public void TestSignAndValidateNotTrusted()
{
GenericCredentialVault vault = new GenericCredentialVault();
//Add test certificate to vault
X509Certificate2 newCert = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\FOCES_gyldig.p12", "Test1234");
var cert2 = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\VOCES_gyldig.p12", "Test1234");
cert2.FriendlyName = vault.ALIAS_SYSTEM;
vault.AddTrustedCertificate(cert2);
var ass = AssertionMaker.MakeAssertionForSTS(newCert);
var signedAss = SealUtilities.SignAssertion(ass, newCert);
var signedXml = Serialize(signedAss);
try
{
SignatureUtil.Validate(signedXml.Root, null, vault, true, true);
}
catch (Exception e)
{
//Assert.IsInstanceOfType(e, typeof(ModelException));
}
}
public void TestDirectCall()
{
//Test mod lokal FMK service med lokal genereret SOSI kort
var client = new proxy.MedicineCardPortTypeClient("localFMK");
var ass = SealUtilities.SignAssertion(AssertionMaker.MakeAssertion(), Global.MocesCprGyldig);
client.GetMedicineCard_20120101(MakeSecurity(ass), MakeHeader());
}
public SealCard GetIdCard()
{
if (!IsIdCardValid(_idCard))
{
var rsc = SealCard.Create(MakeAssertionForSts(_userCertificate));
_idCard = SealUtilities.SignIn(rsc, _issuer, _stsUrl);
}
return(_idCard);
}
public void TestIDcard_Does_not_change_whiteSpace()
{
var localSealCard = SealCard.Create(AssertionMaker.MakeAssertionForSTS(Global.MocesCprGyldig));
var sosiCardSTS = SealUtilities.SignIn(localSealCard, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService);
CallNts(sosiCardSTS);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(localSealCard.Xassertion));
Assert.IsTrue(SealUtilities.CheckAssertionSignature(sosiCardSTS.Xassertion));
}
public void TestAssertionSign()
{
var ass = SealUtilities.SignAssertion(AssertionMaker.MakeAssertion(), Global.MocesCprGyldig);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(ass));
var sec = MakeSecurity(AssertionMaker.MakeAssertion());
sec = SealUtilities.SignAssertion(sec, Global.MocesCprGyldig);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(sec));
}
public void TestSTSogFMKAssertionAsType()
{
//Seal kort oprettes
//FMK kaldes
//Assertion overføres typestærkt
var rsc = SealCard.Create(AssertionMaker.MakeAssertionForSTS(Global.MocesCprGyldig));
var sc = SealUtilities.SignIn(rsc, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService);
var client = new proxy.MedicineCardPortTypeClient("localFMK");
client.GetMedicineCard_20120101(MakeSecurity(sc.GetAssertion <proxy.Assertion>()), MakeHeader());
}
private bool SignAndValidate(X509Certificate2 cert, bool checkTrust, bool checkRevoked)
{
GenericCredentialVault vault = new GenericCredentialVault();
cert.FriendlyName = vault.ALIAS_SYSTEM;
vault.AddTrustedCertificate(cert);
var ass = AssertionMaker.MakeAssertionForSTS(cert);
var signedAss = SealUtilities.SignAssertion(ass, cert);
var signedXml = Serialize(signedAss);
return(SignatureUtil.Validate(signedXml.Root, null, vault, checkTrust, checkRevoked));
}
public static SealCard ExchangeNemLoginAssertionForSosiSTSCard(string userAuthorizationCode, Saml2Assertion nemidAssertion)
{
using (var stsClient = new Saml2SosiStsClient("sts_OIOSaml2Sosi"))
{
//stsClient.ChannelFactory.Credentials.ClientCertificate.Certificate = Global.StatensSerumInstitutFoces;
var healthContextAssertion = SealUtilities.MakeHealthContextAssertion(
"Test Sundhed.dk",
Global.StatensSerumInstitutFoces.SubjectName.Name,
"Sygdom.dk", userAuthorizationCode);
