public void Validation()
{
Authenticator a = new Authenticator(
new SecurityTokenAuthenticator [] {
new CustomUserNameSecurityTokenAuthenticator(UserNamePasswordValidator.None),
new X509SecurityTokenAuthenticator(X509CertificateValidator.None),
});
PolicyCollection pl = a.ValidateToken(GetSamlToken());
Assert.AreEqual(1, pl.Count, "#1");
IAuthorizationPolicy p = pl [0];
Assert.AreEqual(ClaimSet.System, p.Issuer, "#2");
TestEvaluationContext ec = new TestEvaluationContext();
object o = null;
Assert.IsTrue(p.Evaluate(ec, ref o), "#3");
Assert.AreEqual(DateTime.MaxValue.AddDays(-1), ec.ExpirationTime, "#4");
IList <IIdentity> identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.IsNotNull(identities, "#5");
Assert.AreEqual(1, identities.Count, "#6");
IIdentity ident = identities [0];
Assert.AreEqual(true, ident.IsAuthenticated, "#6-2");
// it's implementation details.
//Assert.AreEqual ("NoneUserNamePasswordValidator", ident.AuthenticationType, "#6-3");
Assert.AreEqual("mono", ident.Name, "#6-4");
Assert.AreEqual(1, ec.ClaimSets.Count, "#7");
Assert.IsTrue(p.Evaluate(ec, ref o), "#8");
identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.AreEqual(2, identities.Count, "#9");
Assert.AreEqual(2, ec.ClaimSets.Count, "#10");
}
public void Validation()
{
X509Certificate2 cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.cer"));
Authenticator a = new Authenticator(
X509CertificateValidator.None);
PolicyCollection pl = a.ValidateToken(new X509SecurityToken(cert));
Assert.AreEqual(1, pl.Count, "#1");
IAuthorizationPolicy p = pl [0];
Assert.AreEqual(ClaimSet.System, p.Issuer, "#2");
TestEvaluationContext ec = new TestEvaluationContext();
object o = null;
Assert.IsTrue(p.Evaluate(ec, ref o), "#3");
// mhm, should this really be converted to UTC?
Assert.AreEqual(cert.NotAfter.ToUniversalTime(), ec.ExpirationTime, "#4");
IList <IIdentity> identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.IsNotNull(identities, "#5");
Assert.AreEqual(1, identities.Count, "#6");
IIdentity ident = identities [0];
Assert.AreEqual(true, ident.IsAuthenticated, "#6-2");
Assert.AreEqual("X509", ident.AuthenticationType, "#6-3");
//Assert.AreEqual (cert.SubjectName.Name + "; " + cert.Thumbprint, ident.Name, "#6-4");
Assert.AreEqual(1, ec.ClaimSets.Count, "#7");
Assert.IsTrue(p.Evaluate(ec, ref o), "#8");
identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.AreEqual(2, identities.Count, "#9");
Assert.AreEqual(2, ec.ClaimSets.Count, "#10");
}
internal static AuthorizationContext CreateDefaultAuthorizationContext(IList <IAuthorizationPolicy> authorizationPolicies)
{
AuthorizationContext _authorizationContext;
// This is faster than Policy evaluation.
if (authorizationPolicies != null && authorizationPolicies.Count == 1 && authorizationPolicies[0] is UnconditionalPolicy)
{
_authorizationContext = new SimpleAuthorizationContext(authorizationPolicies);
}
// degenerate case
else if (authorizationPolicies == null || authorizationPolicies.Count <= 0)
{
return(DefaultAuthorizationContext.Empty);
}
else
{
// there are some policies, run them until they are all done
DefaultEvaluationContext evaluationContext = new DefaultEvaluationContext();
object[] policyState = new object[authorizationPolicies.Count];
object done = new object();
int oldContextCount;
do
{
oldContextCount = evaluationContext.Generation;
for (int i = 0; i < authorizationPolicies.Count; i++)
{
if (policyState[i] == done)
{
continue;
}
IAuthorizationPolicy policy = authorizationPolicies[i];
if (policy == null)
{
policyState[i] = done;
continue;
}
if (policy.Evaluate(evaluationContext, ref policyState[i]))
{
policyState[i] = done;
}
}
} while (oldContextCount < evaluationContext.Generation);
_authorizationContext = new DefaultAuthorizationContext(evaluationContext);
}
return(_authorizationContext);
}
public void Validation()
{
RSA rsa = (RSA) new X509Certificate2("Test/Resources/test.cer").PublicKey.Key;
Authenticator a = new Authenticator();
PolicyCollection pl = a.ValidateToken(new RsaSecurityToken(rsa));
Assert.AreEqual(1, pl.Count, "#1");
IAuthorizationPolicy p = pl [0];
Assert.AreEqual(ClaimSet.System, p.Issuer, "#2");
TestEvaluationContext ec = new TestEvaluationContext();
object o = null;
Assert.IsTrue(p.Evaluate(ec, ref o), "#3");
// mhm, should this really be converted to UTC?
