2 // AsymmetricSecurityBindingElementTest.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.Generic;
30 using System.Collections.ObjectModel;
33 using System.Net.Security;
34 using System.Security.Cryptography.X509Certificates;
35 using System.IdentityModel.Selectors;
36 using System.IdentityModel.Tokens;
37 using System.ServiceModel;
38 using System.ServiceModel.Channels;
39 using System.ServiceModel.Description;
40 using System.ServiceModel.Security;
41 using System.ServiceModel.Security.Tokens;
42 using System.Threading;
44 using NUnit.Framework;
46 namespace MonoTests.System.ServiceModel.Channels
49 public class AsymmetricSecurityBindingElementTest
51 static X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
52 static X509Certificate2 cert2 = new X509Certificate2 ("Test/Resources/test.cer");
54 // InitiatorTokenParameters should have asymmetric key.
56 [ExpectedException (typeof (InvalidOperationException))]
57 [Category ("NotWorking")] // this test unnecessarily requires some internal processing order
58 public void ClientInitiatorHasNoKeys1 ()
60 ClientInitiatorHasNoKeysCore (false, MessageProtectionOrder.SignBeforeEncrypt);
64 [ExpectedException (typeof (InvalidOperationException))]
65 [Category ("NotWorking")] // this test unnecessarily requires some internal processing order
66 public void ClientInitiatorHasNoKeys2 ()
68 ClientInitiatorHasNoKeysCore (true, MessageProtectionOrder.SignBeforeEncrypt);
72 [ExpectedException (typeof (InvalidOperationException))]
73 [Category ("NotWorking")] // this test unnecessarily requires some internal processing order
74 public void ClientInitiatorHasNoKeys3 ()
76 ClientInitiatorHasNoKeysCore (false, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature);
80 [ExpectedException (typeof (InvalidOperationException))]
81 [Category ("NotWorking")] // this test unnecessarily requires some internal processing order
82 public void ClientInitiatorHasNoKeys4 ()
84 ClientInitiatorHasNoKeysCore (true, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature);
87 public void ClientInitiatorHasNoKeysCore (bool deriveKeys, MessageProtectionOrder order)
89 AsymmetricSecurityBindingElement sbe =
90 new AsymmetricSecurityBindingElement ();
91 sbe.InitiatorTokenParameters =
92 new UserNameSecurityTokenParameters ();
93 sbe.RecipientTokenParameters =
94 new X509SecurityTokenParameters ();
95 sbe.SetKeyDerivation (deriveKeys);
96 sbe.MessageProtectionOrder = order;
97 TransportBindingElement tbe = new HandlerTransportBindingElement (delegate (Message input) {
98 // funky, but .NET does not raise an error
99 // until it writes the message to somewhere.
100 // That is, it won't raise an error if this
101 // HandlerTransportBindingElement does not
102 // write the input message to somewhere.
103 // It is an obvious bug.
104 input.WriteMessage (XmlWriter.Create (TextWriter.Null));
105 throw new Exception ();
107 CustomBinding binding = new CustomBinding (sbe, tbe);
108 EndpointAddress address = new EndpointAddress (
109 new Uri ("stream:dummy"),
110 new X509CertificateEndpointIdentity (cert2));
111 CalcProxy proxy = new CalcProxy (binding, address);
112 proxy.ClientCredentials.UserName.UserName = "mono";
114 // Until here the wrong parameters are not checked.
119 [ExpectedException (typeof (NotSupportedException))]
120 [Category ("NotWorking")]
121 public void ServiceRecipientHasNoKeys ()
123 AsymmetricSecurityBindingElement sbe =
124 new AsymmetricSecurityBindingElement ();
125 sbe.InitiatorTokenParameters =
126 new X509SecurityTokenParameters ();
127 sbe.RecipientTokenParameters =
128 new UserNameSecurityTokenParameters ();
129 //sbe.SetKeyDerivation (false);
130 //sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
131 CustomBinding binding = new CustomBinding (sbe,
132 new HttpTransportBindingElement ());
133 IChannelListener<IReplyChannel> l =
134 binding.BuildChannelListener<IReplyChannel> (new Uri ("http://localhost:37564"), new BindingParameterCollection ());
138 if (l.State == CommunicationState.Opened)
143 Message tmp_request, tmp_reply;
146 [ExpectedException (typeof (MessageSecurityException))]
147 // after having to fix several issues, I forgot what I originally wanted to test here ...
148 [Ignore ("It causes some weird failure and port blocking ...")]