return(stsClient.ExchangeAssertion(nemidAssertion, healthContextAssertion, "http://sosi.dk"));
}
}
public void TestAssertionSign_new()
{
var factory = CreateSOSIFactory(Global.MocesCprGyldig);
var uid = CreateMocesUserIdCard(factory);
var ass = uid.Sign <dk.nsi.fmk.Assertion>(factory.SignatureProvider);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(ass));
var uid2 = CreateMocesUserIdCard(factory);
var sec = MakeSecurity(uid2.GetAssertion <dk.nsi.fmk.Assertion>());
sec = SealUtilities.SignAssertion(sec, Global.MocesCprGyldig);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(sec));
}
public void TestSTSogFMKAssertionAsType_new()
{
//Seal kort oprettes
//FMK kaldes
//Assertion overføres typestærkt
var factory = CreateSOSIFactory(Global.MocesCprGyldig);
var uid = CreateIdCardForSTS(factory);
uid.Sign <Assertion>(factory.SignatureProvider);
var idc = SealUtilities.SignIn(uid, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService);
var client = new proxy.MedicineCardPortTypeClient("localFMK");
client.GetMedicineCard_20120101(MakeSecurity(idc.GetAssertion <proxy.Assertion>()), MakeHeader());
}
/// <summary>
/// Build the final response <code>Document</code>.<br />
/// Before the<code>Document</code> is generated all attributes will be validated.<br />
/// <br />
/// A<code> Document</code> is generated each time this method is called.Calling this method multiple times will therefore return multiple objects.
/// </summary>
/// <returns></returns>
public override XDocument Build()
{
var document = CreateDocument();
SealUtilities.CheckAndSetSamlDsPreFix(document);
NameSpaces.SetMissingNamespaces(document);
if (SigningVault != null)
{
var signer = new SealSignedXml(document);
var signedXml = signer.Sign(SigningVault.GetSystemCredentials());
var xDocument = XDocument.Parse(signedXml.OuterXml, LoadOptions.PreserveWhitespace);
return(xDocument);
}
return(document);
}
public void SosiFederationTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactoryWithSosiFederation(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateIdCardForSTS(factory);
//Sign IdCard
idCard.Sign <Assertion>(factory.SignatureProvider);
UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService);
//Assert that STS certificate fails due to mismatch in prefix/cvr
Assert.Throws <ModelException>(delegate { idc.ValidateSignatureAndTrust(factory.Federation); });
}
public void IsTrustedStsCertificateTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateIdCardForSTS(factory);
//Sign IdCard
idCard.Sign <Assertion>(factory.SignatureProvider);
UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService);
//Assert that STS certificate goes through
Assert.DoesNotThrow(delegate { idc.ValidateSignatureAndTrust(factory.Federation); });
}
public void TestSTSogFMKAssertionAsXml()
{
//Seal kort oprettes
//FMK kaldes
//Assertion overføres via SealCard som XML
var rsc = SealCard.Create(AssertionMaker.MakeAssertionForSTS(Global.MocesCprGyldig));
var sc = SealUtilities.SignIn(rsc, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService);
var client = new proxy.MedicineCardPortTypeClient("localFMK");
using (var scope = new OperationContextScope(client.InnerChannel))
{
OperationContext.Current.OutgoingMessageHeaders.Add(new SealCardMessageHeader(sc));
client.GetMedicineCard_20120101(null, MakeHeader());
}
}
public void UserWithSeveralAuthorization()
{
const string keystorePath = "Sonja_Bach_Laege.p12";
