public void TestConstructionFromNewNemLoginSampleOne()
{
var assertion = new OioSamlAssertion(XElement.Load(NUnit.Framework.TestContext.CurrentContext.TestDirectory +
"/Resources/oiosaml-examples/test-new-nemlogin-authentication-assertion-1.xml"));
Assert.AreEqual("_30c5ecce-9108-4df2-bee2-2d1358973444", assertion.Id);
Assert.AreEqual("https://saml.test-nemlog-in.dk/", assertion.Issuer);
Assert.AreEqual(DateTime.Parse("2012-07-03T09:40:55.963Z"), assertion.NotBefore);
Assert.AreEqual(DateTime.Parse("2012-07-03T10:40:55.963Z"), assertion.NotOnOrAfter);
Assert.AreEqual("3", assertion.AssuranceLevel);
Assert.AreEqual("Søren Test Mors", assertion.CommonName);
Assert.AreEqual("", assertion.SurName);
Assert.IsNull(assertion.Cpr);
Assert.AreEqual("*****@*****.**", assertion.Email);
Assert.AreEqual("29915938", assertion.CvrNumberIdentifier);
Assert.AreEqual("SIGNATURGRUPPEN A/S // CVR:29915938", assertion.OrganizationName);
Assert.AreEqual("soren", assertion.RidNumberIdentifier);
Assert.AreEqual("https://saml.remote.signaturgruppen.dk", assertion.AudienceRestriction);
Assert.AreEqual(DateTime.Parse("2012-07-03T09:40:46.104Z"), assertion.UserAuthenticationInstant);
Assert.AreEqual("DK-SAML-2.0", assertion.SpecVersion);
Assert.AreEqual("C=DK,O=SIGNATURGRUPPEN A/S // CVR:29915938,CN=Søren Test Mors,Serial=CVR:29915938-RID:soren",
assertion.SubjectNameId);
Assert.AreEqual("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", assertion.SubjectNameIdFormat);
Assert.AreEqual("https://remote.signaturgruppen.dk/nemlogin/unsecure/logon.ashx", assertion.Recipient);
Assert.AreEqual("CN=TDC OCES Systemtest CA II, O=TDC, C=DK", assertion.CertificateIssuer);
X509Certificate userCertificate = assertion.UserCertificate;
Assert.IsNotNull(userCertificate);
Assert.AreEqual(
new X500DistinguishedName(
"CN=Søren Test Mors + SERIALNUMBER=CVR:29915938-RID:soren, O=SIGNATURGRUPPEN A/S // CVR:29915938, C=DK").Name,
new X500DistinguishedName(userCertificate.Subject).Name);
try
{
assertion.ValidateTimestamp();
}
catch (ModelException e)
{
Assert.IsTrue(e.Message.StartsWith("OIOSAML token no longer valid"));
}
}
public void TestBrokenSignature()
{
var xElement = XElement.Load(TestContext.CurrentContext.TestDirectory +
"/Resources/oiosaml-examples/test-new-nemlogin-authentication-assertion-2.xml",
LoadOptions.None);
var assertion = new OioSamlAssertion(xElement);
assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOldIdpTestCredentialVault());
var attributes = xElement.Descendants(SamlTags.Attribute.Ns + SamlTags.Attribute.TagName);
var nameNode =
attributes.FirstOrDefault(
element => element.Attribute(SamlAttributes.Name).Value.Equals(OioSamlAttributes.CommonName));
nameNode.Value = "Ronnie Romkugle";
assertion = new OioSamlAssertion(xElement);
try
{
assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOldIdpTestCredentialVault());
}
catch (ModelException e)
{
Assert.AreEqual("Signature on OIOSAMLAssertion is invalid", e.Message);
}
}
public void TestConstructionFromOioSamlSample()
{
var assertion = new OioSamlAssertion(XElement.Load(NUnit.Framework.TestContext.CurrentContext.TestDirectory +
"/Resources/oiosaml-examples/test-oiosamljava-authentication-assertion.xml"));
Assert.AreEqual("pfx426233b1-9ce1-99cd-c755-19988e670e46", assertion.Id);
Assert.AreEqual("http://fmkwebtest.trifork.netic.dk/idp/saml2/idp/metadata.php", assertion.Issuer);
