First steps on Assertion validation

Sustainsys · Feb 3, 2024 · af19aa6 · af19aa6
1 parent 07d4a9a
commit af19aa6
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 3 deletions.
diff --git a/src/Sustainsys.Saml2/Saml/SamlAssertion.cs b/src/Sustainsys.Saml2/Saml/SamlAssertion.cs
@@ -0,0 +1,18 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Sustainsys.Saml2.Saml;
+
+/// <summary>
+/// A Saml assertion
+/// </summary>
+public class SamlAssertion
+{
+    /// <summary>
+    /// Issuer of the assertion.
+    /// </summary>
+    public NameId Issuer { get; set; } = default!;
+}
diff --git a/src/Sustainsys.Saml2/Validation/ISamlAssertionValidator.cs b/src/Sustainsys.Saml2/Validation/ISamlAssertionValidator.cs
@@ -0,0 +1,32 @@
+using Sustainsys.Saml2.Saml;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Sustainsys.Saml2.Validation;
+
+/// <summary>
+/// Validates an asseriton
+/// </summary>
+public interface ISamlAssertionValidator
+{
+    /// <summary>
+    /// Validate a Saml assertion
+    /// </summary>
+    /// <param name="assertion"></param>
+    /// <param name="parameters"></param>
+    void Validate(SamlAssertion assertion, SamlAssertionValidationParameters parameters);
+}
+
+/// <summary>
+/// DTO carrying parameters for Saml assertion validation
+/// </summary>
+public class SamlAssertionValidationParameters
+{
+    /// <summary>
+    /// Valid issuer of the response and assertions
+    /// </summary>
+    public NameId? ValidIssuer { get; set; }
+}
diff --git a/src/Sustainsys.Saml2/Validation/ISamlResponseValidator.cs b/src/Sustainsys.Saml2/Validation/ISamlResponseValidator.cs
@@ -28,7 +28,13 @@ public interface ISamlResponseValidator
 public class SamlResponseValidationParameters
 {
     /// <summary>
-    /// Valid issuer of the response and assertions
+    /// Validation parameters for assertions embedded in the response.
     /// </summary>
-    public NameId? ValidIssuer {  get; set; }
+    public required SamlAssertionValidationParameters AssertionValidationParameters { get; set; }
+
+    /// <summary>
+    /// Valid issuer of the response and assertions - returns the ValidIssuer
+    /// of the embedded SamlAssertionValidationParameters to ensure they are the same.
+    /// </summary>
+    public NameId? ValidIssuer { get => AssertionValidationParameters.ValidIssuer; }
 }
diff --git a/src/Sustainsys.Saml2/Validation/SamlAssertionValidator.cs b/src/Sustainsys.Saml2/Validation/SamlAssertionValidator.cs
@@ -0,0 +1,22 @@
+using Sustainsys.Saml2.Saml;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Sustainsys.Saml2.Validation;
+
+/// <summary>
+/// Saml Assertion validator
+/// </summary>
+public class SamlAssertionValidator : ISamlAssertionValidator
+{
+    /// <inheritdoc/>
+    public void Validate(
+        SamlAssertion assertion,
+        SamlAssertionValidationParameters parameters)
+    {
+        // TODO: Remember to validate issuer.
+    }
+}
diff --git a/src/Tests/Sustainsys.Saml2.Tests/Validators/SamlResponseValidatorTests.cs b/src/Tests/Sustainsys.Saml2.Tests/Validators/SamlResponseValidatorTests.cs
@@ -24,7 +24,10 @@ SamlResponse CreateSamlResponse() =>
     SamlResponseValidationParameters CreateValidationParameters() =>
         new SamlResponseValidationParameters()
         {
-            ValidIssuer = "https://idp.example.com/Saml2"
+            AssertionValidationParameters = new()
+            {
+                ValidIssuer = "https://idp.example.com/Saml2"
+            }
         };
 
     // The happy path that should just validate the default response