public void Sign(ICredentialVault signingVault)
{
var signer = new SealSignedXml(XAssertion);
var signedXml = signer.SignAssertion(signingVault.GetSystemCredentials(), XAssertion.Attribute(SamlAttributes.Id).Value);
dom = XElement.Parse(signedXml.OuterXml, LoadOptions.PreserveWhitespace);
}
// private Federation getMockFederation()
// {
// return new SOSITestFederation(System.getProperties()) {
// @Override
// public boolean isValidSTSCertificate(X509Certificate certificate)
// {
// return vocesVault.getSystemCredentialPair().getCertificate().equals(certificate);
// }
// };
//}
//private UserInfo BuildUserInfo(OioSamlAssertionToIdCardRequest request)
// {
// var assertion = request.OioSamlAssertion;
// string cpr = "XXXXXXXX"; // Perform lookup based on assertion.getCvrNumberIdentifier() and assertion.getRidNumberIdentifier()
// string givenName;
// string surName;
// if (request.UserGivenName != null && request.UserSurName != null)
// {
// givenName = request.UserGivenName;
// surName = request.UserSurName;
// }
// else
// {
// // The IdP cannot split CommonName and neither should we (assertion.getSurName() returns null)
// givenName =
// assertion.CommonName;
// surName = "-";
// }
// //var email = assertion.GetAttributeValue("urn:oid:0.9.2342.19200300.100.1.3");
// var email = assertion.Email;
// string occupation = null;
// var role = "YYYYY"; // Lookup based on CPR, use request.getUserEducationCode() to pick the right one (or validate)
// var authorizationCode = "ZZZZZ";// Lookup based on CPR, use request.getUserAuthorizationCode() to pick the right one (or validate)
// return new UserInfo(cpr, givenName, surName, email, occupation, role, authorizationCode);
// }
private UserIdCard CreateIdCard()
{
SOSIFactory sosiFactory = new SOSIFactory(null, new CredentialVaultSignatureProvider(mocesVault));
CareProvider careProvider = new CareProvider(SubjectIdentifierType.medcomcvrnumber, "30808460", "Lægehuset på bakken");
UserInfo userInfo = new UserInfo("1111111118", "Hans", "Dampf", "", "", "7170", "341KY");
String alternativeIdentifier = new CertificateInfo(mocesVault.GetSystemCredentials()).ToString();
var userIdCard = sosiFactory.CreateNewUserIdCard("IT-System", userInfo, careProvider, AuthenticationLevel.MocesTrustedUser, null, null, null, alternativeIdentifier);
userIdCard.Sign <Assertion>(sosiFactory.SignatureProvider);
return(userIdCard);
}
public void TestOioSamlToIdCardRequest()
{
var domBuilder = factory.CreateOiosamlAssertionToIdCardRequestDomBuilder();
domBuilder.SigningVault = (vocesVault);
domBuilder.OioSamlAssertion = (ParseOioSamlAssertion());
domBuilder.ItSystemName = ("EMS");
domBuilder.UserAuthorizationCode = ("2345C");
domBuilder.UserEducationCode = ("7170");
domBuilder.UserGivenName = ("Fritz");
domBuilder.UserSurName = ("Müller");
var requestDoc = domBuilder.Build();
var assertionToIdCardRequest = factory.CreateOioSamlAssertionToIdCardRequestModelBuilder().Build(requestDoc);
Assert.AreEqual("EMS", assertionToIdCardRequest.ItSystemName);
Assert.AreEqual("2345C", assertionToIdCardRequest.UserAuthorizationCode);
Assert.AreEqual("7170", assertionToIdCardRequest.UserEducationCode);
Assert.AreEqual("Fritz", assertionToIdCardRequest.UserGivenName);
Assert.AreEqual("Müller", assertionToIdCardRequest.UserSurName);
Assert.AreEqual("http://sosi.dk", assertionToIdCardRequest.AppliesTo);
Assert.AreEqual("http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue", assertionToIdCardRequest.Action);
assertionToIdCardRequest.ValidateSignature();
assertionToIdCardRequest.ValidateSignatureAndTrust(vocesVault);
try
{
assertionToIdCardRequest.ValidateSignatureAndTrust(CredentialVaultTestUtil.GetOCES2CredentialVault());
}
catch (ModelException e)
{
Assert.AreEqual("The certificate that signed the security token is not trusted!", e.Message);
}
Assert.AreEqual(vocesVault.GetSystemCredentials(), assertionToIdCardRequest.GetSigningCertificate());
var assertion = assertionToIdCardRequest.OioSamlAssertion;
Assert.AreEqual("25520041", assertion.CvrNumberIdentifier);
Assert.AreEqual("_5a49e560-5312-4237-8f32-2ed2b58cfcf7", assertion.Id);
//assertion.ValidateSignatureAndTrust(SOSITestUtils.getOldIdPTrustVault());
}
