public void AuthnRequestType_test() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); var types = ReflectionHelper.GetAllTypes(t => !t.IsAbstract && !t.IsInterface && typeof(RequestAbstract).IsAssignableFrom(t)); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser; RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnRequest = RequestHelper.BuildRequest(authnRequestContext); var typeResolver = new MessageTypeResolver(); //ACT var serialised = serialiser.Serialize(authnRequest); var type = typeResolver.ResolveMessageType(serialised, types); //ASSERT Assert.AreEqual(typeof(AuthnRequest), type); }
public void BuildAuthnRequest_test_requested_authn_context_default_overwritten_multiple_contexts() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient); var requestedAuthnContextConfiguration = new Kernel.Federation.FederationPartner.RequestedAuthnContextConfiguration(AuthnContextComparisonType.Minimum.ToString()); requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.Password)))); requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.PasswordProtectedTransport)))); var federationPartyAuthnRequestConfiguration = new FederationPartyAuthnRequestConfiguration(requestedAuthnContextConfiguration, new DefaultNameId(new Uri(NameIdentifierFormats.Transient))); federationContex.FederationPartyAuthnRequestConfiguration = federationPartyAuthnRequestConfiguration; var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var requestConfiguration = federationContex.GetRequestConfigurationFromContext(); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); //ACT var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); //ASSERT Assert.NotNull(authnRequest); Assert.IsNotNull(authnRequest.RequestedAuthnContext); Assert.AreEqual(AuthnContextComparisonType.Minimum, authnRequest.RequestedAuthnContext.Comparison); Assert.AreEqual(2, authnRequest.RequestedAuthnContext.Items.Length); Assert.AreEqual(2, authnRequest.RequestedAuthnContext.ItemsElementName.Length); Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[0]); Assert.AreEqual(AuthnticationContexts.Password, authnRequest.RequestedAuthnContext.Items[0]); Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[1]); Assert.AreEqual(AuthnticationContexts.PasswordProtectedTransport, authnRequest.RequestedAuthnContext.Items[1]); }
public void BuildAuthnRequest_test_scoping_default_overwritten() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient); federationContex.ScopingConfiguration = new Kernel.Federation.FederationPartner.ScopingConfiguration("http://localhost:59611/") { PoxyCount = 10 }; var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var requestConfiguration = federationContex.GetRequestConfigurationFromContext(); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); //ACT var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); //ASSERT Assert.NotNull(authnRequest); Assert.IsNotNull(authnRequest.Scoping); Assert.AreEqual("10", authnRequest.Scoping.ProxyCount); Assert.AreEqual(1, authnRequest.Scoping.RequesterId.Length); Assert.AreEqual("http://localhost:59611/", authnRequest.Scoping.RequesterId[0]); }
public void BuildAuthnRequest_test_nameid_fortmat_no_match_from_many_entries_supported() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Windows); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient), new Uri(NameIdentifierFormats.Persistent) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var requestConfiguration = federationContex.GetRequestConfigurationFromContext(); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); //ACT var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); var audience = ((AudienceRestriction)authnRequest.Conditions.Items.Single()) .Audience .Single(); //ASSERT Assert.NotNull(authnRequest); Assert.AreEqual(requestConfiguration.IsPassive, authnRequest.IsPassive); Assert.AreEqual(requestConfiguration.ForceAuthn, authnRequest.ForceAuthn); Assert.AreEqual("2.0", authnRequest.Version); //issuer Assert.AreEqual(requestConfiguration.EntityId, authnRequest.Issuer.Value); Assert.AreEqual(NameIdentifierFormats.Entity, authnRequest.Issuer.Format); //audience Assert.AreEqual(requestConfiguration.AudienceRestriction.Count, authnRequest.Conditions.Items.Count); Assert.AreEqual(requestConfiguration.AudienceRestriction.Single(), audience); //nameIdPolicy Assert.IsFalse(authnRequest.NameIdPolicy.AllowCreate); Assert.AreEqual(authnRequest.NameIdPolicy.Format, NameIdentifierFormats.Unspecified); }
public void LogoutRequestType_test_test() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var logoutContext = new SamlLogoutContext(new Uri(Reasons.User), new System.IdentityModel.Tokens.Saml2NameIdentifier("testUser", new Uri(NameIdentifierFormats.Persistent)), "local"); var authnRequestContext = new LogoutRequestContext(requestUri, new Uri("http://localhost"), federationContex, logoutContext); var types = ReflectionHelper.GetAllTypes(t => !t.IsAbstract && !t.IsInterface && typeof(RequestAbstract).IsAssignableFrom(t)); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser; RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetLogoutRequestBuildersFactory(); var logoutRequest = RequestHelper.BuildRequest(authnRequestContext); var typeResolver = new MessageTypeResolver(); //ACT var serialised = serialiser.Serialize(logoutRequest); var type = typeResolver.ResolveMessageType(serialised, types); //ASSERT Assert.AreEqual(typeof(LogoutRequest), type); }
