public void DeserializeUnsignedUserIdCardTest() { //Create Factory SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig); //Create IdCard UserIdCard idCard = CreateMocesUserIdCard(factory); Assertion assertion = idCard.GetAssertion <Assertion>(); UserIdCard deserializedCard = (UserIdCard)factory.DeserializeIdCard(assertion); //Assert they are equal Assert.True(idCard.CreatedDate == deserializedCard.CreatedDate); Assert.True(idCard.ExpiryDate == deserializedCard.ExpiryDate); Assert.True(idCard.IsValidInTime == deserializedCard.IsValidInTime); Assert.True(idCard.UserInfo.Equals(deserializedCard.UserInfo)); Assert.True(idCard.AuthenticationLevel.Equals(deserializedCard.AuthenticationLevel)); Assert.True(idCard.CertHash == deserializedCard.CertHash); Assert.True(idCard.AlternativeIdentifier == deserializedCard.AlternativeIdentifier); Assert.True(idCard.IdCardId == deserializedCard.IdCardId); Assert.True(idCard.Issuer == deserializedCard.Issuer); Assert.True(idCard.Username == deserializedCard.Username); Assert.True(idCard.Password == deserializedCard.Password); Assert.True(idCard.SystemInfo.ItSystemName == deserializedCard.SystemInfo.ItSystemName); Assert.True(idCard.SystemInfo.CareProvider.Equals(deserializedCard.SystemInfo.CareProvider)); Assert.True(idCard.Version == deserializedCard.Version); Assert.Throws <ModelBuildException>(delegate { var cert = deserializedCard.SignedByCertificate; }); }
public void IdCardNullUserInfoTest() { //Create factory SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig); //Create IdCard with missing UserInfo Assert.Throws <ModelException>(delegate { UserIdCard idCard = factory.CreateNewUserIdCard("ItSystem", null, new CareProvider(SubjectIdentifierType.medcomcvrnumber, "25520041", "TRIFORK SERVICES A/S // CVR:25520041"), AuthenticationLevel.MocesTrustedUser, "", "", factory.GetCredentialVault().GetSystemCredentials(), "alt"); }); }
public void ValidateSignatureTest() { SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig); UserIdCard idCard = CreateMocesUserIdCard(factory); idCard.Sign <Assertion>(factory.SignatureProvider); //This throws if you are not connected to VPN Assert.DoesNotThrow(delegate { idCard.ValidateSignatureAndTrust(factory.GetCredentialVault()); }); }
public void IdCardValidatorTest() { //Create factory SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig); //Create IdCard with missing UserGivenName UserIdCard idCard = factory.CreateNewUserIdCard("ItSystem", new UserInfo("12345678", null, "Person", "*****@*****.**", "Tester", "Læge", "12345"), new CareProvider(SubjectIdentifierType.medcomcvrnumber, "25520041", "TRIFORK SERVICES A/S // CVR:25520041"), AuthenticationLevel.MocesTrustedUser, "", "", factory.GetCredentialVault().GetSystemCredentials(), "alt"); //Try to sign the idCard Assert.Throws <ModelException>(delegate { idCard.Sign <Assertion>(factory.SignatureProvider); }); }
private void AssertOioSamlAssertion(OioSamlAssertion assertion, UserIdCard idCard) { Assert.AreEqual("42634739", assertion.RidNumberIdentifier); Assert.AreEqual("CN=TRUST2408 Systemtest XIX CA, O=TRUST2408, C=DK", assertion.CertificateIssuer); Assert.IsFalse(assertion.IsYouthCertificate); Assert.AreEqual("5818C1A6", assertion.CertificateSerial); Assert.AreEqual("CVR:30808460-RID:42634739", assertion.Uid); Assert.IsNotNull(assertion.NotOnOrAfter); Assert.AreEqual("http://sundhed.dk/saml/SAMLAssertionConsumer", assertion.Recipient); Assert.AreEqual(idCard, assertion.UserIdCard); assertion.ValidateSignatureAndTrust(vocesVault); }
