public void ValidatesTimeRestrictionNotSpecified() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); assertion.Conditions.NotBefore = null; assertion.Conditions.NotOnOrAfter = null; // Act validator.ValidateAssertion(assertion); }
//ExpectedMessage = "The service is not configured to meet any audience restrictions" public void ThrowsExceptionWhenAudienceRestrictionIsNotConfigured() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(null, false); // Act Assert.Throws(typeof(Saml20FormatException), () => { validator.ValidateAssertion(assertion, true); }); }
public void ThrowsExceptionWhenWrongVersion() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); assertion.Version = "60"; var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Wrong value of version attribute on Assertion element"); }
public void ThrowsExceptionWhenIssuerNull() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); assertion.Issuer = null; var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Assertion element must have an issuer element."); }
public void ValidatesTimeRestrictionBothNotBeforeAndNotOnOrAfter() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); assertion.Conditions.NotBefore = DateTime.UtcNow.AddDays(-1); assertion.Conditions.NotOnOrAfter = DateTime.UtcNow.AddDays(1); // Act validator.ValidateAssertion(assertion, true); }
public void ThrowsExceptionWhenIssuerFormatInvalid() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); assertion.Issuer.Format = "a non wellformed uri"; var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "NameID element has Format attribute which is not a wellformed absolute uri."); }
public void ValidatesTimeRestrictionNotOnOrAfterTomorrow() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Test with NotOnOrAfter that post-dates now assertion.Conditions.NotBefore = null; assertion.Conditions.NotOnOrAfter = DateTime.UtcNow.AddDays(1); // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenAudienceRestrictionDoesNotMatch() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var allowedAudienceUris = new List <string> { "uri:lalal" }; var validator = new Saml20AssertionValidator(allowedAudienceUris, false); // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "The service is not configured to meet the given audience restrictions"); }
public void ThrowsExceptionWhenAudienceRestrictionDoesNotMatch() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var allowedAudienceUris = new List <Uri> { new Uri("uri:lalal") }; var validator = new Saml20AssertionValidator(allowedAudienceUris, false); // Act validator.ValidateAssertion(assertion); }
//ExpectedMessage = "Assertion element must have an issuer element." public void ThrowsExceptionWhenIssuerNull() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); assertion.Issuer = null; var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Act Assert.Throws(typeof(Saml20FormatException), () => { validator.ValidateAssertion(assertion, true); }); }
public void ThrowsExceptionWhenAudienceRestrictionAudienceFormatIsInvalid() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "malformed uri" }) }; assertion.Conditions.Items = new List <ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenAudienceRestrictionAudienceFormatIsInvalid() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "malformed uri" }) }; assertion.Conditions.Items = new List <ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Audience element has value which is not a wellformed absolute uri"); }
public void ThrowsExceptionWhenThereAreMultipleProxyRestriction() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction(), new ProxyRestriction() }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenThereAreMultipleProxyRestriction() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction(), new ProxyRestriction() }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Assertion contained more than one condition of type ProxyRestriction"); }
public void ThrowsExceptionWhenProxyRestrictionCountIsNegative() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Count = "-1" } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Count attribute of ProxyRestriction MUST BE a non-negative integer"); }
public void ValidatesProxyRestrictionCount() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Count = "1" } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act validator.ValidateAssertion(assertion); }
public void ValidatesAudienceRestrictionWithMultipleAudienceRestrictions() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceConditions = new List <ConditionAbstract>(assertion.Conditions.Items); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "urn:borger.dk:id" }) }; audienceConditions.Add(audienceRestriction); assertion.Conditions.Items = audienceConditions; // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceConditions = new List <ConditionAbstract>(assertion.Conditions.Items); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "http://well/formed.uri" }) }; audienceConditions.Add(audienceRestriction); assertion.Conditions.Items = audienceConditions; // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenProxyRestrictionCountIsNegative() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Count = "-1" } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act validator.ValidateAssertion(assertion, true); }
public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceConditions = new List <ConditionAbstract>(assertion.Conditions.Items); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "http://well/formed.uri" }) }; audienceConditions.Add(audienceRestriction); assertion.Conditions.Items = audienceConditions; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "The service is not configured to meet the given audience restrictions"); }
public void ValidatesProxyRestrictionAudience() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Audience = new[] { "urn:a.wellformed:uri", "http://another/wellformed/uri" } } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenProxyRestrictionAudienceIsInvalid() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Audience = new[] { "urn:a.wellformed:uri", "http://another/wellformed/uri", "a malformed uri" } } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "ProxyRestriction Audience MUST BE a wellformed uri"); }
//ExpectedMessage = "Assertion contained more than one condition of type OneTimeUse" public void ThrowsExceptionWhenThereAreMultipleOneTimeUse() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new OneTimeUse(), new OneTimeUse() }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act Assert.Throws(typeof(Saml20FormatException), () => { validator.ValidateAssertion(assertion, true); }); }