public void TestBrokenSignature() { var xElement = XElement.Load(TestContext.CurrentContext.TestDirectory + "/Resources/oiosaml-examples/test-new-nemlogin-authentication-assertion-2.xml", LoadOptions.None); var assertion = new OioSamlAssertion(xElement); assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOldIdpTestCredentialVault()); var attributes = xElement.Descendants(SamlTags.Attribute.Ns + SamlTags.Attribute.TagName); var nameNode = attributes.FirstOrDefault( element => element.Attribute(SamlAttributes.Name).Value.Equals(OioSamlAttributes.CommonName)); nameNode.Value = "Ronnie Romkugle"; assertion = new OioSamlAssertion(xElement); try { assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOldIdpTestCredentialVault()); } catch (ModelException e) { Assert.AreEqual("Signature on OIOSAMLAssertion is invalid", e.Message); } }
public void ValidateNemLoginAssertion() { //InputSource inputSource = new InputSource(this.getClass().getResourceAsStream("/oiosaml-examples/NemLog-in_assertion_valid_signature.xml")); //Document document = XmlUtil.readXml(System.getProperties(), inputSource, false); var assertionXElement = XElement.Load(NUnit.Framework.TestContext.CurrentContext.TestDirectory + "/Resources/oiosaml-examples/NemLog-in_assertion_valid_signature.xml"); var assertion = new OioSamlAssertion(assertionXElement); assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetNewIdpTestCredentialVault()); Assert.AreEqual("3", assertion.AssuranceLevel); Assert.AreEqual("25450442", assertion.CvrNumberIdentifier); Assert.AreEqual("27304742", assertion.RidNumberIdentifier); }
public void TestUnsignedAssertion() { //expectedException.expect(ModelException.class); // expectedException.expectMessage("OIOSAMLAssertion is not signed"); var xElement = XElement.Load(TestContext.CurrentContext.TestDirectory + "/Resources/oiosaml-examples/test-new-nemlogin-authentication-assertion-2.xml"); var signature = xElement.Descendants(DsTags.Signature.Ns + DsTags.Signature.TagName).FirstOrDefault(); signature.Remove(); var assertion = new OioSamlAssertion(xElement); var ex = Assert.Throws <ModelException>( () => assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOldIdpTestCredentialVault())); Assert.AreEqual("OIOSAMLAssertion is not signed", ex.Message); }
public void TestOioSamlToIdCardRequest() { var domBuilder = factory.CreateOiosamlAssertionToIdCardRequestDomBuilder(); domBuilder.SigningVault = (vocesVault); domBuilder.OioSamlAssertion = (ParseOioSamlAssertion()); domBuilder.ItSystemName = ("EMS"); domBuilder.UserAuthorizationCode = ("2345C"); domBuilder.UserEducationCode = ("7170"); domBuilder.UserGivenName = ("Fritz"); domBuilder.UserSurName = ("Müller"); var requestDoc = domBuilder.Build(); var assertionToIdCardRequest = factory.CreateOioSamlAssertionToIdCardRequestModelBuilder().Build(requestDoc); Assert.AreEqual("EMS", assertionToIdCardRequest.ItSystemName); Assert.AreEqual("2345C", assertionToIdCardRequest.UserAuthorizationCode); Assert.AreEqual("7170", assertionToIdCardRequest.UserEducationCode); Assert.AreEqual("Fritz", assertionToIdCardRequest.UserGivenName); Assert.AreEqual("Müller", assertionToIdCardRequest.UserSurName); Assert.AreEqual("http://sosi.dk", assertionToIdCardRequest.AppliesTo); Assert.AreEqual("http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue", assertionToIdCardRequest.Action); assertionToIdCardRequest.ValidateSignature(); assertionToIdCardRequest.ValidateSignatureAndTrust(vocesVault); try { assertionToIdCardRequest.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOCES2CredentialVault()); } catch (ModelException e) { Assert.AreEqual("The certificate that signed the security token is not trusted!", e.Message); } Assert.AreEqual(vocesVault.GetSystemCredentials(), assertionToIdCardRequest.GetSigningCertificate()); var assertion = assertionToIdCardRequest.OioSamlAssertion; Assert.AreEqual("25520041", assertion.CvrNumberIdentifier); Assert.AreEqual("_5a49e560-5312-4237-8f32-2ed2b58cfcf7", assertion.Id); //assertion.ValidateSignatureAndTrust(SOSITestUtils.getOldIdPTrustVault()); }