public async Task ParseLogoutRequest_post_binding() { //ARRANGE var form = await SamlPostRequestProviderMock.BuildLogoutRequestPostForm(); Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler(); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser; var certManager = new CertificateManager(logger); var signatureManager = new XmlSignatureManager(); Func <IEnumerable <RequestValidationRule> > rulesResolver = () => new[] { new SignatureValidRule(logger, certManager, signatureManager) }; var requestValidator = new Federation.Protocols.Request.Validation.RequestValidator(logger, new RuleFactory(rulesResolver)); var configurationRetrieverMock = new ConfigurationRetrieverMock(); var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock(); var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock); var requestParser = new RequestParser(metadataHandlerFactory, t => new LogoutRequestParser(serialiser, logger), configurationManger, logger, requestValidator); var postBindingDecoder = new PostBindingDecoder(logger); var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value)); var context = new SamlInboundContext { Message = message, DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single() }; //ACT var result = await requestParser.Parse(context); //ASSERT Assert.IsTrue(result.IsValidated); Assert.IsInstanceOf <LogoutRequest>(result.SamlRequest); }
public async Task AuthnRequestSerialiser_test() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new AuthnRequestSerialiser(xmlSerialiser, encoder, logger); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); //ACT var request = await serialiser.Serialize(authnRequest); //ASSERT Assert.NotNull(request); }
public void BuildAuthnRequest_test_scoping_default_overwritten_2_requesters() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var scopingConfiguration = new ScopingConfiguration("http://localhost:59611/", "http://localhost:59612/") { PoxyCount = 10 }; var federationContext = federationPartyContextBuilder.BuildContext("local", scopingConfiguration); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContext, supportedNameIdentifierFormats); var requestConfiguration = federationContext.GetAuthnRequestConfigurationFromContext(Guid.NewGuid().ToString()); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); //ACT var authnRequest = RequestHelper.BuildRequest(authnRequestContext) as AuthnRequest; //ASSERT Assert.NotNull(authnRequest); Assert.IsNotNull(authnRequest.Scoping); Assert.AreEqual("10", authnRequest.Scoping.ProxyCount); Assert.AreEqual(2, authnRequest.Scoping.RequesterId.Length); Assert.AreEqual("http://localhost:59611/", authnRequest.Scoping.RequesterId[0]); Assert.AreEqual("http://localhost:59612/", authnRequest.Scoping.RequesterId[1]); }
public void DeserialiseTokenTest_signed_only_assertion_read_assertion() { //ARRANGE var path = FileHelper.GetSignedAssertion(); var certValidator = new CertificateValidatorMock(); var logger = new LogProviderMock(); var certManager = new CertificateManager(logger); certManager.CertificateValidator = certValidator; var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var xmlReader = XmlReader.Create(path); var reader = XmlReader.Create(xmlReader, xmlReader.Settings); var tokenHandlerConfigurationProvider = new TokenHandlerConfigurationProvider(federationPartyContextBuilder, certManager); var configuration = tokenHandlerConfigurationProvider.GetConfiguration("testshib"); var saml2SecurityTokenHandler = new SecurityTokenHandlerMock(); saml2SecurityTokenHandler.SetConfiguration(configuration); //ACT var assertion = saml2SecurityTokenHandler.GetAssertion(reader); //Assert Assert.NotNull(assertion); }
public void AuthnRequestSerialiser_test() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as ISerializer; RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnRequest = RequestHelper.BuildRequest(authnRequestContext); //ACT var serialised = serialiser.Serialize(authnRequest); var deserialised = serialiser.Deserialize <AuthnRequest>(serialised); //ASSERT Assert.NotNull(serialised); Assert.AreEqual(authnRequest.Issuer.Value, deserialised.Issuer.Value); }
