public void DeserialiseTokenTest_encrypted_assertion_manual_signarure_verification()
{
//ARRANGE
var path = FileHelper.GetEncryptedAssertionFilePath();
var doc = new XmlDocument();
doc.Load(path);
var el = doc.DocumentElement;
var inner = new X509CertificateStoreTokenResolver("TestCertStore", StoreLocation.LocalMachine);
var encryptedList = el.GetElementsByTagName(HttpRedirectBindingConstants.EncryptedAssertion, Saml20Constants.Assertion);
XmlDocument result = null;
//ACT
if (encryptedList.Count == 1)
{
var encryptedAssertion = (XmlElement)encryptedList[0];
result = TokenHelper.GetPlainAsertion(inner, encryptedAssertion);
}
var valid = TokenHelper.VerifySignature(result.DocumentElement);
Assert.IsTrue(valid);
}
public OioIdwsAuthorizationServiceOptions() : base("OioIdwsAuthorizationService")
{
AccessTokenExpiration = TimeSpan.FromSeconds(3600);
KeyGenerator = new KeyGenerator();
TokenValidator = new TokenValidator();
ServiceTokenResolver = new X509CertificateStoreTokenResolver();
CertificateValidator = X509CertificateValidator.ChainTrust;
MaxClockSkew = TimeSpan.FromMinutes(5);
SystemClock = new SystemClock();
}
public SecurityTokenHandlerConfiguration GetConfiguration()
{
var inner = new X509CertificateStoreTokenResolver("testCertStore", StoreLocation.LocalMachine);
var tokenResolver = new IssuerTokenResolver(inner);
var configuration = new SecurityTokenHandlerConfiguration
{
IssuerTokenResolver = tokenResolver,
ServiceTokenResolver = inner,
AudienceRestriction = new AudienceRestriction(AudienceUriMode.Always),
CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom,
};
return(configuration);
}
public void GetPlainAsertion_Test()
{
//ARRANGE
var doc = new XmlDocument();
doc.Load(@"D:\Dan\Software\Apira\a.xml");
var el = doc.DocumentElement;
var inner = new X509CertificateStoreTokenResolver("TestCertStore", StoreLocation.LocalMachine);
var encryptedList = el.GetElementsByTagName(HttpRedirectBindingConstants.EncryptedAssertion, Saml20Constants.Assertion);
XmlDocument result = null;
//ACT
if (encryptedList.Count == 1)
{
var encryptedAssertion = (XmlElement)encryptedList[0];
result = TokenHelper.GetPlainAsertion(inner, encryptedAssertion);
}
//ASSERT
Assert.IsNotNull(result);
}
public SecurityTokenHandlerConfiguration GetConfiguration(string partnerId)
{
this._certificateValidator.SetFederationPartyId(partnerId);
var partnerContex = this._federationPartyContextBuilder.BuildContext(partnerId);
var descriptor = partnerContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var cert = descriptor.KeyDescriptors.First(x => x.IsDefault && x.Use == Kernel.Federation.MetaData.Configuration.Cryptography.KeyUsage.Encryption);
if (cert.CertificateContext == null)
{
throw new ArgumentNullException("certificate context");
}
var x509CertificateContext = cert.CertificateContext as X509CertificateContext;
if (x509CertificateContext == null)
{
throw new InvalidOperationException(String.Format("Expected certificate context of type: {0} but it was:{1}", typeof(X509CertificateContext).Name, cert.CertificateContext.GetType()));
}
var inner = new X509CertificateStoreTokenResolver(x509CertificateContext.StoreName, x509CertificateContext.StoreLocation);
var tokenResolver = new IssuerTokenResolver(inner);
var configuration = new SecurityTokenHandlerConfiguration
{
IssuerTokenResolver = tokenResolver,
ServiceTokenResolver = inner,
AudienceRestriction = new AudienceRestriction(AudienceUriMode.Always),
CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom,
CertificateValidator = (X509CertificateValidator)this._certificateValidator
};
configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(partnerContex.MetadataContext.EntityId));
return(configuration);
}
