/// <summary> /// Generates the OpenID Providers that are capable of asserting ownership /// of a particular XRI claimed identifier. /// </summary> /// <param name="xrds">The XrdsDocument instance to use in this process.</param> /// <param name="userSuppliedIdentifier">The i-name supplied by the user.</param> /// <returns>A sequence of the providers that can assert ownership of the given identifier.</returns> private static IEnumerable <IdentifierDiscoveryResult> GenerateClaimedIdentifierServiceEndpoints(this IEnumerable <XrdElement> xrds, XriIdentifier userSuppliedIdentifier) { // Cannot use code contracts because this method uses yield return. ////Requires.NotNull(xrds, "xrds"); //// ErrorUtilities.VerifyArgumentNotNull(xrds, "xrds"); foreach (var service in xrds.FindClaimedIdentifierServices()) { foreach (var uri in service.UriElements) { // spec section 7.3.2.3 on Claimed Id -> CanonicalID substitution if (service.Xrd.CanonicalID == null) { Logger.Yadis.WarnFormat(XrdsStrings.MissingCanonicalIDElement, userSuppliedIdentifier); break; // skip on to next service } ErrorUtilities.VerifyProtocol(service.Xrd.IsCanonicalIdVerified, XrdsStrings.CIDVerificationFailed, userSuppliedIdentifier); // In the case of XRI names, the ClaimedId is actually the CanonicalID. var claimedIdentifier = new XriIdentifier(service.Xrd.CanonicalID); var providerEndpoint = new ProviderEndpointDescription(uri.Uri, service.TypeElementUris); yield return(IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, userSuppliedIdentifier, service.ProviderLocalIdentifier, providerEndpoint, service.Priority, uri.Priority)); } } }
public void AssociateRequestDeterminedBySecuritySettings() { Protocol protocol = Protocol.V20; SecuritySettings securitySettings = new RelyingPartySecuritySettings(); securitySettings.MinimumHashBitLength = 160; securitySettings.MaximumHashBitLength = 160; ProviderEndpointDescription provider = new ProviderEndpointDescription(OPUri, protocol.Version); Assert.AreEqual(AssociateRequest.Create(securitySettings, provider).AssociationType, protocol.Args.SignatureAlgorithm.HMAC_SHA1); securitySettings.MinimumHashBitLength = 384; securitySettings.MaximumHashBitLength = 384; Assert.AreEqual(AssociateRequest.Create(securitySettings, provider).AssociationType, protocol.Args.SignatureAlgorithm.HMAC_SHA384); }
/// <summary> /// Initializes a new instance of the <see cref="IdentifierDiscoveryResult"/> class. /// </summary> /// <param name="providerEndpoint">The provider endpoint.</param> /// <param name="claimedIdentifier">The Claimed Identifier.</param> /// <param name="userSuppliedIdentifier">The User-supplied Identifier.</param> /// <param name="providerLocalIdentifier">The Provider Local Identifier.</param> /// <param name="servicePriority">The service priority.</param> /// <param name="uriPriority">The URI priority.</param> private IdentifierDiscoveryResult(ProviderEndpointDescription providerEndpoint, Identifier claimedIdentifier, Identifier userSuppliedIdentifier, Identifier providerLocalIdentifier, int?servicePriority, int?uriPriority) { Requires.NotNull(providerEndpoint, "providerEndpoint"); Requires.NotNull(claimedIdentifier, "claimedIdentifier"); this.ProviderEndpoint = providerEndpoint.Uri; this.Capabilities = new ReadOnlyCollection <string>(providerEndpoint.Capabilities); this.Version = providerEndpoint.Version; this.ClaimedIdentifier = claimedIdentifier; this.ProviderLocalIdentifier = providerLocalIdentifier ?? claimedIdentifier; this.UserSuppliedIdentifier = userSuppliedIdentifier; this.ServicePriority = servicePriority; this.ProviderEndpointPriority = uriPriority; }
