public X509CertificateDefinition(ScimServerConfiguration serverConfiguration)
: base(serverConfiguration)
{
For(cert => cert.Value)
.SetDescription(@"The value of an X.509 certificate.");
For(cert => cert.Ref)
.AddCanonicalizationRule((uri, definition) => Canonicalization.EnforceScimUri(uri, definition, ServerConfiguration));
}
public void SignBodyTests(string body, string hash, CanonicalizationAlgorithm type)
{
string cb = Canonicalization.CanonicalizationBody(body, type);
Console.WriteLine("-- start --");
Console.WriteLine(body);
Console.WriteLine("-- end --");
Console.WriteLine("-- start --");
Console.WriteLine(cb);
Console.WriteLine("-- end --");
Assert.AreEqual(hash, SignBody(cb));
}
public MailingAddressDefinition(ScimServerConfiguration serverConfiguration)
: base(serverConfiguration)
{
For(address => address.Display)
.SetDescription("A human-readable name, primarily used for display purposes.")
.SetMutability(Mutability.ReadOnly);
For(address => address.Type)
.SetDescription(@"A label indicating the attribute's function, e.g., 'work' or 'home'.")
.SetCanonicalValues(ScimConstants.CanonicalValues.AddressTypes)
.AddCanonicalizationRule(type => type.ToLower());
For(address => address.Primary)
.SetDescription(@"A boolean value indicating the 'primary' or preferred attribute value for this attribute.");
For(address => address.Ref)
.AddCanonicalizationRule((uri, definition) => Canonicalization.EnforceScimUri(uri, definition, ServerConfiguration));
}
public RoleDefinition(ScimServerConfiguration serverConfiguration)
: base(serverConfiguration)
{
For(role => role.Display)
.SetDescription("A human-readable name, primarily used for display purposes.")
.SetMutability(Mutability.ReadOnly);
For(role => role.Type)
.SetDescription("A label indicating the attribute's function, e.g., 'work' or 'home'.");
For(role => role.Primary)
.SetDescription(@"A boolean value indicating the 'primary' or preferred attribute value for this attribute.");
For(role => role.Value)
.SetDescription("The value of a role.");
For(role => role.Ref)
.AddCanonicalizationRule((uri, definition) => Canonicalization.EnforceScimUri(uri, definition, ServerConfiguration));
}
public PhotoDefinition(ScimServerConfiguration serverConfiguration)
: base(serverConfiguration)
{
For(photo => photo.Value)
.SetDescription(@"URL of a photo of the user.")
.SetReferenceTypes(ScimConstants.ReferenceTypes.External)
.AddCanonicalizationRule((uri, definition) => Canonicalization.EnforceScimUri(uri, definition, ServerConfiguration));
For(photo => photo.Type)
.SetDescription(@"A label indicating the attribute's function, i.e., 'photo' or 'thumbnail'.")
.SetCanonicalValues(ScimConstants.CanonicalValues.PhotoTypes, StringComparer.OrdinalIgnoreCase)
.AddCanonicalizationRule(type => type.ToLower());
For(photo => photo.Primary)
.SetDescription(
@"A Boolean value indicating the 'primary' or preferred
attribute value for this attribute, e.g., the preferred photo or thumbnail.");
For(photo => photo.Ref)
.AddCanonicalizationRule((uri, definition) => Canonicalization.EnforceScimUri(uri, definition, ServerConfiguration));
}
public InstantMessagingAddressDefinition(ScimServerConfiguration serverConfiguration)
: base(serverConfiguration)
{
For(ima => ima.Display)
.SetDescription("A human-readable name, primarily used for display purposes.")
.SetMutability(Mutability.ReadOnly);
For(ima => ima.Value)
.SetDescription(@"Instant messaging address for the user.");
For(ima => ima.Type)
.SetDescription(@"A label indicating the attribute's function, e.g., 'aim', 'gtalk', 'xmpp'.")
.SetCanonicalValues(ScimConstants.CanonicalValues.InstantMessagingProviders)
.AddCanonicalizationRule(type => type.ToLower());
For(ima => ima.Primary)
.SetDescription(
@"A Boolean value indicating the 'primary' or preferred attribute value
for this attribute, e.g., the preferred messenger or primary messenger.");
For(ima => ima.Ref)
.AddCanonicalizationRule((uri, definition) => Canonicalization.EnforceScimUri(uri, definition, ServerConfiguration));
}
public PhoneNumberDefinition(ScimServerConfiguration serverConfiguration)
: base(serverConfiguration)
{
For(phoneNumber => phoneNumber.Display)
.SetDescription("A human-readable name, primarily used for display purposes.")
.SetMutability(Mutability.ReadOnly);
For(phoneNumber => phoneNumber.Value)
.SetDescription("Phone number of the user.");
For(phoneNumber => phoneNumber.Type)
.SetDescription(@"A label indicating the attribute's function, e.g., 'work', 'home', 'mobile'.")
