public void DeserializeUnsignedUserIdCardTest()
{
//Create Factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateMocesUserIdCard(factory);
Assertion assertion = idCard.GetAssertion <Assertion>();
UserIdCard deserializedCard = (UserIdCard)factory.DeserializeIdCard(assertion);
//Assert they are equal
Assert.True(idCard.CreatedDate == deserializedCard.CreatedDate);
Assert.True(idCard.ExpiryDate == deserializedCard.ExpiryDate);
Assert.True(idCard.IsValidInTime == deserializedCard.IsValidInTime);
Assert.True(idCard.UserInfo.Equals(deserializedCard.UserInfo));
Assert.True(idCard.AuthenticationLevel.Equals(deserializedCard.AuthenticationLevel));
Assert.True(idCard.CertHash == deserializedCard.CertHash);
Assert.True(idCard.AlternativeIdentifier == deserializedCard.AlternativeIdentifier);
Assert.True(idCard.IdCardId == deserializedCard.IdCardId);
Assert.True(idCard.Issuer == deserializedCard.Issuer);
Assert.True(idCard.Username == deserializedCard.Username);
Assert.True(idCard.Password == deserializedCard.Password);
Assert.True(idCard.SystemInfo.ItSystemName == deserializedCard.SystemInfo.ItSystemName);
Assert.True(idCard.SystemInfo.CareProvider.Equals(deserializedCard.SystemInfo.CareProvider));
Assert.True(idCard.Version == deserializedCard.Version);
Assert.Throws <ModelBuildException>(delegate { var cert = deserializedCard.SignedByCertificate; });
}
public void IdCardNullUserInfoTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard with missing UserInfo
Assert.Throws <ModelException>(delegate {
UserIdCard idCard = factory.CreateNewUserIdCard("ItSystem", null, new CareProvider(SubjectIdentifierType.medcomcvrnumber, "25520041", "TRIFORK SERVICES A/S // CVR:25520041"), AuthenticationLevel.MocesTrustedUser, "", "", factory.GetCredentialVault().GetSystemCredentials(), "alt");
});
}
public void ValidateSignatureTest()
{
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
UserIdCard idCard = CreateMocesUserIdCard(factory);
idCard.Sign <Assertion>(factory.SignatureProvider);
//This throws if you are not connected to VPN
Assert.DoesNotThrow(delegate { idCard.ValidateSignatureAndTrust(factory.GetCredentialVault()); });
}
public void IdCardValidatorTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard with missing UserGivenName
UserIdCard idCard = factory.CreateNewUserIdCard("ItSystem", new UserInfo("12345678", null, "Person", "*****@*****.**", "Tester", "Læge", "12345"), new CareProvider(SubjectIdentifierType.medcomcvrnumber, "25520041", "TRIFORK SERVICES A/S // CVR:25520041"), AuthenticationLevel.MocesTrustedUser, "", "", factory.GetCredentialVault().GetSystemCredentials(), "alt");
//Try to sign the idCard
Assert.Throws <ModelException>(delegate { idCard.Sign <Assertion>(factory.SignatureProvider); });
}
private void AssertOioSamlAssertion(OioSamlAssertion assertion, UserIdCard idCard)
{
Assert.AreEqual("42634739", assertion.RidNumberIdentifier);
Assert.AreEqual("CN=TRUST2408 Systemtest XIX CA, O=TRUST2408, C=DK", assertion.CertificateIssuer);
Assert.IsFalse(assertion.IsYouthCertificate);
Assert.AreEqual("5818C1A6", assertion.CertificateSerial);
Assert.AreEqual("CVR:30808460-RID:42634739", assertion.Uid);
Assert.IsNotNull(assertion.NotOnOrAfter);
