public void Federation_ReloadOfMetadata_KeepsOldDataUntilMetadataBecomesInvalid() { MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 5); var options = StubFactory.CreateOptions(); // Disable logging in this case, to trigger the code path when logger is null. options.SPOptions.Logger = null; var subject = new Federation( "http://localhost:13428/federationMetadataShortCacheDuration", false, options); IdentityProvider idp; options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp) .Should().BeTrue("idp should be loaded initially"); var initialValidUntil = subject.MetadataValidUntil; StubServer.IdpAndFederationShortCacheDurationAvailable = false; try { // Wait until a failed load has occured. SpinWaiter.While(() => subject.LastMetadataLoadException == null, "Timeout passed without a failed metadata reload."); subject.MetadataValidUntil.Should().NotBe(DateTime.MinValue); } catch (AssertFailedException) { Assert.Inconclusive("This test is sensitive to race conditions, didn't work this time. Don't worry."); } options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp) .Should().BeTrue("idp shouldn't be removed while metadata is still valid."); SpinWaiter.While(() => subject.MetadataValidUntil != DateTime.MinValue, "Timeout passed without metadata becoming invalid."); options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp) .Should().BeFalse("idp should be removed if metadata is no longer valid"); StubServer.IdpAndFederationShortCacheDurationAvailable = true; SpinWaiter.While(() => subject.MetadataValidUntil == DateTime.MinValue, "Timeout passed without metadata being successfully reloaded"); options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp) .Should().BeTrue("idp should be readded when metadata is refreshed."); }
public void IdentityProvider_ScheduledReloadOfMetadata_RetriesIfInitialLoadFails() { MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 1); StubServer.IdpAndFederationShortCacheDurationAvailable = false; var subject = CreateSubjectForMetadataRefresh(); StubServer.IdpAndFederationShortCacheDurationAvailable = true; SpinWaiter.While(() => { var mvu = subject.MetadataValidUntil; return(!mvu.HasValue || mvu == DateTime.MinValue); }); }
public void IdentityProvider_SigningKeys_RemovesMetadataKeyButKeepsConfiguredKey() { var subject = CreateSubjectForMetadataRefresh(); // One key from config, one key from metadata. subject.SigningKeys.Count().Should().Be(2); StubServer.IdpVeryShortCacheDurationIncludeKey = false; SpinWaiter.While(() => subject.SigningKeys.Count() == 2); new X509Certificate2( subject.SigningKeys.Single().As <X509RawDataKeyIdentifierClause>() .GetX509RawData()).Thumbprint.Should().Be(SignedXmlHelper.TestCert.Thumbprint); }
public void IdentityProvider_SigningKeys_RemovesMetadataKeyButKeepsConfiguredKey() { var subject = CreateSubjectForMetadataRefresh(); // One key from config, one key from metadata. subject.SigningKeys.Count().Should().Be(2); MetadataServer.IdpVeryShortCacheDurationIncludeKey = false; SpinWaiter.While(() => subject.SigningKeys.Count() == 2); var subjectKeyParams = subject.SigningKeys.Single().As <RSACryptoServiceProvider>().ExportParameters(false); var expectedKeyParams = SignedXmlHelper.TestKey.As <RSACryptoServiceProvider>().ExportParameters(false); subjectKeyParams.Modulus.ShouldBeEquivalentTo(expectedKeyParams.Modulus); subjectKeyParams.Exponent.ShouldBeEquivalentTo(expectedKeyParams.Exponent); }
public void Federation_ReloadOfMetadata_KeepsOldDataUntilMetadataBecomesInvalid() { MetadataRefreshScheduler.minInternval = new TimeSpan(0, 0, 0, 0, 5); var options = StubFactory.CreateOptions(); var subject = new Federation( new Uri("http://localhost:13428/federationMetadataShortCacheDuration"), false, options); IdentityProvider idp; options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp) .Should().BeTrue("idp should be loaded initially"); var initialValidUntil = subject.MetadataValidUntil; MetadataServer.IdpAndFederationShortCacheDurationAvailable = false; // Wait until a failed load has occured. SpinWaiter.While(() => subject.LastMetadataLoadException == null, "Timeout passed without a failed metadata reload."); subject.MetadataValidUntil.Should().NotBe(DateTime.MinValue); options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp) .Should().BeTrue("idp shouldn't be removed while metadata is still valid."); SpinWaiter.While(() => subject.MetadataValidUntil != DateTime.MinValue, "Timeout passed without metadata becoming invalid."); options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp) .Should().BeFalse("idp should be removed if metadata is no longer valid"); MetadataServer.IdpAndFederationShortCacheDurationAvailable = true; SpinWaiter.While(() => subject.MetadataValidUntil == DateTime.MinValue, "Timeout passed without metadata being successfully reloaded"); options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp) .Should().BeTrue("idp should be readded when metadata is refreshed."); }
public void IdentityProvider_ScheduledReloadOfMetadata_RetriesIfLoadFails() { MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 1); var subject = CreateSubjectForMetadataRefresh(); StubServer.IdpAndFederationShortCacheDurationAvailable = false; SpinWaiter.While(() => subject.MetadataValidUntil != DateTime.MinValue, "Timed out waiting for failed metadata load to occur."); var metadataEnabledTime = DateTime.UtcNow; StubServer.IdpAndFederationShortCacheDurationAvailable = true; SpinWaiter.While(() => { var mvu = subject.MetadataValidUntil; return(!mvu.HasValue || mvu == DateTime.MinValue); }, "Timed out waiting for successful reload of metadata."); }