private void BuildMetadataContext(FederationPartyConfiguration federationPartyContext, MetadataSettings metadataSettings)
{
var metadataContextBuilder = new MetadataContextBuilder(this._dbContext, this._cacheProvider);
var metadata = metadataContextBuilder.BuildFromDbSettings(metadataSettings);
federationPartyContext.MetadataContext = metadata;
}
private async Task <MetadataBase> GetAsync(FederationPartyConfiguration context, IDocumentRetriever retriever, CancellationToken cancel)
{
this._metadataSerialiser.Validator.SetFederationPartyId(context.FederationPartyId);
if (string.IsNullOrWhiteSpace(context.MetadataAddress))
{
throw new ArgumentNullException("address");
}
if (retriever == null)
{
throw new ArgumentNullException("retriever");
}
var str = await retriever.GetDocumentAsync(context.MetadataAddress, cancel);
var document = str;
str = null;
using (XmlReader reader = XmlReader.Create(new StringReader(document), this._safeSettings))
{
var federationConfiguration = this._metadataSerialiser.Deserialise(reader);
if (this.MetadataReceivedCallback != null)
{
this.MetadataReceivedCallback(federationConfiguration);
}
return(federationConfiguration);
}
}
public void SPMetadata_serialise_deserialise_Test()
{
////ARRANGE
var logger = new LogProviderMock();
string metadataXml = String.Empty;
var metadataWriter = new TestMetadatWriter(el => metadataXml = el.OuterXml);
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadataContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
context.MetadataContext = metadataContext;
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
sPSSOMetadataProvider.CreateMetadata(metadataRequest);
var xmlReader = XmlReader.Create(new StringReader(metadataXml));
var deserialisedMetadata = metadataSerialiser.ReadMetadata(xmlReader) as EntityDescriptor;
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(metadataXml));
Assert.AreEqual(1, deserialisedMetadata.RoleDescriptors.Count);
}
Task IMetadataGenerator.CreateMetadata(FederationPartyConfiguration federationPartyContext, XmlWriter xmlWriter)
{
try
{
if (federationPartyContext == null)
{
throw new ArgumentNullException("federationPartyContext");
}
if (federationPartyContext.MetadataContext == null)
{
throw new ArgumentNullException("metadataContext");
}
var configuration = federationPartyContext.MetadataContext.EntityDesriptorConfiguration;
var descriptors = this.GetDescriptors(configuration.SPSSODescriptors);
var entityDescriptor = BuildEntityDesciptor(configuration, descriptors);
this.SignMetadata(federationPartyContext.MetadataContext, entityDescriptor);
var sb = new StringBuilder();
this._serialiser.Serialise(xmlWriter, entityDescriptor);
return(Task.CompletedTask);
}
catch (Exception ex)
{
throw ex;
}
}
public async Task SPMetadataGenerationTest()
{
////ARRANGE
var result = String.Empty;
var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml);
var logger = new LogProviderMock();
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadataContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
context.MetadataContext = metadataContext;
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider, logger);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
await sPSSOMetadataProvider.CreateMetadata(metadataRequest);
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(result));
}
public async Task WsFederationConfigurationRetrieverTest()
{
//ARRANGE
var webRequestHandler = new WebRequestHandler();
webRequestHandler.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback((_, __, ___, ____) => true);
var httpClient = new HttpClient(webRequestHandler);
var documentRetrieer = new HttpDocumentRetriever(() => httpClient);
var configurationProvider = new CertificateValidationConfigurationProvider();
var certValidator = new CertificateValidator(configurationProvider);
var logger = new LogProviderMock();
var serialiser = new FederationMetadataSerialiser(certValidator, logger);
var configurationRetriever = new WsFederationConfigurationRetriever(documentRetrieer, serialiser);
//ACT
//var baseMetadata = await WsFederationConfigurationRetriever.GetAsync("https://dg-mfb/idp/shibboleth", documentRetrieer, new CancellationToken());
var context = new FederationPartyConfiguration("local", "https://www.testshib.org/metadata/testshib-providers.xml");
var baseMetadata = await configurationRetriever.GetAsync(context, new CancellationToken());
var metadata = baseMetadata as EntitiesDescriptor;
//ASSERT
Assert.IsTrue(metadata != null);
Assert.AreEqual(2, metadata.ChildEntities.Count);
}
/// <summary>
/// Retrieve metadata async for pederation party with cancellation token
/// </summary>
/// <param name="context"></param>
/// <param name="cancel"></param>
/// <returns></returns>
public Task <MetadataBase> GetAsync(FederationPartyConfiguration context, CancellationToken cancel)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
return(this.GetAsync(context, this._retriever(context.MetadataAddress), cancel));
}
public AuthnRequestContext(Uri destination, Uri origin, FederationPartyConfiguration federationPartyContext, ICollection <Uri> supportedNameIdentifierFormats)
: base(destination, origin, federationPartyContext)
{
if (supportedNameIdentifierFormats == null)
{
throw new ArgumentNullException("supportedNameIdentifierFormats");
}
this.SupportedNameIdentifierFormats = supportedNameIdentifierFormats;
}
public FederationPartyConfiguration BuildContext(string federationPartyId)
{
var contextBuilder = this._resolver.Resolve <IInlineMetadataContextBuilder>();
var metadataRequest = new MetadataGenerateRequest(MetadataType.Idp, federationPartyId);
var metadataContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
context.MetadataContext = metadataContext;
return(context);
}
private async Task <T> GetConfiguration(FederationPartyConfiguration context, CancellationToken cancel)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var now = DateTimeOffset.UtcNow;
T currentConfiguration;
if (ConfigurationManager <T> ._congigurationCache.TryGetValue(context.FederationPartyId, out currentConfiguration))
{
if (context.SyncAfter > now)
{
return(currentConfiguration);
}
}
await this._refreshLock.WaitAsync(cancel);
try
{
if (context.SyncAfter <= now)
{
try
{
ConfigurationManager <T> configurationManager = this;
T obj = await this._configRetriever.GetAsync(context, CancellationToken.None)
.ConfigureAwait(true);
currentConfiguration = obj;
configurationManager = null;
obj = default(T);
context.LastRefresh = now;
context.SyncAfter = DataTimeExtensions.Add(now.UtcDateTime, context.AutomaticRefreshInterval);
ConfigurationManager <T> ._congigurationCache.TryAdd(context.FederationPartyId, currentConfiguration);
}
catch (Exception ex)
{
context.SyncAfter = DataTimeExtensions.Add(now.UtcDateTime, context.AutomaticRefreshInterval < context.RefreshInterval ? context.AutomaticRefreshInterval : context.RefreshInterval);
throw new InvalidOperationException(String.Format("IDX10803: Unable to obtain configuration from: '{0}'.", (context.MetadataAddress ?? "null")), ex);
}
}
return(currentConfiguration);
}
finally
{
this._refreshLock.Release();
}
}
public void SPMetadataGenerationTest_sql_source()
{
////ARRANGE
var result = false;
var metadataWriter = new TestMetadatWriter(el =>
{
result = true;
});
var cacheProvider = new CacheProviderMock();
var customConfiguration = new DbCustomConfiguration();
var connectionStringProvider = new MetadataConnectionStringProviderMock();
var models = ReflectionHelper.GetAllTypes(new[] { typeof(MetadataContextBuilder).Assembly })
.Where(t => !t.IsAbstract && !t.IsInterface && typeof(BaseModel).IsAssignableFrom(t));
customConfiguration.ModelsFactory = () => models;
var seeders = ReflectionHelper.GetAllTypes(new[] { typeof(MetadataContextBuilder).Assembly })
.Where(t => !t.IsAbstract && !t.IsInterface && typeof(ISeeder).IsAssignableFrom(t))
.Select(x => (ISeeder)Activator.CreateInstance(x));
seeders
.OrderBy(x => x.SeedingOrder)
.Aggregate(customConfiguration.Seeders, (c, next) => { c.Add(next); return(c); });
object dbcontext = new DBContext(connectionStringProvider, customConfiguration);
var metadataContextBuilder = new MetadataContextBuilder((IDbContext)dbcontext, cacheProvider);
