public async Task ParseTokenResponse_post_binding_sp_initiated() { //ARRANGE var inResponseTo = Guid.NewGuid().ToString(); var response = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo, StatusCodes.Success); var logger = new LogProviderMock(); var serialised = ResponseFactoryMock.Serialize(response); var xmlSignatureManager = new XmlSignatureManager(); var document = new XmlDocument(); document.LoadXml(serialised); var cert = AssertionFactroryMock.GetMockCertificate(); xmlSignatureManager.SignXml(document, response.ID, cert.PrivateKey, null); var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(document.DocumentElement.OuterXml)); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayState = await relayStateSerialiser.Serialize(new Dictionary <string, object> { { "Key", "Value" } }); var form = new SAMLForm(); form.SetResponse(base64Encoded); form.SetRelatState(relayState); Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler(); var certManager = new CertificateManager(logger); var signatureManager = new XmlSignatureManager(); Func <IEnumerable <ResponseValidationRule> > rulesResolver = () => new[] { new ResponseSignatureRule(logger, certManager, signatureManager) }; var validator = new Federation.Protocols.Response.Validation.ResponseValidator(logger, new RuleFactory(rulesResolver)); var configurationRetrieverMock = new ConfigurationRetrieverMock(); var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock(); var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock); var relayStateHandler = new RelayStateHandler(relayStateSerialiser, logger); var responseParser = new ResponseParser(metadataHandlerFactory, t => new SamlTokenResponseParser(logger), configurationManger, relayStateHandler, logger, validator); var postBindingDecoder = new PostBindingDecoder(logger); var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value)); var context = new SamlInboundContext { Message = message, DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single() }; //ACT var result = await responseParser.Parse(context); //ASSERT Assert.IsTrue(result.IsValidated); }
public static async Task <SAMLForm> BuildRequestBindingContext(RequestContext requestContext) { string url = String.Empty; var builders = new List <IPostClauseBuilder>(); requestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); var xmlSinatureManager = new XmlSignatureManager(); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager); builders.Add(signatureBuilder); var bindingContext = new RequestPostBindingContext(requestContext); foreach (var b in builders) { await b.Build(bindingContext); } var form = new SAMLForm(); var request = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest]; var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(request)); var relyingStateSerialised = bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState]; form.ActionURL = bindingContext.DestinationUri.AbsoluteUri; form.SetRequest(base64Encoded); form.SetRelatState(relyingStateSerialised); return(form); }
public static async Task <RequestBindingContext> BuildRequestBindingContext(RequestContext requestContext) { string url = String.Empty; var builders = new List <IRedirectClauseBuilder>(); requestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //request compression builder var encodingBuilder = new RequestEncoderBuilder(encoder); builders.Add(encodingBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var signatureBuilder = new SignatureBuilder(certificateManager, logger); builders.Add(signatureBuilder); var bindingContext = new RequestBindingContext(requestContext); foreach (var b in builders) { await b.Build(bindingContext); } return(bindingContext); }
public async Task SerialiseDeserialiseTest() { //ARRANGE var relayState = new Dictionary <string, object> { { "relayState", "Test state" } }; var compressor = new DeflateCompressor(); var messageEncoder = new MessageEncoding(compressor); var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var logger = new LogProviderMock(); var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser; //ACT var serialised = await serialiser.Serialize(relayState); var deserialised = await serialiser.Deserialize(serialised) as Dictionary <string, object>; //ASSERT Assert.AreEqual(relayState.Count, deserialised.Count); Assert.AreEqual(relayState["relayState"], deserialised["relayState"]); }
public async Task RelayStateBuilder_test() { ////ARRANGE var relayState = new Dictionary <string, object> { { "relayState", "Test state" } }; var compressor = new DeflateCompressor(); var messageEncoder = new MessageEncoding(compressor); var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var logger = new LogProviderMock(); var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser; var context = new BindingContext(relayState, new Uri("localhost:")); var builder = new RelayStateBuilder(serialiser); //ACT await builder.Build(context); ////ASSERT Assert.AreEqual(1, context.RequestParts.Count); Assert.IsTrue(context.RequestParts.ContainsKey(HttpRedirectBindingConstants.RelayState)); }
public async Task RelayStateBuilder_test() { //ARRANGE var relayState = new Dictionary <string, object> { { "relayState", "Test state" } }; var compressor = new DeflateCompressor(); var messageEncoder = new MessageEncoding(compressor); var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var logger = new LogProviderMock(); var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser; var context = new BindingContext(relayState, new Uri("localhost:")); var builder = new RelayStateBuilder(serialiser); //ACT await builder.Build(context); var result = context.ClauseBuilder.ToString(); //ASSERT Assert.IsTrue(result.StartsWith(String.Format("&{0}", HttpRedirectBindingConstants.RelayState))); }
public async Task GetRelayStateFromFormDataTest() { //ARRANGE var relayState = new Dictionary <string, object> { { "relayState", "Test state" } }; var form = new Dictionary <string, string>(); var compressor = new DeflateCompressor(); var messageEncoder = new MessageEncoding(compressor); var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var logger = new LogProviderMock(); var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser; var handler = new RelayStateHandler(serialiser, logger); //ACT var serialised = await serialiser.Serialize(relayState); form.Add("RelayState", serialised); var deserialised = await handler.GetRelayStateFromFormData(form) as Dictionary <string, object>; //ASSERT Assert.AreEqual(relayState.Count, deserialised.Count); Assert.AreEqual(relayState["relayState"], deserialised["relayState"]); }
