2 // WSHttpBindingTest.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.ObjectModel;
31 using System.Net.Security;
32 using System.IdentityModel.Claims;
33 using System.IdentityModel.Selectors;
34 using System.IdentityModel.Tokens;
35 using System.ServiceModel;
36 using System.ServiceModel.Channels;
37 using System.ServiceModel.Security;
38 using System.ServiceModel.Security.Tokens;
39 using NUnit.Framework;
41 namespace MonoTests.System.ServiceModel
44 public class WSHttpBindingTest
47 public void DefaultValues ()
49 WSHttpBinding b= new WSHttpBinding ();
51 DefaultValues (b, "http");
54 WSHttpSecurity sec = b.Security;
55 Assert.IsNotNull (sec, "#2-1");
56 Assert.AreEqual (SecurityMode.Message, sec.Mode, "#2-2");
58 NonDualMessageSecurityOverHttp msg = sec.Message;
59 Assert.IsNotNull (msg, "#2-3");
60 Assert.AreEqual (true, msg.EstablishSecurityContext, "#2-3-1");
61 Assert.AreEqual (SecurityAlgorithmSuite.Default,
62 msg.AlgorithmSuite, "#2-3-2");
63 // it is not worthy of test, just for checking default value.
64 Assert.AreEqual (MessageCredentialType.Windows,
65 msg.ClientCredentialType, "#2-3-3");
66 Assert.AreEqual (true, msg.NegotiateServiceCredential, "#2-3-4");
67 // FIXME: test Security.Transport
68 Assert.IsNotNull (sec.Transport, "#2-4");
72 BindingElementCollection bec = b.CreateBindingElements ();
73 Assert.AreEqual (4, bec.Count, "#5-1");
74 Assert.AreEqual (typeof (TransactionFlowBindingElement),
75 bec [0].GetType (), "#5-2");
76 Assert.AreEqual (typeof (SymmetricSecurityBindingElement),
77 bec [1].GetType (), "#5-3");
78 Assert.AreEqual (typeof (TextMessageEncodingBindingElement),
79 bec [2].GetType (), "#5-4");
80 Assert.AreEqual (typeof (HttpTransportBindingElement),
81 bec [3].GetType (), "#5-5");
85 public void DefaultValuesSecurityModeTransport ()
87 WSHttpBinding b = new WSHttpBinding (SecurityMode.Transport);
89 DefaultValues (b, "https");
92 WSHttpSecurity sec = b.Security;
93 Assert.IsNotNull (sec, "#2-1");
94 Assert.AreEqual (SecurityMode.Transport, sec.Mode, "#2-2");
96 NonDualMessageSecurityOverHttp msg = sec.Message;
97 Assert.IsNotNull (msg, "#2-3");
98 Assert.AreEqual (true, msg.EstablishSecurityContext, "#2-3-1");
99 Assert.AreEqual (SecurityAlgorithmSuite.Default,
100 msg.AlgorithmSuite, "#2-3-2");
101 // it is not worthy of test, just for checking default value.
102 Assert.AreEqual (MessageCredentialType.Windows,
103 msg.ClientCredentialType, "#2-3-3");
104 Assert.AreEqual (true, msg.NegotiateServiceCredential, "#2-3-4");
105 // FIXME: test Security.Transport
106 Assert.IsNotNull (sec.Transport, "#2-4");
109 BindingElementCollection bec = b.CreateBindingElements ();
110 Assert.AreEqual (3, bec.Count, "#5-1");
111 Assert.AreEqual (typeof (TransactionFlowBindingElement),
112 bec [0].GetType (), "#5-2");
113 Assert.AreEqual (typeof (TextMessageEncodingBindingElement),
114 bec [1].GetType (), "#5-3");
115 Assert.AreEqual (typeof (HttpsTransportBindingElement),
116 bec [2].GetType (), "#5-4");
119 void DefaultValues (WSHttpBinding b, string scheme)
121 Assert.AreEqual (false, b.BypassProxyOnLocal, "#1");
122 Assert.AreEqual (HostNameComparisonMode.StrongWildcard,
123 b.HostNameComparisonMode, "#2");
124 Assert.AreEqual (0x80000, b.MaxBufferPoolSize, "#3");
125 Assert.AreEqual (0x10000, b.MaxReceivedMessageSize, "#5");
126 Assert.AreEqual (WSMessageEncoding.Text, b.MessageEncoding, "#6");
127 Assert.IsNull (b.ProxyAddress, "#7");
128 // FIXME: test b.ReaderQuotas
129 Assert.AreEqual (scheme, b.Scheme, "#8");
130 Assert.AreEqual (EnvelopeVersion.Soap12, b.EnvelopeVersion, "#9");