public async Task ParseTokenResponse_post_binding_sp_initiated() { //ARRANGE var inResponseTo = Guid.NewGuid().ToString(); var response = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo, StatusCodes.Success); var logger = new LogProviderMock(); var serialised = ResponseFactoryMock.Serialize(response); var xmlSignatureManager = new XmlSignatureManager(); var document = new XmlDocument(); document.LoadXml(serialised); var cert = AssertionFactroryMock.GetMockCertificate(); xmlSignatureManager.SignXml(document, response.ID, cert.PrivateKey, null); var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(document.DocumentElement.OuterXml)); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayState = await relayStateSerialiser.Serialize(new Dictionary <string, object> { { "Key", "Value" } }); var form = new SAMLForm(); form.SetResponse(base64Encoded); form.SetRelatState(relayState); Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler(); var certManager = new CertificateManager(logger); var signatureManager = new XmlSignatureManager(); Func <IEnumerable <ResponseValidationRule> > rulesResolver = () => new[] { new ResponseSignatureRule(logger, certManager, signatureManager) }; var validator = new Federation.Protocols.Response.Validation.ResponseValidator(logger, new RuleFactory(rulesResolver)); var configurationRetrieverMock = new ConfigurationRetrieverMock(); var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock(); var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock); var relayStateHandler = new RelayStateHandler(relayStateSerialiser, logger); var responseParser = new ResponseParser(metadataHandlerFactory, t => new SamlTokenResponseParser(logger), configurationManger, relayStateHandler, logger, validator); var postBindingDecoder = new PostBindingDecoder(logger); var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value)); var context = new SamlInboundContext { Message = message, DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single() }; //ACT var result = await responseParser.Parse(context); //ASSERT Assert.IsTrue(result.IsValidated); }
public async Task ManagerTest() { //ARRANGE MetadataBase configuration = null; var federationPartyId = "imperial.ac.uk"; var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var configurationRetriever = new ConfigurationRetrieverMock(); var configurationManager = new ConfigurationManager <MetadataBase>(federationPartyContextBuilder, configurationRetriever); //ACT configuration = await configurationManager.GetConfigurationAsync(federationPartyId); //ASSET Assert.IsNotNull(configuration); }
public void BuildAuthnRequest_test_requested_authn_context_default() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); //ACT //ASSERT Assert.Throws <ArgumentNullException>(() => federationContex.GetRequestConfigurationFromContext()); }
public void BuildAuthnRequest_test_requested_authn_context_default() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", (RequestedAuthnContextConfiguration)null); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); //ACT var config = federationContex.GetAuthnRequestConfigurationFromContext(Guid.NewGuid().ToString()); //ASSERT Assert.IsNull(config.RequestedAuthnContextConfiguration); }
public async Task BuildRelayStateTest() { //ARRANGE var logger = new LogProviderMock(); var handler = new RelayStateAppender(logger); //ACT var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock(); var configuration = federationPartyContextBuilderMock.BuildContext("local"); var authnRequestContext = new AuthnRequestContext(new Uri("http://localhost"), new Uri("http://localhost"), configuration, new [] { new Uri("http://localhost") }); await handler.BuildRelayState(authnRequestContext); //ASSERT Assert.AreEqual(3, authnRequestContext.RelyingState.Count); Assert.AreEqual("local", authnRequestContext.RelyingState["federationPartyId"]); Assert.AreEqual(authnRequestContext.RequestId, authnRequestContext.RelyingState.ElementAt(1).Value); Assert.AreEqual("http://localhost/", authnRequestContext.RelyingState.ElementAt(2).Value.ToString()); }
public void DeserialiseTokenTest_Encrypted_assertion() { //ARRANGE var dirPath = @"D:\Dan\Software\Apira\Assertions\"; var path = FileHelper.GetLastesFile(dirPath); var certValidator = new CertificateValidatorMock(); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var xmlReader = XmlReader.Create(path); var reader = XmlReader.Create(xmlReader, xmlReader.Settings); var tokenHandlerConfigurationProvider = new TokenHandlerConfigurationProvider(federationPartyContextBuilder, certValidator); var tokenSerialiser = new TokenSerialiser(tokenHandlerConfigurationProvider); //ACT var token = tokenSerialiser.DeserialiseToken(reader, "testshib"); //Assert Assert.NotNull(token); }
public void BuildAuthnRequest_test_default_overwritten_intex_endpoint() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", 1); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); //ACT var config = federationContex.GetAuthnRequestConfigurationFromContext(Guid.NewGuid().ToString()); var authnRequest = RequestHelper.BuildRequest(authnRequestContext) as AuthnRequest; //ASSERT Assert.IsNotNull(config.RequestedAuthnContextConfiguration); Assert.AreEqual(1, authnRequest.AssertionConsumerServiceIndex); }
