mcs/class/System.ServiceModel/Test/System.ServiceModel.Channels/AsymmetricSecurityBindingElementTest.cs

   1 //
   2 // AsymmetricSecurityBindingElementTest.cs
   3 //
   4 // Author:
   5 //      Atsushi Enomoto <atsushi@ximian.com>
   6 //
   7 // Copyright (C) 2006 Novell, Inc.  http://www.novell.com
   8 //
   9 // Permission is hereby granted, free of charge, to any person obtaining
  10 // a copy of this software and associated documentation files (the
  11 // "Software"), to deal in the Software without restriction, including
  12 // without limitation the rights to use, copy, modify, merge, publish,
  13 // distribute, sublicense, and/or sell copies of the Software, and to
  14 // permit persons to whom the Software is furnished to do so, subject to
  15 // the following conditions:
  16 //
  17 // The above copyright notice and this permission notice shall be
  18 // included in all copies or substantial portions of the Software.
  19 //
  20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  27 //
  28 using System;
  29 using System.Collections.Generic;
  30 using System.Collections.ObjectModel;
  31 using System.IO;
  32 using System.Net;
  33 using System.Net.Security;
  34 using System.Security.Cryptography.X509Certificates;
  35 using System.IdentityModel.Selectors;
  36 using System.IdentityModel.Tokens;
  37 using System.ServiceModel;
  38 using System.ServiceModel.Channels;
  39 using System.ServiceModel.Description;
  40 using System.ServiceModel.Security;
  41 using System.ServiceModel.Security.Tokens;
  42 using System.Threading;
  43 using System.Xml;
  44 using NUnit.Framework;
  45
  46 namespace MonoTests.System.ServiceModel.Channels
  47 {
  48         [TestFixture]
  49         public class AsymmetricSecurityBindingElementTest
  50         {
  51                 static X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
  52                 static X509Certificate2 cert2 = new X509Certificate2 ("Test/Resources/test.cer");
  53
  54                 // InitiatorTokenParameters should have asymmetric key.
  55                 [Test]
  56                 [ExpectedException (typeof (InvalidOperationException))]
  57                 [Category ("NotWorking")] // this test unnecessarily requires some internal processing order
  58                 public void ClientInitiatorHasNoKeys1 ()
  59                 {
  60                         ClientInitiatorHasNoKeysCore (false, MessageProtectionOrder.SignBeforeEncrypt);
  61                 }
  62
  63                 [Test]
  64                 [ExpectedException (typeof (InvalidOperationException))]
  65                 [Category ("NotWorking")] // this test unnecessarily requires some internal processing order
  66                 public void ClientInitiatorHasNoKeys2 ()
  67                 {
  68                         ClientInitiatorHasNoKeysCore (true, MessageProtectionOrder.SignBeforeEncrypt);
  69                 }
  70
  71                 [Test]
  72                 [ExpectedException (typeof (InvalidOperationException))]
  73                 [Category ("NotWorking")] // this test unnecessarily requires some internal processing order
  74                 public void ClientInitiatorHasNoKeys3 ()
  75                 {
  76                         ClientInitiatorHasNoKeysCore (false, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature);
  77                 }
  78
  79                 [Test]
  80                 [ExpectedException (typeof (InvalidOperationException))]
  81                 [Category ("NotWorking")] // this test unnecessarily requires some internal processing order
  82                 public void ClientInitiatorHasNoKeys4 ()
  83                 {
  84                         ClientInitiatorHasNoKeysCore (true, MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature);
  85                 }
  86
  87                 public void ClientInitiatorHasNoKeysCore (bool deriveKeys, MessageProtectionOrder order)
  88                 {
  89                         AsymmetricSecurityBindingElement sbe =
  90                                 new AsymmetricSecurityBindingElement ();
  91                         sbe.InitiatorTokenParameters =
  92                                 new UserNameSecurityTokenParameters ();
  93                         sbe.RecipientTokenParameters =
  94                                 new X509SecurityTokenParameters ();
  95                         sbe.SetKeyDerivation (deriveKeys);
  96                         sbe.MessageProtectionOrder = order;
  97                         TransportBindingElement tbe = new HandlerTransportBindingElement (delegate (Message input) {
  98                                 // funky, but .NET does not raise an error
  99                                 // until it writes the message to somewhere.
 100                                 // That is, it won't raise an error if this
 101                                 // HandlerTransportBindingElement does not
 102                                 // write the input message to somewhere.
 103                                 // It is an obvious bug.
