public void TestSignAndValidateNotTrusted() { GenericCredentialVault vault = new GenericCredentialVault(); //Add test certificate to vault X509Certificate2 newCert = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\FOCES_gyldig.p12", "Test1234"); var cert2 = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\VOCES_gyldig.p12", "Test1234"); cert2.FriendlyName = vault.ALIAS_SYSTEM; vault.AddTrustedCertificate(cert2); var ass = AssertionMaker.MakeAssertionForSTS(newCert); var signedAss = SealUtilities.SignAssertion(ass, newCert); var signedXml = Serialize(signedAss); try { SignatureUtil.Validate(signedXml.Root, null, vault, true, true); } catch (Exception e) { //Assert.IsInstanceOfType(e, typeof(ModelException)); } }
public void TestDirectCall() { //Test mod lokal FMK service med lokal genereret SOSI kort var client = new proxy.MedicineCardPortTypeClient("localFMK"); var ass = SealUtilities.SignAssertion(AssertionMaker.MakeAssertion(), Global.MocesCprGyldig); client.GetMedicineCard_20120101(MakeSecurity(ass), MakeHeader()); }
public SealCard GetIdCard() { if (!IsIdCardValid(_idCard)) { var rsc = SealCard.Create(MakeAssertionForSts(_userCertificate)); _idCard = SealUtilities.SignIn(rsc, _issuer, _stsUrl); } return(_idCard); }
public void TestIDcard_Does_not_change_whiteSpace() { var localSealCard = SealCard.Create(AssertionMaker.MakeAssertionForSTS(Global.MocesCprGyldig)); var sosiCardSTS = SealUtilities.SignIn(localSealCard, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService); CallNts(sosiCardSTS); Assert.IsTrue(SealUtilities.CheckAssertionSignature(localSealCard.Xassertion)); Assert.IsTrue(SealUtilities.CheckAssertionSignature(sosiCardSTS.Xassertion)); }
public void TestAssertionSign() { var ass = SealUtilities.SignAssertion(AssertionMaker.MakeAssertion(), Global.MocesCprGyldig); Assert.IsTrue(SealUtilities.CheckAssertionSignature(ass)); var sec = MakeSecurity(AssertionMaker.MakeAssertion()); sec = SealUtilities.SignAssertion(sec, Global.MocesCprGyldig); Assert.IsTrue(SealUtilities.CheckAssertionSignature(sec)); }
public void TestSTSogFMKAssertionAsType() { //Seal kort oprettes //FMK kaldes //Assertion overføres typestærkt var rsc = SealCard.Create(AssertionMaker.MakeAssertionForSTS(Global.MocesCprGyldig)); var sc = SealUtilities.SignIn(rsc, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService); var client = new proxy.MedicineCardPortTypeClient("localFMK"); client.GetMedicineCard_20120101(MakeSecurity(sc.GetAssertion <proxy.Assertion>()), MakeHeader()); }
private bool SignAndValidate(X509Certificate2 cert, bool checkTrust, bool checkRevoked) { GenericCredentialVault vault = new GenericCredentialVault(); cert.FriendlyName = vault.ALIAS_SYSTEM; vault.AddTrustedCertificate(cert); var ass = AssertionMaker.MakeAssertionForSTS(cert); var signedAss = SealUtilities.SignAssertion(ass, cert); var signedXml = Serialize(signedAss); return(SignatureUtil.Validate(signedXml.Root, null, vault, checkTrust, checkRevoked)); }
public static SealCard ExchangeNemLoginAssertionForSosiSTSCard(string userAuthorizationCode, Saml2Assertion nemidAssertion) { using (var stsClient = new Saml2SosiStsClient("sts_OIOSaml2Sosi")) { //stsClient.ChannelFactory.Credentials.ClientCertificate.Certificate = Global.StatensSerumInstitutFoces; var healthContextAssertion = SealUtilities.MakeHealthContextAssertion( "Test Sundhed.dk", Global.StatensSerumInstitutFoces.SubjectName.Name, "Sygdom.dk", userAuthorizationCode); return(stsClient.ExchangeAssertion(nemidAssertion, healthContextAssertion, "http://sosi.dk")); } }