131 Assert.AreEqual (65001, b.TextEncoding.CodePage, "#10"); // utf-8
132 Assert.AreEqual (false, b.TransactionFlow, "#11");
133 Assert.AreEqual (true, b.UseDefaultWebProxy, "#12");
134 Assert.AreEqual (false, b.AllowCookies, "#13");
135 Assert.AreEqual (MessageVersion.Default, b.MessageVersion, "#14");
136 Assert.IsNotNull (b.ReliableSession, "#15");
140 public void DefaultMessageEncoding ()
142 WSHttpBinding b = new WSHttpBinding ();
143 foreach (BindingElement be in b.CreateBindingElements ()) {
144 MessageEncodingBindingElement mbe =
145 be as MessageEncodingBindingElement;
148 MessageEncoderFactory f = mbe.CreateMessageEncoderFactory ();
149 MessageEncoder e = f.Encoder;
151 Assert.AreEqual (typeof (TextMessageEncodingBindingElement), mbe.GetType (), "#1-1");
152 Assert.AreEqual (MessageVersion.Default, f.MessageVersion, "#2-1");
153 Assert.AreEqual ("application/soap+xml; charset=utf-8", e.ContentType, "#3-1");
154 Assert.AreEqual ("application/soap+xml", e.MediaType, "#3-2");
157 Assert.Fail ("No message encodiing binding element.");
161 public void DefaultHttpTransport ()
163 WSHttpBinding b = new WSHttpBinding ();
164 foreach (BindingElement be in b.CreateBindingElements ()) {
165 HttpTransportBindingElement tbe =
166 be as HttpTransportBindingElement;
170 Assert.AreEqual (false, tbe.AllowCookies, "#1");
171 Assert.AreEqual (AuthenticationSchemes.Anonymous, tbe.AuthenticationScheme, "#2");
172 Assert.AreEqual (false, tbe.BypassProxyOnLocal, "#3");
173 Assert.AreEqual (HostNameComparisonMode.StrongWildcard, tbe.HostNameComparisonMode, "#4");
174 Assert.AreEqual (true, tbe.KeepAliveEnabled, "#5");
175 Assert.AreEqual (false, tbe.ManualAddressing, "#6");
176 Assert.AreEqual (0x80000, tbe.MaxBufferPoolSize, "#7");
177 Assert.AreEqual (0x10000, tbe.MaxBufferSize, "#8");
178 Assert.AreEqual (0x10000, tbe.MaxReceivedMessageSize, "#9");
179 Assert.IsNull (tbe.ProxyAddress, "#10");
180 Assert.AreEqual (AuthenticationSchemes.Anonymous, tbe.ProxyAuthenticationScheme, "#11");
181 Assert.AreEqual ("", tbe.Realm, "#12");
182 Assert.AreEqual (TransferMode.Buffered, tbe.TransferMode, "#13");
183 Assert.AreEqual (true, tbe.UseDefaultWebProxy, "#14");
187 Assert.Fail ("No transport binding element.");
191 public void DefaultTransactionFlow ()
193 WSHttpBinding b = new WSHttpBinding ();
194 foreach (BindingElement be in b.CreateBindingElements ()) {
195 TransactionFlowBindingElement tbe =
196 be as TransactionFlowBindingElement;
200 Assert.AreEqual (TransactionProtocol.WSAtomicTransactionOctober2004,
201 tbe.TransactionProtocol, "#1");
205 Assert.Fail ("No transaction flow binding element.");
209 public void CreateMessageSecurity ()
211 Assert.IsNull (new MyWSBinding (SecurityMode.None).CreateMessageSecurityEx (), "None");
212 Assert.IsNotNull (new MyWSBinding (SecurityMode.Message).CreateMessageSecurityEx (), "Message");
213 Assert.IsNull (new MyWSBinding (SecurityMode.Transport).CreateMessageSecurityEx (), "Transport");
217 public void DefaultMessageSecurity ()
219 WSHttpBinding b = new WSHttpBinding ();
220 SymmetricSecurityBindingElement sbe = b.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
221 Assert.IsNotNull (sbe, "#0");
223 SecureConversationSecurityTokenParameters p =
224 sbe.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
225 Assert.IsNotNull (p, "#1");
226 SymmetricSecurityBindingElement scbe =
227 p.BootstrapSecurityBindingElement as SymmetricSecurityBindingElement;
228 Assert.IsNotNull (scbe, "#1.1");
229 // since the default w/o SecureConv is SSPI ...