149 public void VerifyX509MessageSecurityAtService ()
151 AsymmetricSecurityBindingElement clisbe =
152 new AsymmetricSecurityBindingElement ();
153 clisbe.InitiatorTokenParameters =
154 new X509SecurityTokenParameters ();
155 clisbe.RecipientTokenParameters =
156 new X509SecurityTokenParameters ();
158 AsymmetricSecurityBindingElement svcsbe =
159 new AsymmetricSecurityBindingElement ();
160 svcsbe.InitiatorTokenParameters =
161 new X509SecurityTokenParameters ();
162 svcsbe.RecipientTokenParameters =
163 new X509SecurityTokenParameters ();
165 CustomBinding b_req = new CustomBinding (clisbe,
166 new HttpTransportBindingElement ());
168 b_req.ReceiveTimeout = b_req.SendTimeout = TimeSpan.FromSeconds (10);
170 CustomBinding b_res = new CustomBinding (svcsbe, new HttpTransportBindingElement ());
171 b_res.ReceiveTimeout = b_res.SendTimeout = TimeSpan.FromSeconds (10);
173 EndpointAddress remaddr = new EndpointAddress (
174 new Uri ("http://localhost:37564"),
175 new X509CertificateEndpointIdentity (cert2));
176 CalcProxy proxy = null;
177 ServiceHost host = new ServiceHost (typeof (CalcService));
178 host.AddServiceEndpoint (typeof (ICalc), b_res, "http://localhost:37564");
180 ServiceCredentials cred = new ServiceCredentials ();
181 cred.ServiceCertificate.Certificate = cert;
182 host.Description.Behaviors.Add (cred);
186 proxy = new CalcProxy (b_req, remaddr);
187 proxy.ClientCredentials.ClientCertificate.Certificate = cert;
189 // FIXME: on WinFX, when this Begin method
190 // is invoked before the listener setup, it
191 // somehow works, while ours doesn't.
192 //IAsyncResult result = proxy.BeginSum (1, 2, null, null);
193 //Assert.AreEqual (3, proxy.EndSum (result));
194 Assert.AreEqual (3, proxy.Sum (1, 2));
196 if (host.State == CommunicationState.Opened)
202 public void SetKeyDerivation ()
204 AsymmetricSecurityBindingElement be;
205 X509SecurityTokenParameters p, p2;
207 be = new AsymmetricSecurityBindingElement ();
208 p = new X509SecurityTokenParameters ();
209 p2 = new X509SecurityTokenParameters ();
210 be.InitiatorTokenParameters = p;
211 be.RecipientTokenParameters = p2;
212 be.SetKeyDerivation (false);
213 Assert.AreEqual (false, p.RequireDerivedKeys, "#1");
214 Assert.AreEqual (false, p2.RequireDerivedKeys, "#2");
216 be = new AsymmetricSecurityBindingElement ();
217 p = new X509SecurityTokenParameters ();
218 p2 = new X509SecurityTokenParameters ();
219 be.SetKeyDerivation (false); // set in prior - makes no sense
220 be.InitiatorTokenParameters = p;
221 be.RecipientTokenParameters = p2;
222 Assert.AreEqual (true, p.RequireDerivedKeys, "#3");
223 Assert.AreEqual (true, p2.RequireDerivedKeys, "#4");
227 [ExpectedException (typeof (InvalidOperationException))]
228 [Category ("NotWorking")]
229 public void RejectInclusionModeNever ()
231 AsymmetricSecurityBindingElement sbe =
232 new AsymmetricSecurityBindingElement ();
233 sbe.InitiatorTokenParameters = sbe.RecipientTokenParameters =
234 new X509SecurityTokenParameters (
235 X509KeyIdentifierClauseType.Thumbprint,
236 // this leads to the failure.
237 SecurityTokenInclusionMode.Never);
238 ServiceHost host = new ServiceHost (typeof (Foo));
239 HttpTransportBindingElement hbe =
240 new HttpTransportBindingElement ();
241 CustomBinding binding = new CustomBinding (sbe, hbe);
242 host.AddServiceEndpoint (typeof (IFoo),
243 binding, new Uri ("http://localhost:37564"));
244 ServiceCredentials cred = new ServiceCredentials ();
245 cred.ServiceCertificate.Certificate =
246 new X509Certificate2 ("Test/Resources/test.pfx", "mono");
247 cred.ClientCertificate.Authentication.CertificateValidationMode =
248 X509CertificateValidationMode.None;
249 host.Description.Behaviors.Add (cred);
253 if (host.State == CommunicationState.Opened)