C# (CSharp) SamlValidator.ValidateResponse Beispiele

Beispiel #1

Datei: SamlValidatorTest.cs Projekt: fablei/uprove_samlcommunication

        public void ValidateResponseWithoutTimeValidTest()
        {
            Saml2Serializer  serializer       = new Saml2Serializer();
            SamlValidator    validator        = new SamlValidator();
            string           xml              = Encoding.UTF8.GetString(Convert.FromBase64String(ReadFile(responseFilename)));
            EntityDescriptor entityDescriptor = serializer.ConvertXMLToEntityDescriptorObject(ReadFile(xmlMetadataFile));
            AuthnRequest     authnRequest     = serializer.ConvertXMLToAuthnRequestObject(ReadFile(xmlAuthnRequestFile));

            Response response = serializer.ConvertXMLToResponseObject(xml);

            bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);

            Assert.IsTrue(isValid);
        }

Beispiel #2

Datei: SamlValidatorTest.cs Projekt: fablei/uprove_samlcommunication

        public void ValidateResponseWithoutTimeInvalidTest()
        {
            Saml2Serializer  serializer       = new Saml2Serializer();
            SamlValidator    validator        = new SamlValidator();
            string           xml              = ReadFile(xmlResponseFilename);
            EntityDescriptor entityDescriptor = serializer.ConvertXMLToEntityDescriptorObject(ReadFile(xmlMetadataFile));
            AuthnRequest     authnRequest     = serializer.ConvertXMLToAuthnRequestObject(ReadFile(xmlAuthnRequestFile));

            Response response = serializer.ConvertXMLToResponseObject(xml);

            // wrong response.Status.StatusCode.Value
            try
            {
                response.Status.StatusCode.Value = "urn:oasis:names:tc:SAML:2.0:status:Requester";
                bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
            }
            catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
            catch (Exception e) { Assert.Fail(e.Message); }               // not this kind of exception expected

            // wrong response.Issuer
            try
            {
                response.Issuer = "wrongIssuer";
                bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
            }
            catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
            catch (Exception e) { Assert.Fail(e.Message); }               // not this kind of exception expected

            // wrong x509 certificate
            try
            {
                response.Signature.KeyInfo.X509Data.X509Certificate = response.Signature.KeyInfo.X509Data.X509Certificate + "s";
                bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
            }
            catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
            catch (Exception e) { Assert.Fail(e.Message); }               // not this kind of exception expected

            // response was changed / attack
            try
            {
                string attackedXML = ReadFile("ChangedSamlResponseSimpleSamlPHP.xml");

                response.Signature.KeyInfo.X509Data.X509Certificate = response.Signature.KeyInfo.X509Data.X509Certificate + "s";
                bool isValid = validator.ValidateResponse(response, attackedXML, entityDescriptor, authnRequest, false);
            }
            catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
            catch (Exception e) { Assert.Fail(e.Message); }               // not this kind of exception expected

            // wrong response.Destination
            try
            {
                response.Destination = "newdesinationaddress.com";
                bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
            }
            catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
            catch (Exception e) { Assert.Fail(e.Message); }               // not this kind of exception expected

            // wrong response.Assertion.Conditions.AudienceRestriction.Audience -> issuer
            try
            {
                response.Assertion.Conditions.AudienceRestriction.Audience = "otherIssuer";
                bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
            }
            catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
            catch (Exception e) { Assert.Fail(e.Message); }               // not this kind of exception expected

            // wrong response.InResponseTo
            try
            {
                response.InResponseTo = "InResponseTo";
                bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
            }
            catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
            catch (Exception e) { Assert.Fail(e.Message); }               // not this kind of exception expected

            // wrong response.Assertion.Subject.SubjectConfirmation.Method
            try
            {
                response.Assertion.Subject.SubjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
                bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
            }
            catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
            catch (Exception e) { Assert.Fail(e.Message); }               // not this kind of exception expected
        }