public void ThrowsExceptionWhenSubjectConfirmationHasWrongMethod()
{
// Arrange
var subjectConfirmation = new SubjectConfirmation { Method = "malformed uri" };
var validator = new Saml20SubjectConfirmationValidator();
// Act
validator.ValidateSubjectConfirmation(subjectConfirmation);
}
public void ThrowsExceptionWhenSubjectConfirmationDataDoesNotContainKeyInfo()
{
// Arrange
var subjectConfirmation = new SubjectConfirmation
{
Method = Saml20Constants.SubjectConfirmationMethods.HolderOfKey,
SubjectConfirmationData = new SubjectConfirmationData()
};
var validator = new Saml20SubjectConfirmationValidator();
// Act
validator.ValidateSubjectConfirmation(subjectConfirmation);
}
/// <summary>
/// Validates the subject confirmation.
/// </summary>
/// <param name="subjectConfirmation">The subject confirmation.</param>
public void ValidateSubjectConfirmation(SubjectConfirmation subjectConfirmation)
{
if (subjectConfirmation == null)
{
throw new ArgumentNullException("subjectConfirmation");
}
if (!Saml20Utils.ValidateRequiredString(subjectConfirmation.Method))
{
throw new Saml20FormatException("Method attribute of SubjectConfirmation MUST contain at least one non-whitespace character");
}
if (!Uri.IsWellFormedUriString(subjectConfirmation.Method, UriKind.Absolute))
{
throw new Saml20FormatException("SubjectConfirmation element has Method attribute which is not a wellformed absolute uri.");
}
if (subjectConfirmation.Method == Saml20Constants.SubjectConfirmationMethods.HolderOfKey)
{
_keyInfoValidator.ValidateKeyInfo(subjectConfirmation.SubjectConfirmationData);
}
if (subjectConfirmation.Item != null)
{
if (subjectConfirmation.Item is NameId)
{
_nameIdValidator.ValidateNameId((NameId)subjectConfirmation.Item);
}
else if (subjectConfirmation.Item is EncryptedElement)
{
_nameIdValidator.ValidateEncryptedId((EncryptedElement)subjectConfirmation.Item);
}
else
{
throw new Saml20FormatException(string.Format("Identifier of type {0} is not supported for SubjectConfirmation", subjectConfirmation.Item.GetType()));
}
}
else if (subjectConfirmation.SubjectConfirmationData != null)
{
_subjectConfirmationDataValidator.ValidateSubjectConfirmationData(subjectConfirmation.SubjectConfirmationData);
}
}
/// <summary>
/// Assembles our basic test assertion
/// </summary>
/// <returns>The <see cref="Assertion"/>.</returns>
public static Assertion GetBasicAssertion()
{
var assertion = new Assertion
{
Issuer = new NameId(),
Id = "_b8977dc86cda41493fba68b32ae9291d",
IssueInstant = DateTime.UtcNow,
Version = "2.0"
};
assertion.Issuer.Value = GetBasicIssuer();
assertion.Subject = new Subject();
var subjectConfirmation = new SubjectConfirmation
{
Method = SubjectConfirmation.BearerMethod,
SubjectConfirmationData =
new SubjectConfirmationData
{
NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0),
Recipient = "http://borger.dk"
}
};
assertion.Subject.Items = new object[] { subjectConfirmation };
assertion.Conditions = new Conditions { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0) };
var audienceRestriction = new AudienceRestriction { Audience = GetAudiences().Select(u => u.ToString()).ToList() };
assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
AuthnStatement authnStatement;
{
authnStatement = new AuthnStatement();
assertion.Items = new StatementAbstract[] { authnStatement };
authnStatement.AuthnInstant = new DateTime(2008, 1, 8);
authnStatement.SessionIndex = "70225885";
authnStatement.AuthnContext = new AuthnContext
{
Items = new object[]
{
"urn:oasis:names:tc:SAML:2.0:ac:classes:X509",
"http://www.safewhere.net/authncontext/declref"
},
ItemsElementName = new[]
{
AuthnContextType.AuthnContextClassRef,
AuthnContextType.AuthnContextDeclRef
}
};
}
AttributeStatement attributeStatement;
{
attributeStatement = new AttributeStatement();
var surName = new SamlAttribute
{
FriendlyName = "SurName",
Name = "urn:oid:2.5.4.4",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "Fry" }
};
var commonName = new SamlAttribute
{
FriendlyName = "CommonName",
Name = "urn:oid:2.5.4.3",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "Philip J. Fry" }
};
var userName = new SamlAttribute
{
Name = "urn:oid:0.9.2342.19200300.100.1.1",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "fry" }
};
var email = new SamlAttribute
{
FriendlyName = "Email",
Name = "urn:oid:0.9.2342.19200300.100.1.3",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "*****@*****.**" }
};
attributeStatement.Items = new object[] { surName, commonName, userName, email };
}
assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };
return assertion;
}
public void ValidatesSubjectConfirmationData_Method_HolderOfKey_Valid()
{
// Arrange
var subjectConfirmation = new SubjectConfirmation
{
Method = Saml20Constants.SubjectConfirmationMethods.HolderOfKey,
SubjectConfirmationData = new SubjectConfirmationData()
};
var doc = new XmlDocument();
var elem = doc.CreateElement("ds", "KeyInfo", Saml20Constants.Xmldsig);
elem.AppendChild(doc.CreateElement("lalala"));
subjectConfirmation.SubjectConfirmationData.AnyElements = new[] { elem };
var validator = new Saml20SubjectConfirmationValidator();
// Act
validator.ValidateSubjectConfirmation(subjectConfirmation);
}