public void TestSignAndValidateNotTrusted()
{
GenericCredentialVault vault = new GenericCredentialVault();
//Add test certificate to vault
X509Certificate2 newCert = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\FOCES_gyldig.p12", "Test1234");
var cert2 = new X509Certificate2(AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "\\Resources\\oces2\\PP\\VOCES_gyldig.p12", "Test1234");
cert2.FriendlyName = vault.ALIAS_SYSTEM;
vault.AddTrustedCertificate(cert2);
var ass = AssertionMaker.MakeAssertionForSTS(newCert);
var signedAss = SealUtilities.SignAssertion(ass, newCert);
var signedXml = Serialize(signedAss);
try
{
SignatureUtil.Validate(signedXml.Root, null, vault, true, true);
}
catch (Exception e)
{
//Assert.IsInstanceOfType(e, typeof(ModelException));
}
}
public void TestDirectCall()
{
//Test mod lokal FMK service med lokal genereret SOSI kort
var client = new proxy.MedicineCardPortTypeClient("localFMK");
var ass = SealUtilities.SignAssertion(AssertionMaker.MakeAssertion(), Global.MocesCprGyldig);
client.GetMedicineCard_20120101(MakeSecurity(ass), MakeHeader());
}
public void TestAssertionSign()
{
var ass = SealUtilities.SignAssertion(AssertionMaker.MakeAssertion(), Global.MocesCprGyldig);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(ass));
var sec = MakeSecurity(AssertionMaker.MakeAssertion());
sec = SealUtilities.SignAssertion(sec, Global.MocesCprGyldig);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(sec));
}
private bool SignAndValidate(X509Certificate2 cert, bool checkTrust, bool checkRevoked)
{
GenericCredentialVault vault = new GenericCredentialVault();
cert.FriendlyName = vault.ALIAS_SYSTEM;
vault.AddTrustedCertificate(cert);
var ass = AssertionMaker.MakeAssertionForSTS(cert);
var signedAss = SealUtilities.SignAssertion(ass, cert);
var signedXml = Serialize(signedAss);
return(SignatureUtil.Validate(signedXml.Root, null, vault, checkTrust, checkRevoked));
}
public void TestAssertionSign_new()
{
var factory = CreateSOSIFactory(Global.MocesCprGyldig);
var uid = CreateMocesUserIdCard(factory);
var ass = uid.Sign <dk.nsi.fmk.Assertion>(factory.SignatureProvider);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(ass));
var uid2 = CreateMocesUserIdCard(factory);
var sec = MakeSecurity(uid2.GetAssertion <dk.nsi.fmk.Assertion>());
sec = SealUtilities.SignAssertion(sec, Global.MocesCprGyldig);
Assert.IsTrue(SealUtilities.CheckAssertionSignature(sec));
}
public XElement Sign(Assertion ass)
{
ass = SealUtilities.SignAssertion(ass, Vault.GetSystemCredentials());
return(SerializerUtil.Serialize(ass).Root);
}
public static Assertion MakeAssertionForSTS(X509Certificate2 certificate)
{
var vnow = DateTimeEx.UtcNowRound - TimeSpan.FromMinutes(5);
var ass = new Assertion
{
IssueInstant = vnow,
id = "IDCard",
Version = 2.0m,
Issuer = "WinPLC",
Conditions = new Conditions
{
NotBefore = vnow,
NotOnOrAfter = vnow + TimeSpan.FromHours(8)
},
Subject = new Subject
{
NameID = new NameID
{
Format = "http://rep.oio.dk/cpr.dk/xml/schemas/core/2005/03/18/CPR_PersonCivilRegistrationIdentifier.xsd",
Value = "2203333571"
},
SubjectConfirmation = new SubjectConfirmation
{
ConfirmationMethod = ConfirmationMethod.urnoasisnamestcSAML20cmholderofkey,
SubjectConfirmationData = new SubjectConfirmationData
{
Item = new KeyInfo
{
Item = "OCESSignature"
}
}
}
},
AttributeStatement = new[]
{
new AttributeStatement
{
id = AttributeStatementID.IDCardData,
Attribute = new[]
{
new Attribute {
Name = SosiAttributes.IDCardID, AttributeValue = Guid.NewGuid().ToString("D")
},
new Attribute {
Name = SosiAttributes.IDCardVersion, AttributeValue = "1.0.1"
},
new Attribute {
