public void DeserializeUnsignedUserIdCardTest()
{
//Create Factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateMocesUserIdCard(factory);
Assertion assertion = idCard.GetAssertion <Assertion>();
UserIdCard deserializedCard = (UserIdCard)factory.DeserializeIdCard(assertion);
//Assert they are equal
Assert.True(idCard.CreatedDate == deserializedCard.CreatedDate);
Assert.True(idCard.ExpiryDate == deserializedCard.ExpiryDate);
Assert.True(idCard.IsValidInTime == deserializedCard.IsValidInTime);
Assert.True(idCard.UserInfo.Equals(deserializedCard.UserInfo));
Assert.True(idCard.AuthenticationLevel.Equals(deserializedCard.AuthenticationLevel));
Assert.True(idCard.CertHash == deserializedCard.CertHash);
Assert.True(idCard.AlternativeIdentifier == deserializedCard.AlternativeIdentifier);
Assert.True(idCard.IdCardId == deserializedCard.IdCardId);
Assert.True(idCard.Issuer == deserializedCard.Issuer);
Assert.True(idCard.Username == deserializedCard.Username);
Assert.True(idCard.Password == deserializedCard.Password);
Assert.True(idCard.SystemInfo.ItSystemName == deserializedCard.SystemInfo.ItSystemName);
Assert.True(idCard.SystemInfo.CareProvider.Equals(deserializedCard.SystemInfo.CareProvider));
Assert.True(idCard.Version == deserializedCard.Version);
Assert.Throws <ModelBuildException>(delegate { var cert = deserializedCard.SignedByCertificate; });
}
public void DeserializeSignedSystemIdCardTest()
{
//Create Factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard
SystemIdCard idCard = CreateVocesSystemIdCard(factory);
idCard.Sign <Assertion>(factory.SignatureProvider);
Assertion assertion = idCard.GetAssertion <Assertion>();
SystemIdCard deserializedCard = (SystemIdCard)factory.DeserializeIdCard(assertion);
//Assert they are equal
Assert.True(idCard.CreatedDate == deserializedCard.CreatedDate);
Assert.True(idCard.ExpiryDate == deserializedCard.ExpiryDate);
Assert.True(idCard.IsValidInTime == deserializedCard.IsValidInTime);
Assert.True(idCard.AuthenticationLevel.Equals(deserializedCard.AuthenticationLevel));
Assert.True(idCard.CertHash == deserializedCard.CertHash);
Assert.True(idCard.AlternativeIdentifier == deserializedCard.AlternativeIdentifier);
Assert.True(idCard.IdCardId == deserializedCard.IdCardId);
Assert.True(idCard.Issuer == deserializedCard.Issuer);
Assert.True(idCard.Username == deserializedCard.Username);
Assert.True(idCard.Password == deserializedCard.Password);
Assert.True(idCard.SystemInfo.ItSystemName == deserializedCard.SystemInfo.ItSystemName);
Assert.True(idCard.SystemInfo.CareProvider.Equals(deserializedCard.SystemInfo.CareProvider));
Assert.True(idCard.Version == deserializedCard.Version);
Assert.True(idCard.SignedByCertificate.Equals(deserializedCard.SignedByCertificate));
}
public void SimpleChainTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig);
bool validation = factory.Federation.IsValidCertificate(Global.MocesCprGyldig);
Assert.True(validation);
}
public void InvalidChainSosiFederationTest()
{
X509Certificate2 newCert = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\SelfSigned.pfx", "Test1234");
SOSIFactory factory = CreateSOSIFactoryWithSosiFederation(Global.MocesCprGyldig);
Assert.Throws <CryptographicException>(delegate { factory.Federation.IsValidCertificate(newCert); });
}
public void RevokedCertificateTest()
{
X509Certificate2 newCert = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\MOCES_spaerret.p12", "Test1234");
SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig);
bool validation = factory.Federation.IsValidCertificate(newCert);
Assert.False(validation);
}
public void CreateIdCardTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard
SystemIdCard idCard = factory.CreateNewSystemIdCard("ItSystem", new CareProvider(SubjectIdentifierType.medcomitsystemname, "TestSystem", "Trifork"), AuthenticationLevel.UsernamePasswordAuthentication, "user", "test123", null, "alt");
Assert.NotNull(idCard);
}
public void IdCardNullCareProviderTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard with missing UserInfo
Assert.Throws <ModelException>(delegate {
factory.CreateNewSystemIdCard("ItSystem", null, AuthenticationLevel.MocesTrustedUser, null, null, factory.GetCredentialVault().GetSystemCredentials(), "alt");
});
}
public void IdCardNullSystemInfoTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard with missing UserInfo