Assert.AreEqual("http://sundhed.dk/saml/SAMLAssertionConsumer", assertion.Recipient);
Assert.AreEqual(idCard, assertion.UserIdCard);
assertion.ValidateSignatureAndTrust(vocesVault);
}
public void SelfSignedIdCardTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateIdCardForSTS(factory);
//Sign IdCard
idCard.Sign <Assertion>(factory.SignatureProvider);
//Assert that selfsigned idCard fails
Assert.Throws <ModelException>(delegate { idCard.ValidateSignatureAndTrust(factory.Federation); });
}
public void IsTrustedStsCertificateTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateIdCardForSTS(factory);
//Sign IdCard
idCard.Sign <Assertion>(factory.SignatureProvider);
UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService);
//Assert that STS certificate goes through
Assert.DoesNotThrow(delegate { idc.ValidateSignatureAndTrust(factory.Federation); });
}
public void SosiFederationTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactoryWithSosiFederation(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateIdCardForSTS(factory);
//Sign IdCard
idCard.Sign <Assertion>(factory.SignatureProvider);
UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService);
//Assert that STS certificate fails due to mismatch in prefix/cvr
Assert.Throws <ModelException>(delegate { idc.ValidateSignatureAndTrust(factory.Federation); });
}
public void IdCardSerializeStreamTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateMocesUserIdCard(factory);
//Sign IdCard
Assertion ass = idCard.Sign <Assertion>(factory.SignatureProvider);
var idCardStream = IdCardSerializer.SerializeIdCardToStream <UserIdCard>(idCard);
var newIdCard = IdCardSerializer.DeserializeIdCard <UserIdCard>(idCardStream);
Assertion.Equals(idCard, newIdCard);
}
public void IdCardUserNamePassTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard with username/password
UserIdCard idCard = CreateUserIdCard(factory, "user", "test123");
//Get Assertion
Assertion ass = idCard.GetAssertion <Assertion>();
Assert.True(ass.Subject.SubjectConfirmation.SubjectConfirmationData.Item.GetType() == typeof(UsernameToken));
//Assert assertion was created succesfully
Assert.NotNull(ass);
Assert.NotNull(idCard.Xassertion);
}
private OioSamlAssertion CreateOioSamlAssertion(UserIdCard idCard)
{
var builder = factory.CreateOioSamlAssertionBuilder();
builder.SigningVault = (vocesVault);
builder.Issuer = ("Test STS");
builder.UserIdCard = (idCard);
var now = DateTimeEx.UtcNowRound;
builder.NotBefore = (now);
builder.NotOnOrAfter = now.AddHours(1);
builder.AudienceRestriction = ("http://sundhed.dk");
builder.RecipientUrl = ("http://sundhed.dk/saml/SAMLAssertionConsumer");
builder.DeliveryNotOnOrAfter = now.AddMinutes(5);
builder.IncludeIdCardAsBootstrapToken = true;
return(builder.Build());
}
public void IdCardMocesSignTest()
{
//Create factory
SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig);
//Create IdCard
UserIdCard idCard = CreateMocesUserIdCard(factory);
//Sign IdCard
Assertion ass = idCard.Sign <Assertion>(factory.SignatureProvider);
Assertion ass2 = idCard.GetAssertion <Assertion>();
//Assert assertion was created succesfully
Assert.NotNull(ass);
Assert.NotNull(idCard.Xassertion);
//Make sure the assertion returned from Sign and Get are the same.
