public void AuthnRequestSerialiser_test() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as ISerializer; RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnRequest = RequestHelper.BuildRequest(authnRequestContext); //ACT var serialised = serialiser.Serialize(authnRequest); var deserialised = serialiser.Deserialize <AuthnRequest>(serialised); //ASSERT Assert.NotNull(serialised); Assert.AreEqual(authnRequest.Issuer.Value, deserialised.Issuer.Value); }
public void AuthnRequestType_test() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); var types = ReflectionHelper.GetAllTypes(t => !t.IsAbstract && !t.IsInterface && typeof(RequestAbstract).IsAssignableFrom(t)); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser; RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnRequest = RequestHelper.BuildRequest(authnRequestContext); var typeResolver = new MessageTypeResolver(); //ACT var serialised = serialiser.Serialize(authnRequest); var type = typeResolver.ResolveMessageType(serialised, types); //ASSERT Assert.AreEqual(typeof(AuthnRequest), type); }
public void LogoutRequestType_test_test() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var logoutContext = new SamlLogoutContext(new Uri(Reasons.User), new System.IdentityModel.Tokens.Saml2NameIdentifier("testUser", new Uri(NameIdentifierFormats.Persistent)), "local"); var authnRequestContext = new LogoutRequestContext(requestUri, new Uri("http://localhost"), federationContex, logoutContext); var types = ReflectionHelper.GetAllTypes(t => !t.IsAbstract && !t.IsInterface && typeof(RequestAbstract).IsAssignableFrom(t)); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser; RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetLogoutRequestBuildersFactory(); var logoutRequest = RequestHelper.BuildRequest(authnRequestContext); var typeResolver = new MessageTypeResolver(); //ACT var serialised = serialiser.Serialize(logoutRequest); var type = typeResolver.ResolveMessageType(serialised, types); //ASSERT Assert.AreEqual(typeof(LogoutRequest), type); }
public void BuildAuthnRequest_test_scoping_default_overwritten() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient); federationContex.ScopingConfiguration = new Kernel.Federation.FederationPartner.ScopingConfiguration("http://localhost:59611/") { PoxyCount = 10 }; var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var requestConfiguration = federationContex.GetRequestConfigurationFromContext(); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); //ACT var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); //ASSERT Assert.NotNull(authnRequest); Assert.IsNotNull(authnRequest.Scoping); Assert.AreEqual("10", authnRequest.Scoping.ProxyCount); Assert.AreEqual(1, authnRequest.Scoping.RequesterId.Length); Assert.AreEqual("http://localhost:59611/", authnRequest.Scoping.RequesterId[0]); }
public void BuildAuthnRequest_test_requested_authn_context_default_overwritten_multiple_contexts() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient); var requestedAuthnContextConfiguration = new Kernel.Federation.FederationPartner.RequestedAuthnContextConfiguration(AuthnContextComparisonType.Minimum.ToString()); requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.Password)))); requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.PasswordProtectedTransport)))); var federationPartyAuthnRequestConfiguration = new FederationPartyAuthnRequestConfiguration(requestedAuthnContextConfiguration, new DefaultNameId(new Uri(NameIdentifierFormats.Transient))); federationContex.FederationPartyAuthnRequestConfiguration = federationPartyAuthnRequestConfiguration; var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var requestConfiguration = federationContex.GetRequestConfigurationFromContext(); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); //ACT var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); //ASSERT Assert.NotNull(authnRequest); Assert.IsNotNull(authnRequest.RequestedAuthnContext); Assert.AreEqual(AuthnContextComparisonType.Minimum, authnRequest.RequestedAuthnContext.Comparison); Assert.AreEqual(2, authnRequest.RequestedAuthnContext.Items.Length); Assert.AreEqual(2, authnRequest.RequestedAuthnContext.ItemsElementName.Length); Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[0]); Assert.AreEqual(AuthnticationContexts.Password, authnRequest.RequestedAuthnContext.Items[0]); Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[1]); Assert.AreEqual(AuthnticationContexts.PasswordProtectedTransport, authnRequest.RequestedAuthnContext.Items[1]); }
public void BuildAuthnRequest_test_nameid_fortmat_no_match_from_many_entries_supported() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Windows); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient), new Uri(NameIdentifierFormats.Persistent) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var requestConfiguration = federationContex.GetRequestConfigurationFromContext(); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); //ACT var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); var audience = ((AudienceRestriction)authnRequest.Conditions.Items.Single()) .Audience .Single(); //ASSERT Assert.NotNull(authnRequest); Assert.AreEqual(requestConfiguration.IsPassive, authnRequest.IsPassive); Assert.AreEqual(requestConfiguration.ForceAuthn, authnRequest.ForceAuthn); Assert.AreEqual("2.0", authnRequest.Version); //issuer Assert.AreEqual(requestConfiguration.EntityId, authnRequest.Issuer.Value); Assert.AreEqual(NameIdentifierFormats.Entity, authnRequest.Issuer.Format); //audience Assert.AreEqual(requestConfiguration.AudienceRestriction.Count, authnRequest.Conditions.Items.Count); Assert.AreEqual(requestConfiguration.AudienceRestriction.Single(), audience); //nameIdPolicy Assert.IsFalse(authnRequest.NameIdPolicy.AllowCreate); Assert.AreEqual(authnRequest.NameIdPolicy.Format, NameIdentifierFormats.Unspecified); }