public void SelfSignedIdCardTest() { //Create factory SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig); //Create IdCard UserIdCard idCard = CreateIdCardForSTS(factory); //Sign IdCard idCard.Sign <Assertion>(factory.SignatureProvider); //Assert that selfsigned idCard fails Assert.Throws <ModelException>(delegate { idCard.ValidateSignatureAndTrust(factory.Federation); }); }
public void IsTrustedStsCertificateTest() { //Create factory SOSIFactory factory = CreateSOSIFactoryWithTestFederation(Global.MocesCprGyldig); //Create IdCard UserIdCard idCard = CreateIdCardForSTS(factory); //Sign IdCard idCard.Sign <Assertion>(factory.SignatureProvider); UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService); //Assert that STS certificate goes through Assert.DoesNotThrow(delegate { idc.ValidateSignatureAndTrust(factory.Federation); }); }
public void SosiFederationTest() { //Create factory SOSIFactory factory = CreateSOSIFactoryWithSosiFederation(Global.MocesCprGyldig); //Create IdCard UserIdCard idCard = CreateIdCardForSTS(factory); //Sign IdCard idCard.Sign <Assertion>(factory.SignatureProvider); UserIdCard idc = (UserIdCard)SealUtilities.SignIn(idCard, "NETS DANID A/S", Settings.Default.SecurityTokenService); //Assert that STS certificate fails due to mismatch in prefix/cvr Assert.Throws <ModelException>(delegate { idc.ValidateSignatureAndTrust(factory.Federation); }); }
public void IdCardSerializeStreamTest() { //Create factory SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig); //Create IdCard UserIdCard idCard = CreateMocesUserIdCard(factory); //Sign IdCard Assertion ass = idCard.Sign <Assertion>(factory.SignatureProvider); var idCardStream = IdCardSerializer.SerializeIdCardToStream <UserIdCard>(idCard); var newIdCard = IdCardSerializer.DeserializeIdCard <UserIdCard>(idCardStream); Assertion.Equals(idCard, newIdCard); }
public void IdCardUserNamePassTest() { //Create factory SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig); //Create IdCard with username/password UserIdCard idCard = CreateUserIdCard(factory, "user", "test123"); //Get Assertion Assertion ass = idCard.GetAssertion <Assertion>(); Assert.True(ass.Subject.SubjectConfirmation.SubjectConfirmationData.Item.GetType() == typeof(UsernameToken)); //Assert assertion was created succesfully Assert.NotNull(ass); Assert.NotNull(idCard.Xassertion); }
private OioSamlAssertion CreateOioSamlAssertion(UserIdCard idCard) { var builder = factory.CreateOioSamlAssertionBuilder(); builder.SigningVault = (vocesVault); builder.Issuer = ("Test STS"); builder.UserIdCard = (idCard); var now = DateTimeEx.UtcNowRound; builder.NotBefore = (now); builder.NotOnOrAfter = now.AddHours(1); builder.AudienceRestriction = ("http://sundhed.dk"); builder.RecipientUrl = ("http://sundhed.dk/saml/SAMLAssertionConsumer"); builder.DeliveryNotOnOrAfter = now.AddMinutes(5); builder.IncludeIdCardAsBootstrapToken = true; return(builder.Build()); }
public void IdCardMocesSignTest() { //Create factory SOSIFactory factory = CreateSOSIFactory(Global.MocesCprGyldig); //Create IdCard UserIdCard idCard = CreateMocesUserIdCard(factory); //Sign IdCard Assertion ass = idCard.Sign <Assertion>(factory.SignatureProvider); Assertion ass2 = idCard.GetAssertion <Assertion>(); //Assert assertion was created succesfully Assert.NotNull(ass); Assert.NotNull(idCard.Xassertion); //Make sure the assertion returned from Sign and Get are the same. Assert.True(ass.Signature.SignatureValue.ToString() == ass2.Signature.SignatureValue.ToString()); }
