public void ThrowsExceptionWhenTimeRestrictionNotOnOrAfterNow()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
// Test with NotOnOrAfter that pre-dates now
assertion.Conditions.NotBefore = null;
assertion.Conditions.NotOnOrAfter = DateTime.UtcNow;
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateTimeRestrictions(assertion, new TimeSpan()), "Conditions.NotOnOrAfter must not be in the past");
}
public void ThrowsExceptionWhenTimeRestrictionNotOnOrAfterYesterday()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
// Test with NotOnOrAfter that pre-dates now
assertion.Conditions.NotBefore = null;
assertion.Conditions.NotOnOrAfter = DateTime.UtcNow.AddDays(-1);
// Act
validator.ValidateTimeRestrictions(assertion, new TimeSpan());
}
public void ValidatesTimeRestrictionNotBeforeNow()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
// Test with NotBefore that pre-dates now
assertion.Conditions.NotBefore = DateTime.UtcNow;
assertion.Conditions.NotOnOrAfter = null;
// Act
validator.ValidateAssertion(assertion);
}
public void ThrowsExceptionWhenTimeRestrictionNotBeforeIsInvalid()
{
// Arrange
// Test with NotBefore that post-dates now
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
assertion.Conditions.NotBefore = DateTime.Now.AddDays(1);
assertion.Conditions.NotOnOrAfter = null;
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateTimeRestrictions(assertion, new TimeSpan()), "Conditions.NotBefore must not be in the future");
}
public void ThrowsExceptionWhenAudienceRestrictionDoesNotMatch()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var allowedAudienceUris = new List <string>
{
"uri:lalal"
};
var validator = new Saml20AssertionValidator(allowedAudienceUris, false);
// Act
validator.ValidateAssertion(assertion);
}
public void ThrowsExceptionWhenAudienceRestrictionDoesNotMatch()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var allowedAudienceUris = new List <string>
{
"uri:lalal"
};
var validator = new Saml20AssertionValidator(allowedAudienceUris, false);
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "The service is not configured to meet the given audience restrictions");
}
//ExpectedMessage = "Assertion element must have an issuer element."
public void ThrowsExceptionWhenIssuerNull()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
assertion.Issuer = null;
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
// Act
Assert.Throws(typeof(Saml20FormatException), () =>
{
validator.ValidateAssertion(assertion, true);
});
}
public void ThrowsExceptionWhenAudienceRestrictionAudienceFormatIsInvalid()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var audienceRestriction = new AudienceRestriction
{
Audience = new List <string>(new[] { "malformed uri" })
};
assertion.Conditions.Items = new List <ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
// Act
validator.ValidateAssertion(assertion);
}
public void ThrowsExceptionWhenAudienceRestrictionAudienceFormatIsInvalid()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var audienceRestriction = new AudienceRestriction
{
Audience = new List <string>(new[] { "malformed uri" })
};
assertion.Conditions.Items = new List <ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Audience element has value which is not a wellformed absolute uri");
}
//ExpectedMessage = "The service is not configured to meet the given audience restrictions"
public void ThrowsExceptionWhenAudienceRestrictionDoesNotMatch()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var allowedAudienceUris = new List <Uri>
{
new Uri("uri:lalal")
};
var validator = new Saml20AssertionValidator(allowedAudienceUris, false);
// Act
Assert.Throws(typeof(Saml20FormatException), () =>
{
validator.ValidateAssertion(assertion, true);
});
}
public void ThrowsExceptionWhenThereAreMultipleProxyRestriction()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var conditions = new List <ConditionAbstract>
{
new ProxyRestriction(),
new ProxyRestriction()
};
conditions.AddRange(assertion.Conditions.Items);
assertion.Conditions.Items = conditions;
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Assertion contained more than one condition of type ProxyRestriction");
}
public void ThrowsExceptionWhenThereAreMultipleProxyRestriction()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var conditions = new List <ConditionAbstract>
{
new ProxyRestriction(),
new ProxyRestriction()
};
conditions.AddRange(assertion.Conditions.Items);