.SetCanonicalValues(ScimConstants.CanonicalValues.PhoneNumberTypes)
.AddCanonicalizationRule(type => type.ToLower());
For(phoneNumber => phoneNumber.Primary)
.SetDescription(
@"A boolean value indicating the 'primary' or preferred attribute value for
this attribute, e.g., the preferred phone number or primary phone number.");
For(phoneNumber => phoneNumber.Ref)
.AddCanonicalizationRule((uri, definition) => Canonicalization.EnforceScimUri(uri, definition, ServerConfiguration));
}
string GenerateSignature(Email email, params string[] signHeaders)
{
// timestamp - seconds since 00:00:00 on January 1, 1970 UTC
TimeSpan t = DateTime.Now.ToUniversalTime() -
DateTime.SpecifyKind(DateTime.Parse("00:00:00 January 1, 1970"), DateTimeKind.Utc);
var signatureValue = new StringBuilder();
signatureValue.Append("v=1; ");
signatureValue.Append("a=rsa-sha256; ");
// Canonicalization
signatureValue.Append("c=");
signatureValue.Append(this.HeaderCanonicalization.ToString().ToLower());
signatureValue.Append('/');
signatureValue.Append(this.BodyCanonicalization.ToString().ToLower());
signatureValue.Append("; ");
signatureValue.Append("q=dns/txt; ");
// signing domain
signatureValue.Append("d=");
signatureValue.Append(this.Domain);
signatureValue.Append("; ");
// selector
signatureValue.Append("s=");
signatureValue.Append(this.Selector);
signatureValue.Append("; ");
// time sent
signatureValue.Append("t=");
signatureValue.Append((int)t.TotalSeconds);
signatureValue.Append("; ");
// hash of body
signatureValue.Append("bh=");
signatureValue.Append(SignBody(Canonicalization.CanonicalizationBody(email.Body, this.BodyCanonicalization)));
signatureValue.Append("; ");
// headers to be signed
signatureValue.Append("h=");
//sb.Append(string.Join(":", headers));
foreach (var header in signHeaders)
{
signatureValue.Append(header);
signatureValue.Append(':');
}
signatureValue.Length--;
signatureValue.Append("; ");
signatureValue.Append("b=");
Console.WriteLine();
Console.WriteLine("---- start sig ----");
Console.WriteLine(signatureValue);
Console.WriteLine("---- start sig ----");
var catHeaders = new StringBuilder();
catHeaders.Append(Canonicalization.CanonicalizationHeaders(email.Headers, this.HeaderCanonicalization));
//foreach (var header in signHeaders)
//{
// catHeaders.Append(header.ToLower());
// catHeaders.Append(':');
// catHeaders.AppendLine(headers[header]);
//}
catHeaders.Append("dkim-signature:");
catHeaders.Append(signatureValue);
Console.WriteLine("---- can sig ----");
Console.WriteLine(catHeaders);
Console.WriteLine("---- can end ----");
using (TextReader reader = new StringReader(this.PrivateKey))
{
var r = new PemReader(reader);
var o = (AsymmetricCipherKeyPair)r.ReadObject();
byte[] plaintext = this.Encoding.GetBytes(catHeaders.ToString());
ISigner sig = SignerUtilities.GetSigner("SHA256WithRSAEncryption");
sig.Init(true, o.Private);
sig.BlockUpdate(plaintext, 0, plaintext.Length);
byte[] signature = sig.GenerateSignature();
signatureValue.Append(Convert.ToBase64String(signature));
}
return(signatureValue.ToString());
}
public ScimUser1Definition(ScimServerConfiguration serverConfiguration)
: base(
serverConfiguration,
ScimConstants.ResourceTypes.User,
ScimConstantsV1.Schemas.User,
ScimConstantsV1.Endpoints.Users,
typeof(ScimUser1Validator),
(schemaIdentifiers, paramterType) => paramterType == typeof(ScimUser1))
{
SetName(ScimConstants.ResourceTypes.User);
SetDescription("User resource.");
AddSchemaExtension <EnterpriseUser1Extension, EnterpriseUser1ExtensionValidator>(ScimConstantsV1.Schemas.UserEnterprise, false);
For(u => u.Active)
.SetDescription(@"A Boolean value indicating the User's administrative status.");
For(u => u.Addresses)
.SetDescription(@"A physical mailing address for this User.")
.AddCanonicalizationRule((MailingAddress address, ref object state) => Canonicalization.EnforceSinglePrimaryAttribute(address, ref state));
For(u => u.DisplayName)
.SetDescription(@"
The name of the User, suitable for display to end-users.The name SHOULD
be the full name of the User being described, if known.");
For(u => u.Emails)
.SetDescription(@"
Email addresses for the user. The value SHOULD be canonicalized by the service
provider, e.g., '*****@*****.**' instead of '*****@*****.**'.")
.AddCanonicalizationRule(email =>
email.Canonicalize(
e => e.Value,
e => e.Display,
value =>
{
if (string.IsNullOrWhiteSpace(value))
{
return(null);
}
var atIndex = value.IndexOf('@') + 1;
if (atIndex == 0)
{
return(null); // IndexOf returned -1, invalid email
}
return(value.Substring(0, atIndex) + value.Substring(atIndex).ToLower());
}))
.AddCanonicalizationRule((Email email, ref object state) => Canonicalization.EnforceSinglePrimaryAttribute(email, ref state));
For(u => u.Entitlements)
.SetDescription(@"A list of entitlements for the User that represent a thing the User has.")
