/// <summary> /// [SAML2.0std] section 2.7.4 /// </summary> private void ValidateAuthzDecisionStatement(AuthzDecisionStatement statement) { // This has type anyURI, and can be empty (special case in the standard), but not null. if (statement.Resource == null) { throw new Saml2FormatException("Resource attribute of AuthzDecisionStatement is REQUIRED"); } // If it is not empty, it MUST BE a valid URI if (statement.Resource.Length > 0 && !Uri.IsWellFormedUriString(statement.Resource, UriKind.Absolute)) { throw new Saml2FormatException("Resource attribute of AuthzDecisionStatement has a value which is not a wellformed absolute uri"); } // NOTE: Decision property validation is done implicitly be the deserializer since it is represented by an enumeration if (statement.Action == null || statement.Action.Length == 0) { throw new Saml2FormatException("At least one Action subelement must be present for an AuthzDecisionStatement element"); } foreach (my.Action action in statement.Action) { // NOTE: [SAML2.0std] claims that the Namespace is [Optional], but according to the schema definition (and Geneva) // NOTE: it has use="required" if (!Saml2Utils.ValidateRequiredString(action.Namespace)) { throw new Saml2FormatException("Namespace attribute of Action element must contain at least one non-whitespace character"); } if (!Uri.IsWellFormedUriString(action.Namespace, UriKind.Absolute)) { throw new Saml2FormatException("Namespace attribute of Action element has a value which is not a wellformed absolute uri"); } } }
public void ThrowsExceptionWhenAttributeStatementHasInvalidStatementType() { // Arrange var validator = new DKSaml20AssertionValidator(AssertionUtil.GetAudiences(), false); var saml20Assertion = AssertionUtil.GetBasicAssertion(); var authzDecisionStatement = new AuthzDecisionStatement { Decision = DecisionType.Permit, Resource = "http://safewhere.net", Action = new[] { new Action() } }; authzDecisionStatement.Action[0].Namespace = "http://actionns.com"; authzDecisionStatement.Action[0].Value = "value"; var statements = new List <StatementAbstract>(saml20Assertion.Items) { authzDecisionStatement }; saml20Assertion.Items = statements.ToArray(); // Act validator.ValidateAssertion(saml20Assertion); }
public void ThrowsExceptionWhenMissingResourceEmpty() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = null; // Act validator.ValidateStatement(statement); }
public void ThrowsExceptionWhenMalformedResource() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = "a malformed uri"; // Act validator.ValidateStatement(statement); }
public void ThrowsExceptionWhenMissingResourceEmpty() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = null; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateStatement(statement), "Resource attribute of AuthzDecisionStatement is REQUIRED"); }
public void ThrowsExceptionWhenMalformedResource() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = "a malformed uri"; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateStatement(statement), "Resource attribute of AuthzDecisionStatement has a value which is not a wellformed absolute uri"); }
//ExpectedMessage = "Resource attribute of AuthzDecisionStatement is REQUIRED")] public void ThrowsExceptionWhenMissingResourceEmpty() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = null; // Act Assert.Throws(typeof(Saml20FormatException), () => { validator.ValidateStatement(statement, true); }); }
//ExpectedMessage = "Resource attribute of AuthzDecisionStatement has a value which is not a wellformed absolute uri")] public void ThrowsExceptionWhenMalformedResource() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = "a malformed uri"; // Act Assert.Throws(typeof(Saml20FormatException), () => { validator.ValidateStatement(statement, true); }); }
public void AttributeStatement_Invalid_Statementtype() { Assertion saml20Assertion = AssertionUtil.GetBasicAssertion(); AuthzDecisionStatement authzDecisionStatement = new AuthzDecisionStatement(); authzDecisionStatement.Decision = DecisionType.Permit; authzDecisionStatement.Resource = "http://safewhere.net"; authzDecisionStatement.Action = new dk.nita.saml20.Schema.Core.Action[] { new dk.nita.saml20.Schema.Core.Action() }; authzDecisionStatement.Action[0].Namespace = "http://actionns.com"; authzDecisionStatement.Action[0].Value = "value"; List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items); statements.Add(authzDecisionStatement); saml20Assertion.Items = statements.ToArray(); new Saml20Assertion(AssertionUtil.ConvertAssertion(saml20Assertion).DocumentElement, null, false); }
public void ValidatesResources() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = string.Empty; var action = new Schema.Core.Action { Namespace = "http://valid/namespace" }; statement.Action = new[] { action }; validator.ValidateStatement(statement); statement.Resource = "urn:valid.ok:askjld"; // Act validator.ValidateStatement(statement); }