public void TestAssertionSign_new() { var factory = CreateSOSIFactory(Global.MocesCprGyldig); var uid = CreateMocesUserIdCard(factory); var ass = uid.Sign <dk.nsi.fmk.Assertion>(factory.SignatureProvider); Assert.IsTrue(SealUtilities.CheckAssertionSignature(ass)); var uid2 = CreateMocesUserIdCard(factory); var sec = MakeSecurity(uid2.GetAssertion <dk.nsi.fmk.Assertion>()); sec = SealUtilities.SignAssertion(sec, Global.MocesCprGyldig); Assert.IsTrue(SealUtilities.CheckAssertionSignature(sec)); }
public void TestSTSogFMKAssertionAsType_new() { //Seal kort oprettes //FMK kaldes //Assertion overføres typestærkt var factory = CreateSOSIFactory(Global.MocesCprGyldig); var uid = CreateIdCardForSTS(factory); uid.Sign <Assertion>(factory.SignatureProvider); var idc = SealUtilities.SignIn(uid, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService); var client = new proxy.MedicineCardPortTypeClient("localFMK"); client.GetMedicineCard_20120101(MakeSecurity(idc.GetAssertion <proxy.Assertion>()), MakeHeader()); }
/// <summary> /// Build the final response <code>Document</code>.<br /> /// Before the<code>Document</code> is generated all attributes will be validated.<br /> /// <br /> /// A<code> Document</code> is generated each time this method is called.Calling this method multiple times will therefore return multiple objects. /// </summary> /// <returns></returns> public override XDocument Build() { var document = CreateDocument(); SealUtilities.CheckAndSetSamlDsPreFix(document); NameSpaces.SetMissingNamespaces(document); if (SigningVault != null) { var signer = new SealSignedXml(document); var signedXml = signer.Sign(SigningVault.GetSystemCredentials()); var xDocument = XDocument.Parse(signedXml.OuterXml, LoadOptions.PreserveWhitespace); return(xDocument); } return(document); }
public void SosiFederationTest() { //Create factory SOSIFactory factory = CreateSOSIFactoryWithSosiFederation(Global.MocesCprGyldig); //Create IdCard UserIdCard idCard = CreateIdCardForSTS(factory); //Sign IdCard idCard.Sign <Assertion>(factory.SignatureProvider); UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService); //Assert that STS certificate fails due to mismatch in prefix/cvr Assert.Throws <ModelException>(delegate { idc.ValidateSignatureAndTrust(factory.Federation); }); }
public void IsTrustedStsCertificateTest() { //Create factory SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig); //Create IdCard UserIdCard idCard = CreateIdCardForSTS(factory); //Sign IdCard idCard.Sign <Assertion>(factory.SignatureProvider); UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService); //Assert that STS certificate goes through Assert.DoesNotThrow(delegate { idc.ValidateSignatureAndTrust(factory.Federation); }); }
public void TestSTSogFMKAssertionAsXml() { //Seal kort oprettes //FMK kaldes //Assertion overføres via SealCard som XML var rsc = SealCard.Create(AssertionMaker.MakeAssertionForSTS(Global.MocesCprGyldig)); var sc = SealUtilities.SignIn(rsc, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService); var client = new proxy.MedicineCardPortTypeClient("localFMK"); using (var scope = new OperationContextScope(client.InnerChannel)) { OperationContext.Current.OutgoingMessageHeaders.Add(new SealCardMessageHeader(sc)); client.GetMedicineCard_20120101(null, MakeHeader()); } }
