public void Federation_ReloadOfMetadata_KeepsOldDataUntilMetadataBecomesInvalid()
{
MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 5);
var options = StubFactory.CreateOptions();
// Disable logging in this case, to trigger the code path when logger is null.
options.SPOptions.Logger = null;
var subject = new Federation(
"http://localhost:13428/federationMetadataShortCacheDuration",
false,
options);
IdentityProvider idp;
options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp)
.Should().BeTrue("idp should be loaded initially");
var initialValidUntil = subject.MetadataValidUntil;
StubServer.IdpAndFederationShortCacheDurationAvailable = false;
try
{
// Wait until a failed load has occured.
SpinWaiter.While(() => subject.LastMetadataLoadException == null,
"Timeout passed without a failed metadata reload.");
subject.MetadataValidUntil.Should().NotBe(DateTime.MinValue);
}
catch (AssertFailedException)
{
Assert.Inconclusive("This test is sensitive to race conditions, didn't work this time. Don't worry.");
}
options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp)
.Should().BeTrue("idp shouldn't be removed while metadata is still valid.");
SpinWaiter.While(() => subject.MetadataValidUntil != DateTime.MinValue,
"Timeout passed without metadata becoming invalid.");
options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp)
.Should().BeFalse("idp should be removed if metadata is no longer valid");
StubServer.IdpAndFederationShortCacheDurationAvailable = true;
SpinWaiter.While(() => subject.MetadataValidUntil == DateTime.MinValue,
"Timeout passed without metadata being successfully reloaded");
options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp)
.Should().BeTrue("idp should be readded when metadata is refreshed.");
}
public void IdentityProvider_ScheduledReloadOfMetadata_RetriesIfInitialLoadFails()
{
MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 1);
StubServer.IdpAndFederationShortCacheDurationAvailable = false;
var subject = CreateSubjectForMetadataRefresh();
StubServer.IdpAndFederationShortCacheDurationAvailable = true;
SpinWaiter.While(() =>
{
var mvu = subject.MetadataValidUntil;
return(!mvu.HasValue || mvu == DateTime.MinValue);
});
}
public void IdentityProvider_SigningKeys_RemovesMetadataKeyButKeepsConfiguredKey()
{
var subject = CreateSubjectForMetadataRefresh();
// One key from config, one key from metadata.
subject.SigningKeys.Count().Should().Be(2);
StubServer.IdpVeryShortCacheDurationIncludeKey = false;
SpinWaiter.While(() => subject.SigningKeys.Count() == 2);
new X509Certificate2(
subject.SigningKeys.Single().As <X509RawDataKeyIdentifierClause>()
.GetX509RawData()).Thumbprint.Should().Be(SignedXmlHelper.TestCert.Thumbprint);
}
public void IdentityProvider_SigningKeys_RemovesMetadataKeyButKeepsConfiguredKey()
{
var subject = CreateSubjectForMetadataRefresh();
// One key from config, one key from metadata.
subject.SigningKeys.Count().Should().Be(2);
MetadataServer.IdpVeryShortCacheDurationIncludeKey = false;
SpinWaiter.While(() => subject.SigningKeys.Count() == 2);
var subjectKeyParams = subject.SigningKeys.Single().As <RSACryptoServiceProvider>().ExportParameters(false);
var expectedKeyParams = SignedXmlHelper.TestKey.As <RSACryptoServiceProvider>().ExportParameters(false);
subjectKeyParams.Modulus.ShouldBeEquivalentTo(expectedKeyParams.Modulus);
subjectKeyParams.Exponent.ShouldBeEquivalentTo(expectedKeyParams.Exponent);
}
public void Federation_ReloadOfMetadata_KeepsOldDataUntilMetadataBecomesInvalid()
{
MetadataRefreshScheduler.minInternval = new TimeSpan(0, 0, 0, 0, 5);
var options = StubFactory.CreateOptions();
var subject = new Federation(
new Uri("http://localhost:13428/federationMetadataShortCacheDuration"),
false,
options);
IdentityProvider idp;
options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp)
.Should().BeTrue("idp should be loaded initially");
var initialValidUntil = subject.MetadataValidUntil;
MetadataServer.IdpAndFederationShortCacheDurationAvailable = false;
// Wait until a failed load has occured.
SpinWaiter.While(() => subject.LastMetadataLoadException == null,
"Timeout passed without a failed metadata reload.");
subject.MetadataValidUntil.Should().NotBe(DateTime.MinValue);
options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp)
.Should().BeTrue("idp shouldn't be removed while metadata is still valid.");
SpinWaiter.While(() => subject.MetadataValidUntil != DateTime.MinValue,
"Timeout passed without metadata becoming invalid.");
options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp)
.Should().BeFalse("idp should be removed if metadata is no longer valid");
MetadataServer.IdpAndFederationShortCacheDurationAvailable = true;
SpinWaiter.While(() => subject.MetadataValidUntil == DateTime.MinValue,
"Timeout passed without metadata being successfully reloaded");
options.IdentityProviders.TryGetValue(new EntityId("http://idp1.federation.example.com/metadata"), out idp)
.Should().BeTrue("idp should be readded when metadata is refreshed.");
}
public void IdentityProvider_ScheduledReloadOfMetadata_RetriesIfLoadFails()
{
MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 1);
var subject = CreateSubjectForMetadataRefresh();
StubServer.IdpAndFederationShortCacheDurationAvailable = false;
SpinWaiter.While(() => subject.MetadataValidUntil != DateTime.MinValue,
"Timed out waiting for failed metadata load to occur.");
var metadataEnabledTime = DateTime.UtcNow;
StubServer.IdpAndFederationShortCacheDurationAvailable = true;
SpinWaiter.While(() =>
{
var mvu = subject.MetadataValidUntil;
return(!mvu.HasValue || mvu == DateTime.MinValue);
},
"Timed out waiting for successful reload of metadata.");
}
