public void CheckTimeValidTest() { Saml2Serializer serializer = new Saml2Serializer(); SamlValidator validator = new SamlValidator(); Response response = serializer.ConvertXMLToResponseObject(ReadFile(xmlResponseFilename)); TimeZone localZone = TimeZone.CurrentTimeZone; DateTime actualTime = localZone.ToUniversalTime(DateTime.Now); try { // add a correct time to the response response.Assertion.Conditions.NotBefore = actualTime.AddSeconds(-20); response.Assertion.Conditions.NotOnOrAfter = actualTime.AddMinutes(5); response.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.NotOnOrAfter = actualTime.AddMinutes(5); response.IssueInstant = actualTime.AddSeconds(-20); response.Assertion.IssueInstant = actualTime.AddSeconds(-20); Assert.IsTrue(validator.CheckTime(response)); } catch (Exception e) { Assert.Fail(e.Message); } }
public void ValidateResponseWithoutTimeValidTest() { Saml2Serializer serializer = new Saml2Serializer(); SamlValidator validator = new SamlValidator(); string xml = Encoding.UTF8.GetString(Convert.FromBase64String(ReadFile(responseFilename))); EntityDescriptor entityDescriptor = serializer.ConvertXMLToEntityDescriptorObject(ReadFile(xmlMetadataFile)); AuthnRequest authnRequest = serializer.ConvertXMLToAuthnRequestObject(ReadFile(xmlAuthnRequestFile)); Response response = serializer.ConvertXMLToResponseObject(xml); bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); Assert.IsTrue(isValid); }
public void CheckTimeInvalidTest() { Saml2Serializer serializer = new Saml2Serializer(); SamlValidator validator = new SamlValidator(); Response response = serializer.ConvertXMLToResponseObject(ReadFile(xmlResponseFilename)); TimeZone localZone = TimeZone.CurrentTimeZone; DateTime actualTime = localZone.ToUniversalTime(DateTime.Now); // response.Assertion.Conditions.NotBefore is wrong try { response.Assertion.Conditions.NotBefore = actualTime.AddSeconds(20); response.Assertion.Conditions.NotOnOrAfter = actualTime.AddMinutes(5); response.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.NotOnOrAfter = actualTime.AddMinutes(5); response.IssueInstant = actualTime.AddSeconds(-20); response.Assertion.IssueInstant = actualTime.AddSeconds(-20); Assert.IsFalse(validator.CheckTime(response)); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // response.Assertion.Conditions.NotOnOrAfter is wrong try { response.Assertion.Conditions.NotBefore = actualTime.AddSeconds(-20); response.Assertion.Conditions.NotOnOrAfter = actualTime.AddMinutes(-20); response.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.NotOnOrAfter = actualTime.AddMinutes(5); response.IssueInstant = actualTime.AddSeconds(-20); response.Assertion.IssueInstant = actualTime.AddSeconds(-20); Assert.IsFalse(validator.CheckTime(response)); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // response.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.NotOnOrAfter is wrong try { response.Assertion.Conditions.NotBefore = actualTime.AddSeconds(-20); response.Assertion.Conditions.NotOnOrAfter = actualTime.AddMinutes(5); response.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.NotOnOrAfter = actualTime.AddMinutes(-20); response.IssueInstant = actualTime.AddSeconds(-20); response.Assertion.IssueInstant = actualTime.AddSeconds(-20); Assert.IsFalse(validator.CheckTime(response)); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // response.IssueInstant is wrong try { response.Assertion.Conditions.NotBefore = actualTime.AddSeconds(-20); response.Assertion.Conditions.NotOnOrAfter = actualTime.AddMinutes(5); response.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.NotOnOrAfter = actualTime.AddMinutes(5); response.IssueInstant = actualTime.AddSeconds(20); response.Assertion.IssueInstant = actualTime.AddSeconds(-20); Assert.IsFalse(validator.CheckTime(response)); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // response.Assertion.IssueInstant is wrong try { response.Assertion.Conditions.NotBefore = actualTime.AddSeconds(-20); response.Assertion.Conditions.NotOnOrAfter = actualTime.AddMinutes(5); response.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.NotOnOrAfter = actualTime.AddMinutes(5); response.IssueInstant = actualTime.AddSeconds(-20); response.Assertion.IssueInstant = actualTime.AddSeconds(20); Assert.IsFalse(validator.CheckTime(response)); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected }
public void ValidateResponseWithoutTimeInvalidTest() { Saml2Serializer serializer = new Saml2Serializer(); SamlValidator validator = new SamlValidator(); string xml = ReadFile(xmlResponseFilename); EntityDescriptor entityDescriptor = serializer.ConvertXMLToEntityDescriptorObject(ReadFile(xmlMetadataFile)); AuthnRequest authnRequest = serializer.ConvertXMLToAuthnRequestObject(ReadFile(xmlAuthnRequestFile)); Response response = serializer.ConvertXMLToResponseObject(xml); // wrong response.Status.StatusCode.Value try { response.Status.StatusCode.Value = "urn:oasis:names:tc:SAML:2.0:status:Requester"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.Issuer try { response.Issuer = "wrongIssuer"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong x509 certificate try { response.Signature.KeyInfo.X509Data.X509Certificate = response.Signature.KeyInfo.X509Data.X509Certificate + "s"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // response was changed / attack try { string attackedXML = ReadFile("ChangedSamlResponseSimpleSamlPHP.xml"); response.Signature.KeyInfo.X509Data.X509Certificate = response.Signature.KeyInfo.X509Data.X509Certificate + "s"; bool isValid = validator.ValidateResponse(response, attackedXML, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.Destination try { response.Destination = "newdesinationaddress.com"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.Assertion.Conditions.AudienceRestriction.Audience -> issuer try { response.Assertion.Conditions.AudienceRestriction.Audience = "otherIssuer"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.InResponseTo try { response.InResponseTo = "InResponseTo"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.Assertion.Subject.SubjectConfirmation.Method try { response.Assertion.Subject.SubjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected }