mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux-packaging-mono/mcs/class/System.ServiceModel/Test/System.ServiceModel.Security.Tokens/IssuedSecurityTokenProviderTest.cs

624 lines
22 KiB
C#
Raw Normal View History

Imported Upstream version 3.6.0 Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14
2014-08-13 10:39:27 +01:00
//
// IssuedSecurityTokenProviderTest.cs
//
// Author:
// Atsushi Enomoto <atsushi@ximian.com>
//
// Copyright (C) 2006 Novell, Inc. http://www.novell.com
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System;
using System.Collections.Generic;
using System.Globalization;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.IdentityModel.Tokens;
using System.Text;
using System.Xml;
using NUnit.Framework;
using MonoTests.System.ServiceModel.Channels;
namespace MonoTests.System.ServiceModel.Security.Tokens
{
[TestFixture]
public class IssuedSecurityTokenProviderTest
{
[Test]
public void DefaultValues ()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider ();
Assert.AreEqual (true, p.CacheIssuedTokens, "#1");
Assert.AreEqual (TimeSpan.FromMinutes (1), p.DefaultOpenTimeout, "#2");
Assert.AreEqual (TimeSpan.FromMinutes (1), p.DefaultCloseTimeout, "#3");
Assert.IsNotNull (p.IdentityVerifier, "#4");
Assert.AreEqual (60, p.IssuedTokenRenewalThresholdPercentage, "#5");
Assert.IsNull (p.IssuerAddress, "#6");
Assert.AreEqual (0, p.IssuerChannelBehaviors.Count, "#7");
Assert.AreEqual (SecurityKeyEntropyMode.CombinedEntropy, p.KeyEntropyMode, "#8");
Assert.AreEqual (TimeSpan.MaxValue, p.MaxIssuedTokenCachingTime, "#9");
Assert.AreEqual (MessageSecurityVersion.Default,
p.MessageSecurityVersion, "#10");
Assert.IsNull (p.SecurityAlgorithmSuite, "#11");
Assert.IsNull (p.SecurityTokenSerializer, "#12");
Assert.IsNull (p.TargetAddress, "#13");
Assert.AreEqual (true, p.SupportsTokenCancellation, "#14");
Assert.AreEqual (0, p.TokenRequestParameters.Count, "#15");
Assert.IsNull (p.IssuerBinding, "#16");
}
[Test]
[ExpectedException (typeof (InvalidOperationException))]
public void OpenWithoutSerializer ()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider ();
p.Open ();
}
[Test]
[ExpectedException (typeof (InvalidOperationException))]
public void OpenWithoutIssuerAddress ()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider ();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.Open ();
}
[Test]
[ExpectedException (typeof (InvalidOperationException))]
public void OpenWithoutBinding ()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider ();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.IssuerAddress = new EndpointAddress ("http://localhost:8080");
p.Open ();
}
[Test]
[ExpectedException (typeof (InvalidOperationException))]
public void OpenWithoutTargetAddress ()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider ();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.IssuerAddress = new EndpointAddress ("http://localhost:8080");
p.IssuerBinding = new BasicHttpBinding ();
// wiithout it indigo causes NRE
p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default;
p.Open ();
}
[Test]
[Category ("NotWorking")]
public void Open ()
{
IssuedSecurityTokenProvider p = SetupProvider (new BasicHttpBinding ());
try {
p.Open ();
} finally {
if (p.State == CommunicationState.Opened)
p.Close ();
}
}
[Test]
[ExpectedException (typeof (InvalidOperationException))]
public void GetTokenWithoutOpen ()
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider ();
p.GetToken (TimeSpan.FromSeconds (10));
}
// From WinFX beta2:
// System.ServiceModel.Security.SecurityNegotiationException :
// SOAP security negotiation with 'stream:dummy' for target
// 'stream:dummy' failed. See inner exception for more details.
// ----> System.InvalidOperationException : The request
// message must be protected. This is required by an operation
// of the contract ('IWsTrustFeb2005SecurityTokenService',
// 'http://tempuri.org/'). The protection must be provided by
// the binding ('BasicHttpBinding','http://tempuri.org/').
[Test]
[ExpectedException (typeof (SecurityNegotiationException))]
[Category ("NotWorking")]
public void GetTokenNoSecureBinding ()
{
IssuedSecurityTokenProvider p = SetupProvider (new BasicHttpBinding ());
try {
p.Open ();
p.GetToken (TimeSpan.FromSeconds (10));
} finally {
if (p.State == CommunicationState.Opened)
p.Close ();
}
}
[Test]
// SymmetricSecurityBindingElement requires protection
// token parameters to build a channel or listener factory.
