public void ThrowsExceptionWhenIssueInstantNull()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                assertion.IssueInstant = null;

                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ThrowsExceptionWhenIssuerFormatInvalid()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                assertion.Issuer.Format = "a non wellformed uri";

                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ValidatesAudienceRestrictionWithSeveralAudiences()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                foreach (var audienceCondition in assertion.Conditions.Items)
                {
                    if (!(audienceCondition is AudienceRestriction))
                    {
                        continue;
                    }

                    var audienceRestriction = (AudienceRestriction)audienceCondition;
                    var audiences = new List<string>(audienceRestriction.Audience) { "http://well/formed.uri" };
                    audienceRestriction.Audience = audiences;
                    break;
                }

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ValidatesAudienceRestrictionWithMultipleAudienceRestrictions()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var audienceConditions = new List<ConditionAbstract>(assertion.Conditions.Items);
                var audienceRestriction = new AudienceRestriction
                                              {
                                                  Audience = new List<string>(new[] { "urn:borger.dk:id" })
                                              };
                audienceConditions.Add(audienceRestriction);

                assertion.Conditions.Items = audienceConditions;

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ThrowsExceptionWhenThereAreMultipleProxyRestriction()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var conditions = new List<ConditionAbstract>
                                     {
                                         new ProxyRestriction(),
                                         new ProxyRestriction()
                                     };
                conditions.AddRange(assertion.Conditions.Items);
                assertion.Conditions.Items = conditions;

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ThrowsExceptionWhenAudienceRestrictionIsNotConfigured()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(null, false);

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ThrowsExceptionWhenTimeRestrictionNotBeforeIsInvalid()
            {
                // Arrange
                // Test with NotBefore that post-dates now
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                assertion.Conditions.NotBefore = DateTime.Now.AddDays(1);
                assertion.Conditions.NotOnOrAfter = null;

                // Act
                validator.ValidateTimeRestrictions(assertion, new TimeSpan());
            }
            public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var audienceConditions = new List<ConditionAbstract>(assertion.Conditions.Items);
                var audienceRestriction = new AudienceRestriction
                                              {
                                                  Audience = new List<string>(new[] { "http://well/formed.uri" })
                                              };
                audienceConditions.Add(audienceRestriction);

                assertion.Conditions.Items = audienceConditions;

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ThrowsExceptionWhenAuthnStatementSessionNotOnOrAfterInPast()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var statements = new List<StatementAbstract>(assertion.Items);
                var authnStatement = new AuthnStatement
                                         {
                                             AuthnInstant = DateTime.UtcNow,
                                             SessionNotOnOrAfter = DateTime.UtcNow.AddHours(-1)
                                         };
                statements.Add(authnStatement);
                assertion.Items = statements.ToArray();

                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                // Act
                validator.ValidateTimeRestrictions(assertion, new TimeSpan());
            }
            public void ThrowsExceptionWhenTimeRestrictionNotOnOrAfterNow()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                // Test with NotOnOrAfter that pre-dates now
                assertion.Conditions.NotBefore = null;
                assertion.Conditions.NotOnOrAfter = DateTime.UtcNow;

                // Act
                validator.ValidateTimeRestrictions(assertion, new TimeSpan());
            }
            public void ValidatesTimeRestrictionNotSpecified()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                assertion.Conditions.NotBefore = null;
                assertion.Conditions.NotOnOrAfter = null;

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ValidatesTimeRestrictionNotOnOrAfterTomorrow()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                // Test with NotOnOrAfter that post-dates now
                assertion.Conditions.NotBefore = null;
                assertion.Conditions.NotOnOrAfter = DateTime.UtcNow.AddDays(1);

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ValidatesTimeRestrictionBothNotBeforeAndNotOnOrAfter()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                assertion.Conditions.NotBefore = DateTime.UtcNow.AddDays(-1);
                assertion.Conditions.NotOnOrAfter = DateTime.UtcNow.AddDays(1);

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ValidatesProxyRestrictionAudience()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var conditions = new List<ConditionAbstract>
                                     {
                                         new ProxyRestriction
                                             {
                                                 Audience = new[] { "urn:a.wellformed:uri", "http://another/wellformed/uri" }
                                             }
                                     };
                conditions.AddRange(assertion.Conditions.Items);
                assertion.Conditions.Items = conditions;

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ThrowsExceptionWhenAudienceRestrictionAudienceFormatIsInvalid()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var audienceRestriction = new AudienceRestriction
                                              {
                                                  Audience = new List<string>(new[] { "malformed uri" })
                                              };

                assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ValidatesProxyRestrictionCount()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var conditions = new List<ConditionAbstract>
                                     {
                                         new ProxyRestriction { Count = "1" }
                                     };
                conditions.AddRange(assertion.Conditions.Items);
                assertion.Conditions.Items = conditions;

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ThrowsExceptionWhenAudienceRestrictionDoesNotMatch()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var allowedAudienceUris = new List<Uri>
                                              {
                                                  new Uri("uri:lalal")
                                              };
                var validator = new Saml20AssertionValidator(allowedAudienceUris, false);

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ThrowsExceptionWhenWrongVersion()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                assertion.Version = "60";

                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ValidatesAssertion()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                // Act
                validator.ValidateAssertion(assertion);
            }