public void TestIdCardToOioSamlRequest() { var domBuilder = factory.CreateIdCardToOioSamlAssertionRequestDomBuilder(); domBuilder.SigningVault = (vocesVault); domBuilder.Audience = ("Sundhed.dk"); var idCard = CreateIdCard(); domBuilder.IdCard = (idCard); var requestDoc = domBuilder.Build(); var assertionRequest = factory.CreateIdCardToOioSamlAssertionRequestModelBuilder().Build(requestDoc); Assert.AreEqual("Sundhed.dk", assertionRequest.AppliesTo); Assert.AreEqual("http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue", assertionRequest.Action); assertionRequest.ValidateSignature(); assertionRequest.ValidateSignatureAndTrust(vocesVault); try { assertionRequest.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOCES2CredentialVault()); } catch (ModelException e) { Assert.AreEqual("The certificate that signed the security token is not trusted!", e.Message); } Assert.AreEqual(vocesVault.GetSystemCredentials(), assertionRequest.GetSigningCertificate()); Assert.IsTrue(idCard.Equals(assertionRequest.UserIdCard)); assertionRequest.UserIdCard.ValidateSignature(); assertionRequest.UserIdCard.ValidateSignatureAndTrust(mocesVault); try { assertionRequest.UserIdCard.ValidateSignatureAndTrust(new SosiFederation(new CrlCertificateStatusChecker())); } catch (ModelException e) { Assert.AreEqual("The certificate that signed the security token is not trusted!", e.Message); } }
public void TestConstructionFromNewNemLoginSampleTwo() { var assertion = new OioSamlAssertion(XElement.Load(NUnit.Framework.TestContext.CurrentContext.TestDirectory + "/Resources/oiosaml-examples/test-new-nemlogin-authentication-assertion-2.xml")); Assert.AreEqual("_5a49e560-5312-4237-8f32-2ed2b58cfcf7", assertion.Id); Assert.AreEqual("https://saml.test-nemlog-in.dk/", assertion.Issuer); Assert.AreEqual(DateTime.Parse("2012-09-27T08:51:13.884Z"), assertion.NotBefore); Assert.AreEqual(DateTime.Parse("2012-09-27T09:51:13.884Z"), assertion.NotOnOrAfter); Assert.AreEqual("3", assertion.AssuranceLevel); Assert.AreEqual("Amaja Christiansen", assertion.CommonName); Assert.AreEqual("", assertion.SurName); Assert.AreEqual("2408631478", assertion.Cpr); Assert.AreEqual("*****@*****.**", assertion.Email); Assert.AreEqual("25520041", assertion.CvrNumberIdentifier); Assert.AreEqual("TRIFORK SERVICES A/S // CVR:25520041", assertion.OrganizationName); Assert.AreEqual("42041556", assertion.RidNumberIdentifier); Assert.AreEqual("https://saml.fmk.staging.fmk-online.dk", assertion.AudienceRestriction); Assert.AreEqual(DateTime.Parse("2012-09-27T08:50:38.681Z"), assertion.UserAuthenticationInstant); Assert.AreEqual("DK-SAML-2.0", assertion.SpecVersion); Assert.AreEqual( "C=DK,O=TRIFORK SERVICES A/S // CVR:25520041,CN=Amaja Christiansen,Serial=CVR:25520041-RID:42041556", assertion.SubjectNameId); Assert.AreEqual("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", assertion.SubjectNameIdFormat); Assert.AreEqual("CN=TDC OCES Systemtest CA II, O=TDC, C=DK", assertion.CertificateIssuer); X509Certificate userCertificate = assertion.UserCertificate; Assert.IsNotNull(userCertificate); Assert.AreEqual( new X500DistinguishedName( "CN=Amaja Christiansen + SERIALNUMBER=CVR:25520041-RID:42041556, O=TRIFORK SERVICES A/S // CVR:25520041, C=DK").Name, new X500DistinguishedName(userCertificate.Subject).Name); Assert.AreEqual("https://staging.fmk-online.dk/fmk/saml/SAMLAssertionConsumer", assertion.Recipient); assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOldIdpTestCredentialVault()); try { assertion.ValidateTimestamp(); } catch (ModelException e) { Assert.IsTrue(e.Message.StartsWith("OIOSAML token no longer valid")); } }
public void Init() { vocesVault = CredentialVaultTestUtil.GetVocesCredentialVault(); mocesVault = CredentialVaultTestUtil.GetCredentialVault(); factory = new OIOSAMLFactory(); }