public void EqualsTests() { IdentifierDiscoveryResult se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedId, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority); IdentifierDiscoveryResult se2 = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedId, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), (int?)null, (int?)null); Assert.AreEqual(se2, se); Assert.AreNotEqual(se, null); Assert.AreNotEqual(null, se); IdentifierDiscoveryResult se3 = IdentifierDiscoveryResult.CreateForClaimedIdentifier(new UriIdentifier(this.claimedId + "a"), this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority); Assert.AreNotEqual(se, se3); se3 = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedId, this.localId, new ProviderEndpointDescription(new Uri(this.providerEndpoint.AbsoluteUri + "a"), this.v20TypeUris), this.servicePriority, this.uriPriority); Assert.AreNotEqual(se, se3); se3 = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedId, this.localId + "a", new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority); Assert.AreNotEqual(se, se3); se3 = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedId, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v11TypeUris), this.servicePriority, this.uriPriority); Assert.AreNotEqual(se, se3); // make sure that Collection<T>.Contains works as desired. var list = new List <IdentifierDiscoveryResult>(); list.Add(se); Assert.IsTrue(list.Contains(se2)); }
public void IsTypeUriPresent() { IdentifierDiscoveryResult se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedXri, this.userSuppliedXri, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority); Assert.IsTrue(se.IsTypeUriPresent(Protocol.Default.ClaimedIdentifierServiceTypeURI)); Assert.IsFalse(se.IsTypeUriPresent("http://someother")); }
private AuthenticationRequest CreateAuthenticationRequest(Identifier claimedIdentifier, Identifier providerLocalIdentifier) { ProviderEndpointDescription providerEndpoint = new ProviderEndpointDescription(OPUri, this.protocol.Version); IdentifierDiscoveryResult endpoint = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, providerLocalIdentifier, providerEndpoint, 10, 5); OpenIdRelyingParty rp = this.CreateRelyingParty(); return(AuthenticationRequest.CreateForTest(endpoint, this.realm, this.returnTo, rp)); }
public void CtorImpliedLocalIdentifier() { IdentifierDiscoveryResult se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedId, null, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority); Assert.AreEqual(this.claimedId, se.ClaimedIdentifier); Assert.AreSame(this.providerEndpoint, se.ProviderEndpoint); Assert.AreSame(this.claimedId, se.ProviderLocalIdentifier); CollectionAssert <string> .AreEquivalent(this.v20TypeUris, se.Capabilities); }
internal void RegisterMockXrdsResponse(UriIdentifier directedIdentityAssignedIdentifier, IdentifierDiscoveryResult providerEndpoint) { IdentifierDiscoveryResult identityEndpoint = IdentifierDiscoveryResult.CreateForClaimedIdentifier( directedIdentityAssignedIdentifier, directedIdentityAssignedIdentifier, providerEndpoint.ProviderLocalIdentifier, new ProviderEndpointDescription(providerEndpoint.ProviderEndpoint, providerEndpoint.Capabilities), 10, 10); this.RegisterMockXrdsResponse(identityEndpoint); }
protected Identifier GetMockDualIdentifier() { Protocol protocol = Protocol.Default; var opDesc = new ProviderEndpointDescription(OPUri, protocol.Version); var dualResults = new IdentifierDiscoveryResult[] { IdentifierDiscoveryResult.CreateForClaimedIdentifier(VanityUri.AbsoluteUri, OPLocalIdentifiers[0], opDesc, 10, 10), IdentifierDiscoveryResult.CreateForProviderIdentifier(protocol.ClaimedIdentifierForOPIdentifier, opDesc, 20, 20), }; this.RegisterMockXrdsResponse(VanityUri, dualResults); return(VanityUri); }