/// <summary> /// Initializes a new instance of the <see cref="IdentifierDiscoveryResult"/> class. /// </summary> /// <param name="providerEndpoint">The provider endpoint.</param> /// <param name="claimedIdentifier">The Claimed Identifier.</param> /// <param name="userSuppliedIdentifier">The User-supplied Identifier.</param> /// <param name="providerLocalIdentifier">The Provider Local Identifier.</param> /// <param name="servicePriority">The service priority.</param> /// <param name="uriPriority">The URI priority.</param> private IdentifierDiscoveryResult(ProviderEndpointDescription providerEndpoint, Identifier claimedIdentifier, Identifier userSuppliedIdentifier, Identifier providerLocalIdentifier, int?servicePriority, int?uriPriority) { Contract.Requires <ArgumentNullException>(providerEndpoint != null); Contract.Requires <ArgumentNullException>(claimedIdentifier != null); this.ProviderEndpoint = providerEndpoint.Uri; this.Capabilities = new ReadOnlyCollection <string>(providerEndpoint.Capabilities); this.Version = providerEndpoint.Version; this.ClaimedIdentifier = claimedIdentifier; this.ProviderLocalIdentifier = providerLocalIdentifier ?? claimedIdentifier; this.UserSuppliedIdentifier = userSuppliedIdentifier; this.ServicePriority = servicePriority; this.ProviderEndpointPriority = uriPriority; }
public void IsExtensionSupported() { this.se = new ProviderEndpointDescription(OPUri, this.v20TypeUris); Assert.IsFalse(this.se.IsExtensionSupported<ClaimsRequest>()); Assert.IsFalse(this.se.IsExtensionSupported(new ClaimsRequest())); Assert.IsFalse(this.se.IsExtensionSupported("http://someextension/typeuri")); this.se = new ProviderEndpointDescription( OPUri, new[] { Protocol.V20.ClaimedIdentifierServiceTypeURI, "http://someextension", Constants.sreg_ns }); Assert.IsTrue(this.se.IsExtensionSupported<ClaimsRequest>()); Assert.IsTrue(this.se.IsExtensionSupported(new ClaimsRequest())); Assert.IsTrue(this.se.IsExtensionSupported("http://someextension")); }
public void AssociateRenegotiateBitLength() { Protocol protocol = Protocol.V20; // The strategy is to make a simple request of the RP to establish an association, // and to more carefully observe the Provider-side of things to make sure that both // the OP and RP are behaving as expected. OpenIdCoordinator coordinator = new OpenIdCoordinator( rp => { var opDescription = new ProviderEndpointDescription(OPUri, protocol.Version); Association association = rp.AssociationManager.GetOrCreateAssociation(opDescription); Assert.IsNotNull(association, "Association failed to be created."); Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA1, association.GetAssociationType(protocol)); }, op => { op.SecuritySettings.MaximumHashBitLength = 160; // Force OP to reject HMAC-SHA256 // Receive initial request for an HMAC-SHA256 association. AutoResponsiveRequest req = (AutoResponsiveRequest) op.GetRequest(); AutoResponsiveRequest_Accessor reqAccessor = AutoResponsiveRequest_Accessor.AttachShadow(req); AssociateRequest associateRequest = (AssociateRequest)reqAccessor.RequestMessage; Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA256, associateRequest.AssociationType); // Ensure that the response is a suggestion that the RP try again with HMAC-SHA1 AssociateUnsuccessfulResponse renegotiateResponse = (AssociateUnsuccessfulResponse)reqAccessor.ResponseMessage; Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA1, renegotiateResponse.AssociationType); op.SendResponse(req); // Receive second attempt request for an HMAC-SHA1 association. req = (AutoResponsiveRequest)op.GetRequest(); reqAccessor = AutoResponsiveRequest_Accessor.AttachShadow(req); associateRequest = (AssociateRequest)reqAccessor.RequestMessage; Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA1, associateRequest.AssociationType); // Ensure that the response is a success response. AssociateSuccessfulResponse successResponse = (AssociateSuccessfulResponse)reqAccessor.ResponseMessage; Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA1, successResponse.AssociationType); op.SendResponse(req); }); coordinator.Run(); }