public void UserWithSeveralAuthorization() { const string keystorePath = "Sonja_Bach_Laege.p12"; const string userCpr = "0309691444"; const string userGivenName = "Sonja"; const string userSurName = "Bach"; const string userEmail = "*****@*****.**"; const string userRole = "7170"; const string userAuthorizationCode = "NS363"; var idCard = TestNemId2SealAssertion(keystorePath, userCpr, userGivenName, userSurName, userEmail, userRole, userAuthorizationCode); Assert.IsTrue(SealUtilities.CheckAssertionSignature(idCard.Xassertion)); //assertNotNull("No user information found", idCard.getUserInfo()); //assertEquals("Incorrect authorization code", "NS363", idCard.getUserInfo().getAuthorizationCode()); //assertEquals("Incorrect education code", "7170", idCard.getUserInfo().getRole()); }
public void UserWithOneSpecificAuthorization() { const string keystorePath = "Karl_Hoffmann_Svendsen_Laege.p12"; const string userCpr = "0102732379"; const string userGivenName = "Karl Hoffmann"; const string userSurName = "Svendsen"; const string userEmail = "*****@*****.**"; const string userRole = "7170"; const string userAuthorizationCode = "NS362"; var idCard = TestNemId2SealAssertion(keystorePath, userCpr, userGivenName, userSurName, userEmail, userRole, userAuthorizationCode); Assert.IsTrue(SealUtilities.CheckAssertionSignature(idCard.Xassertion)); Assert.IsNotNull(idCard.Id, "No user information found"); //assertEquals("Incorrect authorization code", "NS362", idCard.getUserInfo().getAuthorizationCode()); //assertEquals("Incorrect education code", "7170", idCard.getUserInfo().getRole()); }
public void UserWithOneAuthorization() { const string keystorePath = "Karl_Hoffmann_Svendsen_Laege.p12"; const string userCpr = "0102732379"; const string userGivenName = "Karl Hoffmann"; const string userSurName = "Svendsen"; const string userEmail = "*****@*****.**"; const string userRole = "IGNORED"; // Must not be an empty string or null, but all values that are not four digits are ignored by STS const string userAuthorizationCode = null; var idCard = TestNemId2SealAssertion(keystorePath, userCpr, userGivenName, userSurName, userEmail, userRole, userAuthorizationCode); Assert.IsTrue(SealUtilities.CheckAssertionSignature(idCard.Xassertion)); //assertNotNull("No user information found", idCard.getUserInfo()); //assertEquals("Incorrect authorization code", "NS362", idCard.getUserInfo().getAuthorizationCode()); //assertEquals("Incorrect education code", "7170", idCard.getUserInfo().getRole()); }
public void UserWithNoAuthorization() { const string keystorePath = "Brian_Moeller_Laege.p12"; const string userCpr = "1103811325"; const string userGivenName = "Brian"; const string userSurName = "Møller"; const string userEmail = "*****@*****.**"; const string userRole = "IGNORED"; // Must not be an empty string or null, but all values that are not four digits are ignored by STS const string userAuthorizationCode = null; var idCard = TestNemId2SealAssertion(keystorePath, userCpr, userGivenName, userSurName, userEmail, userRole, userAuthorizationCode); Assert.IsTrue(SealUtilities.CheckAssertionSignature(idCard.Xassertion)); //assertNotNull("No user information found", idCard.getUserInfo()); //assertNull("No authorization code was expected", idCard.getUserInfo().getAuthorizationCode()); //assertEquals("No education code was expected", "IGNORED", idCard.getUserInfo().getRole()); }
