public async Task ParseLogoutRequest_post_binding()
{
//ARRANGE
var form = await SamlPostRequestProviderMock.BuildLogoutRequestPostForm();
Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler();
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser;
var certManager = new CertificateManager(logger);
var signatureManager = new XmlSignatureManager();
Func <IEnumerable <RequestValidationRule> > rulesResolver = () => new[] { new SignatureValidRule(logger, certManager, signatureManager) };
var requestValidator = new Federation.Protocols.Request.Validation.RequestValidator(logger, new RuleFactory(rulesResolver));
var configurationRetrieverMock = new ConfigurationRetrieverMock();
var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock();
var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock);
var requestParser = new RequestParser(metadataHandlerFactory, t => new LogoutRequestParser(serialiser, logger),
configurationManger, logger, requestValidator);
var postBindingDecoder = new PostBindingDecoder(logger);
var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value));
var context = new SamlInboundContext
{
Message = message,
DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single()
};
//ACT
var result = await requestParser.Parse(context);
//ASSERT
Assert.IsTrue(result.IsValidated);
Assert.IsInstanceOf <LogoutRequest>(result.SamlRequest);
}
public async Task ParseTokenResponse_post_binding_sp_initiated()
{
//ARRANGE
var inResponseTo = Guid.NewGuid().ToString();
var response = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo, StatusCodes.Success);
var logger = new LogProviderMock();
var serialised = ResponseFactoryMock.Serialize(response);
var xmlSignatureManager = new XmlSignatureManager();
var document = new XmlDocument();
document.LoadXml(serialised);
var cert = AssertionFactroryMock.GetMockCertificate();
xmlSignatureManager.SignXml(document, response.ID, cert.PrivateKey, null);
var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(document.DocumentElement.OuterXml));
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayState = await relayStateSerialiser.Serialize(new Dictionary <string, object> {
{ "Key", "Value" }
});
var form = new SAMLForm();
form.SetResponse(base64Encoded);
form.SetRelatState(relayState);
Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler();
var certManager = new CertificateManager(logger);
var signatureManager = new XmlSignatureManager();
Func <IEnumerable <ResponseValidationRule> > rulesResolver = () => new[] { new ResponseSignatureRule(logger, certManager, signatureManager) };
var validator = new Federation.Protocols.Response.Validation.ResponseValidator(logger, new RuleFactory(rulesResolver));
var configurationRetrieverMock = new ConfigurationRetrieverMock();
var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock();
var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock);
var relayStateHandler = new RelayStateHandler(relayStateSerialiser, logger);
var responseParser = new ResponseParser(metadataHandlerFactory, t => new SamlTokenResponseParser(logger),
configurationManger, relayStateHandler, logger, validator);
var postBindingDecoder = new PostBindingDecoder(logger);
var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value));
var context = new SamlInboundContext
{
Message = message,
DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single()
};
//ACT
var result = await responseParser.Parse(context);
//ASSERT
Assert.IsTrue(result.IsValidated);
}
public static async Task <SAMLForm> BuildRequestBindingContext(RequestContext requestContext)
{
string url = String.Empty;
var builders = new List <IPostClauseBuilder>();
requestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
var xmlSinatureManager = new XmlSignatureManager();
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager);
builders.Add(signatureBuilder);
var bindingContext = new RequestPostBindingContext(requestContext);
foreach (var b in builders)
{
await b.Build(bindingContext);
}
var form = new SAMLForm();
var request = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest];
var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(request));
var relyingStateSerialised = bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState];
form.ActionURL = bindingContext.DestinationUri.AbsoluteUri;
form.SetRequest(base64Encoded);
form.SetRelatState(relyingStateSerialised);
return(form);
}
public async Task VerifyAuthRequestSignature()
{
//ARRANGE
var signatureManager = new XmlSignatureManager();
var document = new XmlDocument();
var request = await SamlPostRequestProviderMock.BuildAuthnRequest();
document.LoadXml(request.Item1);
var cert = CertificateProviderMock.GetMockCertificate();
//ACT
var isValid = signatureManager.VerifySignature(document, cert.PublicKey.Key);
//ASSERT
Assert.True(isValid);
}
public void TempAssertionTest1()
{
//ARRANGE
var foo = new StreamReader(@"D:\Dan\Software\ECA-Interenational\Temp\Base64.txt");
var base64 = foo.ReadToEnd();
var boo = Convert.FromBase64String(base64);
var requestFromBase64 = Encoding.UTF8.GetString(boo);
var reader = XmlReader.Create(new StringReader(requestFromBase64));
var reader1 = XmlReader.Create(new StringReader(requestFromBase64));
reader1.MoveToContent();
var signatureManager = new XmlSignatureManager();
var document = new XmlDocument {
PreserveWhitespace = false
};
//document.Load(@"D:\Dan\Software\ECA-Interenational\Temp\TestResponse.xml");
var xml = reader1.ReadOuterXml();
document.LoadXml(xml);
