/// <summary> /// If both conditions.NotBefore and conditions.NotOnOrAfter are specified, NotBefore /// MUST BE less than NotOnOrAfter /// </summary> /// <exception cref="Saml20FormatException">If <param name="conditions"/>.NotBefore is not less than <paramref name="conditions"/>.NotOnOrAfter</exception> private static void ValidateConditionsInterval(Conditions conditions) { // No settings? No restrictions if (conditions.NotBefore == null && conditions.NotOnOrAfter == null) { return; } if (conditions.NotBefore != null && conditions.NotOnOrAfter != null && conditions.NotBefore.Value >= conditions.NotOnOrAfter.Value) { throw new Saml20FormatException(String.Format("NotBefore {0} MUST BE less than NotOnOrAfter {1} on Conditions", Saml20Utils.ToUTCString(conditions.NotBefore.Value), Saml20Utils.ToUTCString(conditions.NotOnOrAfter.Value))); } }
/// <summary> /// [SAML2.0std] section 2.4.1.2 /// </summary> /// <param name="subjectConfirmationData"></param> public void ValidateSubjectConfirmationData(SubjectConfirmationData subjectConfirmationData) { // If present it must be anyUri if (subjectConfirmationData.Recipient != null) { if (!Uri.IsWellFormedUriString(subjectConfirmationData.Recipient, UriKind.Absolute)) { throw new Saml20FormatException("Recipient of SubjectConfirmationData must be a wellformed absolute URI."); } } // NotBefore MUST BE striclty less than NotOnOrAfter if they are both set if (subjectConfirmationData.NotBefore != null && subjectConfirmationData.NotBefore.HasValue && subjectConfirmationData.NotOnOrAfter != null && subjectConfirmationData.NotOnOrAfter.HasValue) { if (!(subjectConfirmationData.NotBefore < subjectConfirmationData.NotOnOrAfter)) { throw new Saml20FormatException(String.Format("NotBefore {0} MUST BE less than NotOnOrAfter {1} on SubjectConfirmationData", Saml20Utils.ToUTCString(subjectConfirmationData.NotBefore.Value), Saml20Utils.ToUTCString(subjectConfirmationData.NotOnOrAfter.Value))); } } // Make sure the extension-attributes are namespace-qualified and do not use reserved namespaces if (subjectConfirmationData.AnyAttr != null) { AnyAttrValidator.ValidateXmlAnyAttributes(subjectConfirmationData.AnyAttr); } // Standards-defined extension type which has stricter rules than it's base type if (subjectConfirmationData is KeyInfoConfirmationData) { KeyInfoValidator.ValidateKeyInfo(subjectConfirmationData); } }