public void ThrowsExceptionWhenAuthnContextAuthenticatingAuthorityUriInvalid()
{
// Arrange
var statement = new AuthnStatement
{
AuthnInstant = DateTime.UtcNow,
SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1)
};
statement.AuthnContext = new AuthnContext
{
AuthenticatingAuthority = new[]
{
"urn:aksdlfj",
"urn/invalid"
},
Items = new object[]
{
"urn:a:valid.uri:string",
"http://another/valid/uri.string"
},
ItemsElementName = new[]
{
AuthnContextType.AuthnContextClassRef,
AuthnContextType.AuthnContextDeclRef
}
};
var validator = new Saml20StatementValidator();
// Act
validator.ValidateStatement(statement);
}
/// <summary>
/// Validate <c>AuthnStatement</c>.
/// </summary>
/// <remarks>
/// [SAML2.0 standard] section 2.7.2
/// </remarks>
/// <param name="statement">The statement.</param>
private void ValidateAuthnStatement(AuthnStatement statement)
{
if (statement.AuthnInstant == null)
{
throw new Saml20FormatException("AuthnStatement MUST have an AuthnInstant attribute");
}
if (!Saml20Utils.ValidateOptionalString(statement.SessionIndex))
{
throw new Saml20FormatException("SessionIndex attribute of AuthnStatement must contain at least one non-whitespace character");
}
if (statement.SubjectLocality != null)
{
if (!Saml20Utils.ValidateOptionalString(statement.SubjectLocality.Address))
{
throw new Saml20FormatException("Address attribute of SubjectLocality must contain at least one non-whitespace character");
}
if (!Saml20Utils.ValidateOptionalString(statement.SubjectLocality.DNSName))
{
throw new Saml20FormatException("DNSName attribute of SubjectLocality must contain at least one non-whitespace character");
}
}
ValidateAuthnContext(statement.AuthnContext);
}
public void ThrowsExceptionWhenAuthnContextNull()
{
// Arrange
var statement = new AuthnStatement
{
AuthnInstant = DateTime.UtcNow,
SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1)
};
var validator = new Saml20StatementValidator();
// Act
validator.ValidateStatement(statement);
}
public void ThrowsExceptionWhenAuthnInstantNull()
{
// Arrange
var statement = new AuthnStatement();
var validator = new Saml20StatementValidator();
statement.AuthnInstant = null;
// Act
validator.ValidateStatement(statement);
}
public void ThrowsExceptionWhenAuthnContextItemsEmpty()
{
// Arrange
var statement = new AuthnStatement
{
AuthnInstant = DateTime.UtcNow,
SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1)
};
statement.AuthnContext = new AuthnContext
{
Items = new List<object>().ToArray(),
ItemsElementName = new List<AuthnContextType>().ToArray()
};
var validator = new Saml20StatementValidator();
// Act
validator.ValidateStatement(statement);
}
public void ThrowsExceptionWhenAuthnContextHasMoreThanTwoItems()
{
// Arrange
var statement = new AuthnStatement
{
AuthnInstant = DateTime.UtcNow,
SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1)
};
statement.AuthnContext = new AuthnContext
{
Items = new object[]
{
"urn:a.valid.uri:string",
"urn:a.valid.uri:string",
"urn:a.valid.uri:string"
},
ItemsElementName = new[]
{
AuthnContextType.AuthnContextDeclRef,
AuthnContextType.AuthnContextDeclRef,
AuthnContextType.AuthnContextDeclRef
}
};
var validator = new Saml20StatementValidator();
// Act
validator.ValidateStatement(statement);
}
public void ThrowsExceptionWhenAuthnContextAuthnContextDeclInvalid()
{
// Arrange
var statement = new AuthnStatement
{
AuthnInstant = DateTime.UtcNow,
SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1)
};
statement.AuthnContext = new AuthnContext
{
Items = new object[]
{
new AuthnStatement()
},
ItemsElementName = new[]
{
AuthnContextType.AuthnContextDecl
}
};
var validator = new Saml20StatementValidator();
// Act
validator.ValidateStatement(statement);
}
/// <summary>
/// Assembles our basic test assertion
/// </summary>
/// <returns>The <see cref="Assertion"/>.</returns>
public static Assertion GetBasicAssertion()
{
var assertion = new Assertion
{
Issuer = new NameId(),
Id = "_b8977dc86cda41493fba68b32ae9291d",
IssueInstant = DateTime.UtcNow,
Version = "2.0"
};
assertion.Issuer.Value = GetBasicIssuer();
assertion.Subject = new Subject();
var subjectConfirmation = new SubjectConfirmation
{
Method = SubjectConfirmation.BearerMethod,
SubjectConfirmationData =
new SubjectConfirmationData
{
NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0),
Recipient = "http://borger.dk"
}
};
assertion.Subject.Items = new object[] { subjectConfirmation };
assertion.Conditions = new Conditions { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0) };
var audienceRestriction = new AudienceRestriction { Audience = GetAudiences().Select(u => u.ToString()).ToList() };
assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
AuthnStatement authnStatement;
{
authnStatement = new AuthnStatement();
assertion.Items = new StatementAbstract[] { authnStatement };
authnStatement.AuthnInstant = new DateTime(2008, 1, 8);
authnStatement.SessionIndex = "70225885";
authnStatement.AuthnContext = new AuthnContext
{
Items = new object[]
{
"urn:oasis:names:tc:SAML:2.0:ac:classes:X509",
"http://www.safewhere.net/authncontext/declref"
},
ItemsElementName = new[]
{
AuthnContextType.AuthnContextClassRef,
AuthnContextType.AuthnContextDeclRef
}
};
}
AttributeStatement attributeStatement;
{
attributeStatement = new AttributeStatement();
var surName = new SamlAttribute
{
FriendlyName = "SurName",
Name = "urn:oid:2.5.4.4",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "Fry" }
};
var commonName = new SamlAttribute
{
FriendlyName = "CommonName",
Name = "urn:oid:2.5.4.3",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "Philip J. Fry" }
};
var userName = new SamlAttribute
{
Name = "urn:oid:0.9.2342.19200300.100.1.1",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "fry" }
};
var email = new SamlAttribute
{
FriendlyName = "Email",
Name = "urn:oid:0.9.2342.19200300.100.1.3",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "*****@*****.**" }
};
attributeStatement.Items = new object[] { surName, commonName, userName, email };
}
assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };
return assertion;
}
public void ThrowsExceptionWhenAuthnStatementSessionNotOnOrAfterInPast()
{
// Arrange
var assertion = AssertionUtil.GetBasicAssertion();
var statements = new List<StatementAbstract>(assertion.Items);
var authnStatement = new AuthnStatement
{
AuthnInstant = DateTime.UtcNow,
SessionNotOnOrAfter = DateTime.UtcNow.AddHours(-1)
};
statements.Add(authnStatement);
assertion.Items = statements.ToArray();
var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);
// Act
validator.ValidateTimeRestrictions(assertion, new TimeSpan());
}
