public void Validate_PlainTextNoEncryption()
{
var rst = RstFactory.Create(Constants.Realms.PlainTextNoEncryption);
var details = request.Analyze(rst, _alice);
request.Validate();
}
public void Validate_UnknownRealm()
{
var rst = RstFactory.Create(Constants.Realms.UnknownRealm);
var details = request.Analyze(rst, _alice);
// unknown realm
request.Validate();
}
public void Analyze_UnknownRealm()
{
var rst = RstFactory.Create(Constants.Realms.UnknownRealm);
var details = request.Analyze(rst, _alice);
// unknown realm
Assert.IsFalse(details.IsKnownRealm);
}
public void Analyze_AnonymousClientIdentity()
{
var rst = RstFactory.Create(Constants.Realms.UnknownRealm);
var details = request.Analyze(rst, PrincipalFactory.Create(Constants.Principals.Anonymous));
// unknown realm
Assert.IsFalse(details.IsKnownRealm);
}
public void Validate_DisabledRelyingParty()
{
var rst = RstFactory.Create(Constants.Realms.DisabledRP);
rst.TokenType = TokenTypes.SimpleWebToken;
var details = request.Analyze(rst, _alice);
request.Validate();
}
public void Validate_SymmetricSignatureNoSigningKey()
{
var rst = RstFactory.Create(Constants.Realms.PlainTextNoEncryption);
rst.TokenType = TokenTypes.SimpleWebToken;
var details = request.Analyze(rst, _alice);
request.Validate();
}
public void DetectCrossRealmRedirect()
{
var rst = RstFactory.Create(Constants.Realms.SslEncryption);
rst.ReplyTo = "http://foo/";
var details = request.Analyze(rst, _alice);
// make sure reply to is from configuration
Assert.IsFalse(details.IsReplyToFromConfiguration);
// reply to
Assert.IsFalse(details.ReplyToAddressIsWithinRealm);
Assert.AreEqual(rst.ReplyTo, details.ReplyToAddress.AbsoluteUri);
}
public void HonourReplyToForRegisteredRPwithoutReplyTo()
{
var rst = RstFactory.Create(Constants.Realms.SslEncryption);
rst.ReplyTo = Constants.Realms.SslEncryption + "subrealm/";
var details = request.Analyze(rst, _alice);
// make sure reply to is from configuration
Assert.IsFalse(details.IsReplyToFromConfiguration);
// reply to
Assert.IsTrue(details.ReplyToAddressIsWithinRealm);
Assert.AreEqual(rst.ReplyTo, details.ReplyToAddress.AbsoluteUri);
}
public void IgnoreReplyToForRegisteredRPwithReplyTo()
{
var rst = RstFactory.Create(Constants.Realms.ExplicitReplyTo);
rst.ReplyTo = "http://foo";
var details = request.Analyze(rst, _alice);
// make sure reply to is from configuration
Assert.IsTrue(details.IsReplyToFromConfiguration);
// reply to
Assert.IsTrue(details.ReplyToAddressIsWithinRealm);
Assert.AreEqual(rst.AppliesTo.Uri.AbsoluteUri, details.ReplyToAddress.AbsoluteUri);
}
public void Analyze_PlainTextNoEncryption()
{
var rst = RstFactory.Create(Constants.Realms.PlainTextNoEncryption);
var details = request.Analyze(rst, _alice);
// known realm, registered
Assert.IsTrue(details.IsKnownRealm);
Assert.AreEqual(rst.AppliesTo.Uri.AbsoluteUri, details.RelyingPartyRegistration.Realm.AbsoluteUri);
// reply to
Assert.IsTrue(details.ReplyToAddressIsWithinRealm);
Assert.AreEqual(rst.AppliesTo.Uri.AbsoluteUri, details.ReplyToAddress.AbsoluteUri);
// security settings
Assert.IsFalse(details.UsesSsl);
Assert.IsFalse(details.UsesEncryption);
}
