public void RoundTripSaml2(EnvelopedSignatureTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.RoundTripSaml2", theoryData); try { var serializer = new Saml2Serializer(); var samlAssertion = serializer.ReadAssertion(XmlUtilities.CreateDictionaryReader(theoryData.Xml)); var stream = new MemoryStream(); var writer = XmlDictionaryWriter.CreateTextWriter(stream); samlAssertion.SigningCredentials = theoryData.SigningCredentials; serializer.WriteAssertion(writer, samlAssertion); writer.Flush(); var xml = Encoding.UTF8.GetString(stream.ToArray()); samlAssertion.SigningCredentials = null; var samlAssertion2 = serializer.ReadAssertion(XmlUtilities.CreateDictionaryReader(xml)); samlAssertion2.Signature.Verify(theoryData.SigningCredentials.Key, theoryData.CryptoProviderFactory); IdentityComparer.AreEqual(samlAssertion, samlAssertion2, context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void ReadKeyInfo(DSigSerializerTheoryData theoryData) { TestUtilities.WriteHeader($"{this}.ReadKeyInfo", theoryData); var context = new CompareContext($"{this}.ReadKeyInfo, {theoryData.TestId}"); try { var keyInfo = theoryData.Serializer.ReadKeyInfo(XmlUtilities.CreateDictionaryReader(theoryData.Xml)); theoryData.ExpectedException.ProcessNoException(context.Diffs); IdentityComparer.AreKeyInfosEqual(keyInfo, theoryData.KeyInfo, context); // make sure we write and then read // as we only support partial elements, the KeyInfo's cannot be compared var ms = new MemoryStream(); var writer = XmlDictionaryWriter.CreateTextWriter(ms); theoryData.Serializer.WriteKeyInfo(writer, keyInfo); writer.Flush(); var xml = Encoding.UTF8.GetString(ms.ToArray()); theoryData.Serializer.ReadKeyInfo(XmlUtilities.CreateDictionaryReader(xml)); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context.Diffs); } TestUtilities.AssertFailIfErrors(context); }
public void RoundTripTokens(SamlRoundTripTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.RoundTripTokens", theoryData); if (theoryData.PropertiesToIgnoreWhenComparing.Count > 0) { throw new TestException("This test should not ignore any properties."); } try { var samlToken = theoryData.Handler.CreateToken(theoryData.TokenDescriptor); var token = theoryData.Handler.WriteToken(samlToken); var principal = theoryData.Handler.ValidateToken(token, theoryData.ValidationParameters, out SecurityToken validatedToken); ClaimsPrincipal principal2 = null; ClaimsPrincipal principal3 = null; ClaimsPrincipal principal4 = null; SecurityToken validatedToken2 = null; SecurityToken validatedToken3 = null; SecurityToken validatedToken4 = null; if (theoryData.Handler is SamlSecurityTokenHandler samlTokenHandler) { principal2 = samlTokenHandler.ValidateToken(XmlUtilities.CreateXmlReader(token), theoryData.ValidationParameters, out validatedToken2); principal3 = samlTokenHandler.ValidateToken(XmlUtilities.CreateDictionaryReader(token), theoryData.ValidationParameters, out validatedToken3); principal4 = theoryData.Handler.ValidateToken((validatedToken as SamlSecurityToken).Assertion.CanonicalString, theoryData.ValidationParameters, out validatedToken4); } if (theoryData.Handler is Saml2SecurityTokenHandler saml2TokenHandler) { principal2 = saml2TokenHandler.ValidateToken(XmlUtilities.CreateXmlReader(token), theoryData.ValidationParameters, out validatedToken2); principal3 = saml2TokenHandler.ValidateToken(XmlUtilities.CreateDictionaryReader(token), theoryData.ValidationParameters, out validatedToken3); principal4 = theoryData.Handler.ValidateToken((validatedToken as Saml2SecurityToken).Assertion.CanonicalString, theoryData.ValidationParameters, out validatedToken4); } // ensure the SamlAssertion.CanonicalString can be validated needed for OnBehalfOf flows. var principal5 = theoryData.Handler.ValidateToken((principal.Identity as ClaimsIdentity).BootstrapContext as string, theoryData.ValidationParameters, out SecurityToken