/// <summary> /// Generates the OpenID Providers that are capable of asserting ownership /// of a particular XRI claimed identifier. /// </summary> /// <param name="xrds">The XrdsDocument instance to use in this process.</param> /// <param name="userSuppliedIdentifier">The i-name supplied by the user.</param> /// <returns>A sequence of the providers that can assert ownership of the given identifier.</returns> private static IEnumerable <ServiceEndpoint> GenerateClaimedIdentifierServiceEndpoints(this XrdsDocument xrds, XriIdentifier userSuppliedIdentifier) { foreach (var service in xrds.FindClaimedIdentifierServices()) { foreach (var uri in service.UriElements) { // spec section 7.3.2.3 on Claimed Id -> CanonicalID substitution if (service.Xrd.CanonicalID == null) { Logger.WarnFormat(XrdsStrings.MissingCanonicalIDElement, userSuppliedIdentifier); break; // skip on to next service } ErrorUtilities.VerifyProtocol(service.Xrd.IsCanonicalIdVerified, XrdsStrings.CIDVerificationFailed, userSuppliedIdentifier); // In the case of XRI names, the ClaimedId is actually the CanonicalID. var claimedIdentifier = new XriIdentifier(service.Xrd.CanonicalID); var providerEndpoint = new ProviderEndpointDescription(uri.Uri, service.TypeElementUris); yield return(ServiceEndpoint.CreateForClaimedIdentifier(claimedIdentifier, userSuppliedIdentifier, service.ProviderLocalIdentifier, providerEndpoint, service.Priority, uri.Priority)); } } }
public async Task ProblematicClaimedId() { var providerEndpoint = new ProviderEndpointDescription(OpenIdTestBase.OPUri, Protocol.Default.Version); string claimed_id = BaseMockUri + "a./b."; var se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimed_id, claimed_id, providerEndpoint, null, null); var identityUri = (UriIdentifier)se.ClaimedIdentifier; this.RegisterMockXrdsResponse(se); var rp = this.CreateRelyingParty(); var positiveAssertion = this.GetPositiveAssertion(); positiveAssertion.ClaimedIdentifier = claimed_id; positiveAssertion.LocalIdentifier = claimed_id; var authResponse = await PositiveAuthenticationResponse.CreateAsync(positiveAssertion, rp, CancellationToken.None); Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status); Assert.AreEqual(claimed_id, authResponse.ClaimedIdentifier.ToString()); }
/// <summary> /// Creates a <see cref="IdentifierDiscoveryResult"/> instance to represent some OP Identifier. /// </summary> /// <param name="providerIdentifier">The provider identifier (actually the user-supplied identifier).</param> /// <param name="providerEndpoint">The provider endpoint.</param> /// <param name="servicePriority">The service priority.</param> /// <param name="uriPriority">The URI priority.</param> /// <returns>The created <see cref="IdentifierDiscoveryResult"/> instance</returns> internal static IdentifierDiscoveryResult CreateForProviderIdentifier(Identifier providerIdentifier, ProviderEndpointDescription providerEndpoint, int?servicePriority, int?uriPriority) { Requires.NotNull(providerEndpoint, "providerEndpoint"); Protocol protocol = Protocol.Lookup(providerEndpoint.Version); return(new IdentifierDiscoveryResult( providerEndpoint, protocol.ClaimedIdentifierForOPIdentifier, providerIdentifier, protocol.ClaimedIdentifierForOPIdentifier, servicePriority, uriPriority)); }
public void NonNullCapabilities() { var epd = new ProviderEndpointDescription(OPUri, Protocol.Default.Version); Assert.IsNotNull(epd.Capabilities); }
public async Task AssociateRenegotiateBitLength() { Protocol protocol = Protocol.V20; // The strategy is to make a simple request of the RP to establish an association, // and to more carefully observe the Provider-side of things to make sure that both // the OP and RP are behaving as expected. int providerAttemptCount = 0; HandleProvider( async (op, request) => { op.SecuritySettings.MaximumHashBitLength = 160; // Force OP to reject HMAC-SHA256 switch (++providerAttemptCount) { case 1: // Receive initial request for an HMAC-SHA256 association. var req = (AutoResponsiveRequest)await op.GetRequestAsync(request); var associateRequest = (AssociateRequest)req.RequestMessage; Assert.That(associateRequest, Is.Not.Null); Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA256, associateRequest.AssociationType); // Ensure that the response is a suggestion that the RP try again with HMAC-SHA1 var renegotiateResponse = (AssociateUnsuccessfulResponse)await req.GetResponseMessageAsyncTestHook(CancellationToken.None); Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA1, renegotiateResponse.AssociationType); return await op.PrepareResponseAsync(req); case 2: // Receive second attempt request for an HMAC-SHA1 association. req = (AutoResponsiveRequest)await op.GetRequestAsync(request); associateRequest = (AssociateRequest)req.RequestMessage; Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA1, associateRequest.AssociationType); // Ensure that the response is a success response. var successResponse = (AssociateSuccessfulResponse)await req.GetResponseMessageAsyncTestHook(CancellationToken.None); Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA1, successResponse.AssociationType); return await op.PrepareResponseAsync(req); default: throw Assumes.NotReachable(); } }); var rp = this.CreateRelyingParty(); var opDescription = new ProviderEndpointDescription(OPUri, protocol.Version); Association association = await rp.AssociationManager.GetOrCreateAssociationAsync(opDescription, CancellationToken.None); Assert.IsNotNull(association, "Association failed to be created."); Assert.AreEqual(protocol.Args.SignatureAlgorithm.HMAC_SHA1, association.GetAssociationType(protocol)); }
internal static IdentifierDiscoveryResult GetServiceEndpoint(int user, ProtocolVersion providerVersion, int servicePriority, bool useSsl, bool delegating) { var providerEndpoint = new ProviderEndpointDescription( useSsl ? OPUriSsl : OPUri, new string[] { Protocol.Lookup(providerVersion).ClaimedIdentifierServiceTypeURI }); var local_id = useSsl ? OPLocalIdentifiersSsl[user] : OPLocalIdentifiers[user]; var claimed_id = delegating ? (useSsl ? VanityUriSsl : VanityUri) : local_id; return IdentifierDiscoveryResult.CreateForClaimedIdentifier( claimed_id, claimed_id, local_id, providerEndpoint, servicePriority, 10); }
/// <summary> /// Runs a parameterized association flow test using all supported OpenID versions. /// </summary> /// <param name="opEndpoint">The OP endpoint to simulate using.</param> private void ParameterizedAssociationTest(Uri opEndpoint) { foreach (Protocol protocol in Protocol.AllPracticalVersions) { var endpoint = new ProviderEndpointDescription(opEndpoint, protocol.Version); var associationType = protocol.Version.Major < 2 ? protocol.Args.SignatureAlgorithm.HMAC_SHA1 : protocol.Args.SignatureAlgorithm.HMAC_SHA256; this.ParameterizedAssociationTest(endpoint, associationType); } }
/// <summary> /// Creates a <see cref="IdentifierDiscoveryResult"/> instance to represent some OP Identifier. /// </summary> /// <param name="providerIdentifier">The provider identifier (actually the user-supplied identifier).</param> /// <param name="providerEndpoint">The provider endpoint.</param> /// <param name="servicePriority">The service priority.</param> /// <param name="uriPriority">The URI priority.</param> /// <returns>The created <see cref="IdentifierDiscoveryResult"/> instance</returns> internal static IdentifierDiscoveryResult CreateForProviderIdentifier(Identifier providerIdentifier, ProviderEndpointDescription providerEndpoint, int?servicePriority, int?uriPriority) { Contract.Requires <ArgumentNullException>(providerEndpoint != null); Protocol protocol = Protocol.Lookup(providerEndpoint.Version); return(new IdentifierDiscoveryResult( providerEndpoint, protocol.ClaimedIdentifierForOPIdentifier, providerIdentifier, protocol.ClaimedIdentifierForOPIdentifier, servicePriority, uriPriority)); }