Assert.True(ass.Signature.SignatureValue.ToString() == ass2.Signature.SignatureValue.ToString());
}
public void ValidateSignatureNegativeTest()
{
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckDate"))
{
ConfigurationManager.AppSettings["CheckDate"] = "True";
}
//Get invalid certificate
X509Certificate2 newCert = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.SetupInformation.ApplicationBase, "Resources", "oces2", "PP", "MOCES_udloebet.p12"), "Test1234");
SOSIFactory factory = CreateSOSIFactory(newCert);
UserIdCard idCard = CreateMocesUserIdCard(factory);
idCard.Sign <Assertion>(factory.SignatureProvider);
Assert.Throws <ModelException>(delegate { idCard.ValidateSignatureAndTrust(factory.GetCredentialVault()); });
if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckDate"))
{
ConfigurationManager.AppSettings["CheckDate"] = "False";
}
}
private IdCard InternalBuild(XElement idCardElement)
{
IdCard result;
string itSystemName = null,
ocesCertHash = null,
id = null,
version = null,
cpr = null,
givenName = null,
surName = null,
email = null,
occupation = null,
userRole = null,
authorizationCode = null,
careProviderId = null,
careProviderIdType = null,
careProviderName = null,
authLevel = null;
bool hasIdCardData = false, hasSystemLog = false, hasUserLog = false;
string alternativeIdentifier = null;
string username = null;
string password = null;
DateTime createdDate = new DateTime(), expiryDate = new DateTime();
// Check validity interval
var timeConstraints =
idCardElement.Descendants("{" + SamlTags.Conditions.Ns + "}" + SamlTags.Conditions.TagName);
var conditionsAttributes = timeConstraints.Attributes();
try
{
foreach (var attribute in conditionsAttributes)
{
var attributeValue = attribute.Value;
var attributeName = attribute.Name;
if (SamlAttributes.NotOnOrAfter == attributeName)
{
expiryDate = DateTime.Parse(attributeValue);
}
else if (SamlAttributes.NotBefore == attributeName)
{
createdDate = DateTime.Parse(attributeValue);
}
}
}
catch (Exception e)
{
throw new ModelBuildException("SAML:Conditions could not be parsed", e);
}
//Check for an alternative Identifier
var subjectNameIdNode =
idCardElement.Descendants("{" + SamlTags.NameID.Ns + "}" + SamlTags.NameID.TagName).FirstOrDefault();
var nameIdFormatNode = subjectNameIdNode.Attribute((SamlAttributes.Format));
if (nameIdFormatNode.Value.Equals(SubjectIdentifierTypeValues.Other))
{
alternativeIdentifier = subjectNameIdNode.Value;
}
// IDCard attributes
var issuerNode = idCardElement.Descendants("{" + SamlTags.Issuer.Ns + "}" + SamlTags.Issuer.TagName).FirstOrDefault();
var issuer = issuerNode.Value;
var attributeStatementNodeList = idCardElement.Descendants("{" + SamlTags.AttributeStatement.Ns + "}" + SamlTags.AttributeStatement.TagName);
bool?isUserIDCard = null;
foreach (var attributeStatement in attributeStatementNodeList)
{
var map = attributeStatement.Attributes();
foreach (var attribute in map)
{
var attributeValue = attribute.Value;
if (IdValues.SystemLog.Equals(attributeValue))
{
// Iterate saml:Attributes in SystemLog
var samlAttributeNodes =
attributeStatement.Descendants("{" + SamlTags.Attribute.Ns + "}" + SamlTags.Attribute.TagName);
foreach (var samlAttribute in samlAttributeNodes)
{
var attributeName = samlAttribute.Attribute("Name").Value;
var attributeNameValue = GetAttributeNameValue(samlAttribute, attributeName);
if (MedComAttributes.ItSystemName.Equals(attributeName))
{
itSystemName = attributeNameValue;
}
else if (MedComAttributes.CareProviderId.Equals(attributeName))
{
careProviderId = attributeNameValue;
var nameFormatAttribute = samlAttribute.Attribute(SamlAttributes.NameFormat);
if (nameFormatAttribute == null)
{
throw new ModelBuildException(
"DGWS violation: 'medcom:CareProviderID' SAML attribute must contain a 'NameFormat' attribute!");
}
careProviderIdType = nameFormatAttribute.Value;
}