Assert.Throws <ModelException>(delegate {
factory.CreateNewSystemIdCard("", new CareProvider(SubjectIdentifierType.medcomcvrnumber, "25520041", "TRIFORK SERVICES A/S // CVR:25520041"), AuthenticationLevel.MocesTrustedUser, null, null, factory.GetCredentialVault().GetSystemCredentials(), "alt");
});
}
public void ValidateSignatureTest()
{
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
UserIdCard idCard = CreateMocesUserIdCard(factory);
idCard.Sign <Assertion>(factory.SignatureProvider);
//This throws if you are not connected to VPN
Assert.DoesNotThrow(delegate { idCard.ValidateSignatureAndTrust(factory.GetCredentialVault()); });
}
public void IdCardValidatorTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard with missing UserGivenName
UserIdCard idCard = factory.CreateNewUserIdCard("ItSystem", new UserInfo("12345678", null, "Person", "*****@*****.**", "Tester", "Læge", "12345"), new CareProvider(SubjectIdentifierType.medcomcvrnumber, "25520041", "TRIFORK SERVICES A/S // CVR:25520041"), AuthenticationLevel.MocesTrustedUser, "", "", factory.GetCredentialVault().GetSystemCredentials(), "alt");
//Try to sign the idCard
Assert.Throws <ModelException>(delegate { idCard.Sign <Assertion>(factory.SignatureProvider); });
}
// private Federation getMockFederation()
// {
// return new SOSITestFederation(System.getProperties()) {
// @Override
// public boolean isValidSTSCertificate(X509Certificate certificate)
// {
// return vocesVault.getSystemCredentialPair().getCertificate().equals(certificate);
// }
// };
//}
//private UserInfo BuildUserInfo(OioSamlAssertionToIdCardRequest request)
// {
// var assertion = request.OioSamlAssertion;
// string cpr = "XXXXXXXX"; // Perform lookup based on assertion.getCvrNumberIdentifier() and assertion.getRidNumberIdentifier()
// string givenName;
// string surName;
// if (request.UserGivenName != null && request.UserSurName != null)
// {
// givenName = request.UserGivenName;
// surName = request.UserSurName;
// }
// else
// {
// // The IdP cannot split CommonName and neither should we (assertion.getSurName() returns null)
// givenName =
// assertion.CommonName;
// surName = "-";
// }
// //var email = assertion.GetAttributeValue("urn:oid:0.9.2342.19200300.100.1.3");
// var email = assertion.Email;
// string occupation = null;
// var role = "YYYYY"; // Lookup based on CPR, use request.getUserEducationCode() to pick the right one (or validate)
// var authorizationCode = "ZZZZZ";// Lookup based on CPR, use request.getUserAuthorizationCode() to pick the right one (or validate)
// return new UserInfo(cpr, givenName, surName, email, occupation, role, authorizationCode);
// }
private UserIdCard CreateIdCard()
{
SOSIFactory sosiFactory = new SOSIFactory(null, new CredentialVaultSignatureProvider(mocesVault));
CareProvider careProvider = new CareProvider(SubjectIdentifierType.medcomcvrnumber, "30808460", "Lægehuset på bakken");
UserInfo userInfo = new UserInfo("1111111118", "Hans", "Dampf", "", "", "7170", "341KY");
String alternativeIdentifier = new CertificateInfo(mocesVault.GetSystemCredentials()).ToString();
var userIdCard = sosiFactory.CreateNewUserIdCard("IT-System", userInfo, careProvider, AuthenticationLevel.MocesTrustedUser, null, null, null, alternativeIdentifier);
userIdCard.Sign <Assertion>(sosiFactory.SignatureProvider);
return(userIdCard);
}
public void SelfSignedIdCardTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateIdCardForSTS(factory);
//Sign IdCard
idCard.Sign <Assertion>(factory.SignatureProvider);
//Assert that selfsigned idCard fails
Assert.Throws <ModelException>(delegate { idCard.ValidateSignatureAndTrust(factory.Federation); });
}
public void IdCardSerializeStreamTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateMocesUserIdCard(factory);
//Sign IdCard
Assertion ass = idCard.Sign <Assertion>(factory.SignatureProvider);
var idCardStream = IdCardSerializer.SerializeIdCardToStream <UserIdCard>(idCard);
var newIdCard = IdCardSerializer.DeserializeIdCard <UserIdCard>(idCardStream);
Assertion.Equals(idCard, newIdCard);
}
public void SosiFederationTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactoryWithSosiFederation(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateIdCardForSTS(factory);
//Sign IdCard
idCard.Sign <Assertion>(factory.SignatureProvider);
UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService);
