public async Task ParseLogoutRequest_post_binding() { //ARRANGE var form = await SamlPostRequestProviderMock.BuildLogoutRequestPostForm(); Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler(); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser; var certManager = new CertificateManager(logger); var signatureManager = new XmlSignatureManager(); Func <IEnumerable <RequestValidationRule> > rulesResolver = () => new[] { new SignatureValidRule(logger, certManager, signatureManager) }; var requestValidator = new Federation.Protocols.Request.Validation.RequestValidator(logger, new RuleFactory(rulesResolver)); var configurationRetrieverMock = new ConfigurationRetrieverMock(); var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock(); var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock); var requestParser = new RequestParser(metadataHandlerFactory, t => new LogoutRequestParser(serialiser, logger), configurationManger, logger, requestValidator); var postBindingDecoder = new PostBindingDecoder(logger); var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value)); var context = new SamlInboundContext { Message = message, DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single() }; //ACT var result = await requestParser.Parse(context); //ASSERT Assert.IsTrue(result.IsValidated); Assert.IsInstanceOf <LogoutRequest>(result.SamlRequest); }
public async Task ParseTokenResponse_post_binding_sp_initiated() { //ARRANGE var inResponseTo = Guid.NewGuid().ToString(); var response = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo, StatusCodes.Success); var logger = new LogProviderMock(); var serialised = ResponseFactoryMock.Serialize(response); var xmlSignatureManager = new XmlSignatureManager(); var document = new XmlDocument(); document.LoadXml(serialised); var cert = AssertionFactroryMock.GetMockCertificate(); xmlSignatureManager.SignXml(document, response.ID, cert.PrivateKey, null); var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(document.DocumentElement.OuterXml)); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayState = await relayStateSerialiser.Serialize(new Dictionary <string, object> { { "Key", "Value" } }); var form = new SAMLForm(); form.SetResponse(base64Encoded); form.SetRelatState(relayState); Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler(); var certManager = new CertificateManager(logger); var signatureManager = new XmlSignatureManager(); Func <IEnumerable <ResponseValidationRule> > rulesResolver = () => new[] { new ResponseSignatureRule(logger, certManager, signatureManager) }; var validator = new Federation.Protocols.Response.Validation.ResponseValidator(logger, new RuleFactory(rulesResolver)); var configurationRetrieverMock = new ConfigurationRetrieverMock(); var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock(); var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock); var relayStateHandler = new RelayStateHandler(relayStateSerialiser, logger); var responseParser = new ResponseParser(metadataHandlerFactory, t => new SamlTokenResponseParser(logger), configurationManger, relayStateHandler, logger, validator); var postBindingDecoder = new PostBindingDecoder(logger); var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value)); var context = new SamlInboundContext { Message = message, DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single() }; //ACT var result = await responseParser.Parse(context); //ASSERT Assert.IsTrue(result.IsValidated); }
public static async Task <SAMLForm> BuildRequestBindingContext(RequestContext requestContext) { string url = String.Empty; var builders = new List <IPostClauseBuilder>(); requestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); var xmlSinatureManager = new XmlSignatureManager(); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager); builders.Add(signatureBuilder); var bindingContext = new RequestPostBindingContext(requestContext); foreach (var b in builders) { await b.Build(bindingContext); } var form = new SAMLForm(); var request = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest]; var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(request)); var relyingStateSerialised = bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState]; form.ActionURL = bindingContext.DestinationUri.AbsoluteUri; form.SetRequest(base64Encoded); form.SetRelatState(relyingStateSerialised); return(form); }
public async Task VerifyAuthRequestSignature() { //ARRANGE var signatureManager = new XmlSignatureManager(); var document = new XmlDocument(); var request = await SamlPostRequestProviderMock.BuildAuthnRequest(); document.LoadXml(request.Item1); var cert = CertificateProviderMock.GetMockCertificate(); //ACT var isValid = signatureManager.VerifySignature(document, cert.PublicKey.Key); //ASSERT Assert.True(isValid); }
public void TempAssertionTest1() { //ARRANGE var foo = new StreamReader(@"D:\Dan\Software\ECA-Interenational\Temp\Base64.txt"); var base64 = foo.ReadToEnd(); var boo = Convert.FromBase64String(base64); var requestFromBase64 = Encoding.UTF8.GetString(boo); var reader = XmlReader.Create(new StringReader(requestFromBase64)); var reader1 = XmlReader.Create(new StringReader(requestFromBase64)); reader1.MoveToContent(); var signatureManager = new XmlSignatureManager(); var document = new XmlDocument { PreserveWhitespace = false }; //document.Load(@"D:\Dan\Software\ECA-Interenational\Temp\TestResponse.xml"); var xml = reader1.ReadOuterXml(); document.LoadXml(xml); var assertion = (XmlElement)document.GetElementsByTagName("Assertion", Saml20Constants.Assertion)[0]; var signEl = document.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#") .Cast <XmlElement>() .First(x => x.ParentNode == document.DocumentElement); var certEl = (XmlElement)signEl.GetElementsByTagName("X509Certificate", "http://www.w3.org/2000/09/xmldsig#")[0]; var dcert2 = new X509Certificate2(Convert.FromBase64String(certEl.InnerText)); //var document1 = new XmlDocument(); //document1.LoadXml(assertion.OuterXml); var handler = new Saml2SecurityTokenHandler(); var config = this.GetConfiguration(); handler.Configuration = config; //var reader = XmlReader.Create(new StringReader(document.OuterXml)); //var reader = XmlReader.Create(@"D:\Dan\Software\ECA-Interenational\Temp\TestResponse.xml", new XmlReaderSettings { }); this.MoveToToken(reader); //var reader1 = XmlReader.Create(new StringReader(document1.OuterXml)); var token = handler.ReadToken(reader); //var token1 = handler.ReadToken(reader1); //ACT //var isValid = signatureManager.VerifySignature(document1, signEl, dcert2.PublicKey.Key); var isValid = signatureManager.VerifySignature(document, signEl, dcert2.PublicKey.Key); //ASSERT Assert.True(isValid); }
