Skip to content

Commit

Permalink
Improve error diagnostics for build server
Browse files Browse the repository at this point in the history 
- Filter out right things in test settings with new assembly names
- Dump actual string that causes Base64 error to be able to see what's wrong on build server.
  • Loading branch information
@AndersAbel
AndersAbel committed Sep 25, 2018
1 parent 03ce84a commit 01e0a0b
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 18 deletions.
3 changes: 2 additions & 1 deletion CodeCoverage.runsettings
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,10 @@ Included items must then not match any entries in the exclude list to remain inc
<Include>
</Include>
<Exclude>
<ModulePath>.*tests\.dll</ModulePath>
<ModulePath>.*tests.*\.dll</ModulePath>
<ModulePath>.*testhelpers\.dll</ModulePath>
<ModulePath>.*fluentassertions.*\.dll</ModulePath>
<ModulePath>*Microsoft.IdentityModel.*</ModulePath>
</Exclude>
</ModulePaths>

Expand Down
44 changes: 27 additions & 17 deletions Sustainsys.Saml2/WebSSO/Saml2RedirectBinding.cs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
using Sustainsys.Saml2.Configuration;
using Sustainsys.Saml2.Exceptions;
using Sustainsys.Saml2.Saml2P;
using Sustainsys.Saml2.Internal;
using Sustainsys.Saml2.Metadata;
using Sustainsys.Saml2.Saml2P;
using Sustainsys.Saml2.Tokens;
using System;
using System.Globalization;
using System.IO;
Expand All @@ -11,8 +13,6 @@
using System.Security.Cryptography;
using System.Text;
using System.Xml;
using Sustainsys.Saml2.Metadata;
using Sustainsys.Saml2.Tokens;

namespace Sustainsys.Saml2.WebSso
{
Expand All @@ -34,7 +34,7 @@ public override CommandResult Bind(ISaml2Message message, ILoggerAdapter logger)
+ (string.IsNullOrEmpty(message.RelayState) ? ""
: ("&RelayState=" + Uri.EscapeDataString(message.RelayState)));

if(message.SigningCertificate != null)
if (message.SigningCertificate != null)
{
queryString = AddSignature(queryString, message);
}
Expand All @@ -58,10 +58,10 @@ private static string AddSignature(string queryString, ISaml2Message message)
var signatureDescription = (SignatureDescription)CryptographyExtensions.CreateAlgorithmFromName(signingAlgorithmUrl);
HashAlgorithm hashAlg = signatureDescription.CreateDigest();
hashAlg.ComputeHash(Encoding.UTF8.GetBytes(queryString));
AsymmetricSignatureFormatter asymmetricSignatureFormatter =
AsymmetricSignatureFormatter asymmetricSignatureFormatter =
signatureDescription.CreateFormatter(
EnvironmentHelpers.IsNetCore ? message.SigningCertificate.PrivateKey :
((RSACryptoServiceProvider)message.SigningCertificate.PrivateKey)
EnvironmentHelpers.IsNetCore ? message.SigningCertificate.PrivateKey :
((RSACryptoServiceProvider)message.SigningCertificate.PrivateKey)
.GetSha256EnabledRSACryptoServiceProvider());
byte[] signatureValue = asymmetricSignatureFormatter.CreateSignature(hashAlg);
queryString += "&Signature=" + Uri.EscapeDataString(Convert.ToBase64String(signatureValue));
Expand All @@ -76,24 +76,34 @@ public override UnbindResult Unbind(HttpRequestData request, IOptions options)
throw new ArgumentNullException(nameof(request));
}

var payload = Convert.FromBase64String(request.QueryString["SAMLRequest"].FirstOrDefault() ?? request.QueryString["SAMLResponse"].First());
using (var compressed = new MemoryStream(payload))
var encodedPayload = request.QueryString["SAMLRequest"].FirstOrDefault() ?? request.QueryString["SAMLResponse"].First();
try
{
using (var decompressedStream = new DeflateStream(compressed, CompressionMode.Decompress, true))
var payload = Convert.FromBase64String(encodedPayload);

using (var compressed = new MemoryStream(payload))
{
using (var deCompressed = new MemoryStream())
using (var decompressedStream = new DeflateStream(compressed, CompressionMode.Decompress, true))
{
decompressedStream.CopyTo(deCompressed);
using (var deCompressed = new MemoryStream())
{
decompressedStream.CopyTo(deCompressed);

var xml = XmlHelpers.XmlDocumentFromString(
Encoding.UTF8.GetString(deCompressed.GetBuffer(),0, (int)deCompressed.Length));
var xml = XmlHelpers.XmlDocumentFromString(
Encoding.UTF8.GetString(deCompressed.GetBuffer(), 0, (int)deCompressed.Length));

options?.SPOptions.Logger.WriteVerbose("Http Redirect binding extracted message\n" + xml.OuterXml);
options?.SPOptions.Logger.WriteVerbose("Http Redirect binding extracted message\n" + xml.OuterXml);

return new UnbindResult(xml.DocumentElement, request.QueryString["RelayState"].SingleOrDefault(), GetTrustLevel(xml.DocumentElement, request, options));
return new UnbindResult(xml.DocumentElement, request.QueryString["RelayState"].SingleOrDefault(), GetTrustLevel(xml.DocumentElement, request, options));
}
}
}
}
catch(FormatException ex)
{
throw new FormatException($"\"{encodedPayload}\" is not a valid Base64 encoded string: {ex.Message}", ex);
}

}

private static TrustLevel GetTrustLevel(XmlElement documentElement, HttpRequestData request, IOptions options)
Expand Down Expand Up @@ -164,7 +174,7 @@ private static void CheckSignature(HttpRequestData request, IdentityProvider idp

var signature = Convert.FromBase64String(request.QueryString["Signature"].Single());

if (!idp.SigningKeys.Any(kic => signatureDescription.CreateDeformatter(((AsymmetricSecurityKey) kic.CreateKey()).GetAsymmetricAlgorithm(sigAlg, false)).VerifySignature(hashAlg, signature)))
if (!idp.SigningKeys.Any(kic => signatureDescription.CreateDeformatter(((AsymmetricSecurityKey)kic.CreateKey()).GetAsymmetricAlgorithm(sigAlg, false)).VerifySignature(hashAlg, signature)))
{
throw new InvalidSignatureException(string.Format(CultureInfo.InvariantCulture, "Message from {0} failed signature verification", idp.EntityId.Id));
}
Expand Down

0 comments on commit 01e0a0b

Please sign in to comment.