private void ValidateToken()
{
// parameter validation
SamlSecurityTokenHandler tokenHandler = new SamlSecurityTokenHandler();
ExpectedException expectedException = ExpectedException.ArgumentNullException(substringExpected: "name: securityToken");
TestUtilities.ValidateToken(securityToken: null, validationParameters: new TokenValidationParameters(), tokenValidator: tokenHandler, expectedException: expectedException);
expectedException = ExpectedException.ArgumentNullException(substringExpected: "name: validationParameters");
TestUtilities.ValidateToken(securityToken: "s", validationParameters: null, tokenValidator: tokenHandler, expectedException: expectedException);
expectedException = ExpectedException.ArgumentException(substringExpected: "IDX10209");
tokenHandler.MaximumTokenSizeInBytes = 1;
TestUtilities.ValidateToken(securityToken: "ss", validationParameters: new TokenValidationParameters(), tokenValidator: tokenHandler, expectedException: expectedException);
tokenHandler.MaximumTokenSizeInBytes = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
string samlToken = IdentityUtilities.CreateSamlToken();
ValidateAudience();
SecurityTokenDescriptor tokenDescriptor =
new SecurityTokenDescriptor
{
AppliesToAddress = IdentityUtilities.DefaultAudience,
Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(1)),
SigningCredentials = KeyingMaterial.DefaultAsymmetricSigningCreds_2048_RsaSha2_Sha2,
Subject = IdentityUtilities.DefaultClaimsIdentity,
TokenIssuerName = IdentityUtilities.DefaultIssuer,
};
samlToken = IdentityUtilities.CreateSamlToken(tokenDescriptor);
TokenValidationParameters validationParameters =
new TokenValidationParameters
{
IssuerSigningToken = KeyingMaterial.DefaultAsymmetricX509Token_2048,
ValidAudience = IdentityUtilities.DefaultAudience,
ValidIssuer = IdentityUtilities.DefaultIssuer,
};
TestUtilities.ValidateTokenReplay(samlToken, tokenHandler, validationParameters);
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
validationParameters.LifetimeValidator =
(nb, exp, st, tvp) =>
{
return(false);
};
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, new ExpectedException(typeExpected: typeof(SecurityTokenInvalidLifetimeException), substringExpected: "IDX10230:"));
validationParameters.ValidateLifetime = false;
validationParameters.LifetimeValidator = IdentityUtilities.LifetimeValidatorThrows;
TestUtilities.ValidateToken(securityToken: samlToken, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: ExpectedException.NoExceptionExpected);
}
public void JsonWebKey_Constructors()
{
JsonWebKey jsonWebKey = new JsonWebKey();
Assert.IsTrue(IsDefaultJsonWebKey(jsonWebKey));
string str = "hello";
str = null;
// null string, nothing to add
RunJsonWebKeyTest(str, new JsonWebKey(), ExpectedException.NoExceptionExpected);
// null dictionary, nothing to add
RunJsonWebKeyTest(null, new JsonWebKey(), ExpectedException.NoExceptionExpected, false);
// valid json, JsonWebKey1
RunJsonWebKeyTest(OpenIdConfigData.JsonWebKeyFromPing, OpenIdConfigData.JsonWebKeyFromPingExpected1, ExpectedException.NoExceptionExpected);
// valid json, JsonWebKey1
RunJsonWebKeyTest(OpenIdConfigData.JsonWebKeyString1, OpenIdConfigData.JsonWebKeyExpected1, ExpectedException.NoExceptionExpected);
// valid dictionary, JsonWebKey1
RunJsonWebKeyTest(OpenIdConfigData.JsonWebKeyDictionary1, OpenIdConfigData.JsonWebKeyExpected1, ExpectedException.NoExceptionExpected);
// valid json, JsonWebKey2
jsonWebKey = RunJsonWebKeyTest(OpenIdConfigData.JsonWebKeyString2, OpenIdConfigData.JsonWebKeyExpected2, ExpectedException.NoExceptionExpected);
Assert.IsTrue(!IdentityComparer.AreEqual(jsonWebKey, OpenIdConfigData.JsonWebKeyExpected1));
// invalid json, JsonWebKeyBadFormatString1
RunJsonWebKeyTest(OpenIdConfigData.JsonWebKeyBadFormatString1, null, ExpectedException.ArgumentException());
// invalid json, JsonWebKeyBadFormatString2