public void DeserialiseTokenTest_signed_only_assertion_read_assertion() { //ARRANGE var dirPath = @"D:\Dan\Software\Apira\Assertions\Local\"; var path = FileHelper.GetLastesFile(dirPath); var certValidator = new CertificateValidatorMock(); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var xmlReader = XmlReader.Create(path); var reader = XmlReader.Create(xmlReader, xmlReader.Settings); var tokenHandlerConfigurationProvider = new TokenHandlerConfigurationProvider(federationPartyContextBuilder, certValidator); var configuration = tokenHandlerConfigurationProvider.GetConfiguration("testshib"); var saml2SecurityTokenHandler = new SecurityTokenHandlerMock(); saml2SecurityTokenHandler.SetConfiguration(configuration); //ACT var assertion = saml2SecurityTokenHandler.GetAssertion(reader); //Assert Assert.NotNull(assertion); }
public void DeserialiseTokenTest_Encrypted_assertion() { //ARRANGE var path = FileHelper.GetEncryptedAssertionFilePath(); var certValidator = new CertificateValidatorMock(); var logger = new LogProviderMock(); var certManager = new CertificateManager(logger); certManager.CertificateValidator = certValidator; var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var xmlReader = XmlReader.Create(path); var reader = XmlReader.Create(xmlReader, xmlReader.Settings); var tokenHandlerConfigurationProvider = new TokenHandlerConfigurationProvider(federationPartyContextBuilder, certManager); var tokenSerialiser = new TokenSerialiser(tokenHandlerConfigurationProvider); //ACT var token = tokenSerialiser.DeserialiseToken(reader, "testshib"); //Assert Assert.NotNull(token); }
public async Task Post_end_to_end_test() { //ARRANGE var isValid = false; string url = String.Empty; IDictionary <string, object> relayState = null; var builders = new List <IPostClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var xmlSinatureManager = new XmlSignatureManager(); var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager); builders.Add(signatureBuilder); //context var outboundContext = new HttpPostRequestContext(new SAMLForm()) { BindingContext = new RequestPostBindingContext(authnRequestContext), DespatchDelegate = form => { url = form.ActionURL; var request = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.SamlRequest]; var state = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.RelayState]; var task = relayStateSerialiser.Deserialize(state); task.Wait(); relayState = task.Result as IDictionary <string, object>; var cert = certificateManager.GetCertificateFromContext(certContext); isValid = this.VerifySignature(request, cert); return(Task.CompletedTask); } }; //dispatcher var dispatcher = new PostRequestDispatcher(() => builders, logger); //ACT await dispatcher.SendAsync(outboundContext); //ASSERT Assert.AreEqual(url, requestUri.AbsoluteUri); Assert.IsTrue(Enumerable.SequenceEqual(relayState, authnRequestContext.RelyingState)); Assert.IsTrue(isValid); }
public async Task Redirect_end_to_end_test() { //ARRANGE var isValid = false; string url = String.Empty; var builders = new List <IRedirectClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //request compression builder var encodingBuilder = new RequestEncoderBuilder(encoder); builders.Add(encodingBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var signatureBuilder = new SignatureBuilder(certificateManager, logger); builders.Add(signatureBuilder); //context var outboundContext = new HttpRedirectRequestContext { BindingContext = new RequestBindingContext(authnRequestContext), DespatchDelegate = redirectUri => { url = redirectUri.GetLeftPart(UriPartial.Path); var query = redirectUri.Query.TrimStart('?'); var cert = certificateManager.GetCertificateFromContext(certContext); isValid = this.VerifySignature(query, cert, certificateManager); return(Task.CompletedTask); } }; //dispatcher var dispatcher = new RedirectRequestDispatcher(() => builders); //ACT await dispatcher.SendAsync(outboundContext); //ASSERT Assert.AreEqual(url, requestUri.AbsoluteUri); Assert.IsTrue(isValid); }
public async Task DecodeTest() { string url = String.Empty; var builders = new List <IRedirectClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //request compression builder var encodingBuilder = new RequestEncoderBuilder(encoder); builders.Add(encodingBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var signatureBuilder = new SignatureBuilder(certificateManager, logger); builders.Add(signatureBuilder); var bindingContext = new RequestBindingContext(authnRequestContext); foreach (var b in builders) { await b.Build(bindingContext); } var decoder = new RedirectBindingDecoder(logger, encoder); //ACT var message = await decoder.Decode(bindingContext.GetDestinationUrl()); var stateFromResult = message.Elements[HttpRedirectBindingConstants.RelayState]; var requestFromContext = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest]; var decoded = await encoder.DecodeMessage(requestFromContext); //ASSERT Assert.IsNotNull(stateFromResult); Assert.AreEqual(bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState], message.Elements[HttpRedirectBindingConstants.RelayState]); Assert.AreEqual(decoded, message.Elements[HttpRedirectBindingConstants.SamlRequest]); }