Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14

mcs/class/System.IdentityModel/Test/System.IdentityModel.Selectors/ChangeLog

@@ -0,0 +1,32 @@
+2007-03-05  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirementTest.cs : added TryGetProperty() tests.
+
+2007-02-21  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenResolverTest.cs : test for ResolveToken() which cannot
+	  resolve the token.
+
+2006-09-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenResolverTest.cs : new test.
+
+2006-09-14  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* TestEvaluationContext.cs,
+	  CustomUserNameSecurityTokenAuthenticatorTest.cs,
+	  SamlSecurityTokenAuthenticatorTest.cs,
+	  RsaSecurityTokenAuthenticatorTest.cs,
+	  X509SecurityTokenAuthenticatorTest.cs : new tests.
+
+2006-08-28  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* X509SecurityTokenProviderTest.cs : new test.
+
+2006-07-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirementTest.cs : updated to match June CTP.
+
+2006-03-23  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* SecurityTokenRequirementTest.cs : new file.

mcs/class/System.IdentityModel/Test/System.IdentityModel.Selectors/CustomUserNameSecurityTokenAuthenticatorTest.cs

@@ -0,0 +1,82 @@
+//
+// CustomUserNameSecurityTokenAuthenticatorTest.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Security.Principal;
+using System.Security.Cryptography.X509Certificates;
+using NUnit.Framework;
+
+using Authenticator = System.IdentityModel.Selectors.CustomUserNameSecurityTokenAuthenticator;
+using PolicyCollection = System.Collections.ObjectModel.ReadOnlyCollection<System.IdentityModel.Policy.IAuthorizationPolicy>;
+
+namespace MonoTests.System.IdentityModel.Selectors
+{
+	[TestFixture]
+	public class CustomUserNameSecurityTokenAuthenticatorTest
+	{
+		[Test]
+		[ExpectedException (typeof (ArgumentNullException))]
+		public void ConstructorCertNull ()
+		{
+			new Authenticator (null);
+		}
+
+		[Test]
+		public void Validation ()
+		{
+			Authenticator a = new Authenticator (
+				UserNamePasswordValidator.None);
+			PolicyCollection pl = a.ValidateToken (new UserNameSecurityToken ("mono", "mono"));
+			Assert.AreEqual (1, pl.Count, "#1");
+			IAuthorizationPolicy p = pl [0];
+			Assert.AreEqual (ClaimSet.System, p.Issuer, "#2");
+			TestEvaluationContext ec = new TestEvaluationContext ();
+			object o = null;
+			Assert.IsTrue (p.Evaluate (ec, ref o), "#3");
+			Assert.AreEqual (DateTime.MaxValue.AddDays (-1), ec.ExpirationTime, "#4");
+			IList<IIdentity> identities = ec.Properties ["Identities"] as IList<IIdentity>;
+			Assert.IsNotNull (identities, "#5");
+			Assert.AreEqual (1, identities.Count, "#6");
+			IIdentity ident = identities [0];
+			Assert.AreEqual (true, ident.IsAuthenticated, "#6-2");
+			// it's implementation details.
+			//Assert.AreEqual ("NoneUserNamePasswordValidator", ident.AuthenticationType, "#6-3");
+			Assert.AreEqual ("mono", ident.Name, "#6-4");
+			Assert.AreEqual (1, ec.ClaimSets.Count, "#7");
+
+			Assert.IsTrue (p.Evaluate (ec, ref o), "#8");
+			identities = ec.Properties ["Identities"] as IList<IIdentity>;
+			Assert.AreEqual (2, identities.Count, "#9");
+			Assert.AreEqual (2, ec.ClaimSets.Count, "#10");
+		}
+	}
+}

mcs/class/System.IdentityModel/Test/System.IdentityModel.Selectors/RsaSecurityTokenAuthenticatorTest.cs