/// <summary> /// Generates the OpenID Providers that are capable of asserting ownership /// of a particular XRI claimed identifier. /// </summary> /// <param name="xrds">The XrdsDocument instance to use in this process.</param> /// <param name="userSuppliedIdentifier">The i-name supplied by the user.</param> /// <returns>A sequence of the providers that can assert ownership of the given identifier.</returns> private static IEnumerable<IdentifierDiscoveryResult> GenerateClaimedIdentifierServiceEndpoints(this IEnumerable<XrdElement> xrds, XriIdentifier userSuppliedIdentifier) { // Cannot use code contracts because this method uses yield return. ////Requires.NotNull(xrds, "xrds"); ////Contract.Ensures(Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null); ErrorUtilities.VerifyArgumentNotNull(xrds, "xrds"); foreach (var service in xrds.FindClaimedIdentifierServices()) { foreach (var uri in service.UriElements) { // spec section 7.3.2.3 on Claimed Id -> CanonicalID substitution if (service.Xrd.CanonicalID == null) { Logger.Yadis.WarnFormat(XrdsStrings.MissingCanonicalIDElement, userSuppliedIdentifier); break; // skip on to next service } ErrorUtilities.VerifyProtocol(service.Xrd.IsCanonicalIdVerified, XrdsStrings.CIDVerificationFailed, userSuppliedIdentifier); // In the case of XRI names, the ClaimedId is actually the CanonicalID. var claimedIdentifier = new XriIdentifier(service.Xrd.CanonicalID); var providerEndpoint = new ProviderEndpointDescription(uri.Uri, service.TypeElementUris); yield return IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, userSuppliedIdentifier, service.ProviderLocalIdentifier, providerEndpoint, service.Priority, uri.Priority); } } }
public async Task GetRequest() { var httpInfo = new HttpRequestMessage(HttpMethod.Get, "http://someUri"); Assert.IsNull(await this.provider.GetRequestAsync(httpInfo), "An irrelevant request should return null."); var providerDescription = new ProviderEndpointDescription(OPUri, Protocol.Default.Version); // Test some non-empty request scenario. HandleProvider( async (op, req) => { IRequest request = await op.GetRequestAsync(req); Assert.IsInstanceOf<AutoResponsiveRequest>(request); return await op.PrepareResponseAsync(request); }); var rp = this.CreateRelyingParty(); await rp.Channel.RequestAsync(AssociateRequestRelyingParty.Create(rp.SecuritySettings, providerDescription), CancellationToken.None); }
/// <summary> /// Generates the OpenID Providers that are capable of asserting ownership /// of a particular XRI claimed identifier. /// </summary> /// <param name="xrds">The XrdsDocument instance to use in this process.</param> /// <param name="userSuppliedIdentifier">The i-name supplied by the user.</param> /// <returns>A sequence of the providers that can assert ownership of the given identifier.</returns> private static IEnumerable<ServiceEndpoint> GenerateClaimedIdentifierServiceEndpoints(this XrdsDocument xrds, XriIdentifier userSuppliedIdentifier) { foreach (var service in xrds.FindClaimedIdentifierServices()) { foreach (var uri in service.UriElements) { // spec section 7.3.2.3 on Claimed Id -> CanonicalID substitution if (service.Xrd.CanonicalID == null) { Logger.Yadis.WarnFormat(XrdsStrings.MissingCanonicalIDElement, userSuppliedIdentifier); break; // skip on to next service } ErrorUtilities.VerifyProtocol(service.Xrd.IsCanonicalIdVerified, XrdsStrings.CIDVerificationFailed, userSuppliedIdentifier); // In the case of XRI names, the ClaimedId is actually the CanonicalID. var claimedIdentifier = new XriIdentifier(service.Xrd.CanonicalID); var providerEndpoint = new ProviderEndpointDescription(uri.Uri, service.TypeElementUris); yield return ServiceEndpoint.CreateForClaimedIdentifier(claimedIdentifier, userSuppliedIdentifier, service.ProviderLocalIdentifier, providerEndpoint, service.Priority, uri.Priority); } } }