[ExpectedException (typeof (SecurityNegotiationException))]
[Category ("NotWorking")]
public void GetTokenWithoutProtectionTokenParameters ()
{
IssuedSecurityTokenProvider p = SetupProvider (CreateIssuerBinding (null, false));
try {
p.Open ();
p.GetToken (TimeSpan.FromSeconds (10));
} finally {
if (p.State == CommunicationState.Opened)
p.Close ();
}
}
// SecurityNegotiationException (InvalidOperationException (
// "The service certificate is not provided for target
// 'stream:dummy'. Specify a service certificate in
// ClientCredentials."))
[Test]
[ExpectedException (typeof (SecurityNegotiationException))]
[Category ("NotWorking")]
public void GetTokenWithoutServiceCertificate ()
{
IssuedSecurityTokenProvider p = SetupProvider (CreateIssuerBinding (null, true));
p.IssuerAddress = new EndpointAddress ("stream:dummy");
try {
p.Open (TimeSpan.FromSeconds (5));
p.GetToken (TimeSpan.FromSeconds (10));
} finally {
if (p.State == CommunicationState.Opened)
p.Close ();
}
}
[Test]
[Category ("NotWorking")]
[ExpectedException (typeof (MyException))]
public void GetTokenWrongResponse ()
{
IssuedSecurityTokenProvider p = SetupProvider (CreateIssuerBinding (new RequestSender (OnGetTokenWrongResponse), true));
try {
p.Open (TimeSpan.FromSeconds (5));
p.GetToken (TimeSpan.FromSeconds (10));
} finally {
if (p.State == CommunicationState.Opened)
p.Close ();
}
}
[Test]
[Category ("NotWorking")]
[ExpectedException (typeof (MessageSecurityException))]
public void GetTokenUnsignedReply ()
{
IssuedSecurityTokenProvider p = SetupProvider (CreateIssuerBinding (new RequestSender (OnGetTokenUnsignedReply), true));
try {
p.Open (TimeSpan.FromSeconds (5));
p.GetToken (TimeSpan.FromSeconds (10));
} finally {
if (p.State == CommunicationState.Opened)
p.Close ();
}
}
// InnerException: System.InvalidOperationException:
// The issuer must provide a computed key in key entropy mode
// 'CombinedEntropy'.
[Test]
[Ignore ("todo")]
[ExpectedException (typeof (SecurityNegotiationException))]
public void GetTokenNoEntropyInResponseInCombinedMode ()
{
// FIXME: implement it after we get working token issuer.
// In the reply, do not include Nonce
}
// on the other hand, in Client entropy mode it must not
// provide entropy.
[Test]
[Ignore ("todo")]
[ExpectedException (typeof (SecurityNegotiationException))]
public void GetTokenIncludesEntropyInResponseInClientMode ()
{
// FIXME: implement it after we get working token issuer.
// specify SecurityKeyEntropyMode.ClientEntropy on
// client side. And in the reply, include Nonce.
}
[Test]
[Ignore ("need to implement response")]
[Category ("NotWorking")]
public void GetToken ()
{
IssuedSecurityTokenProvider p = SetupProvider (CreateIssuerBinding (new RequestSender (OnGetToken), true));
try {
p.Open (TimeSpan.FromSeconds (5));
p.GetToken (TimeSpan.FromSeconds (10));
} finally {
if (p.State == CommunicationState.Opened)
p.Close ();
}
}
class MyException : Exception
{
}
Message OnGetTokenWrongResponse (Message input)
{
VerifyInput (input.CreateBufferedCopy (10000));
throw new MyException ();
}
Message OnGetTokenUnsignedReply (Message input)
{
XmlDocument doc = new XmlDocument ();
doc.LoadXml ("<Response>RESPONSE</Response>");
Message msg = Message.CreateMessage (input.Version, "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueResponse", doc.DocumentElement);
msg.Headers.Add (MessageHeader.CreateHeader (
"Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", null, true));
return msg;
}
Message OnGetToken (Message input)
{
MessageBuffer buf = input.CreateBufferedCopy (10000);
VerifyInput2 (buf);
// FIXME: create response message (when I understand what I should return.)
