public void LogoutRequestType_test_test()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var logoutContext = new SamlLogoutContext(new Uri(Reasons.User), new System.IdentityModel.Tokens.Saml2NameIdentifier("testUser", new Uri(NameIdentifierFormats.Persistent)), "local");
var authnRequestContext = new LogoutRequestContext(requestUri, new Uri("http://localhost"), federationContex, logoutContext);
var types = ReflectionHelper.GetAllTypes(t => !t.IsAbstract && !t.IsInterface && typeof(RequestAbstract).IsAssignableFrom(t));
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser;
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetLogoutRequestBuildersFactory();
var logoutRequest = RequestHelper.BuildRequest(authnRequestContext);
var typeResolver = new MessageTypeResolver();
//ACT
var serialised = serialiser.Serialize(logoutRequest);
var type = typeResolver.ResolveMessageType(serialised, types);
//ASSERT
Assert.AreEqual(typeof(LogoutRequest), type);
}
public void AuthnRequestSerialiser_test()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as ISerializer;
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnRequest = RequestHelper.BuildRequest(authnRequestContext);
//ACT
var serialised = serialiser.Serialize(authnRequest);
var deserialised = serialiser.Deserialize <AuthnRequest>(serialised);
//ASSERT
Assert.NotNull(serialised);
Assert.AreEqual(authnRequest.Issuer.Value, deserialised.Issuer.Value);
}
public async Task ParseLogoutRequest_post_binding()
{
//ARRANGE
var form = await SamlPostRequestProviderMock.BuildLogoutRequestPostForm();
Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler();
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser;
var certManager = new CertificateManager(logger);
var signatureManager = new XmlSignatureManager();
Func <IEnumerable <RequestValidationRule> > rulesResolver = () => new[] { new SignatureValidRule(logger, certManager, signatureManager) };
var requestValidator = new Federation.Protocols.Request.Validation.RequestValidator(logger, new RuleFactory(rulesResolver));
var configurationRetrieverMock = new ConfigurationRetrieverMock();
var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock();
var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock);
var requestParser = new RequestParser(metadataHandlerFactory, t => new LogoutRequestParser(serialiser, logger),
configurationManger, logger, requestValidator);
var postBindingDecoder = new PostBindingDecoder(logger);
var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value));
var context = new SamlInboundContext
{
Message = message,
DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single()
};
//ACT
var result = await requestParser.Parse(context);
//ASSERT
Assert.IsTrue(result.IsValidated);
Assert.IsInstanceOf <LogoutRequest>(result.SamlRequest);
}
public void AuthnRequestType_test()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
var types = ReflectionHelper.GetAllTypes(t => !t.IsAbstract && !t.IsInterface && typeof(RequestAbstract).IsAssignableFrom(t));
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser;
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnRequest = RequestHelper.BuildRequest(authnRequestContext);
var typeResolver = new MessageTypeResolver();
//ACT
var serialised = serialiser.Serialize(authnRequest);
var type = typeResolver.ResolveMessageType(serialised, types);
//ASSERT
Assert.AreEqual(typeof(AuthnRequest), type);
}
public static async Task <SAMLForm> BuildRequestBindingContext(RequestContext requestContext)
{
string url = String.Empty;
var builders = new List <IPostClauseBuilder>();
requestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
var xmlSinatureManager = new XmlSignatureManager();
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager);
builders.Add(signatureBuilder);
var bindingContext = new RequestPostBindingContext(requestContext);
foreach (var b in builders)
{
await b.Build(bindingContext);
}
var form = new SAMLForm();
var request = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest];
var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(request));
var relyingStateSerialised = bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState];
form.ActionURL = bindingContext.DestinationUri.AbsoluteUri;
form.SetRequest(base64Encoded);
form.SetRelatState(relyingStateSerialised);
return(form);
}
public static async Task <RequestBindingContext> BuildRequestBindingContext(RequestContext requestContext)
{
string url = String.Empty;
var builders = new List <IRedirectClauseBuilder>();
requestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//request compression builder
var encodingBuilder = new RequestEncoderBuilder(encoder);
builders.Add(encodingBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger);
builders.Add(signatureBuilder);
var bindingContext = new RequestBindingContext(requestContext);
foreach (var b in builders)
{
await b.Build(bindingContext);
}
return(bindingContext);
}
public async Task Post_end_to_end_test()
{
//ARRANGE
var isValid = false;
string url = String.Empty;
IDictionary <string, object> relayState = null;
var builders = new List <IPostClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var xmlSinatureManager = new XmlSignatureManager();
var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager);
builders.Add(signatureBuilder);
//context
var outboundContext = new HttpPostRequestContext(new SAMLForm())
{
BindingContext = new RequestPostBindingContext(authnRequestContext),
DespatchDelegate = form =>
{
url = form.ActionURL;
var request = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.SamlRequest];
var state = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.RelayState];
var task = relayStateSerialiser.Deserialize(state);
task.Wait();
relayState = task.Result as IDictionary <string, object>;
var cert = certificateManager.GetCertificateFromContext(certContext);
isValid = this.VerifySignature(request, cert);
return(Task.CompletedTask);
}
};
//dispatcher
var dispatcher = new PostRequestDispatcher(() => builders, logger);
//ACT
await dispatcher.SendAsync(outboundContext);
//ASSERT
Assert.AreEqual(url, requestUri.AbsoluteUri);
Assert.IsTrue(Enumerable.SequenceEqual(relayState, authnRequestContext.RelyingState));
Assert.IsTrue(isValid);
}
public async Task DecodeTest()
{
string url = String.Empty;
var builders = new List <IRedirectClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//request compression builder
var encodingBuilder = new RequestEncoderBuilder(encoder);
builders.Add(encodingBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger);
builders.Add(signatureBuilder);
var bindingContext = new RequestBindingContext(authnRequestContext);
foreach (var b in builders)
{
await b.Build(bindingContext);
}
var decoder = new RedirectBindingDecoder(logger, encoder);
//ACT
var message = await decoder.Decode(bindingContext.GetDestinationUrl());
var stateFromResult = message.Elements[HttpRedirectBindingConstants.RelayState];
var requestFromContext = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest];
var decoded = await encoder.DecodeMessage(requestFromContext);
//ASSERT
Assert.IsNotNull(stateFromResult);
Assert.AreEqual(bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState], message.Elements[HttpRedirectBindingConstants.RelayState]);
Assert.AreEqual(decoded, message.Elements[HttpRedirectBindingConstants.SamlRequest]);
}
public async Task Redirect_end_to_end_test()
{
//ARRANGE
var isValid = false;
string url = String.Empty;
var builders = new List <IRedirectClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//request compression builder
var encodingBuilder = new RequestEncoderBuilder(encoder);
builders.Add(encodingBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger);
builders.Add(signatureBuilder);
//context
var outboundContext = new HttpRedirectRequestContext
{
BindingContext = new RequestBindingContext(authnRequestContext),
DespatchDelegate = redirectUri =>
{
url = redirectUri.GetLeftPart(UriPartial.Path);
var query = redirectUri.Query.TrimStart('?');
var cert = certificateManager.GetCertificateFromContext(certContext);
isValid = this.VerifySignature(query, cert, certificateManager);
return(Task.CompletedTask);
}
};
//dispatcher
var dispatcher = new RedirectRequestDispatcher(() => builders);
//ACT
await dispatcher.SendAsync(outboundContext);
//ASSERT
Assert.AreEqual(url, requestUri.AbsoluteUri);
Assert.IsTrue(isValid);
}