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadatContext = metadataContextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost")
{
MetadataContext = metadatContext
};
var logger = new LogProviderMock();
var configurationProvider = new CertificateValidationConfigurationProvider((IDbContext)dbcontext, cacheProvider);
var certificateValidator = new CertificateValidator(configurationProvider, logger);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
sPSSOMetadataProvider.CreateMetadata(metadataRequest).Wait();
//ASSERT
Assert.IsTrue(result);
}
public RequestContext(Uri destination, Uri origin, FederationPartyConfiguration federationPartyContext)
{
if (destination == null)
{
throw new ArgumentNullException("destination");
}
if (federationPartyContext == null)
{
throw new ArgumentNullException("federationPartyContext");
}
if (origin == null)
{
throw new ArgumentNullException("origin");
}
this.Origin = origin;
this.FederationPartyContext = federationPartyContext;
this.Destination = destination;
this.RelyingState = new Dictionary <string, object>();
this.RequestId = String.Format("{0}_{1}", federationPartyContext.MetadataContext.EntityDesriptorConfiguration.Id, Guid.NewGuid().ToString());
}
public void SPMetadataGeneration_create_file()
{
////ARRANGE
var result = false;
var path = @"D:\Dan\Software\Apira\SPMetadata\SPMetadataTest.xml";
var metadataWriter = new TestMetadatWriter(el =>
{
if (File.Exists(path))
{
File.Delete(path);
}
using (var writer = XmlWriter.Create(path))
{
el.WriteTo(writer);
writer.Flush();
}
result = true;
});
var logger = new LogProviderMock();
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadatContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
sPSSOMetadataProvider.CreateMetadata(metadataRequest);
//ASSERT
Assert.IsTrue(result);
}
public AuthnRequestContext(Uri destination, FederationPartyConfiguration federationPartyContext, ICollection <Uri> supportedNameIdentifierFormats)
{
if (destination == null)
{
throw new ArgumentNullException("destination");
}
if (federationPartyContext == null)
{
throw new ArgumentNullException("federationPartyContext");
}
if (supportedNameIdentifierFormats == null)
{
throw new ArgumentNullException("federationPartyContext");
}
this.SupportedNameIdentifierFormats = supportedNameIdentifierFormats;
this.FederationPartyContext = federationPartyContext;
this.Destination = destination;
this.RelyingState = new Dictionary <string, object> {
{ "federationPartyId", federationPartyContext.FederationPartyId }
};
}
public async Task WsFederationConfigurationRetrieverTest()
{
//ARRANGE
var logger = new LogProviderMock();
var bckChannelcertValidator = new CertificateValidatorMock();
var documentRetrieer = new HttpDocumentRetrieverMock(bckChannelcertValidator);
var configurationProvider = new CertificateValidationConfigurationProvider();
var certValidator = new CertificateValidator(configurationProvider, logger);
var serialiser = new FederationMetadataSerialiser(certValidator, logger);
var configurationRetriever = new WsFederationConfigurationRetriever(_ => documentRetrieer, serialiser);
//ACT
var context = new FederationPartyConfiguration("local", "https://localhost");
var baseMetadata = await configurationRetriever.GetAsync(context, new CancellationToken());
var metadata = baseMetadata as EntityDescriptor;
//ASSERT
Assert.IsTrue(metadata != null);
Assert.AreEqual(1, metadata.RoleDescriptors.Count);
}
public void SPMetadataGenerationTest()
{
////ARRANGE
var result = String.Empty;
var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml);
//var metadataWriter = new TestMetadatWriter(el =>
//{
// using (var writer = XmlWriter.Create(@"D:\Dan\Software\Apira\SPMetadata\SPMetadata.xml"))
// {
// el.WriteTo(writer);
// writer.Flush();
// }
//});
var logger = new LogProviderMock();
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.SP, "local");
var metadataContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
context.MetadataContext = metadataContext;
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
sPSSOMetadataProvider.CreateMetadata(metadataRequest);
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(result));
}