// throw new MyException ();
//*
XmlDocument doc = new XmlDocument ();
doc.LoadXml ("<Response>RESPONSE</Response>");
X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
SignedXml sxml = new SignedXml (doc);
MemoryStream ms = new MemoryStream (new byte [] {1, 2, 3});
sxml.AddReference (new Reference (ms));
sxml.SigningKey = cert.PrivateKey;
sxml.ComputeSignature ();
Message msg = Message.CreateMessage (input.Version, "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue", sxml.GetXml ());
msg.Headers.Add (MessageHeader.CreateHeader (
"Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", null, true));
return msg;
//*/
}
void VerifyInput (MessageBuffer buf)
{
Message input = buf.CreateMessage ();
/*
XmlWriterSettings settings = new XmlWriterSettings ();
settings.Indent = true;
using (XmlWriter w = XmlWriter.Create (Console.Error, settings)) {
buf.CreateMessage ().WriteMessage (w);
}
Console.Error.WriteLine ("******************** DONE ********************");
Console.Error.Flush ();
*/
Assert.AreEqual ("http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", input.Headers.Action, "GetToken.Request.Action");
Assert.IsNotNull (input.Headers.MessageId, "GetToken.Request.MessageID");
// in the raw Message it is "http://www.w3.org/2005/08/addressing/anonymous", but it is replaced by MessageHeaders implementation.
Assert.AreEqual (new EndpointAddress ("http://schemas.microsoft.com/2005/12/ServiceModel/Addressing/Anonymous"), input.Headers.ReplyTo, "GetToken.Request.ReplyTo");
// o:Security
// FIXME: test WSSecurity more
// <o:Security>
// <u:Timestamp>
// <u:Created>...</u:Created>
// <u:Expires>...</u:Expires>
// </u:Timestamp>
// <o:BinarySecurityToken>...</o:BinarySecurityToken>
// <e:EncryptedKey>
// <e:EncryptionMethod><DigestMethod/></e:EncryptionMethod>
// <KeyInfo>
// <o:SecurityTokenReference><o:Reference/></o:SecurityTokenReference>
// </KeyInfo>
// <e:CipherData>
// <e:CipherValue>...</e:CipherValue>
// </e:CipherData>
// </e:EncryptedKey>
// [
// <c:DerivedKeyToken>
// <o:SecurityTokenReference><o:Reference/></o:SecurityTokenReference>
// <c:Offset>...</c:Offset>
// <c:Length>...</c:Length>
// <c:Nonce>...</c:Nonce>
// </c:DerivedKeyToken>
// ]
// <e:ReferenceList>
// [
// <e:DataReference>
// ]
// </e:ReferenceList>
// <e:EncryptedData>
// <e:EncryptionMethod/>
// <KeyInfo> {{....}} </KeyInfo>
// <e:CipherData> {{....}} </e:CipherData>
// </e:EncryptedData>
// </o:Security>
int i = input.Headers.FindHeader ("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
Assert.IsTrue (i >= 0, "Security header existence");
MessageHeaderInfo info = input.Headers [i];
Assert.IsNotNull (info, "Security header item");
XmlReader r = input.Headers.GetReaderAtHeader (i);
// FIXME: test WSSecurity more
// <o:Security>
r.MoveToContent ();
r.ReadStartElement ("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
// <u:Timestamp>
r.MoveToContent ();
r.ReadStartElement ("Timestamp", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
// <u:Created>...</u:Created>
r.MoveToContent ();
r.ReadStartElement ("Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
r.ReadString ();
r.MoveToContent ();
r.ReadEndElement ();
// <u:Expires>...</u:Expires>
r.MoveToContent ();
r.ReadStartElement ("Expires", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
r.ReadString ();
r.MoveToContent ();
r.ReadEndElement ();
// </u:Timestamp>
r.MoveToContent ();
r.ReadEndElement ();
// <o:BinarySecurityToken>...</o:BinarySecurityToken>
r.MoveToContent ();
r.ReadStartElement ("BinarySecurityToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
