public void ThrowsExceptionWhenTimeRestrictionNotOnOrAfterNow() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Test with NotOnOrAfter that pre-dates now assertion.Conditions.NotBefore = null; assertion.Conditions.NotOnOrAfter = DateTime.UtcNow; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateTimeRestrictions(assertion, new TimeSpan()), "Conditions.NotOnOrAfter must not be in the past"); }
public void ThrowsExceptionWhenTimeRestrictionNotOnOrAfterYesterday() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Test with NotOnOrAfter that pre-dates now assertion.Conditions.NotBefore = null; assertion.Conditions.NotOnOrAfter = DateTime.UtcNow.AddDays(-1); // Act validator.ValidateTimeRestrictions(assertion, new TimeSpan()); }
public void ValidatesTimeRestrictionNotBeforeNow() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Test with NotBefore that pre-dates now assertion.Conditions.NotBefore = DateTime.UtcNow; assertion.Conditions.NotOnOrAfter = null; // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenTimeRestrictionNotBeforeIsInvalid() { // Arrange // Test with NotBefore that post-dates now var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); assertion.Conditions.NotBefore = DateTime.Now.AddDays(1); assertion.Conditions.NotOnOrAfter = null; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateTimeRestrictions(assertion, new TimeSpan()), "Conditions.NotBefore must not be in the future"); }
public void ThrowsExceptionWhenAudienceRestrictionDoesNotMatch() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var allowedAudienceUris = new List <string> { "uri:lalal" }; var validator = new Saml20AssertionValidator(allowedAudienceUris, false); // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenAudienceRestrictionDoesNotMatch() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var allowedAudienceUris = new List <string> { "uri:lalal" }; var validator = new Saml20AssertionValidator(allowedAudienceUris, false); // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "The service is not configured to meet the given audience restrictions"); }
//ExpectedMessage = "Assertion element must have an issuer element." public void ThrowsExceptionWhenIssuerNull() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); assertion.Issuer = null; var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Act Assert.Throws(typeof(Saml20FormatException), () => { validator.ValidateAssertion(assertion, true); }); }
public void ThrowsExceptionWhenAudienceRestrictionAudienceFormatIsInvalid() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "malformed uri" }) }; assertion.Conditions.Items = new List <ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenAudienceRestrictionAudienceFormatIsInvalid() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "malformed uri" }) }; assertion.Conditions.Items = new List <ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Audience element has value which is not a wellformed absolute uri"); }
//ExpectedMessage = "The service is not configured to meet the given audience restrictions" public void ThrowsExceptionWhenAudienceRestrictionDoesNotMatch() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var allowedAudienceUris = new List <Uri> { new Uri("uri:lalal") }; var validator = new Saml20AssertionValidator(allowedAudienceUris, false); // Act Assert.Throws(typeof(Saml20FormatException), () => { validator.ValidateAssertion(assertion, true); }); }
public void ThrowsExceptionWhenThereAreMultipleProxyRestriction() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction(), new ProxyRestriction() }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Assertion contained more than one condition of type ProxyRestriction"); }
public void ThrowsExceptionWhenThereAreMultipleProxyRestriction() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction(), new ProxyRestriction() }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenProxyRestrictionCountIsNegative() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Count = "-1" } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act validator.ValidateAssertion(assertion, true); }
public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceConditions = new List <ConditionAbstract>(assertion.Conditions.Items); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "http://well/formed.uri" }) }; audienceConditions.Add(audienceRestriction); assertion.Conditions.Items = audienceConditions; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "The service is not configured to meet the given audience restrictions"); }
public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceConditions = new List <ConditionAbstract>(assertion.Conditions.Items); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "http://well/formed.uri" }) }; audienceConditions.Add(audienceRestriction); assertion.Conditions.Items = audienceConditions; // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenAuthnStatementSessionNotOnOrAfterInPast() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var statements = new List <StatementAbstract>(assertion.Items); var authnStatement = new AuthnStatement { AuthnInstant = DateTime.UtcNow, SessionNotOnOrAfter = DateTime.UtcNow.AddHours(-1) }; statements.Add(authnStatement); assertion.Items = statements.ToArray(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Act validator.ValidateTimeRestrictions(assertion, new TimeSpan()); }
public void ThrowsExceptionWhenProxyRestrictionCountIsNegative() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Count = "-1" } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "Count attribute of ProxyRestriction MUST BE a non-negative integer"); }
public void ValidatesProxyRestrictionCount() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Count = "1" } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act validator.ValidateAssertion(assertion); }
public void ValidatesAudienceRestrictionWithMultipleAudienceRestrictions() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceConditions = new List <ConditionAbstract>(assertion.Conditions.Items); var audienceRestriction = new AudienceRestriction { Audience = new List <string>(new[] { "urn:borger.dk:id" }) }; audienceConditions.Add(audienceRestriction); assertion.Conditions.Items = audienceConditions; // Act validator.ValidateAssertion(assertion); }
public void ValidatesProxyRestrictionAudience() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Audience = new[] { "urn:a.wellformed:uri", "http://another/wellformed/uri" } } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenProxyRestrictionAudienceIsInvalid() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new ProxyRestriction { Audience = new[] { "urn:a.wellformed:uri", "http://another/wellformed/uri", "a malformed uri" } } }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act Assert.Throws <Saml20FormatException>(() => validator.ValidateAssertion(assertion), "ProxyRestriction Audience MUST BE a wellformed uri"); }
//ExpectedMessage = "Assertion contained more than one condition of type OneTimeUse" public void ThrowsExceptionWhenThereAreMultipleOneTimeUse() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var conditions = new List <ConditionAbstract> { new OneTimeUse(), new OneTimeUse() }; conditions.AddRange(assertion.Conditions.Items); assertion.Conditions.Items = conditions; // Act Assert.Throws(typeof(Saml20FormatException), () => { validator.ValidateAssertion(assertion, true); }); }