internal static void BuildContacts(RoleDescriptor roleDescriptor, RoleDescriptorConfiguration roleDescriptorConfiguration) { if (roleDescriptor == null) { throw new ArgumentNullException("roleDescriptor"); } if (roleDescriptorConfiguration == null) { throw new ArgumentNullException("roleDescriptorConfiguration"); } var contacts = roleDescriptorConfiguration.Organisation.OrganisationContacts.PersonContact; contacts.Aggregate(roleDescriptor.Contacts, (c, next) => { ContactType contactType; if (!Enum.TryParse <ContactType>(next.ContactType.ToString(), out contactType)) { throw new InvalidCastException(String.Format("No corespondenting value for Contact type: {0}.", next.ContactType)); } var cp = new ContactPerson(contactType) { Surname = next.SurName, GivenName = next.ForeName, }; next.Emails.Aggregate(cp.EmailAddresses, (p, nextEmail) => { p.Add(nextEmail); return(p); }); next.PhoneNumbers.Aggregate(cp.TelephoneNumbers, (p, nextNumber) => { p.Add(nextNumber); return(p); }); c.Add(cp); return(c); }); }
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { if (configuration.KeyDescriptors == null) { throw new ArgumentNullException("keyDescriptors"); } foreach (var key in configuration.KeyDescriptors) { var certConfiguration = new X509StoreCertificateConfiguration(key.CertificateContext); var certificate = certConfiguration.GetX509Certificate2(); var keyDescriptor = new KeyDescriptor(); KeyType keyType; if (!Enum.TryParse <KeyType>(key.Use.ToString(), out keyType)) { throw new InvalidCastException(String.Format("Parsing to type{0} failed. Value having been tried:{1}", typeof(KeyType), key.Use)); } keyDescriptor.Use = keyType; keyDescriptor.KeyInfo = new SecurityKeyIdentifier(new X509RawDataKeyIdentifierClause(certificate)); descriptor.Keys.Add(keyDescriptor); } }
internal static void BuildOrganisation(RoleDescriptor roleDescriptor, RoleDescriptorConfiguration roleDescriptorConfiguration) { if (roleDescriptor == null) { throw new ArgumentNullException("roleDescriptor"); } if (roleDescriptorConfiguration == null) { throw new ArgumentNullException("roleDescriptorConfiguration"); } var organisationConfigration = roleDescriptorConfiguration.Organisation; if (organisationConfigration == null) { return; } roleDescriptor.Organization = new Organization(); organisationConfigration.Names.Aggregate(roleDescriptor.Organization, (o, next) => { o.Names.Add(new LocalizedName(next.Name, next.Language)); o.DisplayNames.Add(new LocalizedName(next.DisplayName, next.Language)); return(o); }); organisationConfigration.Urls.Aggregate(roleDescriptor.Organization, (o, next) => { o.Urls.Add(new LocalizedUri(next.Url, next.Language)); return(o); }); }
public string Authenticate(string username, string password, UserRoles role) { string token = null; if (_authRepo.AuthenticateUser(username, password, role)) { var tokenHandler = new JwtSecurityTokenHandler(); var tokenKey = Encoding.ASCII.GetBytes(_signingKey); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, username), new Claim(ClaimTypes.Role, RoleDescriptor.Describe(role)) }), SigningCredentials = new SigningCredentials( new SymmetricSecurityKey(tokenKey), SecurityAlgorithms.HmacSha256Signature), IssuedAt = DateTime.UtcNow, Expires = DateTime.UtcNow.AddMinutes(90) }; token = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)); } return(token); }
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { if (configuration.Organisation == null) { throw new ArgumentNullException("organisation"); } SSODescriptorBuilderHelper.BuildOrganisation(descriptor, configuration); }
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { if (configuration.Organisation == null) { return; } SSODescriptorBuilderHelper.BuildOrganisation(descriptor, configuration); }
private static IEnumerable <string> GetSigningKeyThumbprint(RoleDescriptor ssod) { var x509DataClauses = ssod.Keys.Where(key => key.KeyInfo != null && key.Use == KeyType.Signing) .Select(key => key.KeyInfo.OfType <X509RawDataKeyIdentifierClause>().First()); var tokens = new List <X509SecurityToken>(); tokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData())))); Logger.Info($"Get signing keys: {tokens.Count}"); return(tokens.Select(x => x.Certificate.Thumbprint.ToLowerInvariant())); }
