public void AttributeStatement_Invalid_Statementtype()
{
Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();
AuthzDecisionStatement authzDecisionStatement = new AuthzDecisionStatement();
authzDecisionStatement.Decision = DecisionType.Permit;
authzDecisionStatement.Resource = "http://safewhere.net";
authzDecisionStatement.Action = new Action[] { new Action() };
authzDecisionStatement.Action[0].Namespace = "http://actionns.com";
authzDecisionStatement.Action[0].Value = "value";
List<StatementAbstract> statements = new List<StatementAbstract>(saml20Assertion.Items);
statements.Add(authzDecisionStatement);
saml20Assertion.Items = statements.ToArray();
new Saml20Assertion(AssertionUtil.ConvertAssertion(saml20Assertion).DocumentElement, null, false);
}
public void AuthzDecisionStatement_Valid_Resources()
{
AuthzDecisionStatement statement = new AuthzDecisionStatement();
Saml20StatementValidator validator = new Saml20StatementValidator();
statement.Resource = String.Empty;
Action action = new Action();
action.Namespace = "http://valid/namespace";
statement.Action = new Action[] { action };
validator.ValidateStatement(statement);
statement.Resource = "urn:valid.ok:askjld";
validator.ValidateStatement(statement);
}
public void AuthzDecisionStatement_Invalid_MalformedResource()
{
AuthzDecisionStatement statement = new AuthzDecisionStatement();
Saml20StatementValidator validator = new Saml20StatementValidator();
statement.Resource = "a malformed uri";
validator.ValidateStatement(statement);
}
public void AuthzDecisionStatement_Invalid_Resource()
{
AuthzDecisionStatement statement = new AuthzDecisionStatement();
Saml20StatementValidator validator = new Saml20StatementValidator();
statement.Resource = null;
validator.ValidateStatement(statement);
}
/// <summary>
/// [SAML2.0std] section 2.7.4
/// </summary>
private void ValidateAuthzDecisionStatement(AuthzDecisionStatement statement)
{
// This has type anyURI, and can be empty (special case in the standard), but not null.
if (statement.Resource == null)
throw new Saml20FormatException("Resource attribute of AuthzDecisionStatement is REQUIRED");
// If it is not empty, it MUST BE a valid URI
if (statement.Resource.Length > 0 && !Uri.IsWellFormedUriString(statement.Resource, UriKind.Absolute))
throw new Saml20FormatException("Resource attribute of AuthzDecisionStatement has a value which is not a wellformed absolute uri");
// NOTE: Decision property validation is done implicitly be the deserializer since it is represented by an enumeration
if (statement.Action == null || statement.Action.Length == 0)
throw new Saml20FormatException("At least one Action subelement must be present for an AuthzDecisionStatement element");
foreach (my.Action action in statement.Action)
{
// NOTE: [SAML2.0std] claims that the Namespace is [Optional], but according to the schema definition (and Geneva)
// NOTE: it has use="required"
if (!Saml20Utils.ValidateRequiredString(action.Namespace))
throw new Saml20FormatException("Namespace attribute of Action element must contain at least one non-whitespace character");
if (!Uri.IsWellFormedUriString(action.Namespace, UriKind.Absolute))
throw new Saml20FormatException("Namespace attribute of Action element has a value which is not a wellformed absolute uri");
}
}