.AddCanonicalizationRule((Entitlement entitlement, ref object state) => Canonicalization.EnforceSinglePrimaryAttribute(entitlement, ref state));
For(u => u.Groups)
.SetDescription(@"
A list of groups to which the user belongs, either through direct membership, through
nested groups, or dynamically calculated.")
.SetMutability(Mutability.ReadOnly);
For(u => u.Id)
.SetMutability(Mutability.ReadOnly)
.SetReturned(Returned.Always)
.SetUniqueness(Uniqueness.Server)
.SetCaseExact(true);
For(u => u.Ims)
.SetDescription(@"Instant messaging addresses for the User.")
.AddCanonicalizationRule((InstantMessagingAddress im, ref object state) => Canonicalization.EnforceSinglePrimaryAttribute(im, ref state));
For(u => u.Locale)
.SetDescription(@"
Used to indicate the User's default location for purposes of localizing
items such as currency, date time format, or numerical representations.")
.AddCanonicalizationRule(locale => !string.IsNullOrWhiteSpace(locale) ? locale.Replace('_', '-') : locale);
For(u => u.NickName)
.SetDescription(@"
The casual way to address the user in real life, e.g., 'Bob' or 'Bobby'
instead of 'Robert'. This attribute SHOULD NOT be used to represent a
User's username (e.g., 'bjensen' or 'mpepperidge').");
For(u => u.Meta)
.SetMutability(Mutability.ReadOnly);
For(u => u.Name)
.SetDescription(@"
The components of the user's real name. Providers MAY return just the full
name as a single string in the formatted sub-attribute, or they MAY return
just the individual component attributes using the other sub-attributes, or
they MAY return both.If both variants are returned, they SHOULD be describing
the same name, with the formatted name indicating how the component attributes
should be combined.");
For(u => u.Password)
.SetDescription(@"
The User's cleartext password. This attribute is intended to be used as a means
to specify an initial password when creating a new User or to reset an existing
User's password.")
.SetMutability(Mutability.WriteOnly)
.SetReturned(Returned.Never);
For(u => u.PhoneNumbers)
.SetDescription(@"
Phone numbers for the User. The value SHOULD be canonicalized by the service
provider according to the format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'.")
.AddCanonicalizationRule(phone => phone.Canonicalize(p => p.Value, p => p.Display, PhoneNumberUtil.Normalize))
.AddCanonicalizationRule((PhoneNumber phone, ref object state) => Canonicalization.EnforceSinglePrimaryAttribute(phone, ref state));
For(u => u.Photos)
.SetDescription(@"URLs of photos of the User.")
.AddCanonicalizationRule((Photo photo, ref object state) => Canonicalization.EnforceSinglePrimaryAttribute(photo, ref state));
For(u => u.PreferredLanguage)
.SetDescription(@"
Indicates the User's preferred written or spoken language.Generally used
for selecting a localized user interface; e.g., 'en-US' specifies the
language English and country US.");
For(u => u.ProfileUrl)
.SetDescription(@"A fully qualified URL pointing to a page representing the User's online profile.")
.SetReferenceTypes(ScimConstants.ReferenceTypes.External)
.AddCanonicalizationRule((uri, definition) => Canonicalization.EnforceScimUri(uri, definition, ServerConfiguration));
For(u => u.Roles)
.SetDescription(@"A list of roles for the User that collectively represent who the User is, e.g., 'Student', 'Faculty'.")
.AddCanonicalizationRule((Role role, ref object state) => Canonicalization.EnforceSinglePrimaryAttribute(role, ref state));
For(u => u.Schemas)
.SetReturned(Returned.Always);
For(u => u.Timezone)
.SetDescription(@"The User's time zone in the 'Olson' time zone database format, e.g., 'America/Los_Angeles'.");
For(u => u.Title)
.SetDescription(@"The user's title, such as 'Vice President'.");
For(u => u.UserName)
.SetDescription(@"
Unique identifier for the User, typically used by the user to directly
authenticate to the service provider. Each User MUST include a non-empty
userName value.This identifier MUST be unique across the service
provider's entire set of Users. REQUIRED.")
.SetRequired(true)
.SetUniqueness(Uniqueness.Server);
For(u => u.UserType)
.SetDescription(@"
Used to identify the relationship between the organization and the user.
Typical values used might be 'Contractor', 'Employee', 'Intern', 'Temp',
'External', and 'Unknown', but any value may be used.");
For(u => u.X509Certificates)
.SetDescription(@"A list of certificates issued to the User.")
.AddCanonicalizationRule((X509Certificate certificate, ref object state) => Canonicalization.EnforceSinglePrimaryAttribute(certificate, ref state));
}
/// <summary>
/// Canonicalizes the URL.
/// </summary>
/// <returns>Canonicalized URL.</returns>
public string Canonicalize()
{
Canonicalization canonicalization = new Canonicalization();
return canonicalization.GetCanonicalizedUrl(this.stringUrl);
}