assertion.Conditions.Items = conditions;
// Act
validator.ValidateAssertion(assertion);
}
public void ThrowsExceptionWhenProxyRestrictionCountIsNegative()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var conditions = new List <ConditionAbstract>
{
new ProxyRestriction {
Count = "-1"
}
};
conditions.AddRange(assertion.Conditions.Items);
assertion.Conditions.Items = conditions;
// Act
validator.ValidateAssertion(assertion, true);
}
public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var audienceConditions = new List <ConditionAbstract>(assertion.Conditions.Items);
var audienceRestriction = new AudienceRestriction
{
Audience = new List <string>(new[] { "http://well/formed.uri" })
};
audienceConditions.Add(audienceRestriction);
assertion.Conditions.Items = audienceConditions;
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "The service is not configured to meet the given audience restrictions");
}
public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var audienceConditions = new List <ConditionAbstract>(assertion.Conditions.Items);
var audienceRestriction = new AudienceRestriction
{
Audience = new List <string>(new[] { "http://well/formed.uri" })
};
audienceConditions.Add(audienceRestriction);
assertion.Conditions.Items = audienceConditions;
// Act
validator.ValidateAssertion(assertion);
}
public void ThrowsExceptionWhenAuthnStatementSessionNotOnOrAfterInPast()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var statements = new List <StatementAbstract>(assertion.Items);
var authnStatement = new AuthnStatement
{
AuthnInstant = DateTime.UtcNow,
SessionNotOnOrAfter = DateTime.UtcNow.AddHours(-1)
};
statements.Add(authnStatement);
assertion.Items = statements.ToArray();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
// Act
validator.ValidateTimeRestrictions(assertion, new TimeSpan());
}
public void ThrowsExceptionWhenProxyRestrictionCountIsNegative()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var conditions = new List <ConditionAbstract>
{
new ProxyRestriction {
Count = "-1"
}
};
conditions.AddRange(assertion.Conditions.Items);
assertion.Conditions.Items = conditions;
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Count attribute of ProxyRestriction MUST BE a non-negative integer");
}
public void ValidatesProxyRestrictionCount()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var conditions = new List <ConditionAbstract>
{
new ProxyRestriction {
Count = "1"
}
};
conditions.AddRange(assertion.Conditions.Items);
assertion.Conditions.Items = conditions;
// Act
validator.ValidateAssertion(assertion);
}
public void ValidatesAudienceRestrictionWithMultipleAudienceRestrictions()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var audienceConditions = new List <ConditionAbstract>(assertion.Conditions.Items);
var audienceRestriction = new AudienceRestriction
{
Audience = new List <string>(new[] { "urn:borger.dk:id" })
};
audienceConditions.Add(audienceRestriction);
assertion.Conditions.Items = audienceConditions;
// Act
validator.ValidateAssertion(assertion);
}
public void ValidatesProxyRestrictionAudience()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var conditions = new List <ConditionAbstract>
{
new ProxyRestriction
{
Audience = new[] { "urn:a.wellformed:uri", "http://another/wellformed/uri" }
}
};
conditions.AddRange(assertion.Conditions.Items);
assertion.Conditions.Items = conditions;
// Act
validator.ValidateAssertion(assertion);
}
public void ThrowsExceptionWhenProxyRestrictionAudienceIsInvalid()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var conditions = new List <ConditionAbstract>
{
new ProxyRestriction
{
Audience = new[] { "urn:a.wellformed:uri", "http://another/wellformed/uri", "a malformed uri" }
}
};
conditions.AddRange(assertion.Conditions.Items);
assertion.Conditions.Items = conditions;
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "ProxyRestriction Audience MUST BE a wellformed uri");
}
//ExpectedMessage = "Assertion contained more than one condition of type OneTimeUse"
public void ThrowsExceptionWhenThereAreMultipleOneTimeUse()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var conditions = new List <ConditionAbstract>
{
new OneTimeUse(),
new OneTimeUse()
};
conditions.AddRange(assertion.Conditions.Items);
assertion.Conditions.Items = conditions;
// Act
Assert.Throws(typeof(Saml20FormatException), () =>
{
validator.ValidateAssertion(assertion, true);
});
}
