public void DeserialiseTokenTest_encrypted_assertion_manual_signarure_verification() { //ARRANGE var path = FileHelper.GetEncryptedAssertionFilePath(); var doc = new XmlDocument(); doc.Load(path); var el = doc.DocumentElement; var inner = new X509CertificateStoreTokenResolver("TestCertStore", StoreLocation.LocalMachine); var encryptedList = el.GetElementsByTagName(HttpRedirectBindingConstants.EncryptedAssertion, Saml20Constants.Assertion); XmlDocument result = null; //ACT if (encryptedList.Count == 1) { var encryptedAssertion = (XmlElement)encryptedList[0]; result = TokenHelper.GetPlainAsertion(inner, encryptedAssertion); } var valid = TokenHelper.VerifySignature(result.DocumentElement); Assert.IsTrue(valid); }
public OioIdwsAuthorizationServiceOptions() : base("OioIdwsAuthorizationService") { AccessTokenExpiration = TimeSpan.FromSeconds(3600); KeyGenerator = new KeyGenerator(); TokenValidator = new TokenValidator(); ServiceTokenResolver = new X509CertificateStoreTokenResolver(); CertificateValidator = X509CertificateValidator.ChainTrust; MaxClockSkew = TimeSpan.FromMinutes(5); SystemClock = new SystemClock(); }
public SecurityTokenHandlerConfiguration GetConfiguration() { var inner = new X509CertificateStoreTokenResolver("testCertStore", StoreLocation.LocalMachine); var tokenResolver = new IssuerTokenResolver(inner); var configuration = new SecurityTokenHandlerConfiguration { IssuerTokenResolver = tokenResolver, ServiceTokenResolver = inner, AudienceRestriction = new AudienceRestriction(AudienceUriMode.Always), CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom, }; return(configuration); }
public void GetPlainAsertion_Test() { //ARRANGE var doc = new XmlDocument(); doc.Load(@"D:\Dan\Software\Apira\a.xml"); var el = doc.DocumentElement; var inner = new X509CertificateStoreTokenResolver("TestCertStore", StoreLocation.LocalMachine); var encryptedList = el.GetElementsByTagName(HttpRedirectBindingConstants.EncryptedAssertion, Saml20Constants.Assertion); XmlDocument result = null; //ACT if (encryptedList.Count == 1) { var encryptedAssertion = (XmlElement)encryptedList[0]; result = TokenHelper.GetPlainAsertion(inner, encryptedAssertion); } //ASSERT Assert.IsNotNull(result); }
public SecurityTokenHandlerConfiguration GetConfiguration(string partnerId) { this._certificateValidator.SetFederationPartyId(partnerId); var partnerContex = this._federationPartyContextBuilder.BuildContext(partnerId); var descriptor = partnerContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var cert = descriptor.KeyDescriptors.First(x => x.IsDefault && x.Use == Kernel.Federation.MetaData.Configuration.Cryptography.KeyUsage.Encryption); if (cert.CertificateContext == null) { throw new ArgumentNullException("certificate context"); } var x509CertificateContext = cert.CertificateContext as X509CertificateContext; if (x509CertificateContext == null) { throw new InvalidOperationException(String.Format("Expected certificate context of type: {0} but it was:{1}", typeof(X509CertificateContext).Name, cert.CertificateContext.GetType())); } var inner = new X509CertificateStoreTokenResolver(x509CertificateContext.StoreName, x509CertificateContext.StoreLocation); var tokenResolver = new IssuerTokenResolver(inner); var configuration = new SecurityTokenHandlerConfiguration { IssuerTokenResolver = tokenResolver, ServiceTokenResolver = inner, AudienceRestriction = new AudienceRestriction(AudienceUriMode.Always), CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom, CertificateValidator = (X509CertificateValidator)this._certificateValidator }; configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(partnerContex.MetadataContext.EntityId)); return(configuration); }