/// <summary> /// Validate <c>AuthzDecisionStatement</c>. /// </summary> /// <remarks> /// [SAML2.0 standard] section 2.7.4 /// </remarks> /// <param name="statement">The statement.</param> private void ValidateAuthzDecisionStatement(AuthzDecisionStatement statement) { // This has type anyURI, and can be empty (special case in the standard), but not null. if (statement.Resource == null) { throw new Saml20FormatException("Resource attribute of AuthzDecisionStatement is REQUIRED"); } // If it is not empty, it MUST BE a valid URI if (statement.Resource.Length > 0 && !Uri.IsWellFormedUriString(statement.Resource, UriKind.Absolute)) { throw new Saml20FormatException("Resource attribute of AuthzDecisionStatement has a value which is not a wellformed absolute uri"); } // NOTE: Decision property validation is done implicitly be the deserializer since it is represented by an enumeration if (statement.Action == null || statement.Action.Length == 0) { throw new Saml20FormatException("At least one Action subelement must be present for an AuthzDecisionStatement element"); } foreach (var action in statement.Action) { // NOTE: [SAML2.0 standard] claims that the Namespace is [Optional], but according to the schema definition (and Geneva) // NOTE: it has use="required" if (!Saml20Utils.ValidateRequiredString(action.Namespace)) { throw new Saml20FormatException("Namespace attribute of Action element must contain at least one non-whitespace character"); } if (!Uri.IsWellFormedUriString(action.Namespace, UriKind.Absolute)) { throw new Saml20FormatException("Namespace attribute of Action element has a value which is not a wellformed absolute uri"); } } }
public void ThrowsExceptionWhenMissingResourceEmpty() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = null; // Act validator.ValidateStatement(statement); }
public void ValidatesResources() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = string.Empty; var action = new Schema.Core.Action { Namespace = "http://valid/namespace" }; statement.Action = new[] { action }; validator.ValidateStatement(statement); statement.Resource = "urn:valid.ok:askjld"; // Act validator.ValidateStatement(statement); }
public void ThrowsExceptionWhenMalformedResource() { // Arrange var statement = new AuthzDecisionStatement(); var validator = new Saml20StatementValidator(); statement.Resource = "a malformed uri"; // Act validator.ValidateStatement(statement); }