const string userCpr = "0309691444";
const string userGivenName = "Sonja";
const string userSurName = "Bach";
const string userEmail = "*****@*****.**";
const string userRole = "7170";
const string userAuthorizationCode = "NS363";
var idCard = TestNemId2SealAssertion(keystorePath, userCpr, userGivenName, userSurName, userEmail, userRole, userAuthorizationCode);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(idCard.Xassertion));
//assertNotNull("No user information found", idCard.getUserInfo());
//assertEquals("Incorrect authorization code", "NS363", idCard.getUserInfo().getAuthorizationCode());
//assertEquals("Incorrect education code", "7170", idCard.getUserInfo().getRole());
}
public void UserWithOneSpecificAuthorization()
{
const string keystorePath = "Karl_Hoffmann_Svendsen_Laege.p12";
const string userCpr = "0102732379";
const string userGivenName = "Karl Hoffmann";
const string userSurName = "Svendsen";
const string userEmail = "*****@*****.**";
const string userRole = "7170";
const string userAuthorizationCode = "NS362";
var idCard = TestNemId2SealAssertion(keystorePath, userCpr, userGivenName, userSurName, userEmail, userRole, userAuthorizationCode);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(idCard.Xassertion));
Assert.IsNotNull(idCard.Id, "No user information found");
//assertEquals("Incorrect authorization code", "NS362", idCard.getUserInfo().getAuthorizationCode());
//assertEquals("Incorrect education code", "7170", idCard.getUserInfo().getRole());
}
public void UserWithOneAuthorization()
{
const string keystorePath = "Karl_Hoffmann_Svendsen_Laege.p12";
const string userCpr = "0102732379";
const string userGivenName = "Karl Hoffmann";
const string userSurName = "Svendsen";
const string userEmail = "*****@*****.**";
const string userRole = "IGNORED"; // Must not be an empty string or null, but all values that are not four digits are ignored by STS
const string userAuthorizationCode = null;
var idCard = TestNemId2SealAssertion(keystorePath, userCpr, userGivenName, userSurName, userEmail, userRole, userAuthorizationCode);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(idCard.Xassertion));
//assertNotNull("No user information found", idCard.getUserInfo());
//assertEquals("Incorrect authorization code", "NS362", idCard.getUserInfo().getAuthorizationCode());
//assertEquals("Incorrect education code", "7170", idCard.getUserInfo().getRole());
}
public void UserWithNoAuthorization()
{
const string keystorePath = "Brian_Moeller_Laege.p12";
const string userCpr = "1103811325";
const string userGivenName = "Brian";
const string userSurName = "Møller";
const string userEmail = "*****@*****.**";
const string userRole = "IGNORED"; // Must not be an empty string or null, but all values that are not four digits are ignored by STS
const string userAuthorizationCode = null;
var idCard = TestNemId2SealAssertion(keystorePath, userCpr, userGivenName, userSurName, userEmail, userRole, userAuthorizationCode);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(idCard.Xassertion));
//assertNotNull("No user information found", idCard.getUserInfo());
//assertNull("No authorization code was expected", idCard.getUserInfo().getAuthorizationCode());
//assertEquals("No education code was expected", "IGNORED", idCard.getUserInfo().getRole());
}
public void TestSTSogFMKAssertionAsXml_new()
{
//Seal kort oprettes
//FMK kaldes
//Assertion overføres via SealCard som XML
var factory = CreateSOSIFactory(Global.MocesCprGyldig);