private TRole BuildAll(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { var builders = MemberBuilderFactory.GetBuilders(); builders.Aggregate(descriptor, (d, next) => { next.Build(descriptor, configuration); return(descriptor); }); return((TRole)descriptor); }
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { if (configuration.ProtocolSupported == null) { throw new ArgumentNullException("protocolSupported"); } configuration.ProtocolSupported.Aggregate(descriptor.ProtocolsSupported, (t, next) => { t.Add(next); return(t); }); }
public virtual void Build(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { if (descriptor == null) { throw new ArgumentNullException("descriptor"); } if (configuration == null) { throw new ArgumentNullException("configuration"); } this.BuildInternal(descriptor, configuration); }
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { if (configuration.Organisation == null) { return; } Organization organisation; if (SSODescriptorBuilderHelper.TryBuildOrganisation(configuration.Organisation, out organisation)) { descriptor.Organization = organisation; } }
public void ShouldReadCorrectRoleType(Type descriptorType) { var typeName = $"{descriptorType.Name.Replace("Descriptor", string.Empty)}Type"; var xml = @$ " <RoleDescriptor xmlns=" "urn:oasis:names:tc:SAML:2.0:metadata" " xmlns:fed=" "http://docs.oasis-open.org/wsfed/federation/200706" " xmlns:xsi=" "http://www.w3.org/2001/XMLSchema-instance" " xsi:type=" "fed:{typeName}" " > </RoleDescriptor>"; var metadata = _serializer.ReadRoleDescriptor(xml); Assert.IsType(descriptorType, metadata); }
public static XmlElement ToXml(this RoleDescriptor descriptor, XmlDocument xmlDocument) { //ServiceProviderSingleSignOnDescriptor XmlElement element1 = xmlDocument.CreateElement("md", Saml2MetadataConstants.Elements.SpssoDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata"); //this.ToXml(element1); //element1.SetAttribute("AuthnRequestsSigned", this.authnRequestsSigned ? "true" : "false"); //element1.SetAttribute("WantAssertionsSigned", this.wantAssertionsSigned ? "true" : "false"); //foreach (IndexedEndpointType assertionConsumerService in (IEnumerable<IndexedEndpointType>)this.assertionConsumerServices) //{ // XmlElement element2 = element1.OwnerDocument.CreateElement("md", "AssertionConsumerService", "urn:oasis:names:tc:SAML:2.0:metadata"); // assertionConsumerService.ToXml(element2); // element1.AppendChild((XmlNode)element2); //} //foreach (AttributeConsumingService consumingService in (IEnumerable<AttributeConsumingService>)this.attributeConsumingServices) // element1.AppendChild((XmlNode)consumingService.ToXml(xmlDocument)); return(element1); }
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { var sSODescriptorConfiguration = configuration as SSODescriptorConfiguration; if (sSODescriptorConfiguration == null) { throw new InvalidOperationException(String.Format("Configuration type expected: {0}.", typeof(SSODescriptorConfiguration).Name)); } if (sSODescriptorConfiguration.NameIdentifierFormats == null) { throw new ArgumentNullException("singleLogoutServices"); } sSODescriptorConfiguration.NameIdentifierFormats.Aggregate(descriptor, (d, next) => { ((SingleSignOnDescriptor)d).NameIdentifierFormats.Add(next); return(d); }); }
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { var sSODescriptorConfiguration = configuration as SSODescriptorConfiguration; if (sSODescriptorConfiguration == null) { throw new InvalidOperationException(String.Format("Configuration type expected: {0}.", typeof(SSODescriptorConfiguration).Name)); } if (sSODescriptorConfiguration.ArtifactResolutionServices == null) { throw new ArgumentNullException("crtifactResolutionServices"); } sSODescriptorConfiguration.ArtifactResolutionServices.Aggregate(descriptor, (d, next) => { ((SingleSignOnDescriptor)d).ArtifactResolutionServices.Add(next.Index, new IndexedProtocolEndpoint(next.Index, next.Binding, next.Location)); return(d); }); }