Assert.AreEqual(DateTime.MaxValue.AddDays(-1), ec.ExpirationTime, "#4");
Assert.AreEqual(0, ec.Properties.Count, "#5");
Assert.AreEqual(1, ec.ClaimSets.Count, "#6");
Assert.IsTrue(p.Evaluate(ec, ref o), "#7");
Assert.AreEqual(2, ec.ClaimSets.Count, "#8");
}
internal static AuthorizationContext CreateDefaultAuthorizationContext(IList <IAuthorizationPolicy> authorizationPolicies)
{
AuthorizationContext context;
if (((authorizationPolicies != null) && (authorizationPolicies.Count == 1)) && (authorizationPolicies[0] is UnconditionalPolicy))
{
context = new SimpleAuthorizationContext(authorizationPolicies);
}
else
{
int generation;
if ((authorizationPolicies == null) || (authorizationPolicies.Count <= 0))
{
return(DefaultAuthorizationContext.Empty);
}
DefaultEvaluationContext evaluationContext = new DefaultEvaluationContext();
object[] objArray = new object[authorizationPolicies.Count];
object obj2 = new object();
do
{
generation = evaluationContext.Generation;
for (int i = 0; i < authorizationPolicies.Count; i++)
{
if (objArray[i] != obj2)
{
IAuthorizationPolicy policy = authorizationPolicies[i];
if (policy == null)
{
objArray[i] = obj2;
}
else if (policy.Evaluate(evaluationContext, ref objArray[i]))
{
objArray[i] = obj2;
if (DiagnosticUtility.ShouldTraceVerbose)
{
TraceUtility.TraceEvent(TraceEventType.Verbose, 0xc0003, System.IdentityModel.SR.GetString("AuthorizationPolicyEvaluated", new object[] { policy.Id }));
}
}
}
}
}while (generation < evaluationContext.Generation);
context = new DefaultAuthorizationContext(evaluationContext);
}
if (DiagnosticUtility.ShouldTraceInformation)
{
TraceUtility.TraceEvent(TraceEventType.Information, 0xc0002, System.IdentityModel.SR.GetString("AuthorizationContextCreated", new object[] { context.Id }));
}
return(context);
}
internal static AuthorizationContext CreateDefaultAuthorizationContext(IList <IAuthorizationPolicy> authorizationPolicies)
{
AuthorizationContext authorizationContext;
// This is faster than Policy evaluation.
if (authorizationPolicies != null && authorizationPolicies.Count == 1 && authorizationPolicies[0] is UnconditionalPolicy)
{
authorizationContext = new SimpleAuthorizationContext(authorizationPolicies);
}
// degenerate case
else if (authorizationPolicies == null || authorizationPolicies.Count <= 0)
{
return(DefaultAuthorizationContext.Empty);
}
else
{
// there are some policies, run them until they are all done
DefaultEvaluationContext evaluationContext = new DefaultEvaluationContext();
object[] policyState = new object[authorizationPolicies.Count];
object done = new object();
int oldContextCount;
do
{
oldContextCount = evaluationContext.Generation;
for (int i = 0; i < authorizationPolicies.Count; i++)
{
if (policyState[i] == done)
{
continue;
}
IAuthorizationPolicy policy = authorizationPolicies[i];
if (policy == null)
{
policyState[i] = done;
continue;
}
if (policy.Evaluate(evaluationContext, ref policyState[i]))
{
policyState[i] = done;
if (DiagnosticUtility.ShouldTraceVerbose)
{
TraceUtility.TraceEvent(TraceEventType.Verbose, TraceCode.AuthorizationPolicyEvaluated,
SR.GetString(SR.AuthorizationPolicyEvaluated, policy.Id));
}
}
}
} while (oldContextCount < evaluationContext.Generation);
authorizationContext = new DefaultAuthorizationContext(evaluationContext);
}
if (DiagnosticUtility.ShouldTraceInformation)
{
TraceUtility.TraceEvent(TraceEventType.Information, TraceCode.AuthorizationContextCreated,
SR.GetString(SR.AuthorizationContextCreated, authorizationContext.Id));
}
return(authorizationContext);
}