public async Task SerialiseDeserialise_with_data_protectionTest() { //ARRANGE var relayState = new Dictionary <string, object> { { "relayState", "Test state" } }; var compressor = new DeflateCompressor(); var messageEncoder = new MessageEncoding(compressor); var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var logger = new LogProviderMock(); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger); //ToDo: uncomment the line when .net core data protector has been implemented //relayStateSerialiser.DataProtector = new Kernel.Cryptography.DataProtection.DpapiDataProtector("SSO", "saml", "relaystate"); var serialiser = relayStateSerialiser as IRelayStateSerialiser; //ACT var serialised = await serialiser.Serialize(relayState); var deserialised = await serialiser.Deserialize(serialised) as Dictionary <string, object>; //ASSERT Assert.AreEqual(relayState.Count, deserialised.Count); Assert.AreEqual(relayState["relayState"], deserialised["relayState"]); }
public async Task DecodeTest() { //ARRANGE var inResponseTo = Guid.NewGuid().ToString(); var response = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo, StatusCodes.Success); var logger = new LogProviderMock(); var serialised = ResponseFactoryMock.Serialize(response); var responseToBase64 = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(serialised)); var relayState = new Dictionary <string, object> { { "relayState", "Test state" } }; var compressor = new DeflateCompressor(); var messageEncoder = new MessageEncoding(compressor); var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var serialiser = new RelaystateSerialiser(jsonSerialiser, messageEncoder, logger) as IRelayStateSerialiser; var serialisedRelaySatate = await serialiser.Serialize(relayState); var relayStateHandler = new RelayStateHandler(serialiser, logger); var form = new Dictionary <string, string> { { HttpRedirectBindingConstants.SamlResponse, responseToBase64 }, { HttpRedirectBindingConstants.RelayState, serialisedRelaySatate } }; var decoder = new PostBindingDecoder(logger); //ACT var message = await decoder.Decode(form); var stateFromResult = message.Elements[HttpRedirectBindingConstants.RelayState]; //ASSERT Assert.IsNotNull(stateFromResult); Assert.AreEqual(serialised, message.Elements[HttpRedirectBindingConstants.SamlResponse]); Assert.AreEqual(serialisedRelaySatate, message.Elements[HttpRedirectBindingConstants.RelayState]); }
public async Task Post_end_to_end_test() { //ARRANGE var isValid = false; string url = String.Empty; IDictionary <string, object> relayState = null; var builders = new List <IPostClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var xmlSinatureManager = new XmlSignatureManager(); var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager); builders.Add(signatureBuilder); //context var outboundContext = new HttpPostRequestContext(new SAMLForm()) { BindingContext = new RequestPostBindingContext(authnRequestContext), DespatchDelegate = form => { url = form.ActionURL; var request = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.SamlRequest]; var state = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.RelayState]; var task = relayStateSerialiser.Deserialize(state); task.Wait(); relayState = task.Result as IDictionary <string, object>; var cert = certificateManager.GetCertificateFromContext(certContext); isValid = this.VerifySignature(request, cert); return(Task.CompletedTask); } }; //dispatcher var dispatcher = new PostRequestDispatcher(() => builders, logger); //ACT await dispatcher.SendAsync(outboundContext); //ASSERT Assert.AreEqual(url, requestUri.AbsoluteUri); Assert.IsTrue(Enumerable.SequenceEqual(relayState, authnRequestContext.RelyingState)); Assert.IsTrue(isValid); }
public async Task DecodeTest() { string url = String.Empty; var builders = new List <IRedirectClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //request compression builder var encodingBuilder = new RequestEncoderBuilder(encoder); builders.Add(encodingBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var signatureBuilder = new SignatureBuilder(certificateManager, logger); builders.Add(signatureBuilder); var bindingContext = new RequestBindingContext(authnRequestContext); foreach (var b in builders) { await b.Build(bindingContext); } var decoder = new RedirectBindingDecoder(logger, encoder); //ACT var message = await decoder.Decode(bindingContext.GetDestinationUrl()); var stateFromResult = message.Elements[HttpRedirectBindingConstants.RelayState]; var requestFromContext = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest]; var decoded = await encoder.DecodeMessage(requestFromContext); //ASSERT Assert.IsNotNull(stateFromResult); Assert.AreEqual(bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState], message.Elements[HttpRedirectBindingConstants.RelayState]); Assert.AreEqual(decoded, message.Elements[HttpRedirectBindingConstants.SamlRequest]); }
public async Task Redirect_end_to_end_test() { //ARRANGE var isValid = false; string url = String.Empty; var builders = new List <IRedirectClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //request compression builder var encodingBuilder = new RequestEncoderBuilder(encoder); builders.Add(encodingBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var signatureBuilder = new SignatureBuilder(certificateManager, logger); builders.Add(signatureBuilder); //context var outboundContext = new HttpRedirectRequestContext { BindingContext = new RequestBindingContext(authnRequestContext), DespatchDelegate = redirectUri => { url = redirectUri.GetLeftPart(UriPartial.Path); var query = redirectUri.Query.TrimStart('?'); var cert = certificateManager.GetCertificateFromContext(certContext); isValid = this.VerifySignature(query, cert, certificateManager); return(Task.CompletedTask); } }; //dispatcher var dispatcher = new RedirectRequestDispatcher(() => builders); //ACT await dispatcher.SendAsync(outboundContext); //ASSERT Assert.AreEqual(url, requestUri.AbsoluteUri); Assert.IsTrue(isValid); }