byte [] rawcert = Convert.FromBase64String (r.ReadString ());
r.ReadEndElement ();
X509Certificate2 cert = new X509Certificate2 (rawcert);
// FIXME: test EncryptedKey
r.MoveToContent ();
r.Skip ();
// <e:EncryptedKey>
// <e:EncryptionMethod><DigestMethod/></e:EncryptionMethod>
// <KeyInfo>
// <o:SecurityTokenReference><o:Reference/></o:SecurityTokenReference>
// </KeyInfo>
// <e:CipherData>
// <e:CipherValue>...</e:CipherValue>
// </e:CipherData>
// </e:EncryptedKey>
// FIXME: test DerivedKeyTokens
r.MoveToContent ();
while (r.LocalName == "DerivedKeyToken") {
r.Skip ();
r.MoveToContent ();
}
// [
// <c:DerivedKeyToken>
// <o:SecurityTokenReference><o:Reference/></o:SecurityTokenReference>
// <c:Offset>...</c:Offset>
// <c:Length>...</c:Length>
// <c:Nonce>...</c:Nonce>
// </c:DerivedKeyToken>
// ]
// <e:ReferenceList>
// [
// <e:DataReference>
// ]
// </e:ReferenceList>
// <e:EncryptedData>
// <e:EncryptionMethod/>
// <KeyInfo> {{....}} </KeyInfo>
// <e:CipherData> {{....}} </e:CipherData>
// </e:EncryptedData>
// </o:Security>
// SOAP Body
r = input.GetReaderAtBodyContents (); // just verifying itself ;)
}
XmlElement VerifyInput2 (MessageBuffer buf)
{
Message msg2 = buf.CreateMessage ();
StringWriter sw = new StringWriter ();
using (XmlDictionaryWriter w = XmlDictionaryWriter.CreateDictionaryWriter (XmlWriter.Create (sw))) {
msg2.WriteMessage (w);
}
XmlDocument doc = new XmlDocument ();
doc.PreserveWhitespace = true;
doc.LoadXml (sw.ToString ());
// decrypt the key with service certificate privkey
PaddingMode mode = PaddingMode.PKCS7; // not sure which is correct ... ANSIX923, ISO10126, PKCS7, Zeros, None.
EncryptedXml encXml = new EncryptedXml (doc);
encXml.Padding = mode;
X509Certificate2 cert2 = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
XmlNamespaceManager nsmgr = new XmlNamespaceManager (doc.NameTable);
nsmgr.AddNamespace ("s", "http://www.w3.org/2003/05/soap-envelope");
nsmgr.AddNamespace ("c", "http://schemas.xmlsoap.org/ws/2005/02/sc");
nsmgr.AddNamespace ("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
nsmgr.AddNamespace ("e", "http://www.w3.org/2001/04/xmlenc#");
nsmgr.AddNamespace ("dsig", "http://www.w3.org/2000/09/xmldsig#");
XmlNode n = doc.SelectSingleNode ("//o:Security/e:EncryptedKey/e:CipherData/e:CipherValue", nsmgr);
Assert.IsNotNull (n, "premise: enckey does not exist");
string raw = n.InnerText;
byte [] rawbytes = Convert.FromBase64String (raw);
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) cert2.PrivateKey;
byte [] decryptedKey = EncryptedXml.DecryptKey (rawbytes, rsa, true);//rsa.Decrypt (rawbytes, true);
#if false
// create derived keys
Dictionary<string,byte[]> keys = new Dictionary<string,byte[]> ();
InMemorySymmetricSecurityKey skey =
new InMemorySymmetricSecurityKey (decryptedKey);
foreach (XmlElement el in doc.SelectNodes ("//o:Security/c:DerivedKeyToken", nsmgr)) {
n = el.SelectSingleNode ("c:Offset", nsmgr);
int offset = (n == null) ? 0 :
int.Parse (n.InnerText, CultureInfo.InvariantCulture);
n = el.SelectSingleNode ("c:Length", nsmgr);
int length = (n == null) ? 32 :
int.Parse (n.InnerText, CultureInfo.InvariantCulture);
n = el.SelectSingleNode ("c:Label", nsmgr);
byte [] label = (n == null) ? decryptedKey :
Convert.FromBase64String (n.InnerText);
n = el.SelectSingleNode ("c:Nonce", nsmgr);
byte [] nonce = (n == null) ? new byte [0] :
Convert.FromBase64String (n.InnerText);
byte [] derkey = skey.GenerateDerivedKey (
//SecurityAlgorithms.Psha1KeyDerivation,
"http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1",
// FIXME: maybe due to the label, this key resolution somehow does not seem to work.