RunJsonWebKeyTest(OpenIdConfigData.JsonWebKeyBadFormatString2, null, ExpectedException.ArgumentException());
// invalid json, JsonWebKeyBadx509String1
RunJsonWebKeyTest(OpenIdConfigData.JsonWebKeyBadX509String, OpenIdConfigData.JsonWebKeyExpectedBadX509Data, ExpectedException.NoExceptionExpected);
}
public void JsonWebKeySet_Constructors()
{
JsonWebKeySet jsonWebKeys = new JsonWebKeySet();
Assert.IsTrue(IsDefaultJsonWebKeySet(jsonWebKeys));
// null string, nothing to add
RunJsonWebKeySetTest((string)null, null, ExpectedException.ArgumentNullException());
// null dictionary, nothing to add
RunJsonWebKeySetTest((IDictionary <string, object>)null, null, ExpectedException.ArgumentNullException(), false);
RunJsonWebKeySetTest(OpenIdConfigData.JsonWebKeySetString1, OpenIdConfigData.JsonWebKeySetExpected1, ExpectedException.NoExceptionExpected);
RunJsonWebKeySetTest(OpenIdConfigData.JsonWebKeySetBadFormatingString, null, ExpectedException.ArgumentException());
}
public void Saml2SecurityTokenHandler_ValidateToken()
{
// parameter validation
Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
TestUtilities.ValidateToken(securityToken: null, validationParameters: new TokenValidationParameters(), tokenValidator: tokenHandler, expectedException: ExpectedException.ArgumentNullException(substringExpected: "name: securityToken"));
TestUtilities.ValidateToken(securityToken: "s", validationParameters: null, tokenValidator: tokenHandler, expectedException: ExpectedException.ArgumentNullException(substringExpected: "name: validationParameters"));
tokenHandler.MaximumTokenSizeInBytes = 1;
TestUtilities.ValidateToken(securityToken: "ss", validationParameters: new TokenValidationParameters(), tokenValidator: tokenHandler, expectedException: ExpectedException.ArgumentException(substringExpected: "IDX10209"));
tokenHandler.MaximumTokenSizeInBytes = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
string samlToken = IdentityUtilities.CreateSaml2Token();
TestUtilities.ValidateToken(samlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
// EncryptedAssertion
SecurityTokenDescriptor tokenDescriptor =
new SecurityTokenDescriptor
{
AppliesToAddress = IdentityUtilities.DefaultAudience,
EncryptingCredentials = new EncryptedKeyEncryptingCredentials(KeyingMaterial.DefaultAsymmetricCert_2048),
Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(1)),
SigningCredentials = KeyingMaterial.DefaultAsymmetricSigningCreds_2048_RsaSha2_Sha2,
Subject = IdentityUtilities.DefaultClaimsIdentity,
TokenIssuerName = IdentityUtilities.DefaultIssuer,
};
samlToken = IdentityUtilities.CreateSaml2Token(tokenDescriptor);
TestUtilities.ValidateToken(samlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, tokenHandler, new ExpectedException(typeExpected: typeof(EncryptedTokenDecryptionFailedException), substringExpected: "ID4022"));
TokenValidationParameters validationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters;
validationParameters.ClientDecryptionTokens = new List <SecurityToken> {
KeyingMaterial.DefaultX509Token_2048
}.AsReadOnly();
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
TestUtilities.ValidateTokenReplay(samlToken, tokenHandler, validationParameters);
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, ExpectedException.NoExceptionExpected);
validationParameters.LifetimeValidator =
(nb, exp, st, tvp) =>
{
return(false);
};
TestUtilities.ValidateToken(samlToken, validationParameters, tokenHandler, new ExpectedException(typeExpected: typeof(SecurityTokenInvalidLifetimeException), substringExpected: "IDX10230:"));
validationParameters.ValidateLifetime = false;
validationParameters.LifetimeValidator = IdentityUtilities.LifetimeValidatorThrows;
TestUtilities.ValidateToken(securityToken: samlToken, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: ExpectedException.NoExceptionExpected);
}