public void ValidateSignatureNegativeTest() { if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckDate")) { ConfigurationManager.AppSettings["CheckDate"] = "True"; } //Get invalid certificate X509Certificate2 newCert = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.SetupInformation.ApplicationBase, "Resources", "oces2", "PP", "MOCES_udloebet.p12"), "Test1234"); SOSIFactory factory = CreateSOSIFactory(newCert); UserIdCard idCard = CreateMocesUserIdCard(factory); idCard.Sign <Assertion>(factory.SignatureProvider); Assert.Throws <ModelException>(delegate { idCard.ValidateSignatureAndTrust(factory.GetCredentialVault()); }); if (ConfigurationManager.AppSettings.AllKeys.Contains("CheckDate")) { ConfigurationManager.AppSettings["CheckDate"] = "False"; } }
private IdCard InternalBuild(XElement idCardElement) { IdCard result; string itSystemName = null, ocesCertHash = null, id = null, version = null, cpr = null, givenName = null, surName = null, email = null, occupation = null, userRole = null, authorizationCode = null, careProviderId = null, careProviderIdType = null, careProviderName = null, authLevel = null; bool hasIdCardData = false, hasSystemLog = false, hasUserLog = false; string alternativeIdentifier = null; string username = null; string password = null; DateTime createdDate = new DateTime(), expiryDate = new DateTime(); // Check validity interval var timeConstraints = idCardElement.Descendants("{" + SamlTags.Conditions.Ns + "}" + SamlTags.Conditions.TagName); var conditionsAttributes = timeConstraints.Attributes(); try { foreach (var attribute in conditionsAttributes) { var attributeValue = attribute.Value; var attributeName = attribute.Name; if (SamlAttributes.NotOnOrAfter == attributeName) { expiryDate = DateTime.Parse(attributeValue); } else if (SamlAttributes.NotBefore == attributeName) { createdDate = DateTime.Parse(attributeValue); } } } catch (Exception e) { throw new ModelBuildException("SAML:Conditions could not be parsed", e); } //Check for an alternative Identifier var subjectNameIdNode = idCardElement.Descendants("{" + SamlTags.NameID.Ns + "}" + SamlTags.NameID.TagName).FirstOrDefault(); var nameIdFormatNode = subjectNameIdNode.Attribute((SamlAttributes.Format)); if (nameIdFormatNode.Value.Equals(SubjectIdentifierTypeValues.Other)) { alternativeIdentifier = subjectNameIdNode.Value; } // IDCard attributes var issuerNode = idCardElement.Descendants("{" + SamlTags.Issuer.Ns + "}" + SamlTags.Issuer.TagName).FirstOrDefault(); var issuer = issuerNode.Value; var attributeStatementNodeList = idCardElement.Descendants("{" + SamlTags.AttributeStatement.Ns + "}" + SamlTags.AttributeStatement.TagName); bool?isUserIDCard = null; foreach (var attributeStatement in attributeStatementNodeList) { var map = attributeStatement.Attributes(); foreach (var attribute in map) { var attributeValue = attribute.Value; if (IdValues.SystemLog.Equals(attributeValue)) { // Iterate saml:Attributes in SystemLog var samlAttributeNodes = attributeStatement.Descendants("{" + SamlTags.Attribute.Ns + "}" + SamlTags.Attribute.TagName); foreach (var samlAttribute in samlAttributeNodes) { var attributeName = samlAttribute.Attribute("Name").Value; var attributeNameValue = GetAttributeNameValue(samlAttribute, attributeName); if (MedComAttributes.ItSystemName.Equals(attributeName)) { itSystemName = attributeNameValue; } else if (MedComAttributes.CareProviderId.Equals(attributeName)) { careProviderId = attributeNameValue; var nameFormatAttribute = samlAttribute.Attribute(SamlAttributes.NameFormat); if (nameFormatAttribute == null) { throw new ModelBuildException( "DGWS violation: 'medcom:CareProviderID' SAML attribute must contain a 'NameFormat' attribute!"); } careProviderIdType = nameFormatAttribute.Value; } else if (MedComAttributes.CareProviderName.Equals(attributeName)) { careProviderName = attributeNameValue; } } hasSystemLog = true; } else if (IdValues.IdCardData.Equals(attributeValue)) { // Iterate