Assert.AreEqual(DateTime.Parse("2012-09-20T10:56:24Z"), assertion.NotBefore);
Assert.AreEqual(DateTime.Parse("2012-09-20T11:01:54Z"), assertion.NotOnOrAfter);
Assert.AreEqual("2", assertion.AssuranceLevel);
Assert.AreEqual("Terri Dalsgård", assertion.CommonName);
Assert.AreEqual("Dalsgård", assertion.SurName);
Assert.AreEqual("0101584162", assertion.Cpr);
Assert.AreEqual("*****@*****.**", assertion.Email);
Assert.AreEqual("25767535", assertion.CvrNumberIdentifier);
Assert.AreEqual("TDC TOTALLØSNINGER A/S", assertion.OrganizationName);
Assert.AreEqual("1118061020235", assertion.RidNumberIdentifier);
Assert.AreEqual("http://saml.vronding/fmk-gui", assertion.AudienceRestriction);
Assert.AreEqual(DateTime.Parse("2012-09-20T10:56:54Z"), assertion.UserAuthenticationInstant);
Assert.AreEqual("DK-SAML-2.0", assertion.SpecVersion);
Assert.AreEqual("CVR:25767535-RID:1118061020234", assertion.SubjectNameId);
Assert.AreEqual("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", assertion.SubjectNameIdFormat);
Assert.AreEqual("http://vronding1:8080/fmk/saml/SAMLAssertionConsumer", assertion.Recipient);
X509Certificate userCertificate = assertion.UserCertificate;
Assert.IsNotNull(userCertificate);
Assert.AreEqual(
new X500DistinguishedName(
"CN=Test Bruger 1 + SERIALNUMBER=CVR:25767535-RID:1118061020232, O=TDC TOTALLØSNINGER A/S // CVR:25767535, C=DK").Name,
new X500DistinguishedName(userCertificate.Subject).Name);
try
{
assertion.ValidateTimestamp();
}
catch (ModelException e)
{
Assert.IsTrue(e.Message.StartsWith("OIOSAML token no longer valid"));
}
}
private void AssertOioSamlAssertion(OioSamlAssertion assertion, UserIdCard idCard)
{
Assert.AreEqual("42634739", assertion.RidNumberIdentifier);
Assert.AreEqual("CN=TRUST2408 Systemtest XIX CA, O=TRUST2408, C=DK", assertion.CertificateIssuer);
Assert.IsFalse(assertion.IsYouthCertificate);
Assert.AreEqual("5818C1A6", assertion.CertificateSerial);
Assert.AreEqual("CVR:30808460-RID:42634739", assertion.Uid);
Assert.IsNotNull(assertion.NotOnOrAfter);
Assert.AreEqual("http://sundhed.dk/saml/SAMLAssertionConsumer", assertion.Recipient);
Assert.AreEqual(idCard, assertion.UserIdCard);
assertion.ValidateSignatureAndTrust(vocesVault);
}
public void ValidateNemLoginAssertion()
{
//InputSource inputSource = new InputSource(this.getClass().getResourceAsStream("/oiosaml-examples/NemLog-in_assertion_valid_signature.xml"));
//Document document = XmlUtil.readXml(System.getProperties(), inputSource, false);
var assertionXElement = XElement.Load(NUnit.Framework.TestContext.CurrentContext.TestDirectory +
"/Resources/oiosaml-examples/NemLog-in_assertion_valid_signature.xml");
var assertion = new OioSamlAssertion(assertionXElement);
assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetNewIdpTestCredentialVault());
Assert.AreEqual("3", assertion.AssuranceLevel);
Assert.AreEqual("25450442", assertion.CvrNumberIdentifier);
Assert.AreEqual("27304742", assertion.RidNumberIdentifier);
}
public void TestInvalidSample()
{
//expectedException.expect(ModelBuildException.class);
// expectedException.expectMessage("Error validating OIOSAMLAssertion");
// expectedException.expect(new ExceptionCauseMatcher(SAXParseException.class));
// expectedException.expect(new ExceptionCauseMessageContainsMatcher("Issuer"));
