public void ValidateResponseWithoutTimeValidTest() { Saml2Serializer serializer = new Saml2Serializer(); SamlValidator validator = new SamlValidator(); string xml = Encoding.UTF8.GetString(Convert.FromBase64String(ReadFile(responseFilename))); EntityDescriptor entityDescriptor = serializer.ConvertXMLToEntityDescriptorObject(ReadFile(xmlMetadataFile)); AuthnRequest authnRequest = serializer.ConvertXMLToAuthnRequestObject(ReadFile(xmlAuthnRequestFile)); Response response = serializer.ConvertXMLToResponseObject(xml); bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); Assert.IsTrue(isValid); }
public void ValidateResponseWithoutTimeInvalidTest() { Saml2Serializer serializer = new Saml2Serializer(); SamlValidator validator = new SamlValidator(); string xml = ReadFile(xmlResponseFilename); EntityDescriptor entityDescriptor = serializer.ConvertXMLToEntityDescriptorObject(ReadFile(xmlMetadataFile)); AuthnRequest authnRequest = serializer.ConvertXMLToAuthnRequestObject(ReadFile(xmlAuthnRequestFile)); Response response = serializer.ConvertXMLToResponseObject(xml); // wrong response.Status.StatusCode.Value try { response.Status.StatusCode.Value = "urn:oasis:names:tc:SAML:2.0:status:Requester"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.Issuer try { response.Issuer = "wrongIssuer"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong x509 certificate try { response.Signature.KeyInfo.X509Data.X509Certificate = response.Signature.KeyInfo.X509Data.X509Certificate + "s"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // response was changed / attack try { string attackedXML = ReadFile("ChangedSamlResponseSimpleSamlPHP.xml"); response.Signature.KeyInfo.X509Data.X509Certificate = response.Signature.KeyInfo.X509Data.X509Certificate + "s"; bool isValid = validator.ValidateResponse(response, attackedXML, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.Destination try { response.Destination = "newdesinationaddress.com"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.Assertion.Conditions.AudienceRestriction.Audience -> issuer try { response.Assertion.Conditions.AudienceRestriction.Audience = "otherIssuer"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.InResponseTo try { response.InResponseTo = "InResponseTo"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected // wrong response.Assertion.Subject.SubjectConfirmation.Method try { response.Assertion.Subject.SubjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"; bool isValid = validator.ValidateResponse(response, xml, entityDescriptor, authnRequest, false); } catch (SamlCommunicationException e) { Assert.IsTrue(true); } // exception expected in this test catch (Exception e) { Assert.Fail(e.Message); } // not this kind of exception expected }