var uid = CreateIdCardForSTS(factory);
uid.Sign <Assertion>(factory.SignatureProvider);
var idc = SealUtilities.SignIn(uid, "http://www.ribeamt.dk/EPJ", Settings.Default.SecurityTokenService);
var client = new proxy.MedicineCardPortTypeClient("localFMK");
using (var scope = new OperationContextScope(client.InnerChannel))
{
OperationContext.Current.OutgoingMessageHeaders.Add(new IdCardMessageHeader(idc));
client.GetMedicineCard_20120101(null, MakeHeader());
}
}
public void TestIDcard_Does_not_change_whiteSpace_Saml2SosiStsClient()
{
var nemidAssertion = NemIdAssertionBuilder.MakeNemIdAssertion(
_userCertificate,
Global.StatensSerumInstitutFoces,
"0309691444",
"Sonja",
"Bach",
"*****@*****.**",
"7170",
"3",
"46837428",
"Statens Serum Institut",
"NS363");
var sealCard = ExchangeNemLoginAssertionForSosiSTSCard("NS363", nemidAssertion, _userCertificate);
CallNts(sealCard);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(sealCard.Xassertion));
}
public MedicineCardResponse GetMedicineCard(MedicineCardRequest request)
{
var okass = SealUtilities.CheckAssertionSignatureNSCheck(request.Security);
var err = SealUtilities.ValidateSecurity(request.Security);
if (err != null)
{
throw err;
}
return(new MedicineCardResponse
{
MedicineCardResponseStructure = new MedicineCardResponseType
{
MedicineCardOverviewStructure = new[]
{
new MedicineCardOverviewStructureType()
}
}
});
}
public MedicineCardResponse_20120101 GetMedicineCard_20120101(MedicineCardRequest_20110101 request)
{
var dc = OperationContext.Current.IncomingMessageHeaders.FindHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
var hd = OperationContext.Current.IncomingMessageHeaders[dc];
var okass = SealUtilities.CheckAssertionSignatureNSCheck(request.Security);
if (!okass)
{
throw new InvalidOperationException("signature does not checkout");
}
return(new MedicineCardResponse_20120101
{
MedicineCardResponseStructure = new MedicineCardResponseType2
{
MedicineCardOverviewStructure = new[]
{
new MedicineCardOverviewStructureType2()
}
}
});
}
private Assertion MakeAssertionForSts(X509Certificate2 certificate)
{
var vnow = FiveMinutesAgoUtc();
var ass = new Assertion
{
IssueInstant = FiveMinutesAgoUtc(),
id = "IDCard",
Version = 2.0m,
Issuer = _issuer,
Conditions = new Conditions
{
NotBefore = vnow,
NotOnOrAfter = vnow + TimeSpan.FromHours(8)
},
Subject = new Subject
{
NameID = new NameID
{
Format = SubjectIdentifierType.medcomcprnumber,
Value = _userCpr
},
SubjectConfirmation = new SubjectConfirmation
{
ConfirmationMethod = global::dk.nsi.seal.dgwstypes.ConfirmationMethod.urnoasisnamestcSAML20cmholderofkey,
SubjectConfirmationData = new SubjectConfirmationData
{
Item = new KeyInfo
{
Item = "OCESSignature"
}
}
}
},
AttributeStatement = new[]
{
new AttributeStatement
{
id = AttributeStatementID.IDCardData,
Attribute = new[]
{
new Attribute {
Name = AttributeName.sosiIDCardID, AttributeValue = Guid.NewGuid().ToString("D")
},
new Attribute {
Name = AttributeName.sosiIDCardVersion, AttributeValue = "1.0.1"
},
new Attribute {
Name = AttributeName.sosiIDCardType, AttributeValue = "user"
},
new Attribute {
Name = AttributeName.sosiAuthenticationLevel, AttributeValue = "4"
},
new Attribute {
Name = AttributeName.sosiOCESCertHash, AttributeValue = EncodeTo64(certificate)
}
}
},
new AttributeStatement
{
id = AttributeStatementID.UserLog,
Attribute = new[]
{
new Attribute {
Name = AttributeName.medcomUserCivilRegistrationNumber, AttributeValue = _userCpr
