeedingOrder)
.Aggregate(customConfiguration.Seeders, (c, next) => { c.Add(next); return(c); });
object dbcontext = new DBContext(connectionStringProvider, customConfiguration);
var metadataContextBuilder = new MetadataContextBuilder((IDbContext)dbcontext, cacheProvider);
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadatContext = metadataContextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost")
{
MetadataContext = metadatContext
};
var logger = new LogProviderMock();
var configurationProvider = new CertificateValidationConfigurationProvider((IDbContext)dbcontext, cacheProvider);
var certificateValidator = new CertificateValidator(configurationProvider, logger);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
sPSSOMetadataProvider.CreateMetadata(metadataRequest).Wait();
//ASSERT
Assert.IsTrue(result);
}
public void RemoteCertificateValidationCallbackTest()
{
//ARRANGE
var configuration = new CertificateValidationConfiguration
{
UsePinningValidation = false,
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
var validator = new BackchannelCertificateValidator(configurationProvider);
//ACT
//ASSERT
Assert.Throws <NotImplementedException>(() => validator.Validate(null, null, null, System.Net.Security.SslPolicyErrors.None));
}
public void SPMetadataGeneration_create_file()
{
////ARRANGE
var result = false;
var path = @"D:\Dan\Software\Apira\SPMetadata\SPMetadataTest.xml";
var metadataWriter = new TestMetadatWriter(el =>
{
if (File.Exists(path))
{
File.Delete(path);
}
using (var writer = XmlWriter.Create(path))
{
el.WriteTo(writer);
writer.Flush();
}
result = true;
});
var logger = new LogProviderMock();
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadatContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
sPSSOMetadataProvider.CreateMetadata(metadataRequest);
//ASSERT
Assert.IsTrue(result);
}
public void SPMetadataGeneration_create_file()
{
////ARRANGE
var result = false;
var path = @"D:\Dan\Software\Apira\SPMetadata\SPMetadataTest.xml";
var metadataWriter = new TestMetadatWriter(el =>
{
if (File.Exists(path))
{
File.Delete(path);
}
using (var writer = XmlWriter.Create(path))
{
el.WriteTo(writer);
writer.Flush();
}
result = true;
});
var contextBuilder = new InlineMetadataContextBuilder();
var context = contextBuilder.BuildContext();
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider);
var ssoCryptoProvider = new CertificateManager();
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator);
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataWriter, ssoCryptoProvider, metadataSerialiser, g => context);
//ACT
sPSSOMetadataProvider.CreateMetadata(MetadataType.SP);
//ASSERT
Assert.IsTrue(result);
}
public async Task WsFederationConfigurationRetrieverTest()
{
//ARRANGE
var logger = new LogProviderMock();
var bckChannelcertValidator = new CertificateValidatorMock();
var documentRetrieer = new HttpDocumentRetrieverMock(bckChannelcertValidator);
var configurationProvider = new CertificateValidationConfigurationProvider();
var certValidator = new CertificateValidator(configurationProvider, logger);
var serialiser = new FederationMetadataSerialiser(certValidator, logger);
var configurationRetriever = new WsFederationConfigurationRetriever(_ => documentRetrieer, serialiser);
//ACT
var context = new FederationPartyConfiguration("local", "https://localhost");
var baseMetadata = await configurationRetriever.GetAsync(context, new CancellationToken());
var metadata = baseMetadata as EntityDescriptor;
//ASSERT
Assert.IsTrue(metadata != null);
Assert.AreEqual(1, metadata.RoleDescriptors.Count);
}
public void SPMetadataGenerationTest()
{
////ARRANGE
var result = String.Empty;
var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml);
//var metadataWriter = new TestMetadatWriter(el =>
//{
// using (var writer = XmlWriter.Create(@"D:\Dan\Software\Apira\SPMetadata\SPMetadata.xml"))
// {
// el.WriteTo(writer);
// writer.Flush();
// }
//});
var logger = new LogProviderMock();
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadataContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
context.MetadataContext = metadataContext;
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
sPSSOMetadataProvider.CreateMetadata(metadataRequest);
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(result));
}
public void MetadataSerialisationCertificateTest_failed()
{
//ARRANGE
var store = new X509Store("TestCertStore");
try
{
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0];
var configuration = new CertificateValidationConfiguration
{
UsePinningValidation = false,
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
var rule1 = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
var rule2 = typeof(CertificateValidationRuleFailedMock).AssemblyQualifiedName;
var ruleDescriptor = new ValidationRuleDescriptor(rule1);
var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
configuration.ValidationRules.Add(ruleDescriptor);
configuration.ValidationRules.Add(ruleDescriptor2);
configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1));
var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
var validator = new CertificateValidator(configurationProvider);
//ACT
//ASSERT
Assert.Throws <InvalidOperationException>(() => validator.Validate(certificate));
}
finally
{
store.Close();
store.Dispose();
}
}
public void MetadataSerialisationCertificateTest_success()
{
//ARRANGE
var logger = new LogProviderMock();
var store = new X509Store("TestCertStore");
try
{
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates.Find(X509FindType.FindBySubjectName, "www.eca-international.com", false)[0];
var configuration = new CertificateValidationConfiguration
{
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
var rule1 = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
var rule2 = typeof(CertificateValidationRuleMock).AssemblyQualifiedName;
var ruleDescriptor = new ValidationRuleDescriptor(rule1);
var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
configuration.ValidationRules.Add(ruleDescriptor);
configuration.ValidationRules.Add(ruleDescriptor2);
configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1));
var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
var validator = new CertificateValidator(configurationProvider, logger);
//ACT
validator.Validate(certificate);
//ASSERT
}
finally
{
store.Close();
store.Dispose();
}
}
public async Task IdPMetadata_serialise_deserialise_Test()
{
////ARRANGE
var logger = new LogProviderMock();
string metadataXml = String.Empty;
var metadataWriter = new TestMetadatWriter(el => metadataXml = el.OuterXml);
CertificateValidationRulesFactory.InstanceCreator = ValidationRuleInstanceCreatorMock.CreateInstance;
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.Idp, "local");
var metadataContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
context.MetadataContext = metadataContext;
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider, logger);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var idPSSOMetadataProvider = new IdpSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
await idPSSOMetadataProvider.CreateMetadata(metadataRequest);
var xmlReader = XmlReader.Create(new StringReader(metadataXml));
var deserialisedMetadata = metadataSerialiser.Deserialise(xmlReader) as EntityDescriptor;
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(metadataXml));
Assert.AreEqual(1, deserialisedMetadata.RoleDescriptors.Count);
Assert.IsInstanceOf <IdentityProviderSingleSignOnDescriptor>(deserialisedMetadata.RoleDescriptors.Single());
}
