Local name before namespace uri

src/Sustainsys.Saml2/AspNetCore/Saml2Handler.cs

@@ -15,8 +15,6 @@ namespace Sustainsys.Saml2.AspNetCore;
 
 // TODO: OTel Metrics + Activities + logging/traces
 
-// TODO: Fold into main package. Same dependencies => same package.
-
 /// <summary>
 /// Saml2 authentication handler
 /// </summary>
@@ -105,6 +103,8 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
 
         var xmlDoc = GetRequiredService<ISamlXmlWriter>().Write(authnRequest);
 
+        //TODO: Don't use Options.IdentityProvider directly, access via event/callback.
+
         var message = new Saml2Message
         {
             Destination = Options.IdentityProvider!.SsoServiceUrl!,

src/Sustainsys.Saml2/Serialization/SamlXmlReader.Assertion.cs

@@ -19,7 +19,7 @@ public Assertion ReadAssertion(
     {
         Assertion assertion = default!;
 
-        if (source.EnsureName(Namespaces.SamlUri, Elements.Assertion))
+        if (source.EnsureName(Elements.Assertion, Namespaces.SamlUri))
         {
             assertion = ReadAssertion(source);
             source.MoveNext(true);
@@ -67,7 +67,7 @@ protected virtual void ReadElements(XmlTraverser source, Assertion assertion)
     {
         source.MoveNext();
 
-        if (source.EnsureName(Namespaces.SamlUri, Elements.Issuer))
+        if (source.EnsureName(Elements.Issuer, Namespaces.SamlUri))
         {
             assertion.Issuer = ReadNameId(source);
             source.MoveNext();
@@ -85,45 +85,45 @@ protected virtual void ReadElements(XmlTraverser source, Assertion assertion)
         // Status is optional on XML schema level, but Core 2.3.3. says that
         // "an assertion without a subject has no defined meaning in this specification."
         // so we are treating it as mandatory.
-        if (source.EnsureName(Namespaces.SamlUri, Elements.Subject))
+        if (source.EnsureName(Elements.Subject, Namespaces.SamlUri))
         {
             assertion.Subject = ReadSubject(source);
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.SamlUri, Elements.Conditions))
+        if (source.HasName(Elements.Conditions, Namespaces.SamlUri))
         {
             assertion.Conditions = ReadConditions(source);
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.SamlUri, Elements.Advice))
+        if (source.HasName(Elements.Advice, Namespaces.SamlUri))
         {
             // We're not supporting Advice
             source.IgnoreChildren();
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.SamlUri, Elements.AuthnStatement))
+        if (source.HasName(Elements.AuthnStatement, Namespaces.SamlUri))
         {
             assertion.AuthnStatement = ReadAuthnStatement(source);
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.SamlUri, Elements.AuthzDecisionStatement))
+        if (source.HasName(Elements.AuthzDecisionStatement, Namespaces.SamlUri))
         {
             // Not supporting AuthzDecisionStatement, skip it
             source.IgnoreChildren();
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.SamlUri, Elements.AttributeStatement))
+        if (source.HasName(Elements.AttributeStatement, Namespaces.SamlUri))
         {
             var attributes = source.GetChildren();
 
             while(attributes.MoveNext(true))
             {
-                if(attributes.EnsureName(Namespaces.SamlUri, Elements.Attribute))
+                if(attributes.EnsureName(Elements.Attribute, Namespaces.SamlUri))
                 {
                     assertion.Attributes.Add(ReadAttribute(attributes));
                 }

src/Sustainsys.Saml2/Serialization/SamlXmlReader.Attribute.cs

@@ -38,7 +38,7 @@ protected virtual void ReadAttributes(XmlTraverser source, SamlAttribute attribu
     protected virtual void ReadElements(XmlTraverser source, SamlAttribute attribute) 
     {
         while(source.MoveNext(true) 
-            && source.EnsureName(Namespaces.SamlUri, Elements.AttributeValue))
+            && source.EnsureName(Elements.AttributeValue, Namespaces.SamlUri))
         {
             // TODO: Test + support for null values.
             attribute.Values.Add(source.GetTextContents());

src/Sustainsys.Saml2/Serialization/SamlXmlReader.AudienceRestriction.cs

@@ -28,7 +28,7 @@ protected virtual void ReadElements(XmlTraverser source, AudienceRestriction res
     {
         source.MoveNext();
 
-        while (source.EnsureName(Namespaces.SamlUri, Elements.Audience))
+        while (source.EnsureName(Elements.Audience, Namespaces.SamlUri))
         {
             result.Audiences.Add(source.GetTextContents());
             source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.AuthnContext.cs