230 Assert.IsTrue (scbe.ProtectionTokenParameters is SspiSecurityTokenParameters, "#1.2");
232 Assert.AreEqual (SecurityAlgorithmSuite.Default,
233 sbe.DefaultAlgorithmSuite, "#2");
235 SupportingTokenParameters s =
236 sbe.EndpointSupportingTokenParameters;
237 Assert.IsNotNull (s, "#3");
238 Assert.AreEqual (0, s.Endorsing.Count, "#3-1");
239 Assert.AreEqual (0, s.Signed.Count, "#3-2");
240 Assert.AreEqual (0, s.SignedEndorsing.Count, "#3-3");
241 Assert.AreEqual (0, s.SignedEncrypted.Count, "#3-4");
243 Assert.AreEqual (0, sbe.OperationSupportingTokenParameters.Count, "#4");
245 s = sbe.OptionalEndpointSupportingTokenParameters;
246 Assert.IsNotNull (s, "#5");
247 Assert.AreEqual (0, s.Endorsing.Count, "#5-1");
248 Assert.AreEqual (0, s.Signed.Count, "#5-2");
249 Assert.AreEqual (0, s.SignedEndorsing.Count, "#5-3");
250 Assert.AreEqual (0, s.SignedEncrypted.Count, "#5-4");
251 Assert.AreEqual (0, sbe.OptionalOperationSupportingTokenParameters.Count, "#6");
255 public void MessageSecurityNoSecureConversation ()
257 WSHttpBinding b = new WSHttpBinding ();
258 b.Security.Message.EstablishSecurityContext = false;
259 SymmetricSecurityBindingElement sbe = b.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
260 Assert.IsNotNull (sbe, "#0");
263 typeof (SspiSecurityTokenParameters),
264 sbe.ProtectionTokenParameters.GetType (), "#1");
265 // no worthy to check SSPI security as we never support it.
267 b.Security.Message.ClientCredentialType = MessageCredentialType.None;
268 sbe = b.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
269 SslSecurityTokenParameters ssltp =
270 sbe.ProtectionTokenParameters
271 as SslSecurityTokenParameters;
272 Assert.IsNotNull(ssltp, "#2-1");
273 Assert.AreEqual (true, ssltp.RequireCancellation, "#2-2");
274 Assert.AreEqual (false, ssltp.RequireClientCertificate, "#2-3");
276 b.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
277 sbe = b.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
278 ssltp = sbe.ProtectionTokenParameters as SslSecurityTokenParameters;
279 Assert.IsNotNull(ssltp, "#3-1");
281 // No NegotiateServiceCredential modes ...
283 b.Security.Message.NegotiateServiceCredential = false;
284 b.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
285 sbe = b.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
286 KerberosSecurityTokenParameters ktp =
287 sbe.ProtectionTokenParameters
288 as KerberosSecurityTokenParameters;
289 Assert.IsNotNull (ktp, "#4-1");
290 // no worthy of testing windows-only Kerberos stuff
292 b.Security.Message.ClientCredentialType = MessageCredentialType.None;
293 sbe = b.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
294 X509SecurityTokenParameters x509tp =
295 sbe.ProtectionTokenParameters
296 as X509SecurityTokenParameters;
297 Assert.IsNotNull (x509tp, "#5-1");
298 Assert.AreEqual (X509KeyIdentifierClauseType.Thumbprint, x509tp.X509ReferenceStyle, "#5-2");
299 Assert.AreEqual (SecurityTokenInclusionMode.Never, x509tp.InclusionMode, "#5-3");
301 b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
302 sbe = b.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
303 Assert.AreEqual (1, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#6-0");
304 x509tp = sbe.EndpointSupportingTokenParameters.Endorsing [0] as X509SecurityTokenParameters;
305 Assert.IsNotNull (x509tp, "#6-1");
306 Assert.AreEqual (X509KeyIdentifierClauseType.Thumbprint, x509tp.X509ReferenceStyle, "#6-2");
307 Assert.AreEqual (SecurityTokenInclusionMode.AlwaysToRecipient, x509tp.InclusionMode, "#6-3");
308 Assert.AreEqual (false, x509tp.RequireDerivedKeys, "#6-4");
309 x509tp = sbe.ProtectionTokenParameters as X509SecurityTokenParameters;
310 Assert.IsNotNull (x509tp, "#7-1");
311 Assert.AreEqual (X509KeyIdentifierClauseType.Thumbprint, x509tp.X509ReferenceStyle, "#7-2");
312 Assert.AreEqual (SecurityTokenInclusionMode.Never, x509tp.InclusionMode, "#7-3");
313 Assert.AreEqual (true, x509tp.RequireDerivedKeys, "#7-4");
314 Assert.AreEqual (true, sbe.RequireSignatureConfirmation, "#8");
318 public void MessageSecurityCertificateNego ()
320 WSHttpBinding binding = new WSHttpBinding ();
321 binding.Security.Message.ClientCredentialType =
322 MessageCredentialType.Certificate;
323 SymmetricSecurityBindingElement sbe =
324 binding.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
325 Assert.IsNotNull (sbe, "#1");
326 Assert.AreEqual (false, sbe.RequireSignatureConfirmation, "#1-2");
328 SecureConversationSecurityTokenParameters sp =
329 sbe.ProtectionTokenParameters
330 as SecureConversationSecurityTokenParameters;
331 Assert.IsNotNull (sp, "#2");
332 SymmetricSecurityBindingElement spbe =
333 sp.BootstrapSecurityBindingElement
334 as SymmetricSecurityBindingElement;
335 Assert.IsNotNull (spbe, "#3");
336 SslSecurityTokenParameters p =
337 spbe.ProtectionTokenParameters
338 as SslSecurityTokenParameters;
339 Assert.IsNotNull (p, "#4");
340 Assert.AreEqual (SecurityTokenReferenceStyle.Internal,
341 p.ReferenceStyle, "#5");
342 Assert.AreEqual (SecurityTokenInclusionMode.AlwaysToRecipient,
343 p.InclusionMode, "#6");
347 public void MessageSecuritySPNego ()
349 WSHttpBinding binding = new WSHttpBinding ();
350 SymmetricSecurityBindingElement sbe =
351 binding.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
352 Assert.IsNotNull (sbe, "#1");
353 Assert.AreEqual (false, sbe.RequireSignatureConfirmation, "#1-2");
355 SecureConversationSecurityTokenParameters sp =
356 sbe.ProtectionTokenParameters
357 as SecureConversationSecurityTokenParameters;
358 Assert.IsNotNull (sp, "#2");
359 SymmetricSecurityBindingElement spbe =
360 sp.BootstrapSecurityBindingElement
361 as SymmetricSecurityBindingElement;
362 Assert.IsNotNull (spbe, "#3");
363 SspiSecurityTokenParameters p =
364 spbe.ProtectionTokenParameters
365 as SspiSecurityTokenParameters;
366 Assert.IsNotNull (p, "#4");
367 Assert.AreEqual (SecurityTokenReferenceStyle.Internal,
368 p.ReferenceStyle, "#5");
369 Assert.AreEqual (SecurityTokenInclusionMode.AlwaysToRecipient,
370 p.InclusionMode, "#6");
371 Assert.AreEqual (0, sbe.EndpointSupportingTokenParameters.Signed.Count, "#7");
372 Assert.AreEqual (0, sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#8");
373 Assert.AreEqual (0, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#9");