private async Task DiscoverAsync(string url, ProtocolVersion version, Identifier expectedLocalId, string providerEndpoint, bool expectSreg, bool useRedirect, WebHeaderCollection headers) { Protocol protocol = Protocol.Lookup(version); Uri baseUrl = new Uri("http://localhost/"); string redirectBase = this.RegisterDiscoveryRedirector(baseUrl); UriIdentifier claimedId = new Uri(baseUrl, url); UriIdentifier userSuppliedIdentifier = new Uri(redirectBase + Uri.EscapeDataString(url)); if (expectedLocalId == null) { expectedLocalId = claimedId; } Identifier idToDiscover = useRedirect ? userSuppliedIdentifier : claimedId; string contentType; if (url.EndsWith("html")) { contentType = "text/html"; } else if (url.EndsWith("xml")) { contentType = "application/xrds+xml"; } else { throw new InvalidOperationException(); } this.RegisterMockResponse(claimedId, claimedId, contentType, headers ?? new WebHeaderCollection(), LoadEmbeddedFile(url)); IdentifierDiscoveryResult expected = IdentifierDiscoveryResult.CreateForClaimedIdentifier( claimedId, expectedLocalId, new ProviderEndpointDescription(new Uri(providerEndpoint), new string[] { protocol.ClaimedIdentifierServiceTypeURI }), // services aren't checked by Equals null, null); var discoveryResult = await this.DiscoverAsync(idToDiscover); IdentifierDiscoveryResult se = discoveryResult.FirstOrDefault(ep => ep.Equals(expected)); Assert.IsNotNull(se, url + " failed to be discovered."); // Do extra checking of service type URIs, which aren't included in // the ServiceEndpoint.Equals method. Assert.AreEqual(expectSreg ? 2 : 1, se.Capabilities.Count); Assert.IsTrue(se.Capabilities.Contains(protocol.ClaimedIdentifierServiceTypeURI)); Assert.AreEqual(expectSreg, se.IsExtensionSupported <ClaimsRequest>()); }
public void ProtocolDetection() { IdentifierDiscoveryResult se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedId, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority); Assert.AreSame(Protocol.V20, se.Protocol); se = IdentifierDiscoveryResult.CreateForClaimedIdentifier( this.claimedId, this.localId, new ProviderEndpointDescription(this.providerEndpoint, new[] { Protocol.V20.OPIdentifierServiceTypeURI }), this.servicePriority, this.uriPriority); Assert.AreSame(Protocol.V20, se.Protocol); se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedId, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v11TypeUris), this.servicePriority, this.uriPriority); Assert.AreSame(Protocol.V11, se.Protocol); }
/// <summary> /// Initializes a new instance of the <see cref="PositiveAuthenticationResponse"/> class /// </summary> /// <param name="response">The positive assertion response that was just received by the Relying Party.</param> /// <param name="relyingParty">The relying party.</param> private PositiveAuthenticationResponse(PositiveAssertionResponse response, OpenIdRelyingParty relyingParty) : base(response) { Requires.NotNull(relyingParty, "relyingParty"); this.Endpoint = IdentifierDiscoveryResult.CreateForClaimedIdentifier( this.Response.ClaimedIdentifier, this.Response.GetReturnToArgument(AuthenticationRequest.UserSuppliedIdentifierParameterName), this.Response.LocalIdentifier, new ProviderEndpointDescription(this.Response.ProviderEndpoint, this.Response.Version), null, null); Logger.OpenId.InfoFormat("Received identity assertion for {0} via {1}.", this.Response.ClaimedIdentifier, this.Provider.Uri); }
internal static IdentifierDiscoveryResult GetServiceEndpoint(int user, ProtocolVersion providerVersion, int servicePriority, bool useSsl, bool delegating) { var providerEndpoint = new ProviderEndpointDescription( useSsl ? OpenIdTestBase.OPUriSsl : OpenIdTestBase.OPUri, new string[] { Protocol.Lookup(providerVersion).ClaimedIdentifierServiceTypeURI }); var local_id = useSsl ? OPLocalIdentifiersSsl[user] : OPLocalIdentifiers[user]; var claimed_id = delegating ? (useSsl ? VanityUriSsl : VanityUri) : local_id; return(IdentifierDiscoveryResult.CreateForClaimedIdentifier( claimed_id, claimed_id, local_id, providerEndpoint, servicePriority, 10)); }