@@ -0,0 +1,68 @@
+//
+// RsaSecurityTokenAuthenticatorTest.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Security.Principal;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using NUnit.Framework;
+
+using Authenticator = System.IdentityModel.Selectors.RsaSecurityTokenAuthenticator;
+using PolicyCollection = System.Collections.ObjectModel.ReadOnlyCollection<System.IdentityModel.Policy.IAuthorizationPolicy>;
+
+namespace MonoTests.System.IdentityModel.Selectors
+{
+	[TestFixture]
+	public class RsaSecurityTokenAuthenticatorTest
+	{
+		[Test]
+		public void Validation ()
+		{
+			RSA rsa = (RSA) new X509Certificate2 ("Test/Resources/test.cer").PublicKey.Key;
+			Authenticator a = new Authenticator ();
+			PolicyCollection pl = a.ValidateToken (new RsaSecurityToken (rsa));
+			Assert.AreEqual (1, pl.Count, "#1");
+			IAuthorizationPolicy p = pl [0];
+			Assert.AreEqual (ClaimSet.System, p.Issuer, "#2");
+			TestEvaluationContext ec = new TestEvaluationContext ();
+			object o = null;
+			Assert.IsTrue (p.Evaluate (ec, ref o), "#3");
+			// mhm, should this really be converted to UTC?
+			Assert.AreEqual (DateTime.MaxValue.AddDays (-1), ec.ExpirationTime, "#4");
+			Assert.AreEqual (0, ec.Properties.Count, "#5");
+			Assert.AreEqual (1, ec.ClaimSets.Count, "#6");
+
+			Assert.IsTrue (p.Evaluate (ec, ref o), "#7");
+			Assert.AreEqual (2, ec.ClaimSets.Count, "#8");
+		}
+	}
+}

mcs/class/System.IdentityModel/Test/System.IdentityModel.Selectors/SamlSecurityTokenAuthenticatorTest.cs

@@ -0,0 +1,120 @@
+//
+// SamlSecurityTokenAuthenticatorTest.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Security.Principal;
+using System.Security.Cryptography.X509Certificates;
+using System.Xml;
+using NUnit.Framework;
+
+using MonoTests.System.IdentityModel.Common;
+
+using Authenticator = System.IdentityModel.Selectors.SamlSecurityTokenAuthenticator;
+using PolicyCollection = System.Collections.ObjectModel.ReadOnlyCollection<System.IdentityModel.Policy.IAuthorizationPolicy>;
+
+namespace MonoTests.System.IdentityModel.Selectors
+{
+	[TestFixture]
+	public class SamlSecurityTokenAuthenticatorTest
+	{
+		[Test]
+		[ExpectedException (typeof (ArgumentNullException))]
+		public void ConstructorCertNull ()
+		{
+			new Authenticator (null);
+		}
+
+		[Test]
+		[Ignore ("not done yet")]
+		public void Validation ()
+		{
+			Authenticator a = new Authenticator (
+				new SecurityTokenAuthenticator [] {
+					new CustomUserNameSecurityTokenAuthenticator (UserNamePasswordValidator.None),
+					new X509SecurityTokenAuthenticator (X509CertificateValidator.None),
+					});
+			PolicyCollection pl = a.ValidateToken (GetSamlToken ());
+			Assert.AreEqual (1, pl.Count, "#1");
+			IAuthorizationPolicy p = pl [0];
+			Assert.AreEqual (ClaimSet.System, p.Issuer, "#2");
+			TestEvaluationContext ec = new TestEvaluationContext ();
+			object o = null;
+			Assert.IsTrue (p.Evaluate (ec, ref o), "#3");
+			Assert.AreEqual (DateTime.MaxValue.AddDays (-1), ec.ExpirationTime, "#4");
+			IList<IIdentity> identities = ec.Properties ["Identities"] as IList<IIdentity>;
+			Assert.IsNotNull (identities, "#5");
+			Assert.AreEqual (1, identities.Count, "#6");
+			IIdentity ident = identities [0];
+			Assert.AreEqual (true, ident.IsAuthenticated, "#6-2");
+			// it's implementation details.
+			//Assert.AreEqual ("NoneUserNamePasswordValidator", ident.AuthenticationType, "#6-3");
+			Assert.AreEqual ("mono", ident.Name, "#6-4");
+			Assert.AreEqual (1, ec.ClaimSets.Count, "#7");
+
+			Assert.IsTrue (p.Evaluate (ec, ref o), "#8");
+			identities = ec.Properties ["Identities"] as IList<IIdentity>;
+			Assert.AreEqual (2, identities.Count, "#9");
+			Assert.AreEqual (2, ec.ClaimSets.Count, "#10");
+		}
+
+		SamlSecurityToken GetSamlToken ()
+		{
+			SamlAssertion a = new SamlAssertion ();
+			
+			SamlSubject subject = new SamlSubject (
+				SamlConstants.UserNameNamespace,
+				"urn:myqualifier",
+				"myname");
+			SamlAttribute attr = new SamlAttribute (Claim.CreateNameClaim ("myname"));
+			SamlAttributeStatement statement =
+				new SamlAttributeStatement (subject, new SamlAttribute [] {attr});
+			a.Statements.Add (statement);
+			a.Issuer = "my_hero";
+
+			X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
+			X509AsymmetricSecurityKey key =
+				new X509AsymmetricSecurityKey (cert);
+			a.SigningCredentials =
+				new SigningCredentials (key,
+					SecurityAlgorithms.HmacSha1Signature, 
+					SecurityAlgorithms.Sha256Digest);
+			XmlDocument doc = new XmlDocument ();
+			XmlWriter w = doc.CreateNavigator ().AppendChild ();
+			using (XmlDictionaryWriter dw = XmlDictionaryWriter.CreateDictionaryWriter (w)) {
+				a.WriteXml (dw, new SamlSerializer (), new MySecurityTokenSerializer ());
+			}
+Console.Error.WriteLine (doc.OuterXml);
+			return new SamlSecurityToken (a);
+
+		}
+	}
+}