validatedToken5); IdentityComparer.AreEqual(validatedToken, validatedToken2, context); IdentityComparer.AreEqual(validatedToken, validatedToken3, context); IdentityComparer.AreEqual(validatedToken, validatedToken4, context); IdentityComparer.AreEqual(validatedToken, validatedToken5, context); IdentityComparer.AreEqual(principal, principal2, context); IdentityComparer.AreEqual(principal, principal3, context); IdentityComparer.AreEqual(principal, principal4, context); IdentityComparer.AreEqual(principal, principal5, context); theoryData.ExpectedException.ProcessNoException(context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void ReadXmlElements(EnvelopedSignatureTheoryData theoryData) { TestUtilities.WriteHeader($"{this}.ReadXmlElements", theoryData); var context = new CompareContext($"{this}.ReadXmlElements : {theoryData.TestId}."); try { XmlReader reader = XmlUtilities.CreateDictionaryReader(theoryData.Xml); EnvelopedSignatureReader envelopedReader; if (theoryData.XmlElementReader == null) { envelopedReader = new EnvelopedSignatureReader(reader); } else { envelopedReader = new EnvelopedSignatureReader(reader, theoryData.XmlElementReader); } while (envelopedReader.Read()) { ; } if (theoryData.XmlElementReader != null) { foreach (var item in theoryData.XmlElementReader.Items) { if (item is SamlSecurityToken samlToken) { samlToken.Assertion.Signature.Verify(theoryData.TokenSecurityKey); } if (item is Saml2SecurityToken saml2Token) { saml2Token.Assertion.Signature.Verify(theoryData.TokenSecurityKey); } } } if (envelopedReader.Signature != null) { envelopedReader.Signature.Verify(theoryData.SecurityKey, theoryData.SecurityKey.CryptoProviderFactory); } } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void ReadSignedInfo(DSigSerializerTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.ReadSignedInfo", theoryData); try { var signedInfo = theoryData.Serializer.ReadSignedInfo(XmlUtilities.CreateDictionaryReader(theoryData.Xml)); theoryData.ExpectedException.ProcessNoException(context); IdentityComparer.AreSignedInfosEqual(signedInfo, theoryData.SignedInfo, context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void ReadReference(DSigSerializerTheoryData theoryData) { TestUtilities.WriteHeader($"{this}.ReadReference", theoryData); var context = new CompareContext($"{this}.ReadReference, {theoryData.TestId}"); try { var reference = theoryData.Serializer.ReadReference(XmlUtilities.CreateDictionaryReader(theoryData.Xml)); theoryData.ExpectedException.ProcessNoException(context); IdentityComparer.AreEqual(reference, theoryData.Reference, context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void ReadAction(Saml2TheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.ReadAction", theoryData); try { var reader = XmlUtilities.CreateDictionaryReader(theoryData.Xml); var action = (theoryData.Saml2Serializer as Saml2SerializerPublic).ReadActionPublic(reader); theoryData.ExpectedException.ProcessNoException(context); IdentityComparer.AreEqual(action, theoryData.Action, context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void ReadAdvice(Saml2TheoryData theoryData) { TestUtilities.WriteHeader($"{this}.ReadAdvice", theoryData); var context = new CompareContext($"{this}.ReadAdvice, {theoryData.TestId}"); try { var reader = XmlUtilities.CreateDictionaryReader(theoryData.Xml); var advice = (theoryData.Saml2Serializer as Saml2SerializerPublic).ReadAdvicePublic(reader); theoryData.ExpectedException.ProcessNoException(); IdentityComparer.AreEqual(advice, theoryData.Advice, context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex); } TestUtilities.AssertFailIfErrors(context); }
public void ReadTransforms(DSigSerializerTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.ReadTransform", theoryData); try { var reference = new Reference(); var reader = XmlUtilities.CreateDictionaryReader(theoryData.Xml); theoryData.Serializer.ReadTransforms(reader, reference); theoryData.ExpectedException.ProcessNoException(context); IdentityComparer.AreEqual(reference.Transforms, theoryData.Transforms, context); IdentityComparer.AreEqual(reference.CanonicalizingTransfrom, theoryData.CanonicalizingTransfrom, context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void WriteSignedInfo(DSigSerializerTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.WriteSignedInfo", theoryData); try { var signedInfo = theoryData.Serializer.ReadSignedInfo(XmlUtilities.CreateDictionaryReader(theoryData.Xml)); theoryData.ExpectedException.ProcessNoException(context); IdentityComparer.AreEqual(signedInfo, theoryData.SignedInfo, context); var ms = new MemoryStream(); var writer = XmlDictionaryWriter.CreateTextWriter(ms); theoryData.Serializer.WriteSignedInfo(writer, signedInfo); writer.Flush(); var xml = Encoding.UTF8.GetString(ms.ToArray()); IdentityComparer.AreEqual(theoryData.Xml, xml, context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context.Diffs); } TestUtilities.AssertFailIfErrors(context); }