public void GetFriendlyIdentifierForDisplay() { Uri providerEndpoint = new Uri("http://someprovider"); Identifier localId = "someuser"; string[] serviceTypeUris = new string[] { Protocol.V20.ClaimedIdentifierServiceTypeURI, }; IdentifierDiscoveryResult se; // strip of protocol, port, query and fragment se = IdentifierDiscoveryResult.CreateForClaimedIdentifier( "http://someprovider.somedomain.com:79/someuser?query#frag", localId, new ProviderEndpointDescription(providerEndpoint, serviceTypeUris), null, null); Assert.AreEqual("someprovider.somedomain.com/someuser", se.FriendlyIdentifierForDisplay); // unescape characters Uri foreignUri = new Uri("http://server崎/村"); se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(foreignUri, localId, new ProviderEndpointDescription(providerEndpoint, serviceTypeUris), null, null); Assert.AreEqual("server崎/村", se.FriendlyIdentifierForDisplay); // restore user supplied identifier to XRIs se = IdentifierDiscoveryResult.CreateForClaimedIdentifier( new XriIdentifier("=!9B72.7DD1.50A9.5CCD"), new XriIdentifier("=Arnott崎村"), localId, new ProviderEndpointDescription(providerEndpoint, serviceTypeUris), null, null); Assert.AreEqual("=Arnott崎村", se.FriendlyIdentifierForDisplay); // If UserSuppliedIdentifier is the same as the ClaimedIdentifier, don't display it twice... se = IdentifierDiscoveryResult.CreateForClaimedIdentifier( new XriIdentifier("=!9B72.7DD1.50A9.5CCD"), new XriIdentifier("=!9B72.7DD1.50A9.5CCD"), localId, new ProviderEndpointDescription(providerEndpoint, serviceTypeUris), null, null); Assert.AreEqual("=!9B72.7DD1.50A9.5CCD", se.FriendlyIdentifierForDisplay); }
public void ProblematicClaimedId() { var providerEndpoint = new ProviderEndpointDescription(OpenIdTestBase.OPUri, Protocol.Default.Version); string claimed_id = BaseMockUri + "a./b."; var se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimed_id, claimed_id, providerEndpoint, null, null); UriIdentifier identityUri = (UriIdentifier)se.ClaimedIdentifier; var mockId = new MockIdentifier(identityUri, this.MockResponder, new IdentifierDiscoveryResult[] { se }); var positiveAssertion = this.GetPositiveAssertion(); positiveAssertion.ClaimedIdentifier = mockId; positiveAssertion.LocalIdentifier = mockId; var rp = CreateRelyingParty(); var authResponse = new PositiveAuthenticationResponse(positiveAssertion, rp); Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status); Assert.AreEqual(claimed_id, authResponse.ClaimedIdentifier.ToString()); }
public async Task ProblematicClaimedId() { var providerEndpoint = new ProviderEndpointDescription(OpenIdTestBase.OPUri, Protocol.Default.Version); string claimed_id = BaseMockUri + "a./b."; var se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimed_id, claimed_id, providerEndpoint, null, null); var identityUri = (UriIdentifier)se.ClaimedIdentifier; this.RegisterMockXrdsResponse(se); var rp = this.CreateRelyingParty(); var positiveAssertion = this.GetPositiveAssertion(); positiveAssertion.ClaimedIdentifier = claimed_id; positiveAssertion.LocalIdentifier = claimed_id; var authResponse = await PositiveAuthenticationResponse.CreateAsync(positiveAssertion, rp, CancellationToken.None); Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status); Assert.AreEqual(claimed_id, authResponse.ClaimedIdentifier.ToString()); }
/// <summary> /// Prepares an identity assertion on behalf of one of this Provider's /// members in order to redirect the user agent to a relying party /// web site and log him/her in immediately in one uninterrupted step. /// </summary> /// <param name="providerEndpoint">The absolute URL on the Provider site that receives OpenID messages.</param> /// <param name="relyingPartyRealm">The URL of the Relying Party web site. /// This will typically be the home page, but may be a longer URL if /// that Relying Party considers the scope of its realm to be more specific. /// The URL provided here must allow discovery of the Relying Party's /// XRDS document that advertises its OpenID RP endpoint.