@@ -30,7 +30,7 @@ protected virtual void ReadElements(XmlTraverser source, AuthnContext authnConte
     {
         source.MoveNext(true);
 
-        if (source.HasName(Namespaces.SamlUri, Elements.AuthnContextClassRef))
+        if (source.HasName(Elements.AuthnContextClassRef, Namespaces.SamlUri))
         {
             authnContext.AuthnContextClassRef = source.GetTextContents();
             source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.AuthnRequest.cs

@@ -15,7 +15,7 @@ public AuthnRequest ReadAuthnRequest(
     {
         AuthnRequest authnRequest = default!;
 
-        if (source.EnsureName(Namespaces.SamlpUri, Elements.AuthnRequest))
+        if (source.EnsureName(Elements.AuthnRequest, Namespaces.SamlpUri))
         {
             authnRequest = ReadAuthnRequest(source);
             source.MoveNext(true);
@@ -54,7 +54,7 @@ protected virtual void ReadElements(XmlTraverser source, AuthnRequest authnReque
     {
         ReadElements(source, (RequestAbstractType)authnRequest);
 
-        if (source.HasName(Namespaces.SamlUri, Elements.Subject))
+        if (source.HasName(Elements.Subject, Namespaces.SamlUri))
         {
             authnRequest.Subject = ReadSubject(source);
             source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.AuthnStatement.cs

@@ -43,13 +43,13 @@ protected virtual void ReadElements(XmlTraverser source, AuthnStatement authnSta
     {
         source.MoveNext(true);
 
-        if (source.HasName(Namespaces.SamlUri, Elements.SubjectLocality))
+        if (source.HasName(Elements.SubjectLocality, Namespaces.SamlUri))
         {
             // We're not supporting Subject Locality.
             source.MoveNext(true);
         }
 
-        if (source.EnsureName(Namespaces.SamlUri, Elements.AuthnContext))
+        if (source.EnsureName(Elements.AuthnContext, Namespaces.SamlUri))
         {
             authnStatement.AuthnContext = ReadAuthnContext(source);
             source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.Conditions.cs

@@ -39,19 +39,19 @@ protected virtual void ReadElements(XmlTraverser source, Conditions conditions)
     {
         source.MoveNext(true);
 
-        while (source.HasName(Namespaces.SamlUri, Elements.AudienceRestriction))
+        while (source.HasName(Elements.AudienceRestriction, Namespaces.SamlUri))
         {
             conditions.AudienceRestrictions.Add(ReadAudienceRestriction(source));
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.SamlUri, Elements.OneTimeUse))
+        if (source.HasName(Elements.OneTimeUse, Namespaces.SamlUri))
         {
             conditions.OneTimeUse = true;
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.SamlUri, Elements.ProxyRestriction))
+        if (source.HasName(Elements.ProxyRestriction, Namespaces.SamlUri))
         {
             // TODO: Support proxy restrictions
             source.IgnoreChildren();

src/Sustainsys.Saml2/Serialization/SamlXmlReader.EntityDescriptor.cs

@@ -13,7 +13,7 @@ public EntityDescriptor ReadEntityDescriptor(
     {
         EntityDescriptor entityDescriptor = default!;
 
-        if (source.EnsureName(Namespaces.MetadataUri, Elements.EntityDescriptor))
+        if (source.EnsureName(Elements.EntityDescriptor, Namespaces.MetadataUri))
         {
             entityDescriptor = ReadEntityDescriptor(source);
         }
@@ -72,7 +72,7 @@ protected virtual void ReadElements(XmlTraverser source, EntityDescriptor entity
             source.MoveNext();
         }
 
-        if (source.HasName(Namespaces.MetadataUri, Elements.Extensions))
+        if (source.HasName(Elements.Extensions, Namespaces.MetadataUri))
         {
             entityDescriptor.Extensions = ReadExtensions(source);
             source.MoveNext();

src/Sustainsys.Saml2/Serialization/SamlXmlReader.IDPSSODescriptor.cs

@@ -43,15 +43,15 @@ protected virtual void ReadElements(XmlTraverser source, IDPSSODescriptor result
         ReadElements(source, (SSODescriptor)result);
 