mcs/class/System.IdentityModel/Test/System.IdentityModel.Selectors/SecurityTokenRequirementTest.cs

@@ -0,0 +1,97 @@
+//
+// SecurityTokenRequirementTest.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using NUnit.Framework;
+
+namespace MonoTests.System.IdentityModel.Selectors
+{
+	[TestFixture]
+	public class SecurityTokenRequirementTest
+	{
+		[Test]
+		public void Constants ()
+		{
+			Assert.AreEqual ("http://schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/KeySize",
+				SecurityTokenRequirement.KeySizeProperty, "#1");
+			Assert.AreEqual ("http://schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/KeyType",
+				SecurityTokenRequirement.KeyTypeProperty, "#2");
+			Assert.AreEqual ("http://schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/KeyUsage",
+				SecurityTokenRequirement.KeyUsageProperty, "#3");
+			Assert.AreEqual ("http://schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/RequireCryptographicToken",
+				SecurityTokenRequirement.RequireCryptographicTokenProperty, "#4");
+			Assert.AreEqual ("http://schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/TokenType",
+				SecurityTokenRequirement.TokenTypeProperty, "#5");
+		}
+
+		[Test]
+		public void DefaultValues ()
+		{
+			SecurityTokenRequirement r =
+				new SecurityTokenRequirement ();
+			Assert.AreEqual (0, r.KeySize, "#1");
+			Assert.AreEqual (SecurityKeyType.SymmetricKey, r.KeyType, "#2");
+			Assert.AreEqual (SecurityKeyUsage.Signature, r.KeyUsage, "#3");
+			Assert.IsNull (r.TokenType, "#4");
+			Assert.AreEqual (false, r.RequireCryptographicToken, "#5");
+		}
+
+		[Test]
+		[ExpectedException (typeof (ArgumentException))]
+		public void TryGetPropertyTypeMismatch ()
+		{
+			SecurityTokenRequirement r =
+				new SecurityTokenRequirement ();
+			r.Properties ["urn:foo"] = 1;
+			string s;
+			r.TryGetProperty<string> ("urn:foo", out s);
+		}
+
+		[Test]
+		public void TryGetPropertyTypeBaseMatch ()
+		{
+			SecurityTokenRequirement r =
+				new SecurityTokenRequirement ();
+			r.Properties ["urn:foo"] = 1;
+			object o;
+			r.TryGetProperty<object> ("urn:foo", out o);
+		}
+
+		[Test]
+		[ExpectedException (typeof (ArgumentException))]
+		public void TryGetPropertyTypeConvertible ()
+		{
+			SecurityTokenRequirement r =
+				new SecurityTokenRequirement ();
+			r.Properties ["urn:foo"] = 1;
+			double d;
+			r.TryGetProperty<double> ("urn:foo", out d);
+		}
+	}
+}

mcs/class/System.IdentityModel/Test/System.IdentityModel.Selectors/SecurityTokenResolverTest.cs

@@ -0,0 +1,81 @@
+//
+// SecurityTokenResolverTest.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using NUnit.Framework;
+
+namespace MonoTests.System.IdentityModel.Selectors
+{
+	[TestFixture]
+	public class SecurityTokenResolverTest
+	{
+		SecurityTokenResolver GetResolver (bool canMatchLocalId, params SecurityToken [] tokens)
+		{
+			return SecurityTokenResolver.CreateDefaultSecurityTokenResolver (new ReadOnlyCollection<SecurityToken> (tokens), canMatchLocalId);
+		}
+
+		[Test]
+		[ExpectedException (typeof (ArgumentNullException))]
+		public void TryResolveTokenNullClause ()
+		{
+			SecurityTokenResolver r = GetResolver (true, new SecurityToken [0]);
+			SecurityToken token;
+			r.TryResolveToken ((SecurityKeyIdentifierClause) null, out token);
+		}
+
+		[Test]
+		public void TryResolveToken ()
+		{
+			SecurityTokenResolver r = GetResolver (true, new SecurityToken [0]);
+			SecurityToken token;
+			Assert.IsFalse (r.TryResolveToken (new LocalIdKeyIdentifierClause ("foo"), out token));
+
+			UserNameSecurityToken userName =
+				new UserNameSecurityToken ("mono", "", "urn:foo");
+			LocalIdKeyIdentifierClause kic =
+				new LocalIdKeyIdentifierClause ("urn:foo");
+
+			r = GetResolver (true, new SecurityToken [] {userName});
+			Assert.IsTrue (r.TryResolveToken (kic, out token));
+
+			r = GetResolver (false, new SecurityToken [] {userName});
+			Assert.IsFalse (r.TryResolveToken (kic, out token));
+		}
+
+		[Test]
+		[ExpectedException (typeof (InvalidOperationException))]
+		public void ResolveTokenNonExistent ()
+		{
+			SecurityTokenResolver r = GetResolver (true, new SecurityToken [0]);
+			SecurityToken token;
+			Assert.IsNull (r.ResolveToken (new LocalIdKeyIdentifierClause ("urn:foo")));
+		}
+	}
+}

mcs/class/System.IdentityModel/Test/System.IdentityModel.Selectors/TestEvaluationContext.cs

@@ -0,0 +1,84 @@
+//
+// TestEvaluationContext.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Security.Cryptography.X509Certificates;
+using NUnit.Framework;
+
+using Authenticator = System.IdentityModel.Selectors.CustomUserNameSecurityTokenAuthenticator;
+using PolicyCollection = System.Collections.ObjectModel.ReadOnlyCollection<System.IdentityModel.Policy.IAuthorizationPolicy>;
+
+namespace MonoTests.System.IdentityModel.Selectors
+{
+	class TestEvaluationContext : EvaluationContext
+	{
+		Collection<ClaimSet> claim_sets =
+			new Collection<ClaimSet> ();
+		ReadOnlyCollection<ClaimSet> readonly_claim_sets;
+		Dictionary<string,object> properties =
+			new Dictionary<string,object> ();
+		int generation;
+		DateTime expiration;
+
+		public override ReadOnlyCollection<ClaimSet> ClaimSets {
+			get {
+				if (readonly_claim_sets == null)
+					readonly_claim_sets = new ReadOnlyCollection<ClaimSet> (claim_sets);
+				return readonly_claim_sets;
+			}
+		}
+
+		public DateTime ExpirationTime {
+			get { return expiration; }
+		}
+
+		public override int Generation {
+			get { return generation; }
+		}
+
+		public override IDictionary<string,object> Properties {
+			get { return properties; }
+		}
+
+		public override void AddClaimSet (IAuthorizationPolicy policy, ClaimSet claimSet)
+		{
+			claim_sets.Add (claimSet);
+		}
+
+		public override void RecordExpirationTime (DateTime expirationTime)
+		{
+			expiration = expirationTime;
+		}
+
+	}
+}

mcs/class/System.IdentityModel/Test/System.IdentityModel.Selectors/X509SecurityTokenAuthenticatorTest.cs