374 Assert.AreEqual (0, sbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#10");
375 Assert.AreEqual (0, spbe.EndpointSupportingTokenParameters.Signed.Count, "#11");
376 Assert.AreEqual (0, spbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#12");
377 Assert.AreEqual (0, spbe.EndpointSupportingTokenParameters.Endorsing.Count, "#13");
378 Assert.AreEqual (0, spbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#14");
380 Assert.AreEqual (0, sbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#17");
381 Assert.AreEqual (0, sbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#18");
382 Assert.AreEqual (0, sbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#19");
383 Assert.AreEqual (0, sbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#110");
384 Assert.AreEqual (0, spbe.OptionalEndpointSupportingTokenParameters.Signed.Count, "#21");
385 Assert.AreEqual (0, spbe.OptionalEndpointSupportingTokenParameters.SignedEncrypted.Count, "#22");
386 Assert.AreEqual (0, spbe.OptionalEndpointSupportingTokenParameters.Endorsing.Count, "#23");
387 Assert.AreEqual (0, spbe.OptionalEndpointSupportingTokenParameters.SignedEndorsing.Count, "#24");
391 public void MessageSecurityUserName ()
393 WSHttpBinding binding = new WSHttpBinding ();
394 binding.Security.Message.NegotiateServiceCredential = false;
395 binding.Security.Message.EstablishSecurityContext = false;
396 binding.Security.Message.ClientCredentialType =
397 MessageCredentialType.UserName;
398 SymmetricSecurityBindingElement sbe =
399 binding.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
400 Assert.IsNotNull (sbe, "#1");
401 Assert.AreEqual (false, sbe.RequireSignatureConfirmation, "#1-2");
403 X509SecurityTokenParameters sp =
404 sbe.ProtectionTokenParameters
405 as X509SecurityTokenParameters;
406 Assert.IsNotNull (sp, "#2");
407 Assert.AreEqual (SecurityTokenReferenceStyle.Internal,
408 sp.ReferenceStyle, "#3");
409 Assert.AreEqual (SecurityTokenInclusionMode.Never,
410 sp.InclusionMode, "#4");
412 UserNameSecurityTokenParameters up =
413 sbe.EndpointSupportingTokenParameters.SignedEncrypted [0]
414 as UserNameSecurityTokenParameters;
415 Assert.AreEqual (SecurityTokenReferenceStyle.Internal,
416 up.ReferenceStyle, "#5");
417 Assert.AreEqual (SecurityTokenInclusionMode.AlwaysToRecipient,
418 up.InclusionMode, "#6");
422 [Category ("NotWorking")]
423 public void MessageSecurityIssuedToken ()
425 WSHttpBinding binding = new WSHttpBinding ();
426 binding.Security.Message.EstablishSecurityContext = false;
427 binding.Security.Message.ClientCredentialType =
428 MessageCredentialType.IssuedToken;
429 SymmetricSecurityBindingElement sbe =
430 binding.CreateBindingElements ().Find<SymmetricSecurityBindingElement> ();
431 Assert.IsNotNull (sbe, "#1");
432 Assert.AreEqual (0, sbe.EndpointSupportingTokenParameters.Signed.Count, "#1-1");
433 Assert.AreEqual (1, sbe.EndpointSupportingTokenParameters.Endorsing.Count, "#1-2");
434 Assert.AreEqual (0, sbe.EndpointSupportingTokenParameters.SignedEndorsing.Count, "#1-3");
435 Assert.AreEqual (0, sbe.EndpointSupportingTokenParameters.SignedEncrypted.Count, "#1-4");
436 IssuedSecurityTokenParameters p =
437 sbe.EndpointSupportingTokenParameters.Endorsing [0]
438 as IssuedSecurityTokenParameters;
439 Assert.IsNotNull (p, "#2");
440 Assert.IsNotNull (p.ClaimTypeRequirements, "#2-1");
441 Assert.AreEqual (1, p.ClaimTypeRequirements.Count, "#2-2");
442 ClaimTypeRequirement r = p.ClaimTypeRequirements [0];
443 Assert.AreEqual (ClaimTypes.PPID, r.ClaimType, "#3-1");
444 Assert.IsFalse (r.IsOptional, "#3-2");
448 [ExpectedException (typeof (InvalidOperationException))]
449 [Category ("NotWorking")]
450 public void BuildListenerWithoutServiceCertificate ()
452 ServiceHost host = new ServiceHost (typeof (Foo));
453 WSHttpBinding binding = new WSHttpBinding ();
454 binding.Security.Message.ClientCredentialType =
455 MessageCredentialType.IssuedToken;
456 host.AddServiceEndpoint (typeof (Foo).FullName, binding, "http://localhost:8080");
464 public void SayWhat () { }
467 class MyWSBinding : WSHttpBinding
469 public MyWSBinding (SecurityMode mode)
474 public SecurityBindingElement CreateMessageSecurityEx ()
476 return CreateMessageSecurity ();