label,
nonce,
length * 8,
offset);
keys [el.GetAttribute ("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")] = derkey;
}
#endif
// decrypt the signature with the decrypted key
#if true
n = doc.SelectSingleNode ("//o:Security/e:EncryptedData/e:CipherData/e:CipherValue", nsmgr);
Assert.IsNotNull (n, "premise: encdata does not exist");
raw = n.InnerText;
rawbytes = Convert.FromBase64String (raw);
Rijndael aes = RijndaelManaged.Create ();
// aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
aes.Key = decryptedKey;
aes.Mode = CipherMode.CBC;
aes.Padding = mode;
MemoryStream ms = new MemoryStream ();
CryptoStream cs = new CryptoStream (ms, aes.CreateDecryptor (), CryptoStreamMode.Write);
cs.Write (rawbytes, 0, rawbytes.Length);
cs.Close ();
byte [] decryptedSignature = ms.ToArray ();
#else
Rijndael aes = RijndaelManaged.Create ();
// aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
aes.Key = decryptedKey;
aes.Mode = CipherMode.CBC;
aes.Padding = mode;
EncryptedData ed = new EncryptedData ();
n = doc.SelectSingleNode ("//o:Security/e:EncryptedData", nsmgr);
Assert.IsNotNull (n, "premise: encdata does not exist");
ed.LoadXml (n as XmlElement);
byte [] decryptedSignature = encXml.DecryptData (ed, aes);
#endif
//Console.Error.WriteLine (Encoding.UTF8.GetString (decryptedSignature));
//Console.Error.WriteLine ("============= Decrypted Signature End ===========");
// decrypt the body with the decrypted key
#if true
n = doc.SelectSingleNode ("//s:Body/e:EncryptedData/e:CipherData/e:CipherValue", nsmgr);
Assert.IsNotNull (n, "premise: encdata does not exist");
raw = n.InnerText;
rawbytes = Convert.FromBase64String (raw);
// aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
aes.Key = decryptedKey;
ms = new MemoryStream ();
cs = new CryptoStream (ms, aes.CreateDecryptor (), CryptoStreamMode.Write);
cs.Write (rawbytes, 0, rawbytes.Length);
cs.Close ();
byte [] decryptedBody = ms.ToArray ();
#else
// decrypt the body with the decrypted key
EncryptedData ed2 = new EncryptedData ();
XmlElement el = doc.SelectSingleNode ("/s:Envelope/s:Body/e:EncryptedData", nsmgr) as XmlElement;
ed2.LoadXml (el);
// aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
aes.Key = decryptedKey;
byte [] decryptedBody = encXml.DecryptData (ed2, aes);
#endif
//foreach (byte b in decryptedBody) Console.Error.Write ("{0:X02} ", b);
Console.Error.WriteLine (Encoding.UTF8.GetString (decryptedBody));
Console.Error.WriteLine ("============= Decrypted Body End ===========");
// FIXME: find out what first 16 bytes mean.
for (int mmm = 0; mmm < 16; mmm++) decryptedBody [mmm] = 0x20;
doc.LoadXml (Encoding.UTF8.GetString (decryptedBody));
Assert.AreEqual ("RequestSecurityToken", doc.DocumentElement.LocalName, "#b-1");
Assert.AreEqual ("http://schemas.xmlsoap.org/ws/2005/02/trust", doc.DocumentElement.NamespaceURI, "#b-2");
return doc.DocumentElement;
}
Binding CreateIssuerBinding (RequestSender handler, bool tokenParams)
{
SymmetricSecurityBindingElement sbe =
new SymmetricSecurityBindingElement ();
if (tokenParams)
sbe.ProtectionTokenParameters = new X509SecurityTokenParameters ();
sbe.LocalServiceSettings.NegotiationTimeout = TimeSpan.FromSeconds (5);
sbe.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
//sbe.IncludeTimestamp = false;
//sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
// for ease of decryption, let's remove DerivedKeyToken.
sbe.SetKeyDerivation (false);
return new CustomBinding (
// new DebugBindingElement (),
sbe,
new TextMessageEncodingBindingElement (),
new HandlerTransportBindingElement (handler));
}
EndpointAddress GetSecureEndpointAddress (string uri)
{
return new EndpointAddress (new Uri (uri),
new X509CertificateEndpointIdentity (
new X509Certificate2 ("Test/Resources/test.pfx", "mono")));
}
IssuedSecurityTokenProvider SetupProvider (Binding binding)
{
IssuedSecurityTokenProvider p =
new IssuedSecurityTokenProvider ();
p.SecurityTokenSerializer = WSSecurityTokenSerializer.DefaultInstance;
p.IssuerAddress = GetSecureEndpointAddress ("stream:dummy");
p.IssuerBinding = binding;
// wiithout it indigo causes NRE
p.SecurityAlgorithmSuite = SecurityAlgorithmSuite.Default;
p.TargetAddress = new EndpointAddress ("http://localhost:9090");
return p;
}
}
}
Reference in New Issue Copy Permalink