public void GetRequest() { HttpRequestInfo httpInfo = new HttpRequestInfo(); httpInfo.UrlBeforeRewriting = new Uri("http://someUri"); Assert.IsNull(this.provider.GetRequest(httpInfo), "An irrelevant request should return null."); var providerDescription = new ProviderEndpointDescription(OpenIdTestBase.OPUri, Protocol.Default.Version); // Test some non-empty request scenario. OpenIdCoordinator coordinator = new OpenIdCoordinator( rp => { rp.Channel.Request(AssociateRequestRelyingParty.Create(rp.SecuritySettings, providerDescription)); }, op => { IRequest request = op.GetRequest(); Assert.IsInstanceOf<AutoResponsiveRequest>(request); op.Respond(request); }); coordinator.Run(); }
private AuthenticationRequest CreateAuthenticationRequest(Identifier claimedIdentifier, Identifier providerLocalIdentifier) { ProviderEndpointDescription providerEndpoint = new ProviderEndpointDescription(OPUri, this.protocol.Version); IdentifierDiscoveryResult endpoint = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, providerLocalIdentifier, providerEndpoint, 10, 5); OpenIdRelyingParty rp = this.CreateRelyingParty(); return AuthenticationRequest.CreateForTest(endpoint, this.realm, this.returnTo, rp); }
/// <summary> /// Creates a <see cref="IdentifierDiscoveryResult"/> instance to represent some Claimed Identifier. /// </summary> /// <param name="claimedIdentifier">The claimed identifier.</param> /// <param name="userSuppliedIdentifier">The user supplied identifier.</param> /// <param name="providerLocalIdentifier">The provider local identifier.</param> /// <param name="providerEndpoint">The provider endpoint.</param> /// <param name="servicePriority">The service priority.</param> /// <param name="uriPriority">The URI priority.</param> /// <returns>The created <see cref="IdentifierDiscoveryResult"/> instance</returns> internal static IdentifierDiscoveryResult CreateForClaimedIdentifier(Identifier claimedIdentifier, Identifier userSuppliedIdentifier, Identifier providerLocalIdentifier, ProviderEndpointDescription providerEndpoint, int?servicePriority, int?uriPriority) { return(new IdentifierDiscoveryResult(providerEndpoint, claimedIdentifier, userSuppliedIdentifier, providerLocalIdentifier, servicePriority, uriPriority)); }
private AuthenticationRequest_Accessor CreateAuthenticationRequest(Identifier claimedIdentifier, Identifier providerLocalIdentifier) { ProviderEndpointDescription providerEndpoint = new ProviderEndpointDescription(OPUri, this.protocol.Version); ServiceEndpoint endpoint = ServiceEndpoint.CreateForClaimedIdentifier(claimedIdentifier, providerLocalIdentifier, providerEndpoint, 10, 5); ServiceEndpoint_Accessor endpointAccessor = ServiceEndpoint_Accessor.AttachShadow(endpoint); OpenIdRelyingParty rp = this.CreateRelyingParty(); AuthenticationRequest_Accessor authRequest = new AuthenticationRequest_Accessor(endpointAccessor, this.realm, this.returnTo, rp); return authRequest; }
public override void SetUp() { base.SetUp(); this.se = new ProviderEndpointDescription(OPUri, Protocol.V20.Version); }
/// <summary> /// Runs a parameterized association flow test. /// </summary> /// <param name="opDescription"> /// The description of the Provider that the relying party uses to formulate the request. /// The specific host is not used, but the scheme is significant. /// </param> /// <param name="expectedAssociationType"> /// The value of the openid.assoc_type parameter expected, /// or null if a failure is anticipated. /// </param> private void ParameterizedAssociationTest( ProviderEndpointDescription opDescription, string expectedAssociationType) { Protocol protocol = Protocol.Lookup(Protocol.Lookup(opDescription.Version).ProtocolVersion); bool expectSuccess = expectedAssociationType != null; bool expectDiffieHellman = !opDescription.Uri.IsTransportSecure(); Association rpAssociation = null, opAssociation; AssociateSuccessfulResponse associateSuccessfulResponse = null; AssociateUnsuccessfulResponse associateUnsuccessfulResponse = null; OpenIdCoordinator coordinator = new OpenIdCoordinator( rp => { rp.SecuritySettings = this.RelyingPartySecuritySettings; rpAssociation = rp.AssociationManager.GetOrCreateAssociation(opDescription); }, op => { op.SecuritySettings = this.ProviderSecuritySettings; IRequest req = op.GetRequest(); Assert.IsNotNull(req, "Expected incoming request but did not receive it."); Assert.IsTrue(req.IsResponseReady); op.Respond(req); }); coordinator.IncomingMessageFilter = message => { Assert.AreSame(opDescription.Version, message.Version, "The message was recognized as version {0} but was expected to be {1}.", message.Version, Protocol.Lookup(opDescription.Version).ProtocolVersion); var associateSuccess = message as AssociateSuccessfulResponse; var associateFailed = message as AssociateUnsuccessfulResponse; if (associateSuccess != null) { associateSuccessfulResponse = associateSuccess; } if (associateFailed != null) { associateUnsuccessfulResponse = associateFailed; } }; coordinator.OutgoingMessageFilter = message => { Assert.AreEqual(opDescription.Version, message.Version, "The message was for version {0} but was expected to be for {1}.", message.Version, opDescription.Version); }; coordinator.Run(); if (expectSuccess) { Assert.IsNotNull(rpAssociation); Association actual = coordinator.RelyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, rpAssociation.Handle); Assert.AreEqual(rpAssociation, actual); opAssociation = coordinator.Provider.AssociationStore.Deserialize(new TestSignedDirectedMessage(), false, rpAssociation.Handle); Assert.IsNotNull(opAssociation, "The Provider could not decode the association handle."); Assert.AreEqual(opAssociation.Handle, rpAssociation.Handle); Assert.AreEqual(expectedAssociationType, rpAssociation.GetAssociationType(protocol)); Assert.AreEqual(expectedAssociationType, opAssociation.GetAssociationType(protocol)); Assert.IsTrue(Math.Abs(opAssociation.SecondsTillExpiration - rpAssociation.SecondsTillExpiration) < 60); Assert.IsTrue(MessagingUtilities.AreEquivalent(opAssociation.SecretKey, rpAssociation.SecretKey)); if (expectDiffieHellman) { Assert.IsInstanceOf<AssociateDiffieHellmanResponse>(associateSuccessfulResponse); var diffieHellmanResponse = (AssociateDiffieHellmanResponse)associateSuccessfulResponse; Assert.IsFalse(MessagingUtilities.AreEquivalent(diffieHellmanResponse.EncodedMacKey, rpAssociation.SecretKey), "Key should have been encrypted."); } else { Assert.IsInstanceOf<AssociateUnencryptedResponse>(associateSuccessfulResponse); var unencryptedResponse = (AssociateUnencryptedResponse)associateSuccessfulResponse; } } else { Assert.IsNull(coordinator.RelyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, new RelyingPartySecuritySettings())); } }
public void ProblematicClaimedId() { var providerEndpoint = new ProviderEndpointDescription(OpenIdTestBase.OPUri, Protocol.Default.Version); string claimed_id = BaseMockUri + "a./b."; var se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimed_id, claimed_id, providerEndpoint, null, null); UriIdentifier identityUri = (UriIdentifier)se.ClaimedIdentifier; var mockId = new MockIdentifier(identityUri, this.MockResponder, new IdentifierDiscoveryResult[] { se }); var positiveAssertion = this.GetPositiveAssertion(); positiveAssertion.ClaimedIdentifier = mockId; positiveAssertion.LocalIdentifier = mockId; var rp = CreateRelyingParty(); var authResponse = new PositiveAuthenticationResponse(positiveAssertion, rp); Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status); Assert.AreEqual(claimed_id, authResponse.ClaimedIdentifier.ToString()); }
protected Identifier GetMockDualIdentifier() { Protocol protocol = Protocol.Default; var opDesc = new ProviderEndpointDescription(OPUri, protocol.Version); var dualResults = new IdentifierDiscoveryResult[] { IdentifierDiscoveryResult.CreateForClaimedIdentifier(VanityUri.AbsoluteUri, OPLocalIdentifiers[0], opDesc, 10, 10), IdentifierDiscoveryResult.CreateForProviderIdentifier(protocol.ClaimedIdentifierForOPIdentifier, opDesc, 20, 20), }; this.RegisterMockXrdsResponse(VanityUri, dualResults); return VanityUri; }