Name = SosiAttributes.IDCardType, AttributeValue = "user"
},
new Attribute {
Name = SosiAttributes.AuthenticationLevel, AttributeValue = "4"
}
}
},
new AttributeStatement
{
id = AttributeStatementID.UserLog,
Attribute = new[]
{
new Attribute {
Name = MedComAttributes.UserCivilRegistrationNumber, AttributeValue = "1802602810"
},
new Attribute {
Name = MedComAttributes.UserGivenName, AttributeValue = "Stine"
},
new Attribute {
Name = MedComAttributes.UserSurname, AttributeValue = "Svendsen"
},
new Attribute {
Name = MedComAttributes.UserEmailAddress, AttributeValue = "*****@*****.**"
},
new Attribute {
Name = MedComAttributes.UserRole, AttributeValue = "7170"
},
new Attribute {
Name = MedComAttributes.UserAuthorizationCode, AttributeValue = "ZXCVB"
}
}
},
new AttributeStatement
{
id = AttributeStatementID.SystemLog,
Attribute = new[]
{
new Attribute {
Name = MedComAttributes.ItSystemName, AttributeValue = "Sygdom.dk"
},
new Attribute {
Name = MedComAttributes.CareProviderId, AttributeValue = "30808460", NameFormat = "medcom:cvrnumber"
},
new Attribute {
Name = MedComAttributes.CareProviderName, AttributeValue = "Statens Serum Institut"
}
}
}
}
};
return(certificate == null ? ass : SealUtilities.SignAssertion(ass, certificate));
}
private Assertion MakeAssertionForSts(X509Certificate2 certificate)
{
var vnow = FiveMinutesAgoUtc();
var ass = new Assertion
{
IssueInstant = FiveMinutesAgoUtc(),
id = "IDCard",
Version = 2.0m,
Issuer = _issuer,
Conditions = new Conditions
{
NotBefore = vnow,
NotOnOrAfter = vnow + TimeSpan.FromHours(8)
},
Subject = new Subject
{
NameID = new NameID
{
Format = SubjectIdentifierType.medcomcprnumber,
Value = _userCpr
},
SubjectConfirmation = new SubjectConfirmation
{
ConfirmationMethod = global::dk.nsi.seal.dgwstypes.ConfirmationMethod.urnoasisnamestcSAML20cmholderofkey,
SubjectConfirmationData = new SubjectConfirmationData
{
Item = new KeyInfo
{
Item = "OCESSignature"
}
}
}
},
AttributeStatement = new[]
{
new AttributeStatement
{
id = AttributeStatementID.IDCardData,
Attribute = new[]
{
new Attribute {
Name = AttributeName.sosiIDCardID, AttributeValue = Guid.NewGuid().ToString("D")
},
new Attribute {
Name = AttributeName.sosiIDCardVersion, AttributeValue = "1.0.1"
},
new Attribute {
Name = AttributeName.sosiIDCardType, AttributeValue = "user"
},
new Attribute {
Name = AttributeName.sosiAuthenticationLevel, AttributeValue = "4"
},
new Attribute {
Name = AttributeName.sosiOCESCertHash, AttributeValue = EncodeTo64(certificate)
}
}
},
new AttributeStatement
{
id = AttributeStatementID.UserLog,
Attribute = new[]
{
new Attribute {
Name = AttributeName.medcomUserCivilRegistrationNumber, AttributeValue = _userCpr
},
new Attribute {
Name = AttributeName.medcomUserGivenName, AttributeValue = _userGivenName
},
new Attribute {
Name = AttributeName.medcomUserSurName, AttributeValue = _userSurName
},
new Attribute {
Name = AttributeName.medcomUserEmailAddress, AttributeValue = _userEmail
},
new Attribute {
Name = AttributeName.medcomUserRole, AttributeValue = _userRole
},
new Attribute {
Name = AttributeName.medcomUserAuthorizationCode, AttributeValue = _userAuthCode
}
}
},
new AttributeStatement
{
id = AttributeStatementID.SystemLog,
Attribute = new[]
{
new Attribute {
Name = AttributeName.medcomITSystemName, AttributeValue = _itSystemName
},
new Attribute {
Name = AttributeName.medcomCareProviderID,
AttributeValue = _sosiCareProviderCvr, NameFormatSpecified = true,
NameFormat = SubjectIdentifierType.medcomcvrnumber
},
new Attribute {
Name = AttributeName.medcomCareProviderName, AttributeValue = _sosiCareProviderName
}
}
}
}
};
return(SealUtilities.SignAssertion(ass, certificate));
}
