public void AuthnStatement_Element()
        {
            Assertion      saml20Assertion = AssertionUtil.GetBasicAssertion();
            AuthnStatement authnStmt       =
                (AuthnStatement)Array.Find(saml20Assertion.Items, delegate(StatementAbstract stmnt) { return(stmnt is AuthnStatement); });

            // Mess around with the AuthnStatement.
            {
                string oldSessionIndex = authnStmt.SessionIndex;
                authnStmt.SessionIndex = null;
                TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires that the \"AuthnStatement\" element contains the \"SessionIndex\" attribute.");
                authnStmt.SessionIndex = oldSessionIndex;
            }

            {
                int index =
                    Array.FindIndex(authnStmt.AuthnContext.Items,
                                    delegate(object o) { return(o is string && o.ToString() == "urn:oasis:names:tc:SAML:2.0:ac:classes:X509"); });
                object oldValue = authnStmt.AuthnContext.Items[index];
                authnStmt.AuthnContext.Items[index] = "Hallelujagobble!!";
                TestAssertion(saml20Assertion, "AuthnContextClassRef has a value which is not a wellformed absolute uri");
                authnStmt.AuthnContext.Items[index] = oldValue;
            }

            // Remove it.
            saml20Assertion = AssertionUtil.GetBasicAssertion();
            List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items);

            statements.RemoveAll(delegate(StatementAbstract stmnt) { return(stmnt is AuthnStatement); });
            saml20Assertion.Items = statements.ToArray();
            TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires exactly one \"AuthnStatement\" element and one \"AttributeStatement\" element.");
        }
예제 #2
0
        /// <summary>
        /// Returns the saml20Assertion as an XmlDocument as used by the Assertion class.
        /// </summary>
        /// <param name="assertion"></param>
        /// <returns></returns>
        public static XmlDocument ConvertAssertion(Assertion assertion)
        {
            if (assertion == null) throw new ArgumentNullException("assertion");

            XmlDocument res = new XmlDocument();
            res.PreserveWhitespace = true;
            res.Load(new StringReader(Serialization.SerializeToXmlString(assertion)));
            return res;
        }
예제 #3
0
        /// <summary>
        /// Returns the saml20Assertion as an XmlDocument as used by the Assertion class.
        /// </summary>
        /// <param name="assertion"></param>
        /// <returns></returns>
        public static XmlDocument ConvertAssertion(Assertion assertion)
        {
            if (assertion == null)
            {
                throw new ArgumentNullException("assertion");
            }

            XmlDocument res = new XmlDocument();

            res.PreserveWhitespace = true;
            res.Load(new StringReader(Serialization.SerializeToXmlString(assertion)));
            return(res);
        }
 private void TestAssertion(Assertion saml20Assertion, string exceptionMsg)
 {
     try
     {
         _validator.ValidateAssertion(saml20Assertion);
         if (!string.IsNullOrEmpty(exceptionMsg))
         {
             Assert.Fail("A validation exception should have been thrown.");
         }
     }
     catch (Saml20FormatException e)
     {
         Console.WriteLine('"' + e.Message.Replace("\"", "\\\"") + '"');
         Assert.AreEqual(exceptionMsg, e.Message);
     }
 }
        public void AttributeStatement_Invalid_EncryptedAttribute_DKSaml20()
        {
            Assertion saml20Assertion           = AssertionUtil.GetBasicAssertion();
            List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items);
            AttributeStatement       sas        = GetAttributeStatement(statements);
            List <object>            attributes = new List <object>(sas.Items);
            EncryptedElement         ee         = new EncryptedElement();

            ee.encryptedData      = new EncryptedData();
            ee.encryptedData.Type = Saml20Constants.XENC + "Element";
            attributes.Add(ee);
            sas.Items             = attributes.ToArray();
            saml20Assertion.Items = statements.ToArray();

            XmlDocument doc = AssertionUtil.ConvertAssertion(saml20Assertion);

            new Saml20Assertion(doc.DocumentElement, null, false);
        }
        public void Conditions_Element()
        {
            Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();

            Assert.IsNotNull(saml20Assertion.Conditions);
            List <ConditionAbstract> conditions =
                new List <ConditionAbstract>(saml20Assertion.Conditions.Items);

            int index = conditions.FindIndex(delegate(ConditionAbstract cond) { return(cond is AudienceRestriction); });