public async Task IdPMetadata_serialise_deserialise_Test()
{
////ARRANGE
var logger = new LogProviderMock();
string metadataXml = String.Empty;
var metadataWriter = new TestMetadatWriter(el => metadataXml = el.OuterXml);
CertificateValidationRulesFactory.InstanceCreator = ValidationRuleInstanceCreatorMock.CreateInstance;
var contextBuilder = new InlineMetadataContextBuilder();
var metadataRequest = new MetadataGenerateRequest(MetadataType.Idp, "local");
var metadataContext = contextBuilder.BuildContext(metadataRequest);
var context = new FederationPartyConfiguration(metadataRequest.FederationPartyId, "localhost");
context.MetadataContext = metadataContext;
var configurationProvider = new CertificateValidationConfigurationProvider();
var certificateValidator = new CertificateValidator(configurationProvider, logger);
var ssoCryptoProvider = new CertificateManager(logger);
var metadataSerialiser = new FederationMetadataSerialiser(certificateValidator, logger);
var metadataDispatcher = new FederationMetadataDispatcherMock(() => new[] { metadataWriter });
var idPSSOMetadataProvider = new IdpSSOMetadataProvider(metadataDispatcher, ssoCryptoProvider, metadataSerialiser, g => context, logger);
//ACT
await idPSSOMetadataProvider.CreateMetadata(metadataRequest);
var xmlReader = XmlReader.Create(new StringReader(metadataXml));
var deserialisedMetadata = metadataSerialiser.Deserialise(xmlReader) as EntityDescriptor;
//ASSERT
Assert.IsFalse(String.IsNullOrWhiteSpace(metadataXml));
Assert.AreEqual(1, deserialisedMetadata.RoleDescriptors.Count);
Assert.IsInstanceOf <IdentityProviderSingleSignOnDescriptor>(deserialisedMetadata.RoleDescriptors.Single());
}
public FederationPartyConfiguration BuildContext(string federationPartyId)
{
if (this._cacheProvider.Contains(federationPartyId))
{
return(this._cacheProvider.Get <FederationPartyConfiguration>(federationPartyId));
}
var federationPartyContext = this._dbContext.Set <FederationPartySettings>()
.FirstOrDefault(x => x.FederationPartyId == federationPartyId);
var context = new FederationPartyConfiguration(federationPartyId, federationPartyContext.MetadataPath);
var federationPartyAuthnRequestConfiguration = this.BuildFederationPartyAuthnRequestConfiguration(federationPartyContext.AutnRequestSettings);
context.FederationPartyAuthnRequestConfiguration = federationPartyAuthnRequestConfiguration;
context.RefreshInterval = TimeSpan.FromSeconds(federationPartyContext.RefreshInterval);
context.AutomaticRefreshInterval = TimeSpan.FromDays(federationPartyContext.AutoRefreshInterval);
this.BuildMetadataContext(context, federationPartyContext.MetadataSettings);
object policy = new MemoryCacheItemPolicy();
((ICacheItemPolicy)policy).SlidingExpiration = TimeSpan.FromDays(1);
this._cacheProvider.Put(federationPartyId, context, (ICacheItemPolicy)policy);
return(context);
}
public Task <MetadataBase> GetAsync(FederationPartyConfiguration context, CancellationToken cancel)
{
return(this.GetAsync(context, this._retriever, cancel));
}
public OwinAuthnRequestContext(IOwinContext context, Uri destination, Uri origin, FederationPartyConfiguration federationPartyContext, ICollection <Uri> supportedNameIdentifierFormats) : base(destination, origin, federationPartyContext, supportedNameIdentifierFormats)
{
this.Context = context;
}
public Task <MetadataBase> GetAsync(FederationPartyConfiguration context, CancellationToken cancel)
{
var metadata = this.GetMetadata();
return(Task.FromResult(metadata));
}
public FederationPartyConfiguration BuildContext(string federationPartyId)
{
var context = new FederationPartyConfiguration(federationPartyId, "C:\\");
return(context);
}
public LogoutRequestContext(Uri destination, Uri origin, FederationPartyConfiguration federationPartyContext, SamlLogoutContext samlLogoutContext)
: base(destination, origin, federationPartyContext)
{
this.SamlLogoutContext = samlLogoutContext;
}
public OwinLogoutRequestContext(IOwinContext context, Uri destination, Uri origin, FederationPartyConfiguration federationPartyContext, SamlLogoutContext samlLogoutContext)
: base(destination, origin, federationPartyContext, samlLogoutContext)
{
}