var assertion = (XmlElement)document.GetElementsByTagName("Assertion", Saml20Constants.Assertion)[0];
var signEl = document.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#")
.Cast <XmlElement>()
.First(x => x.ParentNode == document.DocumentElement);
var certEl = (XmlElement)signEl.GetElementsByTagName("X509Certificate", "http://www.w3.org/2000/09/xmldsig#")[0];
var dcert2 = new X509Certificate2(Convert.FromBase64String(certEl.InnerText));
//var document1 = new XmlDocument();
//document1.LoadXml(assertion.OuterXml);
var handler = new Saml2SecurityTokenHandler();
var config = this.GetConfiguration();
handler.Configuration = config;
//var reader = XmlReader.Create(new StringReader(document.OuterXml));
//var reader = XmlReader.Create(@"D:\Dan\Software\ECA-Interenational\Temp\TestResponse.xml", new XmlReaderSettings { });
this.MoveToToken(reader);
//var reader1 = XmlReader.Create(new StringReader(document1.OuterXml));
var token = handler.ReadToken(reader);
//var token1 = handler.ReadToken(reader1);
//ACT
//var isValid = signatureManager.VerifySignature(document1, signEl, dcert2.PublicKey.Key);
var isValid = signatureManager.VerifySignature(document, signEl, dcert2.PublicKey.Key);
//ASSERT
Assert.True(isValid);
}
private bool VerifySignature(string request, X509Certificate2 certificate)
{
var unescaped = Uri.UnescapeDataString(request);
var decoded = Convert.FromBase64String(unescaped);
using (var ms = new MemoryStream(decoded))
{
ms.Position = 0;
using (var streamReader = new StreamReader(ms))
{
var xmlRequest = streamReader.ReadToEnd();
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(xmlRequest);
var signatureManager = new XmlSignatureManager();
var validated = signatureManager.VerifySignature(xmlDocument, certificate.PublicKey.Key);
return(validated);
}
}
}
public void SignResponse_namespace_not_included()
{
//ARRANGE
var signatureManager = new XmlSignatureManager();
var inResponseTo = "Test_" + Guid.NewGuid();
var tokenResponse = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo);
var cert = CertificateProviderMock.GetMockCertificate();
var serialised = ResponseFactoryMock.Serialize(tokenResponse);
var document = new XmlDocument();
document.LoadXml(serialised);
//ACT
signatureManager.WriteSignature(document, tokenResponse.ID, cert.PrivateKey, String.Empty, String.Empty);
var isValid = signatureManager.VerifySignature(document, cert.PublicKey.Key);
//ASSERT
Assert.True(isValid);
}
public void TempTest()
{
//ARRANGE
var signatureManager = new XmlSignatureManager();
var document = new XmlDocument()
{
PreserveWhitespace = false
};
document.Load(@"D:\Dan\Software\ECA-Interenational\Temp\TestResponse.xml");
var signEl = document.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#")
.Cast <XmlElement>()
.First(x => x.ParentNode == document.DocumentElement);
var certEl = (XmlElement)signEl.GetElementsByTagName("X509Certificate", "http://www.w3.org/2000/09/xmldsig#")[0];
var dcert2 = new X509Certificate2(Convert.FromBase64String(certEl.InnerText));
//ACT
var isValid = signatureManager.VerifySignature(document, signEl, dcert2.PublicKey.Key);
//ASSERT
Assert.True(isValid);
}
public void SPMetadataProviderTest()
{
var result = String.Empty;
var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml);
//var metadataWriter = new SSOMetadataFileWriter();
var ssoCryptoProvider = new CertificateManager();
var xmlSignatureManager = new XmlSignatureManager();
var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataWriter, ssoCryptoProvider, xmlSignatureManager);
var configuration = new SPSSOMetadataConfiguration
{
AuthnRequestsSigned = true,
DescriptorId = "Idp1",
EntityId = new Uri("http://*****:*****@"D:\SPSSOMetadata.xml",
SupportedProtocols = new[] { "urn:oasis:names:tc:SAML:2.0:protocol" },
SignMetadata = true,
ConsumerServices = new ConsumerServiceContext[] { new ConsumerServiceContext
{
Index = 0,
IsDefault = true,
Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
Location = "http://*****:*****@"D:\Dan\Software\SGWI\ThirdParty\devCertsPackage\employeeportaldev.safeguardworld.com.pfx",
CertificatePassword = StringExtensions.ToSecureString("$Password1!"),
Usage = "signing",
DefaultForMetadataSigning = true
} }
};
sPSSOMetadataProvider.CreateMetadata(configuration);
}
public async Task Post_end_to_end_test()
{
//ARRANGE
var isValid = false;
string url = String.Empty;
IDictionary <string, object> relayState = null;
var builders = new List <IPostClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var xmlSinatureManager = new XmlSignatureManager();
var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager);
builders.Add(signatureBuilder);
//context
var outboundContext = new HttpPostRequestContext(new SAMLForm())
{
BindingContext = new RequestPostBindingContext(authnRequestContext),
DespatchDelegate = form =>
{
url = form.ActionURL;
var request = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.SamlRequest];
var state = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.RelayState];
var task = relayStateSerialiser.Deserialize(state);
task.Wait();
relayState = task.Result as IDictionary <string, object>;
var cert = certificateManager.GetCertificateFromContext(certContext);
isValid = this.VerifySignature(request, cert);
return(Task.CompletedTask);
}
};
//dispatcher
var dispatcher = new PostRequestDispatcher(() => builders, logger);
//ACT
await dispatcher.SendAsync(outboundContext);
//ASSERT
Assert.AreEqual(url, requestUri.AbsoluteUri);
Assert.IsTrue(Enumerable.SequenceEqual(relayState, authnRequestContext.RelyingState));
Assert.IsTrue(isValid);
}