protected override bool TryReadRoleDescriptor(XmlDictionaryReader reader, out RoleDescriptor role) { if (!reader.IsStartElement(Saml2MetadataConstants.Elements.RoleDescriptor, Saml2MetadataConstants.Namespace)) { return(Out.False(out role)); } var d = null as RoleDescriptor; if (reader.TryReadFederationEndpointType(out var type)) { if (type == FederationEndpointType.ApplicationService) { d = new ApplicationServiceDescriptor(); } if (type == FederationEndpointType.AttributeService) { d = new AttributeServiceDescriptor(); } if (type == FederationEndpointType.PseudonymService) { d = new PseudonymServiceDescriptor(); } if (type == FederationEndpointType.SecurityTokenService) { d = new SecurityTokenServiceDescriptor(); } } if (d == null) { d = new RoleDescriptor(); } ReadRoleDescriptorAttributes(reader, d); reader.ForEachChild(r => TryReadRoleDescriptorChild(r, d), out var signature); d.Signature = signature; role = d; return(true); }
/// <summary> /// Extract KeyDescriptors from the metadata document represented by this instance. /// </summary> private void ExtractKeyDescriptors() { if (_keys != null) { return; } if (_entity != null) { _keys = new List <KeyDescriptor>(); foreach (object item in _entity.Items) { if (item is RoleDescriptor) { RoleDescriptor rd = (RoleDescriptor)item; foreach (KeyDescriptor keyDescriptor in rd.KeyDescriptor) { _keys.Add(keyDescriptor); } } } } }
protected override void ReadRoleDescriptorAttributes(XmlDictionaryReader reader, RoleDescriptor role) { if (role is AttributeServiceDescriptor attributeServiceDescriptor) { ReadAttributeServiceDescriptorAttributes(reader, attributeServiceDescriptor); } if (role is ApplicationServiceDescriptor applicationServiceDescriptor) { ReadApplicationServiceDescriptorAttributes(reader, applicationServiceDescriptor); } if (role is PseudonymServiceDescriptor pseudonymServiceDescriptor) { ReadPseudonymServiceDescriptorAttributes(reader, pseudonymServiceDescriptor); } if (role is SecurityTokenServiceDescriptor securityTokenServiceDescriptor) { ReadSecurityTokenServiceDescriptorAttributes(reader, securityTokenServiceDescriptor); } base.ReadRoleDescriptorAttributes(reader, role); }
protected abstract void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration);
protected override bool TryReadRoleDescriptorChild(XmlDictionaryReader reader, RoleDescriptor role) { if (base.TryReadRoleDescriptorChild(reader, role)) { return(true); } if (role is AttributeServiceDescriptor attributeServiceDescriptor) { return(TryReadAttributeServiceDescriptorChild(reader, attributeServiceDescriptor)); } if (role is ApplicationServiceDescriptor applicationServiceDescriptor) { return(TryReadApplicationServiceDescriptorChild(reader, applicationServiceDescriptor)); } if (role is PseudonymServiceDescriptor pseudonymServiceDescriptor) { return(TryReadPseudonymServiceDescriptorChild(reader, pseudonymServiceDescriptor)); } if (role is SecurityTokenServiceDescriptor securityTokenServiceDescriptor) { return(TryReadSecurityTokenServiceDescriptorChild(reader, securityTokenServiceDescriptor)); } return(false); }
protected override void WriteRoleDescriptorChildren(XmlDictionaryWriter writer, RoleDescriptor role) { base.WriteRoleDescriptorChildren(writer, role); if (role is ApplicationServiceDescriptor applicationServiceDescriptor) { WriteApplicationServiceDescriptorChildren(writer, applicationServiceDescriptor); } if (role is AttributeServiceDescriptor attributeServiceDescriptor) { WriteAttributeServiceDescriptorChildren(writer, attributeServiceDescriptor); } if (role is PseudonymServiceDescriptor pseudonymServiceDescriptor) { WritePseudonymServiceDescriptorChildren(writer, pseudonymServiceDescriptor); } if (role is SecurityTokenServiceDescriptor securityTokenServiceDescriptor) { WriteSecurityTokenServiceDescriptorChildren(writer, securityTokenServiceDescriptor); } }
protected override void BuildInternal(RoleDescriptor descriptor, RoleDescriptorConfiguration configuration) { descriptor.ErrorUrl = configuration.ErrorUrl; descriptor.ValidUntil = configuration.ValidUntil.DateTime; }
public string WriteRoleDescriptor(RoleDescriptor roleDescriptor) => WriteElement(writer => WriteRoleDescriptor(writer, roleDescriptor));