</param> /// <param name="claimedIdentifier">The Identifier you are asserting your member controls.</param> /// <param name="localIdentifier">The Identifier you know your user by internally. This will typically /// be the same as <paramref name="claimedIdentifier" />.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <param name="extensions">The extensions.</param> /// <returns> /// A <see cref="HttpResponseMessage" /> object describing the HTTP response to send /// the user agent to allow the redirect with assertion to happen. /// </returns> public async Task <HttpResponseMessage> PrepareUnsolicitedAssertionAsync(Uri providerEndpoint, Realm relyingPartyRealm, Identifier claimedIdentifier, Identifier localIdentifier, CancellationToken cancellationToken = default(CancellationToken), params IExtensionMessage[] extensions) { Requires.NotNull(providerEndpoint, "providerEndpoint"); Requires.That(providerEndpoint.IsAbsoluteUri, "providerEndpoint", OpenIdStrings.AbsoluteUriRequired); Requires.NotNull(relyingPartyRealm, "relyingPartyRealm"); Requires.NotNull(claimedIdentifier, "claimedIdentifier"); Requires.NotNull(localIdentifier, "localIdentifier"); RequiresEx.ValidState(this.Channel.HostFactories != null); // Although the RP should do their due diligence to make sure that this OP // is authorized to send an assertion for the given claimed identifier, // do due diligence by performing our own discovery on the claimed identifier // and make sure that it is tied to this OP and OP local identifier. if (this.SecuritySettings.UnsolicitedAssertionVerification != ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel.NeverVerify) { var serviceEndpoint = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, localIdentifier, new ProviderEndpointDescription(providerEndpoint, Protocol.Default.Version), null, null); var discoveredEndpoints = await this.discoveryServices.DiscoverAsync(claimedIdentifier, cancellationToken); if (!discoveredEndpoints.Contains(serviceEndpoint)) { Logger.OpenId.WarnFormat( "Failed to send unsolicited assertion for {0} because its discovered services did not include this endpoint: {1}{2}{1}Discovered endpoints: {1}{3}", claimedIdentifier, Environment.NewLine, serviceEndpoint, discoveredEndpoints.ToStringDeferred(true)); // Only FAIL if the setting is set for it. if (this.securitySettings.UnsolicitedAssertionVerification == ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel.RequireSuccess) { ErrorUtilities.ThrowProtocol(OpenIdStrings.UnsolicitedAssertionForUnrelatedClaimedIdentifier, claimedIdentifier); } } } Logger.OpenId.InfoFormat("Preparing unsolicited assertion for {0}", claimedIdentifier); RelyingPartyEndpointDescription returnToEndpoint = null; var returnToEndpoints = await relyingPartyRealm.DiscoverReturnToEndpointsAsync(this.Channel.HostFactories, true, cancellationToken); if (returnToEndpoints != null) { returnToEndpoint = returnToEndpoints.FirstOrDefault(); } ErrorUtilities.VerifyProtocol(returnToEndpoint != null, OpenIdStrings.NoRelyingPartyEndpointDiscovered, relyingPartyRealm); var positiveAssertion = new PositiveAssertionResponse(returnToEndpoint) { ProviderEndpoint = providerEndpoint, ClaimedIdentifier = claimedIdentifier, LocalIdentifier = localIdentifier, }; if (extensions != null) { foreach (IExtensionMessage extension in extensions) { positiveAssertion.Extensions.Add(extension); } } Reporting.RecordEventOccurrence(this, "PrepareUnsolicitedAssertion"); return(await this.Channel.PrepareResponseAsync(positiveAssertion, cancellationToken)); }
public void IsTypeUriPresentEmpty() { IdentifierDiscoveryResult se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(this.claimedXri, this.userSuppliedXri, this.localId, new ProviderEndpointDescription(this.providerEndpoint, this.v20TypeUris), this.servicePriority, this.uriPriority); se.IsTypeUriPresent(string.Empty); }