},
new Attribute {
Name = AttributeName.medcomUserGivenName, AttributeValue = _userGivenName
},
new Attribute {
Name = AttributeName.medcomUserSurName, AttributeValue = _userSurName
},
new Attribute {
Name = AttributeName.medcomUserEmailAddress, AttributeValue = _userEmail
},
new Attribute {
Name = AttributeName.medcomUserRole, AttributeValue = _userRole
},
new Attribute {
Name = AttributeName.medcomUserAuthorizationCode, AttributeValue = _userAuthCode
}
}
},
new AttributeStatement
{
id = AttributeStatementID.SystemLog,
Attribute = new[]
{
new Attribute {
Name = AttributeName.medcomITSystemName, AttributeValue = _itSystemName
},
new Attribute {
Name = AttributeName.medcomCareProviderID,
AttributeValue = _sosiCareProviderCvr, NameFormatSpecified = true,
NameFormat = SubjectIdentifierType.medcomcvrnumber
},
new Attribute {
Name = AttributeName.medcomCareProviderName, AttributeValue = _sosiCareProviderName
}
}
}
}
};
return(SealUtilities.SignAssertion(ass, certificate));
}
public XElement Sign(Assertion ass)
{
ass = SealUtilities.SignAssertion(ass, Vault.GetSystemCredentials());
return(SerializerUtil.Serialize(ass).Root);
}
public static Assertion MakeAssertionForSTS(X509Certificate2 certificate)
{
var vnow = DateTimeEx.UtcNowRound - TimeSpan.FromMinutes(5);
var ass = new Assertion
{
IssueInstant = vnow,
id = "IDCard",
Version = 2.0m,
Issuer = "WinPLC",
Conditions = new Conditions
{
NotBefore = vnow,
NotOnOrAfter = vnow + TimeSpan.FromHours(8)
},
Subject = new Subject
{
NameID = new NameID
{
Format = "http://rep.oio.dk/cpr.dk/xml/schemas/core/2005/03/18/CPR_PersonCivilRegistrationIdentifier.xsd",
Value = "2203333571"
},
SubjectConfirmation = new SubjectConfirmation
{
ConfirmationMethod = ConfirmationMethod.urnoasisnamestcSAML20cmholderofkey,
SubjectConfirmationData = new SubjectConfirmationData
{
Item = new KeyInfo
{
Item = "OCESSignature"
}
}
}
},
AttributeStatement = new[]
{
new AttributeStatement
{
id = AttributeStatementID.IDCardData,
Attribute = new[]
{
new Attribute {
Name = SosiAttributes.IDCardID, AttributeValue = Guid.NewGuid().ToString("D")
},
new Attribute {
Name = SosiAttributes.IDCardVersion, AttributeValue = "1.0.1"
},
new Attribute {
Name = SosiAttributes.IDCardType, AttributeValue = "user"
},
new Attribute {
Name = SosiAttributes.AuthenticationLevel, AttributeValue = "4"
}
}
},
new AttributeStatement
{
id = AttributeStatementID.UserLog,
Attribute = new[]
{
new Attribute {
Name = MedComAttributes.UserCivilRegistrationNumber, AttributeValue = "1802602810"
},
new Attribute {
Name = MedComAttributes.UserGivenName, AttributeValue = "Stine"
},
new Attribute {
Name = MedComAttributes.UserSurname, AttributeValue = "Svendsen"
},
new Attribute {
Name = MedComAttributes.UserEmailAddress, AttributeValue = "*****@*****.**"
},
new Attribute {
Name = MedComAttributes.UserRole, AttributeValue = "7170"
},
new Attribute {
Name = MedComAttributes.UserAuthorizationCode, AttributeValue = "ZXCVB"
}
}
},
new AttributeStatement
{
id = AttributeStatementID.SystemLog,
Attribute = new[]
{
new Attribute {
Name = MedComAttributes.ItSystemName, AttributeValue = "Sygdom.dk"
},
new Attribute {
Name = MedComAttributes.CareProviderId, AttributeValue = "30808460", NameFormat = "medcom:cvrnumber"
},
new Attribute {
Name = MedComAttributes.CareProviderName, AttributeValue = "Statens Serum Institut"
}
}
}
}
};
return(certificate == null ? ass : SealUtilities.SignAssertion(ass, certificate));
}