private bool VerifySignature(string request, X509Certificate2 certificate) { var unescaped = Uri.UnescapeDataString(request); var decoded = Convert.FromBase64String(unescaped); using (var ms = new MemoryStream(decoded)) { ms.Position = 0; using (var streamReader = new StreamReader(ms)) { var xmlRequest = streamReader.ReadToEnd(); var xmlDocument = new XmlDocument(); xmlDocument.LoadXml(xmlRequest); var signatureManager = new XmlSignatureManager(); var validated = signatureManager.VerifySignature(xmlDocument, certificate.PublicKey.Key); return(validated); } } }
public void SignResponse_namespace_not_included() { //ARRANGE var signatureManager = new XmlSignatureManager(); var inResponseTo = "Test_" + Guid.NewGuid(); var tokenResponse = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo); var cert = CertificateProviderMock.GetMockCertificate(); var serialised = ResponseFactoryMock.Serialize(tokenResponse); var document = new XmlDocument(); document.LoadXml(serialised); //ACT signatureManager.WriteSignature(document, tokenResponse.ID, cert.PrivateKey, String.Empty, String.Empty); var isValid = signatureManager.VerifySignature(document, cert.PublicKey.Key); //ASSERT Assert.True(isValid); }
public void TempTest() { //ARRANGE var signatureManager = new XmlSignatureManager(); var document = new XmlDocument() { PreserveWhitespace = false }; document.Load(@"D:\Dan\Software\ECA-Interenational\Temp\TestResponse.xml"); var signEl = document.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#") .Cast <XmlElement>() .First(x => x.ParentNode == document.DocumentElement); var certEl = (XmlElement)signEl.GetElementsByTagName("X509Certificate", "http://www.w3.org/2000/09/xmldsig#")[0]; var dcert2 = new X509Certificate2(Convert.FromBase64String(certEl.InnerText)); //ACT var isValid = signatureManager.VerifySignature(document, signEl, dcert2.PublicKey.Key); //ASSERT Assert.True(isValid); }
public void SPMetadataProviderTest() { var result = String.Empty; var metadataWriter = new TestMetadatWriter(el => result = el.OuterXml); //var metadataWriter = new SSOMetadataFileWriter(); var ssoCryptoProvider = new CertificateManager(); var xmlSignatureManager = new XmlSignatureManager(); var sPSSOMetadataProvider = new SPSSOMetadataProvider(metadataWriter, ssoCryptoProvider, xmlSignatureManager); var configuration = new SPSSOMetadataConfiguration { AuthnRequestsSigned = true, DescriptorId = "Idp1", EntityId = new Uri("http://*****:*****@"D:\SPSSOMetadata.xml", SupportedProtocols = new[] { "urn:oasis:names:tc:SAML:2.0:protocol" }, SignMetadata = true, ConsumerServices = new ConsumerServiceContext[] { new ConsumerServiceContext { Index = 0, IsDefault = true, Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", Location = "http://*****:*****@"D:\Dan\Software\SGWI\ThirdParty\devCertsPackage\employeeportaldev.safeguardworld.com.pfx", CertificatePassword = StringExtensions.ToSecureString("$Password1!"), Usage = "signing", DefaultForMetadataSigning = true } } }; sPSSOMetadataProvider.CreateMetadata(configuration); }
public async Task Post_end_to_end_test() { //ARRANGE var isValid = false; string url = String.Empty; IDictionary <string, object> relayState = null; var builders = new List <IPostClauseBuilder>(); var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First(); var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault) .Select(x => x.CertificateContext) .First(); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats); authnRequestContext.RelyingState.Add("relayState", "Test state"); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger); RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory(); var authnBuilder = new SamlRequestBuilder(serialiser); builders.Add(authnBuilder); //relay state builder var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider()); var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser; var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser); builders.Add(relayStateBuilder); //signature builder var certificateManager = new CertificateManager(logger); var xmlSinatureManager = new XmlSignatureManager(); var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager); builders.Add(signatureBuilder); //context var outboundContext = new HttpPostRequestContext(new SAMLForm()) { BindingContext = new RequestPostBindingContext(authnRequestContext), DespatchDelegate = form => { url = form.ActionURL; var request = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.SamlRequest]; var state = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.RelayState]; var task = relayStateSerialiser.Deserialize(state); task.Wait(); relayState = task.Result as IDictionary <string, object>; var cert = certificateManager.GetCertificateFromContext(certContext); isValid = this.VerifySignature(request, cert); return(Task.CompletedTask); } }; //dispatcher var dispatcher = new PostRequestDispatcher(() => builders, logger); //ACT await dispatcher.SendAsync(outboundContext); //ASSERT Assert.AreEqual(url, requestUri.AbsoluteUri); Assert.IsTrue(Enumerable.SequenceEqual(relayState, authnRequestContext.RelyingState)); Assert.IsTrue(isValid); }