            Assert.That(index != -1);
            conditions.RemoveAt(index);
            // Add another condition to avoid an empty list of conditions.
            conditions.Add(new OneTimeUse());
            saml20Assertion.Conditions.Items = conditions;

            TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires that an \"AudienceRestriction\" element is present on the saml20Assertion.");
        }
        public void Subject_Element()
        {
            Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();

            Assert.IsNotNull(saml20Assertion.Subject);

            Assert.That(saml20Assertion.Subject.Items.Length > 0);

            SubjectConfirmation subjectConfirmation =
                (SubjectConfirmation)Array.Find(saml20Assertion.Subject.Items, delegate(object item) { return(item is SubjectConfirmation); });

            Assert.IsNotNull(subjectConfirmation);
            string originalMethod = subjectConfirmation.Method;

            subjectConfirmation.Method = "IllegalMethod";

            TestAssertion(saml20Assertion, "SubjectConfirmation element has Method attribute which is not a wellformed absolute uri.");
            // Try a valid url.
            subjectConfirmation.Method = "http://example.com";
            TestAssertion(saml20Assertion, "The DK-SAML 2.0 Profile requires that a bearer \"SubjectConfirmation\" element is present.");

            // Restore valid settings... And verify that it is restored.
            subjectConfirmation.Method = originalMethod;
            TestAssertion(saml20Assertion, null);

            // Now, start messing with the <SubjectConfirmationData> element.
            subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = null;
            TestAssertion(saml20Assertion, "The DK-SAML 2.0 Profile requires that the \"SubjectConfirmationData\" element contains the \"NotOnOrAfter\" attribute.");
            subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.UtcNow;

            subjectConfirmation.SubjectConfirmationData.NotBefore = DateTime.UtcNow.Subtract(new TimeSpan(5, 0, 0, 0));
            TestAssertion(saml20Assertion, "The DK-SAML 2.0 Profile disallows the use of the \"NotBefore\" attribute of the \"SubjectConfirmationData\" element.");

            subjectConfirmation.SubjectConfirmationData.NotBefore = null;

            string originalRecipient = subjectConfirmation.SubjectConfirmationData.Recipient;

            subjectConfirmation.SubjectConfirmationData.Recipient = null;
            TestAssertion(saml20Assertion, "The DK-SAML 2.0 Profile requires that the \"SubjectConfirmationData\" element contains the \"Recipient\" attribute.");
            subjectConfirmation.SubjectConfirmationData.Recipient = originalRecipient;

            saml20Assertion.Subject = null;
            TestAssertion(saml20Assertion, "AuthnStatement, AuthzDecisionStatement and AttributeStatement require a subject.");
        }
        public void AttributeStatement_Invalid_Statementtype()
        {
            Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();
            AuthzDecisionStatement authzDecisionStatement = new AuthzDecisionStatement();

            authzDecisionStatement.Decision            = DecisionType.Permit;
            authzDecisionStatement.Resource            = "http://safewhere.net";
            authzDecisionStatement.Action              = new dk.nita.saml20.Schema.Core.Action[] { new dk.nita.saml20.Schema.Core.Action() };
            authzDecisionStatement.Action[0].Namespace = "http://actionns.com";
            authzDecisionStatement.Action[0].Value     = "value";

            List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items);

            statements.Add(authzDecisionStatement);

            saml20Assertion.Items = statements.ToArray();

            new Saml20Assertion(AssertionUtil.ConvertAssertion(saml20Assertion).DocumentElement, null, false);
        }
        public void Issuer_Element_QuirksMode()
        {
            Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();

            Assert.IsNotNull(saml20Assertion.Issuer);

            saml20Assertion.Issuer        = new NameID();
            saml20Assertion.Issuer.Value  = "http://safewhere.net";
            saml20Assertion.Issuer.Format = "http://example.com";

            DKSaml20AssertionValidator quirksModeValidator = new DKSaml20AssertionValidator(AssertionUtil.GetAudiences(), true);

            try
            {
                quirksModeValidator.ValidateAssertion(saml20Assertion);
            }
            catch (Exception e)
            {
                Assert.That(false, "The above validation should not fail in quirksMode: " + e.ToString());
            }
        }
        public void AttributeStatement_Element()
        {
            Predicate <StatementAbstract> findAttributeStatement =
                delegate(StatementAbstract stmnt) { return(stmnt is AttributeStatement); };
            Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();

            AttributeStatement attributeStatement =
                (AttributeStatement)Array.Find(saml20Assertion.Items, findAttributeStatement);

            // Add an encrypted attribute.
            EncryptedElement encAtt = new EncryptedElement();

            encAtt.encryptedData                 = new EncryptedData();
            encAtt.encryptedData.CipherData      = new CipherData();
            encAtt.encryptedData.CipherData.Item = string.Empty;
            encAtt.encryptedKey      = new EncryptedKey[0];
            attributeStatement.Items = new object[] { encAtt };
            TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile does not allow encrypted attributes.");

            // Add an attribute with the wrong nameformat.
//            Attribute att = DKSaml20EmailAttribute.create("*****@*****.**");
//            att.NameFormat = "http://example.com";
//            attributeStatement.Items = new object[] { att };
//            testAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires that an attribute's \"NameFormat\" element is urn:oasis:names:tc:SAML:2.0:attrname-format:uri.");

            // Clear all the attributes.
            attributeStatement.Items = new object[0];
            TestAssertion(saml20Assertion, "AttributeStatement MUST contain at least one Attribute or EncryptedAttribute");

            // Remove it.
            saml20Assertion = AssertionUtil.GetBasicAssertion();
            List <StatementAbstract> statements = new List <StatementAbstract>(saml20Assertion.Items);

            statements.RemoveAll(findAttributeStatement);
            saml20Assertion.Items = statements.ToArray();
            TestAssertion(saml20Assertion, "The DK-SAML 2.0 profile requires exactly one \"AuthnStatement\" element and one \"AttributeStatement\" element.");
        }
예제 #11
0
        /// <summary>
        /// Assembles our basic test assertion
        /// </summary>
        /// <returns></returns>
        public static Assertion GetBasicAssertion()
        {
            Assertion assertion = new Assertion();

            {
                assertion.Issuer = new NameID();
                assertion.ID = "_b8977dc86cda41493fba68b32ae9291d";
                assertion.IssueInstant = DateTime.UtcNow;

                assertion.Version = "2.0";
                assertion.Issuer.Value = GetBasicIssuer();
            }

            {
                assertion.Subject = new Subject();
                SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
                subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
                subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
                subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
                subjectConfirmation.SubjectConfirmationData.Recipient = "http://borger.dk";
                assertion.Subject.Items = new object[] { subjectConfirmation };
            }

            {
                assertion.Conditions = new Conditions();
                assertion.Conditions.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
                AudienceRestriction audienceRestriction = new AudienceRestriction();
                audienceRestriction.Audience = GetAudiences();
                assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
            }

            AuthnStatement authnStatement;

            {
                authnStatement = new AuthnStatement();
                assertion.Items = new StatementAbstract[] { authnStatement };
                authnStatement.AuthnInstant = new DateTime(2008, 1, 8);
                authnStatement.SessionIndex = "70225885";
                authnStatement.AuthnContext = new AuthnContext();
                authnStatement.AuthnContext.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" };
                authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef, ItemsChoiceType5.AuthnContextDeclRef};
            }

            AttributeStatement attributeStatement;
            {
                attributeStatement = new AttributeStatement();
                SamlAttribute surName = new SamlAttribute();
                surName.FriendlyName = "SurName";
                surName.Name = "urn:oid:2.5.4.4";
                surName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
                surName.AttributeValue = new string[] { "Fry" };

                SamlAttribute commonName = new SamlAttribute();
                commonName.FriendlyName = "CommonName";
                commonName.Name = "urn:oid:2.5.4.3";
                commonName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
                commonName.AttributeValue = new string[] { "Philip J. Fry" };

                SamlAttribute userName = new SamlAttribute();
                userName.Name = "urn:oid:0.9.2342.19200300.100.1.1";
                userName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
                userName.AttributeValue = new string[] { "fry" };