/// <summary> /// Prepares an identity assertion on behalf of one of this Provider's /// members in order to redirect the user agent to a relying party /// web site and log him/her in immediately in one uninterrupted step. /// </summary> /// <param name="providerEndpoint">The absolute URL on the Provider site that receives OpenID messages.</param> /// <param name="relyingPartyRealm">The URL of the Relying Party web site. /// This will typically be the home page, but may be a longer URL if /// that Relying Party considers the scope of its realm to be more specific. /// The URL provided here must allow discovery of the Relying Party's /// XRDS document that advertises its OpenID RP endpoint.</param> /// <param name="claimedIdentifier">The Identifier you are asserting your member controls.</param> /// <param name="localIdentifier">The Identifier you know your user by internally. This will typically /// be the same as <paramref name="claimedIdentifier"/>.</param> /// <param name="extensions">The extensions.</param> /// <returns> /// A <see cref="OutgoingWebResponse"/> object describing the HTTP response to send /// the user agent to allow the redirect with assertion to happen. /// </returns> public OutgoingWebResponse PrepareUnsolicitedAssertion(Uri providerEndpoint, Realm relyingPartyRealm, Identifier claimedIdentifier, Identifier localIdentifier, params IExtensionMessage[] extensions) { Contract.Requires <ArgumentNullException>(providerEndpoint != null); Contract.Requires <ArgumentException>(providerEndpoint.IsAbsoluteUri); Contract.Requires <ArgumentNullException>(relyingPartyRealm != null); Contract.Requires <ArgumentNullException>(claimedIdentifier != null); Contract.Requires <ArgumentNullException>(localIdentifier != null); Contract.Requires <InvalidOperationException>(this.Channel.WebRequestHandler != null); // Although the RP should do their due diligence to make sure that this OP // is authorized to send an assertion for the given claimed identifier, // do due diligence by performing our own discovery on the claimed identifier // and make sure that it is tied to this OP and OP local identifier. if (this.SecuritySettings.UnsolicitedAssertionVerification != ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel.NeverVerify) { var serviceEndpoint = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, localIdentifier, new ProviderEndpointDescription(providerEndpoint, Protocol.Default.Version), null, null); var discoveredEndpoints = this.RelyingParty.Discover(claimedIdentifier); if (!discoveredEndpoints.Contains(serviceEndpoint)) { Logger.OpenId.WarnFormat( "Failed to send unsolicited assertion for {0} because its discovered services did not include this endpoint: {1}{2}{1}Discovered endpoints: {1}{3}", claimedIdentifier, Environment.NewLine, serviceEndpoint, discoveredEndpoints.ToStringDeferred(true)); // Only FAIL if the setting is set for it. if (this.securitySettings.UnsolicitedAssertionVerification == ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel.RequireSuccess) { ErrorUtilities.ThrowProtocol(OpenIdStrings.UnsolicitedAssertionForUnrelatedClaimedIdentifier, claimedIdentifier); } } } Logger.OpenId.InfoFormat("Preparing unsolicited assertion for {0}", claimedIdentifier); RelyingPartyEndpointDescription returnToEndpoint = null; var returnToEndpoints = relyingPartyRealm.DiscoverReturnToEndpoints(this.WebRequestHandler, true); if (returnToEndpoints != null) { returnToEndpoint = returnToEndpoints.FirstOrDefault(); } ErrorUtilities.VerifyProtocol(returnToEndpoint != null, OpenIdStrings.NoRelyingPartyEndpointDiscovered, relyingPartyRealm); var positiveAssertion = new PositiveAssertionResponse(returnToEndpoint) { ProviderEndpoint = providerEndpoint, ClaimedIdentifier = claimedIdentifier, LocalIdentifier = localIdentifier, }; if (extensions != null) { foreach (IExtensionMessage extension in extensions) { positiveAssertion.Extensions.Add(extension); } } Reporting.RecordEventOccurrence(this, "PrepareUnsolicitedAssertion"); return(this.Channel.PrepareResponse(positiveAssertion)); }