public async Task AuthnRequestSerialiser_test() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new AuthnRequestSerialiser(xmlSerialiser, encoder, logger); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); //ACT var request = await serialiser.Serialize(authnRequest); //ASSERT Assert.NotNull(request); }
public void BuildAuthnRequest_test_scoping_default_overwritten_2_requesters() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var scopingConfiguration = new ScopingConfiguration("http://localhost:59611/", "http://localhost:59612/") { PoxyCount = 10 }; var federationContext = federationPartyContextBuilder.BuildContext("local", scopingConfiguration); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContext, supportedNameIdentifierFormats); var requestConfiguration = federationContext.GetAuthnRequestConfigurationFromContext(Guid.NewGuid().ToString()); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); //ACT var authnRequest = RequestHelper.BuildRequest(authnRequestContext) as AuthnRequest; //ASSERT Assert.NotNull(authnRequest); Assert.IsNotNull(authnRequest.Scoping); Assert.AreEqual("10", authnRequest.Scoping.ProxyCount); Assert.AreEqual(2, authnRequest.Scoping.RequesterId.Length); Assert.AreEqual("http://localhost:59611/", authnRequest.Scoping.RequesterId[0]); Assert.AreEqual("http://localhost:59612/", authnRequest.Scoping.RequesterId[1]); }
public void BuildAuthnRequest_test_default_overwritten_intex_endpoint() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", 1); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); //ACT var config = federationContex.GetAuthnRequestConfigurationFromContext(Guid.NewGuid().ToString()); var authnRequest = RequestHelper.BuildRequest(authnRequestContext) as AuthnRequest; //ASSERT Assert.IsNotNull(config.RequestedAuthnContextConfiguration); Assert.AreEqual(1, authnRequest.AssertionConsumerServiceIndex); }
public async Task Post_end_to_end_test() { //ARRANGE var isValid = false; string url = String.Empty; IDictionary <string, object> relayState = null; var builders = new List <IPostClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var xmlSinatureManager = new XmlSignatureManager(); var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager); builders.Add(signatureBuilder); //context var outboundContext = new HttpPostRequestContext(new SAMLForm()) { BindingContext = new RequestPostBindingContext(authnRequestContext), DespatchDelegate = form => { url = form.ActionURL; var request = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.SamlRequest]; var state = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.RelayState]; var task = relayStateSerialiser.Deserialize(state); task.Wait(); relayState = task.Result as IDictionary <string, object>; var cert = certificateManager.GetCertificateFromContext(certContext); isValid = this.VerifySignature(request, cert); return(Task.CompletedTask); } }; //dispatcher var dispatcher = new PostRequestDispatcher(() => builders, logger); //ACT await dispatcher.SendAsync(outboundContext); //ASSERT Assert.AreEqual(url, requestUri.AbsoluteUri); Assert.IsTrue(Enumerable.SequenceEqual(relayState, authnRequestContext.RelyingState)); Assert.IsTrue(isValid); }
public async Task DecodeTest() { string url = String.Empty; var builders = new List <IRedirectClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //request compression builder var encodingBuilder = new RequestEncoderBuilder(encoder); builders.Add(encodingBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var signatureBuilder = new SignatureBuilder(certificateManager, logger); builders.Add(signatureBuilder); var bindingContext = new RequestBindingContext(authnRequestContext); foreach (var b in builders) { await b.Build(bindingContext); } var decoder = new RedirectBindingDecoder(logger, encoder); //ACT var message = await decoder.Decode(bindingContext.GetDestinationUrl()); var stateFromResult = message.Elements[HttpRedirectBindingConstants.RelayState]; var requestFromContext = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest]; var decoded = await encoder.DecodeMessage(requestFromContext); //ASSERT Assert.IsNotNull(stateFromResult); Assert.AreEqual(bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState], message.Elements[HttpRedirectBindingConstants.RelayState]); Assert.AreEqual(decoded, message.Elements[HttpRedirectBindingConstants.SamlRequest]); }
public async Task Redirect_end_to_end_test() { //ARRANGE var isValid = false; string url = String.Empty; var builders = new List <IRedirectClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //request compression builder var encodingBuilder = new RequestEncoderBuilder(encoder); builders.Add(encodingBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var signatureBuilder = new SignatureBuilder(certificateManager, logger); builders.Add(signatureBuilder); //context var outboundContext = new HttpRedirectRequestContext { BindingContext = new RequestBindingContext(authnRequestContext), DespatchDelegate = redirectUri => { url = redirectUri.GetLeftPart(UriPartial.Path); var query = redirectUri.Query.TrimStart('?'); var cert = certificateManager.GetCertificateFromContext(certContext); isValid = this.VerifySignature(query, cert, certificateManager); return(Task.CompletedTask); } }; //dispatcher var dispatcher = new RedirectRequestDispatcher(() => builders); //ACT await dispatcher.SendAsync(outboundContext); //ASSERT Assert.AreEqual(url, requestUri.AbsoluteUri); Assert.IsTrue(isValid); }