public void CreateSignatureWithoutSpecifyingDigest(EnvelopedSignatureTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.CreateSignatureWithoutSpecifyingDigest", theoryData); try { using (var buffer = new MemoryStream()) { var writer = new EnvelopedSignatureWriter(XmlWriter.Create(buffer), theoryData.SigningCredentials, theoryData.ReferenceId); writer.WriteStartElement("EntityDescriptor", "urn:oasis:names:tc:SAML:2.0:metadata"); writer.WriteAttributeString("entityID", "issuer"); writer.WriteEndElement(); // read and verify signatures EnvelopedSignatureReader envelopedReader = new EnvelopedSignatureReader(XmlUtilities.CreateDictionaryReader(Encoding.UTF8.GetString(buffer.ToArray()))); while (envelopedReader.Read()) { ; } envelopedReader.Signature.Verify(theoryData.SigningCredentials.Key, theoryData.SigningCredentials.Key.CryptoProviderFactory); theoryData.ExpectedException.ProcessNoException(context); } } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void RoundTripSamlPSignatureAfterAssertion() { var context = new CompareContext($"{this}.RoundTripSamlPSignatureAfterAssertion"); ExpectedException expectedException = ExpectedException.NoExceptionExpected; var samlpTokenKey = KeyingMaterial.RsaSigningCreds_4096_Public.Key; var samlpTokenSigningCredentials = KeyingMaterial.RsaSigningCreds_4096; var samlpKey = KeyingMaterial.RsaSigningCreds_2048_Public.Key; var samlpSigningCredentials = KeyingMaterial.RsaSigningCreds_2048; try { // write samlp var settings = new XmlWriterSettings { Encoding = new UTF8Encoding(false) }; var buffer = new MemoryStream(); var esw = new EnvelopedSignatureWriter(XmlWriter.Create(buffer, settings), samlpSigningCredentials, "id-uAOhNLe7abGB6WGPk"); esw.WriteStartElement("ns0", "Response", "urn:oasis:names:tc:SAML:2.0:protocol"); esw.WriteAttributeString("ns1", "urn:oasis:names:tc:SAML:2.0:assertion"); esw.WriteAttributeString("ns2", "http://www.w3.org/2000/09/xmldsig#"); esw.WriteAttributeString("Destination", "https://tnia.eidentita.cz/fpsts/processRequest.aspx"); esw.WriteAttributeString("ID", "id-uAOhNLe7abGB6WGPk"); esw.WriteAttributeString("InResponseTo", "ida5714d006fcc430c92aacf34ab30b166"); esw.WriteAttributeString("IssueInstant", "2019-04-08T10:30:49Z"); esw.WriteAttributeString("Version", "2.0"); esw.WriteStartElement("ns1", "Issuer"); esw.WriteAttributeString("Format", "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"); esw.WriteString("https://mojeid.regtest.nic.cz/saml/idp.xml"); esw.WriteEndElement(); esw.WriteStartElement("ns0", "Status", null); esw.WriteStartElement("ns0", "StatusCode", null); esw.WriteAttributeString("Value", "urn:oasis:names:tc:SAML:2.0:status:Success"); esw.WriteEndElement(); esw.WriteEndElement(); Saml2Serializer samlSerializer = new Saml2Serializer(); Saml2Assertion assertion = CreateAssertion(samlpTokenSigningCredentials); samlSerializer.WriteAssertion(esw, assertion); esw.WriteSignature(); esw.WriteEndElement(); var xml = Encoding.UTF8.GetString(buffer.ToArray()); // read samlp and verify signatures XmlReader reader = XmlUtilities.CreateDictionaryReader(xml); IXmlElementReader tokenReaders = new TokenReaders(new List <SecurityTokenHandler> { new Saml2SecurityTokenHandler() }); EnvelopedSignatureReader envelopedReader = new EnvelopedSignatureReader(reader, tokenReaders); while (envelopedReader.Read()) { ; } foreach (var item in tokenReaders.Items) { if (item is Saml2SecurityToken samlToken) { samlToken.Assertion.Signature.Verify(samlpTokenKey); } } envelopedReader.Signature.Verify(samlpKey, samlpKey.CryptoProviderFactory); expectedException.ProcessNoException(context); } catch (Exception ex) { expectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }