public void ValidatesProxyRestrictionCount()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var conditions = new List <ConditionAbstract>
                {
                    new ProxyRestriction {
                        Count = "1"
                    }
                };

                conditions.AddRange(assertion.Conditions.Items);
                assertion.Conditions.Items = conditions;

                // Act
                validator.ValidateAssertion(assertion, true);
            }
            public void ThrowsExceptionWhenAuthnStatementSessionNotOnOrAfterInPast()
            {
                // Arrange
                var assertion      = AssertionUtil.GetBasicAssertion();
                var statements     = new List <StatementAbstract>(assertion.Items);
                var authnStatement = new AuthnStatement
                {
                    AuthnInstant        = DateTime.UtcNow,
                    SessionNotOnOrAfter = DateTime.UtcNow.AddHours(-1)
                };

                statements.Add(authnStatement);
                assertion.Items = statements.ToArray();

                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                // Act
                validator.ValidateTimeRestrictions(assertion, new TimeSpan());
            }
            public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var audienceConditions  = new List <ConditionAbstract>(assertion.Conditions.Items);
                var audienceRestriction = new AudienceRestriction
                {
                    Audience = new List <string>(new[] { "http://well/formed.uri" })
                };

                audienceConditions.Add(audienceRestriction);

                assertion.Conditions.Items = audienceConditions;

                // Act
                validator.ValidateAssertion(assertion, true);
            }
            public void ValidatesAudienceRestrictionWithMultipleAudienceRestrictions()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var audienceConditions  = new List <ConditionAbstract>(assertion.Conditions.Items);
                var audienceRestriction = new AudienceRestriction
                {
                    Audience = new List <string>(new[] { "urn:borger.dk:id" })
                };

                audienceConditions.Add(audienceRestriction);

                assertion.Conditions.Items = audienceConditions;

                // Act
                validator.ValidateAssertion(assertion, true);
            }
            public void ThrowsExceptionWhenProxyRestrictionCountIsNegative()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var conditions = new List <ConditionAbstract>
                {
                    new ProxyRestriction {
                        Count = "-1"
                    }
                };

                conditions.AddRange(assertion.Conditions.Items);
                assertion.Conditions.Items = conditions;

                // Act
                Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Count attribute of ProxyRestriction MUST BE a non-negative integer");
            }
            public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var audienceConditions  = new List <ConditionAbstract>(assertion.Conditions.Items);
                var audienceRestriction = new AudienceRestriction
                {
                    Audience = new List <string>(new[] { "http://well/formed.uri" })
                };

                audienceConditions.Add(audienceRestriction);

                assertion.Conditions.Items = audienceConditions;

                // Act
                Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "The service is not configured to meet the given audience restrictions");
            }
            public void ThrowsExceptionWhenProxyRestrictionCountIsNegative()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var conditions = new List <ConditionAbstract>
                {
                    new ProxyRestriction {
                        Count = "-1"
                    }
                };

                conditions.AddRange(assertion.Conditions.Items);
                assertion.Conditions.Items = conditions;

                // Act
                validator.ValidateAssertion(assertion);
            }
Exemplo n.º 8
0
            //ExpectedMessage = "Audience element has value which is not a wellformed absolute uri"
            public void ThrowsExceptionWhenAudienceRestrictionAudienceFormatIsInvalid()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var audienceRestriction = new AudienceRestriction
                {
                    Audience = new List <string>(new[] { "malformed uri" })
                };

                assertion.Conditions.Items = new List <ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });

                // Act
                Assert.Throws(typeof(Saml20FormatException), () =>
                {
                    validator.ValidateAssertion(assertion, true);
                });
            }
            public void ThrowsExceptionWhenConditionsAreInvalid()
            {
                // Arrange
                var validator = new DKSaml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var saml20Assertion = AssertionUtil.GetBasicAssertion();
                var conditions      = new List <ConditionAbstract>(saml20Assertion.Conditions.Items);

                var index = conditions.FindIndex(cond => cond is AudienceRestriction);

                conditions.RemoveAt(index);

                // Add another condition to avoid an empty list of conditions.
                conditions.Add(new OneTimeUse());
                saml20Assertion.Conditions.Items = conditions;

                // Act
                validator.ValidateAssertion(saml20Assertion);
            }
Exemplo n.º 10
0
            public void ValidatesProxyRestrictionAudience()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var conditions = new List <ConditionAbstract>
                {
                    new ProxyRestriction
                    {
                        Audience = new[] { "urn:a.wellformed:uri", "http://another/wellformed/uri" }
                    }
                };

                conditions.AddRange(assertion.Conditions.Items);
                assertion.Conditions.Items = conditions;

                // Act
                validator.ValidateAssertion(assertion);
            }
            public void ThrowsExceptionWhenProxyRestrictionAudienceIsInvalid()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var conditions = new List <ConditionAbstract>
                {
                    new ProxyRestriction
                    {
                        Audience = new[] { "urn:a.wellformed:uri", "http://another/wellformed/uri", "a malformed uri" }
                    }
                };

                conditions.AddRange(assertion.Conditions.Items);
                assertion.Conditions.Items = conditions;

                // Act
                Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "ProxyRestriction Audience MUST BE a wellformed uri");
            }
Exemplo n.º 12
0
            //ExpectedMessage = "Assertion contained more than one condition of type ProxyRestriction"
            public void ThrowsExceptionWhenThereAreMultipleProxyRestriction()
            {
                // Arrange
                var assertion = AssertionUtil.GetBasicAssertion();
                var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false);

                var conditions = new List <ConditionAbstract>
                {
                    new ProxyRestriction(),
                    new ProxyRestriction()
                };

                conditions.AddRange(assertion.Conditions.Items);
                assertion.Conditions.Items = conditions;

                // Act
                Assert.Throws(typeof(Saml20FormatException), () =>
                {
                    validator.ValidateAssertion(assertion, true);
                });
            }