var assertion = new OioSamlAssertion(XElement.Load(NUnit.Framework.TestContext.CurrentContext.TestDirectory +
"/Resources/oiosaml-examples/test-new-nemlogin-authentication-assertion-1.xml"));
var issuer = assertion.XAssertion.Descendants(SamlTags.Issuer.Ns + SamlTags.Issuer.TagName).FirstOrDefault();
issuer.Remove();
new OioSamlAssertion(assertion.XAssertion);
}
public void TestUnsignedAssertion()
{
//expectedException.expect(ModelException.class);
// expectedException.expectMessage("OIOSAMLAssertion is not signed");
var xElement = XElement.Load(TestContext.CurrentContext.TestDirectory +
"/Resources/oiosaml-examples/test-new-nemlogin-authentication-assertion-2.xml");
var signature = xElement.Descendants(DsTags.Signature.Ns + DsTags.Signature.TagName).FirstOrDefault();
signature.Remove();
var assertion = new OioSamlAssertion(xElement);
var ex =
Assert.Throws <ModelException>(
() => assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOldIdpTestCredentialVault()));
Assert.AreEqual("OIOSAMLAssertion is not signed", ex.Message);
}
private void AddAssertion(XElement actAs, OioSamlAssertion assertion)
{
actAs.Add(assertion.XAssertion);
}
public void TestConstructionFromNewNemLoginSampleTwo()
{
var assertion = new OioSamlAssertion(XElement.Load(NUnit.Framework.TestContext.CurrentContext.TestDirectory +
"/Resources/oiosaml-examples/test-new-nemlogin-authentication-assertion-2.xml"));
Assert.AreEqual("_5a49e560-5312-4237-8f32-2ed2b58cfcf7", assertion.Id);
Assert.AreEqual("https://saml.test-nemlog-in.dk/", assertion.Issuer);
Assert.AreEqual(DateTime.Parse("2012-09-27T08:51:13.884Z"), assertion.NotBefore);
Assert.AreEqual(DateTime.Parse("2012-09-27T09:51:13.884Z"), assertion.NotOnOrAfter);
Assert.AreEqual("3", assertion.AssuranceLevel);
Assert.AreEqual("Amaja Christiansen", assertion.CommonName);
Assert.AreEqual("", assertion.SurName);
Assert.AreEqual("2408631478", assertion.Cpr);
Assert.AreEqual("*****@*****.**", assertion.Email);
Assert.AreEqual("25520041", assertion.CvrNumberIdentifier);
Assert.AreEqual("TRIFORK SERVICES A/S // CVR:25520041", assertion.OrganizationName);
Assert.AreEqual("42041556", assertion.RidNumberIdentifier);
Assert.AreEqual("https://saml.fmk.staging.fmk-online.dk", assertion.AudienceRestriction);
Assert.AreEqual(DateTime.Parse("2012-09-27T08:50:38.681Z"), assertion.UserAuthenticationInstant);
Assert.AreEqual("DK-SAML-2.0", assertion.SpecVersion);
Assert.AreEqual(
"C=DK,O=TRIFORK SERVICES A/S // CVR:25520041,CN=Amaja Christiansen,Serial=CVR:25520041-RID:42041556",
assertion.SubjectNameId);
Assert.AreEqual("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", assertion.SubjectNameIdFormat);
Assert.AreEqual("CN=TDC OCES Systemtest CA II, O=TDC, C=DK", assertion.CertificateIssuer);
X509Certificate userCertificate = assertion.UserCertificate;
Assert.IsNotNull(userCertificate);
Assert.AreEqual(
new X500DistinguishedName(
"CN=Amaja Christiansen + SERIALNUMBER=CVR:25520041-RID:42041556, O=TRIFORK SERVICES A/S // CVR:25520041, C=DK").Name,
new X500DistinguishedName(userCertificate.Subject).Name);
Assert.AreEqual("https://staging.fmk-online.dk/fmk/saml/SAMLAssertionConsumer", assertion.Recipient);
assertion.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOldIdpTestCredentialVault());
try
{
assertion.ValidateTimestamp();
}
catch (ModelException e)
{
Assert.IsTrue(e.Message.StartsWith("OIOSAML token no longer valid"));
}
}