         // We must have at least one SingleSignOnService in an IDPSSODescriptor and now we should be at it.
-        if(!source.EnsureName(Namespaces.MetadataUri, Elements.SingleSignOnService))
+        if(!source.EnsureName(Elements.SingleSignOnService, Namespaces.MetadataUri))
         {
             return;
         }
 
         do
         {
             result.SingleSignOnServices.Add(ReadEndpoint(source));
-        } while (source.MoveNext(true) && source.HasName(Namespaces.MetadataUri, Elements.SingleSignOnService));
+        } while (source.MoveNext(true) && source.HasName(Elements.SingleSignOnService, Namespaces.MetadataUri));
 
         source.Skip();
     }

src/Sustainsys.Saml2/Serialization/SamlXmlReader.KeyDescriptor.cs

@@ -22,7 +22,7 @@ protected virtual KeyDescriptor ReadKeyDescriptor(XmlTraverser source)
         var children = source.GetChildren();
 
         if (children.MoveNext()
-            && children.EnsureName(SignedXml.XmlDsigNamespaceUrl, Elements.KeyInfo))
+            && children.EnsureName(Elements.KeyInfo, SignedXml.XmlDsigNamespaceUrl))
         {
             children.IgnoreChildren();
 

src/Sustainsys.Saml2/Serialization/SamlXmlReader.RequestAbstractType.cs

@@ -34,7 +34,7 @@ protected virtual void ReadElements(XmlTraverser source, RequestAbstractType req
     {
         source.MoveNext(true);
 
-        if (source.HasName(Namespaces.SamlUri, Elements.Issuer))
+        if (source.HasName(Elements.Issuer, Namespaces.SamlUri))
         {
             request.Issuer = ReadNameId(source);
             source.MoveNext(true);
@@ -49,7 +49,7 @@ protected virtual void ReadElements(XmlTraverser source, RequestAbstractType req
             source.MoveNext();
         }
 
-        if (source.HasName(Namespaces.SamlpUri, Elements.Extensions))
+        if (source.HasName(Elements.Extensions, Namespaces.SamlpUri))
         {
             request.Extensions = ReadExtensions(source);
             source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.RoleDescriptor.cs

@@ -45,37 +45,37 @@ protected virtual void ReadElements(XmlTraverser source, RoleDescriptor result)
     {
         source.MoveNext(true);
 
-        if (source.HasName(SignedXml.XmlDsigNamespaceUrl, Elements.Signature))
+        if (source.HasName(Elements.Signature, SignedXml.XmlDsigNamespaceUrl))
         {
             // Signatures on RoleDescriptors are not supported.
             source.IgnoreChildren();
 
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.MetadataUri, Elements.Extensions))
+        if (source.HasName(Elements.Extensions, Namespaces.MetadataUri))
         {
             // Extensions on RoleDescriptors are not supported.
             source.IgnoreChildren();
 
             source.MoveNext(true);
         }
 
-        while (source.HasName(Namespaces.MetadataUri, Elements.KeyDescriptor))
+        while (source.HasName(Elements.KeyDescriptor, Namespaces.MetadataUri))
         {
             result.Keys.Add(ReadKeyDescriptor(source));
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.MetadataUri, Elements.Organization))
+        if (source.HasName(Elements.Organization, Namespaces.MetadataUri))
         {
             // Organization reading is not supported.
             source.IgnoreChildren();
 
             source.MoveNext(true);
         }
 
-        if (source.HasName(Namespaces.MetadataUri, Elements.ContactPerson))
+        if (source.HasName(Elements.ContactPerson, Namespaces.MetadataUri))
         {
             // Contact person reading is not supported.
             source.IgnoreChildren();

src/Sustainsys.Saml2/Serialization/SamlXmlReader.SSODescriptor.cs

@@ -24,22 +24,22 @@ protected virtual void ReadElements(XmlTraverser source, SSODescriptor result)
     {
         ReadElements(source, (RoleDescriptor)result);
 
-        while (source.HasName(Namespaces.MetadataUri, Elements.ArtifactResolutionService))
+        while (source.HasName(Elements.ArtifactResolutionService, Namespaces.MetadataUri))
         {
             result.ArtifactResolutionServices.Add(ReadIndexedEndpoint(source));
 
             source.MoveNext(true);
         }
 
-        while(source.HasName(Namespaces.MetadataUri, Elements.SingleLogoutService))
+        while(source.HasName(Elements.SingleLogoutService, Namespaces.MetadataUri))
         {
             result.SingleLogoutServices.Add(ReadEndpoint(source));
 
             source.MoveNext(true);
         }
 
-        while(source.HasName(Namespaces.MetadataUri, Elements.ManageNameIDService)
-            || source.HasName(Namespaces.MetadataUri, Elements.NameIDFormat))
+        while(source.HasName(Elements.ManageNameIDService, Namespaces.MetadataUri)
+            || source.HasName(Elements.NameIDFormat, Namespaces.MetadataUri))
         {
             // We're not supporting ManageNameIDService nor NameIDFormat.
             source.IgnoreChildren();

src/Sustainsys.Saml2/Serialization/SamlXmlReader.SamlResponse.cs

@@ -13,7 +13,7 @@ public SamlResponse ReadSamlResponse(
     {
         SamlResponse samlResponse = default!;
 
