/// <summary>
/// [SAML2.0std] section 2.7.4
/// </summary>
private void ValidateAuthzDecisionStatement(AuthzDecisionStatement statement)
{
// This has type anyURI, and can be empty (special case in the standard), but not null.
if (statement.Resource == null)
{
throw new Saml2FormatException("Resource attribute of AuthzDecisionStatement is REQUIRED");
}
// If it is not empty, it MUST BE a valid URI
if (statement.Resource.Length > 0 && !Uri.IsWellFormedUriString(statement.Resource, UriKind.Absolute))
{
throw new Saml2FormatException("Resource attribute of AuthzDecisionStatement has a value which is not a wellformed absolute uri");
}
// NOTE: Decision property validation is done implicitly be the deserializer since it is represented by an enumeration
if (statement.Action == null || statement.Action.Length == 0)
{
throw new Saml2FormatException("At least one Action subelement must be present for an AuthzDecisionStatement element");
}
foreach (my.Action action in statement.Action)
{
// NOTE: [SAML2.0std] claims that the Namespace is [Optional], but according to the schema definition (and Geneva)
// NOTE: it has use="required"
if (!Saml2Utils.ValidateRequiredString(action.Namespace))
{
throw new Saml2FormatException("Namespace attribute of Action element must contain at least one non-whitespace character");
}
if (!Uri.IsWellFormedUriString(action.Namespace, UriKind.Absolute))
{
throw new Saml2FormatException("Namespace attribute of Action element has a value which is not a wellformed absolute uri");
}
}
}
public void ThrowsExceptionWhenAttributeStatementHasInvalidStatementType()
{
// Arrange
var validator = new DKSaml20AssertionValidator(AssertionUtil.GetAudiences(), false);
var saml20Assertion = AssertionUtil.GetBasicAssertion();
var authzDecisionStatement = new AuthzDecisionStatement
{
Decision = DecisionType.Permit,
Resource = "http://safewhere.net",
Action = new[] { new Action() }
};
authzDecisionStatement.Action[0].Namespace = "http://actionns.com";
authzDecisionStatement.Action[0].Value = "value";
var statements = new List <StatementAbstract>(saml20Assertion.Items)
{
authzDecisionStatement
};
saml20Assertion.Items = statements.ToArray();
// Act
validator.ValidateAssertion(saml20Assertion);
}
public void ThrowsExceptionWhenMissingResourceEmpty()
{
// Arrange
var statement = new AuthzDecisionStatement();
var validator = new Saml20StatementValidator();
statement.Resource = null;
// Act
validator.ValidateStatement(statement);
}
public void ThrowsExceptionWhenMalformedResource()
{
// Arrange
var statement = new AuthzDecisionStatement();
var validator = new Saml20StatementValidator();
statement.Resource = "a malformed uri";
// Act
validator.ValidateStatement(statement);
}
public void ThrowsExceptionWhenMissingResourceEmpty()
{
// Arrange
var statement = new AuthzDecisionStatement();
var validator = new Saml20StatementValidator();
statement.Resource = null;
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateStatement(statement),
"Resource attribute of AuthzDecisionStatement is REQUIRED");
}
public void ThrowsExceptionWhenMalformedResource()
{
// Arrange
var statement = new AuthzDecisionStatement();
var validator = new Saml20StatementValidator();
statement.Resource = "a malformed uri";
// Act
Assert.Throws <Saml20FormatException>(() => validator.ValidateStatement(statement),
"Resource attribute of AuthzDecisionStatement has a value which is not a wellformed absolute uri");
}
//ExpectedMessage = "Resource attribute of AuthzDecisionStatement is REQUIRED")]
public void ThrowsExceptionWhenMissingResourceEmpty()
{
// Arrange
var statement = new AuthzDecisionStatement();
var validator = new Saml20StatementValidator();
statement.Resource = null;
// Act
Assert.Throws(typeof(Saml20FormatException), () =>
{
validator.ValidateStatement(statement, true);
});
}
//ExpectedMessage = "Resource attribute of AuthzDecisionStatement has a value which is not a wellformed absolute uri")]
public void ThrowsExceptionWhenMalformedResource()
{
// Arrange
var statement = new AuthzDecisionStatement();
var validator = new Saml20StatementValidator();
statement.Resource = "a malformed uri";
// Act
Assert.Throws(typeof(Saml20FormatException), () =>
{
validator.ValidateStatement(statement, true);
});
}
public void AttributeStatement_Invalid_Statementtype()
{
Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();
AuthzDecisionStatement authzDecisionStatement = new AuthzDecisionStatement();
authzDecisionStatement.Decision = DecisionType.Permit;
authzDecisionStatement.Resource = "http://safewhere.net";
authzDecisionStatement.Action = new dk.nita.saml20.Schema.Core.Action[] { new dk.nita.saml20.Schema.Core.Action() };
authzDecisionStatement.Action[0].Namespace = "http://actionns.com";
authzDecisionStatement.Action[0].Value = "value";
List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items);
statements.Add(authzDecisionStatement);
saml20Assertion.Items = statements.ToArray();
new Saml20Assertion(AssertionUtil.ConvertAssertion(saml20Assertion).DocumentElement, null, false);
}
public void ValidatesResources()
{
// Arrange
var statement = new AuthzDecisionStatement();
var validator = new Saml20StatementValidator();
statement.Resource = string.Empty;
var action = new Schema.Core.Action {
Namespace = "http://valid/namespace"
};
statement.Action = new[] { action };
validator.ValidateStatement(statement);
statement.Resource = "urn:valid.ok:askjld";
// Act
validator.ValidateStatement(statement);
}