saml:Attributes in IDCard var samlAttributeNodes = attributeStatement.Descendants("{" + SamlTags.Attribute.Ns + "}" + SamlTags.Attribute.TagName); foreach (var samlAttribute in samlAttributeNodes) { var attributeName = samlAttribute.Attribute("Name").Value; var attributeNameValue = GetAttributeNameValue(samlAttribute, attributeName); // Cert Hash if (SosiAttributes.OcesCertHash.Equals(attributeName)) { ocesCertHash = attributeNameValue; // CardID } else if (SosiAttributes.IDCardID.Equals(attributeName)) { id = attributeNameValue; // CardVersion } else if (SosiAttributes.IDCardVersion.Equals(attributeName)) { version = attributeNameValue; // IDCardType } else if (SosiAttributes.IDCardType.Equals(attributeName)) { if (IdCard.IDCARDTYPE_USER.Equals(attributeNameValue)) { isUserIDCard = true; } else if (IdCard.IDCARDTYPE_SYSTEM.Equals(attributeNameValue)) { isUserIDCard = false; } } else if (SosiAttributes.AuthenticationLevel.Equals(attributeName)) { authLevel = attributeNameValue; } } hasIdCardData = true; } else if (IdValues.UserLog.Equals(attributeValue)) { // Iterate saml:Attributes in UserLog var samlAttributeNodes = attributeStatement.Descendants("{" + SamlTags.Attribute.Ns + "}" + SamlTags.Attribute.TagName); foreach (var samlAttribute in samlAttributeNodes) { var attributeName = samlAttribute.Attribute("Name").Value; var attributeNameValue = GetAttributeNameValue(samlAttribute, attributeName); if (MedComAttributes.UserCivilRegistrationNumber.Equals(attributeName)) { cpr = attributeNameValue; } else if (MedComAttributes.UserGivenName.Equals(attributeName)) { givenName = attributeNameValue; } else if (MedComAttributes.UserSurname.Equals(attributeName)) { surName = attributeNameValue; } else if (MedComAttributes.UserEmailAddress.Equals(attributeName)) { email = attributeNameValue; } else if (MedComAttributes.UserOccupation.Equals(attributeName)) { occupation = attributeNameValue; } else if (MedComAttributes.UserRole.Equals(attributeName)) { userRole = attributeNameValue; } else if (MedComAttributes.UserAuthorizationCode.Equals(attributeName)) { authorizationCode = attributeNameValue; } } hasUserLog = true; } } } SubjectIdentifierType careProviderIdEnum; Enum.TryParse(careProviderIdType.Replace(":", ""), true, out careProviderIdEnum); CareProvider careProvider = new CareProvider(careProviderIdEnum, careProviderId, careProviderName); SystemInfo systemInfo = new SystemInfo(careProvider, itSystemName); // All IDCard types must have a IDCardData element if (!hasIdCardData) { throw new ModelBuildException("IDCardData element missing for IDCard"); } // All IDCard types must have a SystemLog element if (!hasSystemLog) { throw new ModelBuildException("SystemLog element missing for IDCard"); } if (isUserIDCard == null) { throw new ModelBuildException("ID Card type not found or invalid"); } else if (isUserIDCard.Value) { if (!hasUserLog) { throw new ModelBuildException("UserLog element missing for UserIDCard"); } UserInfo userInfo = new UserInfo(cpr, givenName, surName, email, occupation, userRole, authorizationCode); result = new UserIdCard(version, idCardElement, id, AuthenticationLevel.GetEnumeratedValue(int.Parse(authLevel)), ocesCertHash, issuer, systemInfo, userInfo, createdDate, expiryDate, alternativeIdentifier, username, password); } else { if (hasUserLog) { throw new ModelBuildException("IDCard type is 'system', but also has a UserLog element (??)"); } result = new SystemIdCard(version, idCardElement, id, AuthenticationLevel.GetEnumeratedValue(int.Parse(authLevel)), ocesCertHash, issuer, systemInfo, createdDate, expiryDate, alternativeIdentifier, username, password); } return(result); }