public void ValidateResponseWithoutTimeValidTest()
{
Saml2Serializer serializer = new Saml2Serializer();
SamlValidator validator = new SamlValidator();
string xml = Encoding.UTF8.GetString(Convert.FromBase64String(ReadFile(responseFilename)));
EntityDescriptor entityDescriptor = serializer.ConvertXMLToEntityDescriptorObject(ReadFile(xmlMetadataFile));
AuthnRequest authnRequest = serializer.ConvertXMLToAuthnRequestObject(ReadFile(xmlAuthnRequestFile));
Response response = serializer.ConvertXMLToResponseObject(xml);
bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
Assert.IsTrue(isValid);
}
/// <summary>
/// Loads the xml metadata file from the defined MetadataFilePath in the MetadataController
/// </summary>
/// <param name="issuerName">the name of the file</param>
/// <param name="metadataDirectory">directory where the metadata files where stored</param>
/// <returns>Converts the metadata file content to an EntityDescriptor (which the file is) or an exception</returns>
private EntityDescriptor LoadMetadataFile(string issuerName, string metadataDirectory)
{
try
{
//string metadataDirectoryPath = ConfigurationManager.AppSettings.Get("MetadataDirectoryPath");
string xml = metadataController.ReadFile(issuerName, metadataDirectory, true);
if (xml == "")
{
throw new SamlCommunicationException("metadata-" + issuerName + ".xml is empty", SamlCommunicationType.SAMLCOMMUNICATION);
}
return(serializer.ConvertXMLToEntityDescriptorObject(xml));
}
catch (Exception e)
{
throw new SamlCommunicationException("Could not read metadata file.", e, SamlCommunicationType.SAMLCOMMUNICATION);
}
}
public void ValidateResponseWithoutTimeInvalidTest()
{
Saml2Serializer serializer = new Saml2Serializer();
SamlValidator validator = new SamlValidator();
string xml = ReadFile(xmlResponseFilename);
EntityDescriptor entityDescriptor = serializer.ConvertXMLToEntityDescriptorObject(ReadFile(xmlMetadataFile));
AuthnRequest authnRequest = serializer.ConvertXMLToAuthnRequestObject(ReadFile(xmlAuthnRequestFile));
Response response = serializer.ConvertXMLToResponseObject(xml);
// wrong response.Status.StatusCode.Value
try
{
response.Status.StatusCode.Value = "urn:oasis:names:tc:SAML:2.0:status:Requester";
bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
}
catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected
// wrong response.Issuer
try
{
response.Issuer = "wrongIssuer";
bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
}
catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected
// wrong x509 certificate
try
{
response.Signature.KeyInfo.X509Data.X509Certificate = response.Signature.KeyInfo.X509Data.X509Certificate + "s";
bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
}
catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected
// response was changed / attack
try
{
string attackedXML = ReadFile("ChangedSamlResponseSimpleSamlPHP.xml");
response.Signature.KeyInfo.X509Data.X509Certificate = response.Signature.KeyInfo.X509Data.X509Certificate + "s";
bool isValid = validator.ValidateResponse(response, attackedXML, entityDescriptor, authnRequest, false);
}
catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected
// wrong response.Destination
try
{
response.Destination = "newdesinationaddress.com";
bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
}
catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected
// wrong response.Assertion.Conditions.AudienceRestriction.Audience -> issuer
try
{
response.Assertion.Conditions.AudienceRestriction.Audience = "otherIssuer";
bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
}
catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected
// wrong response.InResponseTo
try
{
response.InResponseTo = "InResponseTo";
bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
}
catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected
// wrong response.Assertion.Subject.SubjectConfirmation.Method
try
{
response.Assertion.Subject.SubjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false);
}
catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test
catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected
}