                SamlAttribute eMail = new SamlAttribute();
                eMail.FriendlyName = "Email";
                eMail.Name = "urn:oid:0.9.2342.19200300.100.1.3";
                eMail.NameFormat = SamlAttribute.NAMEFORMAT_URI;
                eMail.AttributeValue = new string[] { "*****@*****.**" };

                attributeStatement.Items = new object[] { surName, commonName, userName, eMail };
            }

            assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };

            return assertion;
        }
예제 #12
0
 private static void CreateSaml20Token(Assertion saml20Assertion)
 {
     XmlDocument doc = AssertionUtil.ConvertAssertion(saml20Assertion);
     new Saml20Assertion(doc.DocumentElement, null, false);
 }
 private void TestAssertion(Assertion saml20Assertion, string exceptionMsg)
 {
     try
     {
         _validator.ValidateAssertion(saml20Assertion);
         if (!string.IsNullOrEmpty(exceptionMsg))
             Assert.Fail("A validation exception should have been thrown.");
     }
     catch (Saml20FormatException e)
     {
         Console.WriteLine('"' + e.Message.Replace("\"", "\\\"") + '"');
         Assert.AreEqual(exceptionMsg, e.Message);
     }
 }
예제 #14
0
        /// <summary>
        /// Assembles our basic test assertion
        /// </summary>
        /// <returns></returns>
        public static Assertion GetBasicAssertion()
        {
            Assertion assertion = new Assertion();

            {
                assertion.Issuer       = new NameID();
                assertion.ID           = "_b8977dc86cda41493fba68b32ae9291d";
                assertion.IssueInstant = DateTime.UtcNow;

                assertion.Version      = "2.0";
                assertion.Issuer.Value = GetBasicIssuer();
            }

            {
                assertion.Subject = new Subject();
                SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
                subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
                subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
                subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.UtcNow.AddMinutes(1);
                subjectConfirmation.SubjectConfirmationData.Recipient    = "http://borger.dk";
                assertion.Subject.Items = new object[] { subjectConfirmation };
            }

            {
                assertion.Conditions = new Conditions();
                assertion.Conditions.NotOnOrAfter = DateTime.UtcNow.AddMinutes(1);
                AudienceRestriction audienceRestriction = new AudienceRestriction();
                audienceRestriction.Audience = GetAudiences();
                assertion.Conditions.Items   = new List <ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
            }

            AuthnStatement authnStatement;

            {
                authnStatement                               = new AuthnStatement();
                assertion.Items                              = new StatementAbstract[] { authnStatement };
                authnStatement.AuthnInstant                  = new DateTime(2008, 1, 8);
                authnStatement.SessionIndex                  = "70225885";
                authnStatement.AuthnContext                  = new AuthnContext();
                authnStatement.AuthnContext.Items            = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" };
                authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef, ItemsChoiceType5.AuthnContextDeclRef };
            }

            AttributeStatement attributeStatement;

            {
                attributeStatement = new AttributeStatement();
                SamlAttribute surName = new SamlAttribute();
                surName.FriendlyName   = "SurName";
                surName.Name           = "urn:oid:2.5.4.4";
                surName.NameFormat     = SamlAttribute.NAMEFORMAT_URI;
                surName.AttributeValue = new string[] { "Fry" };

                SamlAttribute commonName = new SamlAttribute();
                commonName.FriendlyName   = "CommonName";
                commonName.Name           = "urn:oid:2.5.4.3";
                commonName.NameFormat     = SamlAttribute.NAMEFORMAT_URI;
                commonName.AttributeValue = new string[] { "Philip J. Fry" };

                SamlAttribute userName = new SamlAttribute();
                userName.Name           = "urn:oid:0.9.2342.19200300.100.1.1";
                userName.NameFormat     = SamlAttribute.NAMEFORMAT_URI;
                userName.AttributeValue = new string[] { "fry" };

                SamlAttribute eMail = new SamlAttribute();
                eMail.FriendlyName   = "Email";
                eMail.Name           = "urn:oid:0.9.2342.19200300.100.1.3";
                eMail.NameFormat     = SamlAttribute.NAMEFORMAT_URI;
                eMail.AttributeValue = new string[] { "*****@*****.**" };

                attributeStatement.Items = new object[] { surName, commonName, userName, eMail };
            }

            assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };

            return(assertion);
        }