/// <summary>
/// Validates the presence and correctness of a <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> among the any-xml-elements of a SubjectConfirmationData
/// </summary>
/// <param name="subjectConfirmationData"></param>
public void ValidateKeyInfo(SubjectConfirmationData subjectConfirmationData)
{
if (subjectConfirmationData == null)
throw new Saml20FormatException("SubjectConfirmationData cannot be null when KeyInfo subelements are required");
if (subjectConfirmationData.AnyElements == null)
throw new Saml20FormatException(String.Format("SubjectConfirmationData element MUST have at least one {0} subelement", KeyInfo.ELEMENT_NAME));
bool keyInfoFound = false;
foreach (XmlElement element in subjectConfirmationData.AnyElements)
{
if (element.NamespaceURI != Saml20Constants.XMLDSIG || element.LocalName != KeyInfo.ELEMENT_NAME)
continue;
keyInfoFound = true;
// A KeyInfo element MUST identify a cryptographic key
if (!element.HasChildNodes)
throw new Saml20FormatException(String.Format("{0} subelement of SubjectConfirmationData MUST NOT be empty", KeyInfo.ELEMENT_NAME));
}
// There MUST BE at least one <ds:KeyInfo> element present (from the arbitrary elements list on SubjectConfirmationData
if (!keyInfoFound)
throw new Saml20FormatException(String.Format("SubjectConfirmationData element MUST contain at least one {0} in namespace {1}", KeyInfo.ELEMENT_NAME, Saml20Constants.XMLDSIG));
}
/// <summary>
/// [SAML2.0std] section 2.4.1.2
/// </summary>
/// <param name="subjectConfirmationData"></param>
public void ValidateSubjectConfirmationData(SubjectConfirmationData subjectConfirmationData)
{
// If present it must be anyUri
if (subjectConfirmationData.Recipient != null)
{
if (!Uri.IsWellFormedUriString(subjectConfirmationData.Recipient, UriKind.Absolute))
throw new Saml20FormatException("Recipient of SubjectConfirmationData must be a wellformed absolute URI.");
}
// NotBefore MUST BE striclty less than NotOnOrAfter if they are both set
if (subjectConfirmationData.NotBefore != null && subjectConfirmationData.NotBefore.HasValue
&& subjectConfirmationData.NotOnOrAfter != null && subjectConfirmationData.NotOnOrAfter.HasValue)
{
if (!(subjectConfirmationData.NotBefore < subjectConfirmationData.NotOnOrAfter))
throw new Saml20FormatException(String.Format("NotBefore {0} MUST BE less than NotOnOrAfter {1} on SubjectConfirmationData", Saml20Utils.ToUTCString(subjectConfirmationData.NotBefore.Value), Saml20Utils.ToUTCString(subjectConfirmationData.NotOnOrAfter.Value)));
}
// Make sure the extension-attributes are namespace-qualified and do not use reserved namespaces
if (subjectConfirmationData.AnyAttr != null)
AnyAttrValidator.ValidateXmlAnyAttributes(subjectConfirmationData.AnyAttr);
// Standards-defined extension type which has stricter rules than it's base type
if (subjectConfirmationData is KeyInfoConfirmationData)
KeyInfoValidator.ValidateKeyInfo(subjectConfirmationData);
}
public void SubjectConfirmationDataValidTimeIntervalSettings()
{
Saml20SubjectConfirmationDataValidator validator = new Saml20SubjectConfirmationDataValidator();
SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
subjectConfirmationData.NotBefore = new DateTime(2008, 01, 30, 17, 13, 0, 500, DateTimeKind.Utc);
subjectConfirmationData.NotOnOrAfter = subjectConfirmationData.NotBefore.Value.AddHours(1);
validator.ValidateSubjectConfirmationData(subjectConfirmationData);
subjectConfirmationData.NotBefore = null;
validator.ValidateSubjectConfirmationData(subjectConfirmationData);
// DateTime validation wrt DateTime.UtcNow is NOT done by the validators
// so a future-NotBefore must be valid
subjectConfirmationData.NotBefore = subjectConfirmationData.NotOnOrAfter;
subjectConfirmationData.NotOnOrAfter = null;
validator.ValidateSubjectConfirmationData(subjectConfirmationData);
subjectConfirmationData.NotBefore = null;
validator.ValidateSubjectConfirmationData(subjectConfirmationData);
}
public void SubjectConfirmationDataInvalidTimeInterval()
{
SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
subjectConfirmationData.NotBefore = new DateTime(2008, 01, 30, 17, 13, 0, 500, DateTimeKind.Utc);
subjectConfirmationData.NotOnOrAfter = subjectConfirmationData.NotBefore.Value.AddHours(-1);
Saml20SubjectConfirmationDataValidator validator = new Saml20SubjectConfirmationDataValidator();
validator.ValidateSubjectConfirmationData(subjectConfirmationData);
}
public void SubjectConfirmationDataValidRecipient()
{
SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
subjectConfirmationData.Recipient = "urn:wellformed.uri:ok";
Saml20SubjectConfirmationDataValidator validator = new Saml20SubjectConfirmationDataValidator();
validator.ValidateSubjectConfirmationData(subjectConfirmationData);
}
public void SubjectConfirmationDataInvalidRecipient()
{
SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
subjectConfirmationData.Recipient = "malformed uri";
Saml20SubjectConfirmationDataValidator validator = new Saml20SubjectConfirmationDataValidator();
validator.ValidateSubjectConfirmationData(subjectConfirmationData);
}
public void SubjectConfirmationDataEmptyRecipient()
{
SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
subjectConfirmationData.Recipient = " ";
Saml20SubjectConfirmationDataValidator validator = new Saml20SubjectConfirmationDataValidator();
validator.ValidateSubjectConfirmationData(subjectConfirmationData);
}