//Assert that STS certificate fails due to mismatch in prefix/cvr
Assert.Throws <ModelException>(delegate { idc.ValidateSignatureAndTrust(factory.Federation); });
}
public void IsTrustedStsCertificateTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateIdCardForSTS(factory);
//Sign IdCard
idCard.Sign <Assertion>(factory.SignatureProvider);
UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService);
//Assert that STS certificate goes through
Assert.DoesNotThrow(delegate { idc.ValidateSignatureAndTrust(factory.Federation); });
}
public void IdCardUserNamePassTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard with username/password
UserIdCard idCard = CreateUserIdCard(factory, "user", "test123");
//Get Assertion
Assertion ass = idCard.GetAssertion <Assertion>();
Assert.True(ass.Subject.SubjectConfirmation.SubjectConfirmationData.Item.GetType() == typeof(UsernameToken));
//Assert assertion was created succesfully
Assert.NotNull(ass);
Assert.NotNull(idCard.Xassertion);
}
public SOSIFactory CreateSOSIFactory(X509Certificate2 cert)
{
GenericCredentialVault vault = new GenericCredentialVault();
//Make sure certStore is cleaned for testing
RemoveAllCerts(vault);
//Add test certificate to vault
X509Certificate2 newCert = cert;
//newCert.FriendlyName = vault.ALIAS_SYSTEM;
vault.AddTrustedCertificate(newCert);
CredentialVaultSignatureProvider sigProvider = new CredentialVaultSignatureProvider(vault);
SOSIFactory factory = new SOSIFactory(null, sigProvider);
return(factory);
}
public void ValidateSignatureNegativeTest()
{
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckDate"))
{
ConfigurationManager.AppSettings["CheckDate"] = "True";
}
//Get invalid certificate
X509Certificate2 newCert = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.SetupInformation.ApplicationBase, "Resources", "oces2", "PP", "MOCES_udloebet.p12"), "Test1234");
SOSIFactory factory = CreateSOSIFactory(newCert);
UserIdCard idCard = CreateMocesUserIdCard(factory);
idCard.Sign <Assertion>(factory.SignatureProvider);
Assert.Throws <ModelException>(delegate { idCard.ValidateSignatureAndTrust(factory.GetCredentialVault()); });
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckDate"))
{
ConfigurationManager.AppSettings["CheckDate"] = "False";
}
}
public void IdCardMocesSignTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateMocesUserIdCard(factory);
//Sign IdCard
Assertion ass = idCard.Sign <Assertion>(factory.SignatureProvider);
Assertion ass2 = idCard.GetAssertion <Assertion>();
//Assert assertion was created succesfully
Assert.NotNull(ass);
Assert.NotNull(idCard.Xassertion);
//Make sure the assertion returned from Sign and Get are the same.
Assert.True(ass.Signature.SignatureValue.ToString() == ass2.Signature.SignatureValue.ToString());
}
public UserIdCard CreateIdCardForSTS(SOSIFactory factory)
{
return(factory.CreateNewUserIdCard("Sygdom.dk", new UserInfo("1802602810", "Stine", "Svendsen", "*****@*****.**", "læge", "7170", "ZXCVB"), new CareProvider(SubjectIdentifierType.medcomcvrnumber, "30808460", "Statens Serum Institut"), AuthenticationLevel.MocesTrustedUser, "", "", Global.MocesCprGyldig, ""));
}
public SystemIdCard CreateVocesSystemIdCard(SOSIFactory factory)
{
return(factory.CreateNewSystemIdCard("ItSystem", new CareProvider(SubjectIdentifierType.medcomcvrnumber, "25520041", "TRIFORK SERVICES A/S // CVR:25520041"), AuthenticationLevel.VocesTrustedSystem, null, null, factory.GetCredentialVault().GetSystemCredentials(), "alt"));
}
public UserIdCard CreateUserIdCard(SOSIFactory factory, string userName, string passWord)
{
return(factory.CreateNewUserIdCard("ItSystem", new UserInfo("12345678", "Test", "Person", "*****@*****.**", "Tester", "Læge", "12345"), new CareProvider(SubjectIdentifierType.medcomcvrnumber, "25520041", "TRIFORK SERVICES A/S // CVR:25520041"), AuthenticationLevel.UsernamePasswordAuthentication, userName, passWord, factory.GetCredentialVault().GetSystemCredentials(), "alt"));
}
public UserIdCard CreateMocesUserIdCard(SOSIFactory factory)
{
return(factory.CreateNewUserIdCard("Sygdom.dk", new UserInfo("2408631478", "Amaja", "Christiansen", "*****@*****.**", "Læge", "5175", "5GXFR"), new CareProvider(SubjectIdentifierType.medcomcvrnumber, "25520041", "TRIFORK SERVICES A/S // CVR:25520041"), AuthenticationLevel.MocesTrustedUser, null, null, Global.MocesCprGyldig, null));
}