public void TestSTSogFMKAssertionAsXml_new() { //Seal kort oprettes //FMK kaldes //Assertion overføres via SealCard som XML var factory = CreateSOSIFactory(Global.MocesCprGyldig); var uid = CreateIdCardForSTS(factory); uid.Sign <Assertion>(factory.SignatureProvider); var idc = SealUtilities.SignIn(uid, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService); var client = new proxy.MedicineCardPortTypeClient("localFMK"); using (var scope = new OperationContextScope(client.InnerChannel)) { OperationContext.Current.OutgoingMessageHeaders.Add(new IdCardMessageHeader(idc)); client.GetMedicineCard_20120101(null, MakeHeader()); } }
public void TestIDcard_Does_not_change_whiteSpace_Saml2SosiStsClient() { var nemidAssertion = NemIdAssertionBuilder.MakeNemIdAssertion( _userCertificate, Global.StatensSerumInstitutFoces, "0309691444", "Sonja", "Bach", "*****@*****.**", "7170", "3", "46837428", "Statens Serum Institut", "NS363"); var sealCard = ExchangeNemLoginAssertionForSosiSTSCard("NS363", nemidAssertion, _userCertificate); CallNts(sealCard); Assert.IsTrue(SealUtilities.CheckAssertionSignature(sealCard.Xassertion)); }
public MedicineCardResponse GetMedicineCard(MedicineCardRequest request) { var okass = SealUtilities.CheckAssertionSignatureNSCheck(request.Security); var err = SealUtilities.ValidateSecurity(request.Security); if (err != null) { throw err; } return(new MedicineCardResponse { MedicineCardResponseStructure = new MedicineCardResponseType { MedicineCardOverviewStructure = new[] { new MedicineCardOverviewStructureType() } } }); }
public MedicineCardResponse_20120101 GetMedicineCard_20120101(MedicineCardRequest_20110101 request) { var dc = OperationContext.Current.IncomingMessageHeaders.FindHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); var hd = OperationContext.Current.IncomingMessageHeaders[dc]; var okass = SealUtilities.CheckAssertionSignatureNSCheck(request.Security); if (!okass) { throw new InvalidOperationException("signature does not checkout"); } return(new MedicineCardResponse_20120101 { MedicineCardResponseStructure = new MedicineCardResponseType2 { MedicineCardOverviewStructure = new[] { new MedicineCardOverviewStructureType2() } } }); }
private Assertion MakeAssertionForSts(X509Certificate2 certificate) { var vnow = FiveMinutesAgoUtc(); var ass = new Assertion { IssueInstant = FiveMinutesAgoUtc(), id = "IDCard", Version = 2.0m, Issuer = _issuer, Conditions = new Conditions { NotBefore = vnow, NotOnOrAfter = vnow + TimeSpan.FromHours(8) }, Subject = new Subject { NameID = new NameID { Format = SubjectIdentifierType.medcomcprnumber, Value = _userCpr }, SubjectConfirmation = new SubjectConfirmation { ConfirmationMethod = global::dk.nsi.seal.dgwstypes.ConfirmationMethod.urnoasisnamestcSAML20cmholderofkey, SubjectConfirmationData = new SubjectConfirmationData { Item = new KeyInfo { Item = "OCESSignature" } } } }, AttributeStatement = new[] { new AttributeStatement { id = AttributeStatementID.IDCardData, Attribute = new[] { new Attribute { Name = AttributeName.sosiIDCardID, AttributeValue = Guid.NewGuid().ToString("D") }, new Attribute { Name = AttributeName.sosiIDCardVersion, AttributeValue = "1.0.1" }, new Attribute { Name = AttributeName.sosiIDCardType, AttributeValue = "user" }, new Attribute { Name = AttributeName.sosiAuthenticationLevel, AttributeValue = "4" }, new Attribute { Name = AttributeName.sosiOCESCertHash, AttributeValue = EncodeTo64(certificate) } } }, new AttributeStatement { id = AttributeStatementID.UserLog, Attribute = new[] { new Attribute { Name = AttributeName.medcomUserCivilRegistrationNumber, AttributeValue = _userCpr }, new Attribute { Name = AttributeName.medcomUserGivenName, AttributeValue = _userGivenName }, new Attribute { Name = AttributeName.medcomUserSurName, AttributeValue = _userSurName }, new Attribute { Name = AttributeName.medcomUserEmailAddress, AttributeValue = _userEmail }, new Attribute { Name = AttributeName.medcomUserRole, AttributeValue = _userRole }, new Attribute { Name = AttributeName.medcomUserAuthorizationCode, AttributeValue = _userAuthCode } } }, new AttributeStatement { id = AttributeStatementID.SystemLog, Attribute = new[] { new Attribute { Name = AttributeName.medcomITSystemName, AttributeValue = _itSystemName }, new Attribute { Name = AttributeName.medcomCareProviderID, AttributeValue = _sosiCareProviderCvr, NameFormatSpecified = true, NameFormat = SubjectIdentifierType.medcomcvrnumber }, new Attribute { Name = AttributeName.medcomCareProviderName, AttributeValue = _sosiCareProviderName } } } } }; return(SealUtilities.SignAssertion(ass, certificate)); }
public XElement Sign(Assertion ass) { ass = SealUtilities.SignAssertion(ass, Vault.GetSystemCredentials()); return(SerializerUtil.Serialize(ass).Root); }
public static Assertion MakeAssertionForSTS(X509Certificate2 certificate) { var vnow = DateTimeEx.UtcNowRound - TimeSpan.FromMinutes(5); var ass = new Assertion { IssueInstant = vnow, id = "IDCard", Version = 2.0m, Issuer = "WinPLC", Conditions = new Conditions { NotBefore = vnow, NotOnOrAfter = vnow + TimeSpan.FromHours(8) }, Subject = new Subject { NameID = new NameID { Format = "http://rep.oio.dk/cpr.dk/xml/schemas/core/2005/03/18/CPR_PersonCivilRegistrationIdentifier.xsd", Value = "2203333571" }, SubjectConfirmation = new SubjectConfirmation { ConfirmationMethod = ConfirmationMethod.urnoasisnamestcSAML20cmholderofkey, SubjectConfirmationData = new SubjectConfirmationData { Item = new KeyInfo { Item = "OCESSignature" } } } }, AttributeStatement = new[] { new AttributeStatement { id = AttributeStatementID.IDCardData, Attribute = new[] { new Attribute { Name = SosiAttributes.IDCardID, AttributeValue = Guid.NewGuid().ToString("D") }, new Attribute { Name = SosiAttributes.IDCardVersion, AttributeValue = "1.0.1" }, new Attribute { Name = SosiAttributes.IDCardType, AttributeValue = "user" }, new Attribute { Name = SosiAttributes.AuthenticationLevel, AttributeValue = "4" } } }, new AttributeStatement { id = AttributeStatementID.UserLog, Attribute = new[] { new Attribute { Name = MedComAttributes.UserCivilRegistrationNumber, AttributeValue = "1802602810" }, new Attribute { Name = MedComAttributes.UserGivenName, AttributeValue = "Stine" }, new Attribute { Name = MedComAttributes.UserSurname, AttributeValue = "Svendsen" }, new Attribute { Name = MedComAttributes.UserEmailAddress, AttributeValue = "*****@*****.**" }, new Attribute { Name = MedComAttributes.UserRole, AttributeValue = "7170" }, new Attribute { Name = MedComAttributes.UserAuthorizationCode, AttributeValue = "ZXCVB" } } }, new AttributeStatement { id = AttributeStatementID.SystemLog, Attribute = new[] { new Attribute { Name = MedComAttributes.ItSystemName, AttributeValue = "Sygdom.dk" }, new Attribute { Name = MedComAttributes.CareProviderId, AttributeValue = "30808460", NameFormat = "medcom:cvrnumber" }, new Attribute { Name = MedComAttributes.CareProviderName, AttributeValue = "Statens Serum Institut" } } } } }; return(certificate == null ? ass : SealUtilities.SignAssertion(ass, certificate)); }