public void AuthnStatement_Element() { Assertion saml20Assertion = AssertionUtil.GetBasicAssertion(); AuthnStatement authnStmt = (AuthnStatement)Array.Find(saml20Assertion.Items, delegate(StatementAbstract stmnt) { return(stmnt is AuthnStatement); }); // Mess around with the AuthnStatement. { string oldSessionIndex = authnStmt.SessionIndex; authnStmt.SessionIndex = null; TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires that the \"AuthnStatement\" element contains the \"SessionIndex\" attribute."); authnStmt.SessionIndex = oldSessionIndex; } { int index = Array.FindIndex(authnStmt.AuthnContext.Items, delegate(object o) { return(o is string && o.ToString() == "urn:oasis:names:tc:SAML:2.0:ac:classes:X509"); }); object oldValue = authnStmt.AuthnContext.Items[index]; authnStmt.AuthnContext.Items[index] = "Hallelujagobble!!"; TestAssertion(saml20Assertion, "AuthnContextClassRef has a value which is not a wellformed absolute uri"); authnStmt.AuthnContext.Items[index] = oldValue; } // Remove it. saml20Assertion = AssertionUtil.GetBasicAssertion(); List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items); statements.RemoveAll(delegate(StatementAbstract stmnt) { return(stmnt is AuthnStatement); }); saml20Assertion.Items = statements.ToArray(); TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires exactly one \"AuthnStatement\" element and one \"AttributeStatement\" element."); }
public void AttributeStatement_Invalid_EncryptedAttribute_DKSaml20() { Assertion saml20Assertion = AssertionUtil.GetBasicAssertion(); List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items); AttributeStatement sas = GetAttributeStatement(statements); List <object> attributes = new List <object>(sas.Items); EncryptedElement ee = new EncryptedElement(); ee.encryptedData = new EncryptedData(); ee.encryptedData.Type = Saml20Constants.XENC + "Element"; attributes.Add(ee); sas.Items = attributes.ToArray(); saml20Assertion.Items = statements.ToArray(); XmlDocument doc = AssertionUtil.ConvertAssertion(saml20Assertion); new Saml20Assertion(doc.DocumentElement, null, false); }
public void Conditions_Element() { Assertion saml20Assertion = AssertionUtil.GetBasicAssertion(); Assert.IsNotNull(saml20Assertion.Conditions); List <ConditionAbstract> conditions = new List <ConditionAbstract>(saml20Assertion.Conditions.Items); int index = conditions.FindIndex(delegate(ConditionAbstract cond) { return(cond is AudienceRestriction); }); Assert.That(index != -1); conditions.RemoveAt(index); // Add another condition to avoid an empty list of conditions. conditions.Add(new OneTimeUse()); saml20Assertion.Conditions.Items = conditions; TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires that an \"AudienceRestriction\" element is present on the saml20Assertion."); }
public void Subject_Element() { Assertion saml20Assertion = AssertionUtil.GetBasicAssertion(); Assert.IsNotNull(saml20Assertion.Subject); Assert.That(saml20Assertion.Subject.Items.Length > 0); SubjectConfirmation subjectConfirmation = (SubjectConfirmation)Array.Find(saml20Assertion.Subject.Items, delegate(object item) { return(item is SubjectConfirmation); }); Assert.IsNotNull(subjectConfirmation); string originalMethod = subjectConfirmation.Method; subjectConfirmation.Method = "IllegalMethod"; TestAssertion(saml20Assertion, "SubjectConfirmation element has Method attribute which is not a wellformed absolute uri."); // Try a valid url. subjectConfirmation.Method = "http://example.com"; TestAssertion(saml20Assertion, "The DK-SAML 2.0 Profile requires that a bearer \"SubjectConfirmation\" element is present."); // Restore valid settings... And verify that it is restored. subjectConfirmation.Method = originalMethod; TestAssertion(saml20Assertion, null); // Now, start messing with the <SubjectConfirmationData> element. subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = null; TestAssertion(saml20Assertion, "The DK-SAML 2.0 Profile requires that the \"SubjectConfirmationData\" element contains the \"NotOnOrAfter\" attribute."); subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.UtcNow; subjectConfirmation.SubjectConfirmationData.NotBefore = DateTime.UtcNow.Subtract(new TimeSpan(5, 0, 0, 0)); TestAssertion(saml20Assertion, "The DK-SAML 2.0 Profile disallows the use of the \"NotBefore\" attribute of the \"SubjectConfirmationData\" element."); subjectConfirmation.SubjectConfirmationData.NotBefore = null; string originalRecipient = subjectConfirmation.SubjectConfirmationData.Recipient; subjectConfirmation.SubjectConfirmationData.Recipient = null; TestAssertion(saml20Assertion, "The DK-SAML 2.0 Profile requires that the \"SubjectConfirmationData\" element contains the \"Recipient\" attribute."); subjectConfirmation.SubjectConfirmationData.Recipient = originalRecipient; saml20Assertion.Subject = null; TestAssertion(saml20Assertion, "AuthnStatement, AuthzDecisionStatement and AttributeStatement require a subject."); }
public void AttributeStatement_Invalid_Statementtype() { Assertion saml20Assertion = AssertionUtil.GetBasicAssertion(); AuthzDecisionStatement authzDecisionStatement = new AuthzDecisionStatement(); authzDecisionStatement.Decision = DecisionType.Permit; authzDecisionStatement.Resource = "http://safewhere.net"; authzDecisionStatement.Action = new dk.nita.saml20.Schema.Core.Action[] { new dk.nita.saml20.Schema.Core.Action() }; authzDecisionStatement.Action[0].Namespace = "http://actionns.com"; authzDecisionStatement.Action[0].Value = "value"; List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items); statements.Add(authzDecisionStatement); saml20Assertion.Items = statements.ToArray(); new Saml20Assertion(AssertionUtil.ConvertAssertion(saml20Assertion).DocumentElement, null, false); }
public void Issuer_Element_QuirksMode() { Assertion saml20Assertion = AssertionUtil.GetBasicAssertion(); Assert.IsNotNull(saml20Assertion.Issuer); saml20Assertion.Issuer = new NameID(); saml20Assertion.Issuer.Value = "http://safewhere.net"; saml20Assertion.Issuer.Format = "http://example.com"; DKSaml20AssertionValidator quirksModeValidator = new DKSaml20AssertionValidator(AssertionUtil.GetAudiences(), true); try { quirksModeValidator.ValidateAssertion(saml20Assertion); } catch (Exception e) { Assert.That(false, "The above validation should not fail in quirksMode: " + e.ToString()); } }
public void AttributeStatement_Element() { Predicate <StatementAbstract> findAttributeStatement = delegate(StatementAbstract stmnt) { return(stmnt is AttributeStatement); }; Assertion saml20Assertion = AssertionUtil.GetBasicAssertion(); AttributeStatement attributeStatement = (AttributeStatement)Array.Find(saml20Assertion.Items, findAttributeStatement); // Add an encrypted attribute. EncryptedElement encAtt = new EncryptedElement(); encAtt.encryptedData = new EncryptedData(); encAtt.encryptedData.CipherData = new CipherData(); encAtt.encryptedData.CipherData.Item = string.Empty; encAtt.encryptedKey = new EncryptedKey[0]; attributeStatement.Items = new object[] { encAtt }; TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile does not allow encrypted attributes."); // Add an attribute with the wrong nameformat. // Attribute att = DKSaml20EmailAttribute.create("*****@*****.**"); // att.NameFormat = "http://example.com"; // attributeStatement.Items = new object[] { att }; // testAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires that an attribute's \"NameFormat\" element is urn:oasis:names:tc:SAML:2.0:attrname-format:uri."); // Clear all the attributes. attributeStatement.Items = new object[0]; TestAssertion(saml20Assertion, "AttributeStatement MUST contain at least one Attribute or EncryptedAttribute"); // Remove it. saml20Assertion = AssertionUtil.GetBasicAssertion(); List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items); statements.RemoveAll(findAttributeStatement); saml20Assertion.Items = statements.ToArray(); TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires exactly one \"AuthnStatement\" element and one \"AttributeStatement\" element."); }