else if (MedComAttributes.CareProviderName.Equals(attributeName))
{
careProviderName = attributeNameValue;
}
}
hasSystemLog = true;
}
else if (IdValues.IdCardData.Equals(attributeValue))
{
// Iterate saml:Attributes in IDCard
var samlAttributeNodes =
attributeStatement.Descendants("{" + SamlTags.Attribute.Ns + "}" + SamlTags.Attribute.TagName);
foreach (var samlAttribute in samlAttributeNodes)
{
var attributeName = samlAttribute.Attribute("Name").Value;
var attributeNameValue = GetAttributeNameValue(samlAttribute, attributeName);
// Cert Hash
if (SosiAttributes.OcesCertHash.Equals(attributeName))
{
ocesCertHash = attributeNameValue;
// CardID
}
else if (SosiAttributes.IDCardID.Equals(attributeName))
{
id = attributeNameValue;
// CardVersion
}
else if (SosiAttributes.IDCardVersion.Equals(attributeName))
{
version = attributeNameValue;
// IDCardType
}
else if (SosiAttributes.IDCardType.Equals(attributeName))
{
if (IdCard.IDCARDTYPE_USER.Equals(attributeNameValue))
{
isUserIDCard = true;
}
else if (IdCard.IDCARDTYPE_SYSTEM.Equals(attributeNameValue))
{
isUserIDCard = false;
}
}
else if (SosiAttributes.AuthenticationLevel.Equals(attributeName))
{
authLevel = attributeNameValue;
}
}
hasIdCardData = true;
}
else if (IdValues.UserLog.Equals(attributeValue))
{
// Iterate saml:Attributes in UserLog
var samlAttributeNodes =
attributeStatement.Descendants("{" + SamlTags.Attribute.Ns + "}" + SamlTags.Attribute.TagName);
foreach (var samlAttribute in samlAttributeNodes)
{
var attributeName = samlAttribute.Attribute("Name").Value;
var attributeNameValue = GetAttributeNameValue(samlAttribute, attributeName);
if (MedComAttributes.UserCivilRegistrationNumber.Equals(attributeName))
{
cpr = attributeNameValue;
}
else if (MedComAttributes.UserGivenName.Equals(attributeName))
{
givenName = attributeNameValue;
}
else if (MedComAttributes.UserSurname.Equals(attributeName))
{
surName = attributeNameValue;
}
else if (MedComAttributes.UserEmailAddress.Equals(attributeName))
{
email = attributeNameValue;
}
else if (MedComAttributes.UserOccupation.Equals(attributeName))
{
occupation = attributeNameValue;
}
else if (MedComAttributes.UserRole.Equals(attributeName))
{
userRole = attributeNameValue;
}
else if (MedComAttributes.UserAuthorizationCode.Equals(attributeName))
{
authorizationCode = attributeNameValue;
}
}
hasUserLog = true;
}
}
}
SubjectIdentifierType careProviderIdEnum;
Enum.TryParse(careProviderIdType.Replace(":", ""), true, out careProviderIdEnum);
CareProvider careProvider = new CareProvider(careProviderIdEnum, careProviderId, careProviderName);
SystemInfo systemInfo = new SystemInfo(careProvider, itSystemName);
// All IDCard types must have a IDCardData element
if (!hasIdCardData)
{
throw new ModelBuildException("IDCardData element missing for IDCard");
}
// All IDCard types must have a SystemLog element
if (!hasSystemLog)
{
throw new ModelBuildException("SystemLog element missing for IDCard");
}
if (isUserIDCard == null)
{
throw new ModelBuildException("ID Card type not found or invalid");
}
else if (isUserIDCard.Value)
{
if (!hasUserLog)
{
throw new ModelBuildException("UserLog element missing for UserIDCard");
}
UserInfo userInfo = new UserInfo(cpr, givenName, surName, email, occupation, userRole, authorizationCode);
result = new UserIdCard(version, idCardElement, id,
AuthenticationLevel.GetEnumeratedValue(int.Parse(authLevel)),
ocesCertHash, issuer, systemInfo, userInfo, createdDate, expiryDate, alternativeIdentifier, username, password);
}
else
{
if (hasUserLog)
{
throw new ModelBuildException("IDCard type is 'system', but also has a UserLog element (??)");
}
result = new SystemIdCard(version, idCardElement, id,
AuthenticationLevel.GetEnumeratedValue(int.Parse(authLevel)),
ocesCertHash, issuer, systemInfo, createdDate, expiryDate, alternativeIdentifier, username, password);
}
return(result);
}