-        if (source.EnsureName(Constants.Namespaces.SamlpUri, Constants.Elements.Response))
+        if (source.EnsureName(Elements.Response, Namespaces.SamlpUri))
         {
             samlResponse = ReadSamlResponse(source);
         }
@@ -52,7 +52,7 @@ protected virtual void ReadElements(XmlTraverser source, SamlResponse samlRespon
     {
         ReadElements(source, (StatusResponseType)samlResponse);
 
-        while (source.HasName(Namespaces.SamlUri, Elements.Assertion))
+        while (source.HasName(Elements.Assertion, Namespaces.SamlUri))
         {
             samlResponse.Assertions.Add(ReadAssertion(source));
             source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.Status.cs

@@ -30,7 +30,7 @@ protected virtual void ReadElements(XmlTraverser source, SamlStatus status)
 	{
 		source.MoveNext();
 
-		if (source.EnsureName(Namespaces.SamlpUri, Elements.StatusCode))
+		if (source.EnsureName(Elements.StatusCode, Namespaces.SamlpUri))
 		{
 			status.StatusCode = ReadStatusCode(source);
 			source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.StatusResponseType.cs

@@ -30,7 +30,7 @@ protected virtual void ReadElements(XmlTraverser source, StatusResponseType resp
     {
         source.MoveNext();
 
-        if (source.HasName(Namespaces.SamlUri, Elements.Issuer))
+        if (source.HasName(Elements.Issuer, Namespaces.SamlUri))
         {
             response.Issuer = ReadNameId(source);
 
@@ -46,13 +46,13 @@ protected virtual void ReadElements(XmlTraverser source, StatusResponseType resp
             source.MoveNext();
         }
 
-        if (source.HasName(Namespaces.SamlpUri, Elements.Extensions))
+        if (source.HasName(Elements.Extensions, Namespaces.SamlpUri))
         {
             response.Extensions = ReadExtensions(source);
             source.MoveNext();
         }
 
-        if (source.EnsureName(Namespaces.SamlpUri, Elements.Status))
+        if (source.EnsureName(Elements.Status, Namespaces.SamlpUri))
         {
             response.Status = ReadStatus(source);
             source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.Subject.cs

@@ -30,7 +30,7 @@ protected virtual void ReadElements(XmlTraverser source, Subject subject)
     {
         source.MoveNext(true);
 
-        if (source.HasName(Namespaces.SamlUri, Elements.NameID))
+        if (source.HasName(Elements.NameID, Namespaces.SamlUri))
         {
             subject.NameId = ReadNameId(source);
             source.MoveNext(true);
@@ -40,7 +40,7 @@ protected virtual void ReadElements(XmlTraverser source, Subject subject)
             // TODO: Support BaseID and EncryptedID
         }
 
-        if (source.HasName(Namespaces.SamlUri, Elements.SubjectConfirmation))
+        if (source.HasName(Elements.SubjectConfirmation, Namespaces.SamlUri))
         {
             subject.SubjectConfirmation = ReadSubjectConfirmation(source);
             source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.SubjectConfirmation.cs

@@ -41,7 +41,7 @@ protected virtual void ReadElements(XmlTraverser source, SubjectConfirmation sub
     {
         source.MoveNext(true);
 
-        if (source.HasName(Namespaces.SamlUri, Elements.SubjectConfirmationData))
+        if (source.HasName(Elements.SubjectConfirmationData, Namespaces.SamlUri))
         {
             subjectConfirmation.SubjectConfirmationData = ReadSubjectConfirmationData(source);
             source.MoveNext(true);

src/Sustainsys.Saml2/Serialization/SamlXmlReader.cs

@@ -68,7 +68,7 @@ protected virtual void ThrowOnErrors(XmlTraverser source)
     {
         var trustedSigningKeys = TrustedSigningKeys;
         var allowedHashAlgorithms = AllowedHashAlgorithms;
-        if (source.HasName(SignedXml.XmlDsigNamespaceUrl, Elements.Signature))
+        if (source.HasName(Elements.Signature, SignedXml.XmlDsigNamespaceUrl))
         {
             if (issuer == null)
             {