/// <summary> /// Runs a parameterized association flow test. /// </summary> /// <param name="opDescription"> /// The description of the Provider that the relying party uses to formulate the request. /// The specific host is not used, but the scheme is significant. /// </param> /// <param name="expectedAssociationType"> /// The value of the openid.assoc_type parameter expected, /// or null if a failure is anticipated. /// </param> private async Task ParameterizedAssociationTestAsync( ProviderEndpointDescription opDescription, string expectedAssociationType) { Protocol protocol = Protocol.Lookup(Protocol.Lookup(opDescription.Version).ProtocolVersion); bool expectSuccess = expectedAssociationType != null; bool expectDiffieHellman = !opDescription.Uri.IsTransportSecure(); Association rpAssociation = null, opAssociation; AssociateSuccessfulResponse associateSuccessfulResponse = null; AssociateUnsuccessfulResponse associateUnsuccessfulResponse = null; var relyingParty = new OpenIdRelyingParty(new MemoryCryptoKeyAndNonceStore(), this.HostFactories); var provider = new OpenIdProvider(new MemoryCryptoKeyAndNonceStore(), this.HostFactories) { SecuritySettings = this.ProviderSecuritySettings }; Handle(opDescription.Uri).By( async (request, ct) => { IRequest req = await provider.GetRequestAsync(request, ct); Assert.IsNotNull(req, "Expected incoming request but did not receive it."); Assert.IsTrue(req.IsResponseReady); return await provider.PrepareResponseAsync(req, ct); }); relyingParty.Channel.IncomingMessageFilter = message => { Assert.AreSame(opDescription.Version, message.Version, "The message was recognized as version {0} but was expected to be {1}.", message.Version, Protocol.Lookup(opDescription.Version).ProtocolVersion); var associateSuccess = message as AssociateSuccessfulResponse; var associateFailed = message as AssociateUnsuccessfulResponse; if (associateSuccess != null) { associateSuccessfulResponse = associateSuccess; } if (associateFailed != null) { associateUnsuccessfulResponse = associateFailed; } }; relyingParty.Channel.OutgoingMessageFilter = message => { Assert.AreEqual(opDescription.Version, message.Version, "The message was for version {0} but was expected to be for {1}.", message.Version, opDescription.Version); }; relyingParty.SecuritySettings = this.RelyingPartySecuritySettings; rpAssociation = await relyingParty.AssociationManager.GetOrCreateAssociationAsync(opDescription, CancellationToken.None); if (expectSuccess) { Assert.IsNotNull(rpAssociation); Association actual = relyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, rpAssociation.Handle); Assert.AreEqual(rpAssociation, actual); opAssociation = provider.AssociationStore.Deserialize(new TestSignedDirectedMessage(), false, rpAssociation.Handle); Assert.IsNotNull(opAssociation, "The Provider could not decode the association handle."); Assert.AreEqual(opAssociation.Handle, rpAssociation.Handle); Assert.AreEqual(expectedAssociationType, rpAssociation.GetAssociationType(protocol)); Assert.AreEqual(expectedAssociationType, opAssociation.GetAssociationType(protocol)); Assert.IsTrue(Math.Abs(opAssociation.SecondsTillExpiration - rpAssociation.SecondsTillExpiration) < 60); Assert.IsTrue(MessagingUtilities.AreEquivalent(opAssociation.SecretKey, rpAssociation.SecretKey)); if (expectDiffieHellman) { Assert.IsInstanceOf<AssociateDiffieHellmanResponse>(associateSuccessfulResponse); var diffieHellmanResponse = (AssociateDiffieHellmanResponse)associateSuccessfulResponse; Assert.IsFalse(MessagingUtilities.AreEquivalent(diffieHellmanResponse.EncodedMacKey, rpAssociation.SecretKey), "Key should have been encrypted."); } else { Assert.IsInstanceOf<AssociateUnencryptedResponse>(associateSuccessfulResponse); var unencryptedResponse = (AssociateUnencryptedResponse)associateSuccessfulResponse; } } else { Assert.IsNull(relyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, new RelyingPartySecuritySettings())); } }