@@ -0,0 +1,83 @@
+//
+// X509SecurityTokenAuthenticatorTest.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Security.Principal;
+using System.Security.Cryptography.X509Certificates;
+using NUnit.Framework;
+
+using Authenticator = System.IdentityModel.Selectors.X509SecurityTokenAuthenticator;
+using PolicyCollection = System.Collections.ObjectModel.ReadOnlyCollection<System.IdentityModel.Policy.IAuthorizationPolicy>;
+
+namespace MonoTests.System.IdentityModel.Selectors
+{
+	[TestFixture]
+	public class X509SecurityTokenAuthenticatorTest
+	{
+		[Test]
+		[ExpectedException (typeof (ArgumentNullException))]
+		public void ConstructorValidatorNull ()
+		{
+			new Authenticator (null);
+		}
+
+		[Test]
+		public void Validation ()
+		{
+			X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.cer");
+			Authenticator a = new Authenticator (
+				X509CertificateValidator.None);
+			PolicyCollection pl = a.ValidateToken (new X509SecurityToken (cert));
+			Assert.AreEqual (1, pl.Count, "#1");
+			IAuthorizationPolicy p = pl [0];
+			Assert.AreEqual (ClaimSet.System, p.Issuer, "#2");
+			TestEvaluationContext ec = new TestEvaluationContext ();
+			object o = null;
+			Assert.IsTrue (p.Evaluate (ec, ref o), "#3");
+			// mhm, should this really be converted to UTC?
+			Assert.AreEqual (cert.NotAfter.ToUniversalTime (), ec.ExpirationTime, "#4");
+			IList<IIdentity> identities = ec.Properties ["Identities"] as IList<IIdentity>;
+			Assert.IsNotNull (identities, "#5");
+			Assert.AreEqual (1, identities.Count, "#6");
+			IIdentity ident = identities [0];
+			Assert.AreEqual (true, ident.IsAuthenticated, "#6-2");
+			Assert.AreEqual ("X509", ident.AuthenticationType, "#6-3");
+			//Assert.AreEqual (cert.SubjectName.Name + "; " + cert.Thumbprint, ident.Name, "#6-4");
+			Assert.AreEqual (1, ec.ClaimSets.Count, "#7");
+
+			Assert.IsTrue (p.Evaluate (ec, ref o), "#8");
+			identities = ec.Properties ["Identities"] as IList<IIdentity>;
+			Assert.AreEqual (2, identities.Count, "#9");
+			Assert.AreEqual (2, ec.ClaimSets.Count, "#10");
+		}
+	}
+}

mcs/class/System.IdentityModel/Test/System.IdentityModel.Selectors/X509SecurityTokenProviderTest.cs

@@ -0,0 +1,54 @@
+//
+// X509SecurityTokenProviderTest.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Security.Cryptography.X509Certificates;
+using NUnit.Framework;
+
+namespace MonoTests.System.IdentityModel.Selectors
+{
+	[TestFixture]
+	public class X509SecurityTokenProviderTest
+	{
+		[Test]
+		[ExpectedException (typeof (ArgumentNullException))]
+		public void ConstructorCertNull ()
+		{
+			new X509SecurityTokenProvider (null);
+		}
+
+		[Test]
+		//[ExpectedException (typeof (SecurityTokenException))]
+		[Ignore ("on Mono X509Store does not work yet. on .NET there is no assurance that the user have certificates.")]
+		public void ConstructorFindValueNull ()
+		{
+			new X509SecurityTokenProvider (StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByTimeExpired, DateTime.MaxValue);
+		}
+	}
+}