 104                                 input.WriteMessage (XmlWriter.Create (TextWriter.Null));
 105                                 throw new Exception ();
 106                         });
 107                         CustomBinding binding = new CustomBinding (sbe, tbe);
 108                         EndpointAddress address = new EndpointAddress (
 109                                 new Uri ("stream:dummy"),
 110                                 new X509CertificateEndpointIdentity (cert2));
 111                         CalcProxy proxy = new CalcProxy (binding, address);
 112                         proxy.ClientCredentials.UserName.UserName = "mono";
 113                         proxy.Open ();
 114                         // Until here the wrong parameters are not checked.
 115                         proxy.Sum (1, 2);
 116                 }
 117
 118                 [Test]
 119                 [ExpectedException (typeof (NotSupportedException))]
 120                 [Category ("NotWorking")]
 121                 public void ServiceRecipientHasNoKeys ()
 122                 {
 123                         AsymmetricSecurityBindingElement sbe =
 124                                 new AsymmetricSecurityBindingElement ();
 125                         sbe.InitiatorTokenParameters =
 126                                 new X509SecurityTokenParameters ();
 127                         sbe.RecipientTokenParameters =
 128                                 new UserNameSecurityTokenParameters ();
 129                         //sbe.SetKeyDerivation (false);
 130                         //sbe.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
 131                         CustomBinding binding = new CustomBinding (sbe,
 132                                 new HttpTransportBindingElement ());
 133                         IChannelListener<IReplyChannel> l =
 134                                 binding.BuildChannelListener<IReplyChannel> (new Uri ("http://localhost:37564"), new BindingParameterCollection ());
 135                         try {
 136                                 l.Open ();
 137                         } finally {
 138                                 if (l.State == CommunicationState.Opened)
 139                                         l.Close ();
 140                         }
 141                 }
 142
 143                 Message tmp_request, tmp_reply;
 144
 145                 [Test]
 146                 [ExpectedException (typeof (MessageSecurityException))]
 147                 // after having to fix several issues, I forgot what I originally wanted to test here ...
 148                 [Ignore ("It causes some weird failure and port blocking ...")]
 149                 public void VerifyX509MessageSecurityAtService ()
 150                 {
 151                         AsymmetricSecurityBindingElement clisbe =
 152                                 new AsymmetricSecurityBindingElement ();
 153                         clisbe.InitiatorTokenParameters =
 154                                 new X509SecurityTokenParameters ();
 155                         clisbe.RecipientTokenParameters =
 156                                 new X509SecurityTokenParameters ();
 157
 158                         AsymmetricSecurityBindingElement svcsbe =
 159                                 new AsymmetricSecurityBindingElement ();
 160                         svcsbe.InitiatorTokenParameters =
 161                                 new X509SecurityTokenParameters ();
 162                         svcsbe.RecipientTokenParameters =
 163                                 new X509SecurityTokenParameters ();
 164
 165                         CustomBinding b_req = new CustomBinding (clisbe,
 166                                 new HttpTransportBindingElement ());
 167
 168                         b_req.ReceiveTimeout = b_req.SendTimeout = TimeSpan.FromSeconds (10);
 169
 170                         CustomBinding b_res = new CustomBinding (svcsbe, new HttpTransportBindingElement ());
 171                         b_res.ReceiveTimeout = b_res.SendTimeout = TimeSpan.FromSeconds (10);
 172
 173                         EndpointAddress remaddr = new EndpointAddress (
 174                                 new Uri ("http://localhost:37564"),
 175                                 new X509CertificateEndpointIdentity (cert2));
 176                         CalcProxy proxy = null;
 177                         ServiceHost host = new ServiceHost (typeof (CalcService));
 178                         host.AddServiceEndpoint (typeof (ICalc), b_res, "http://localhost:37564");
 179
 180                         ServiceCredentials cred = new ServiceCredentials ();
 181                         cred.ServiceCertificate.Certificate = cert;
 182                         host.Description.Behaviors.Add (cred);
 183                         try {
 184                                 host.Open ();
 185
 186                                 proxy = new CalcProxy (b_req, remaddr);
 187                                 proxy.ClientCredentials.ClientCertificate.Certificate = cert;
 188
 189                                 // FIXME: on WinFX, when this Begin method
 190                                 // is invoked before the listener setup, it
 191                                 // somehow works, while ours doesn't.
 192                                 //IAsyncResult result = proxy.BeginSum (1, 2, null, null);
 193                                 //Assert.AreEqual (3, proxy.EndSum (result));
 194                                 Assert.AreEqual (3, proxy.Sum (1, 2));
 195                         } finally {
 196                                 if (host.State == CommunicationState.Opened)
 197                                         host.Close ();
 198                         }
 199                 }
 200
 201                 [Test]
 202                 public void SetKeyDerivation ()
 203                 {
 204                         AsymmetricSecurityBindingElement be;
 205                         X509SecurityTokenParameters p, p2;
 206
 207                         be = new AsymmetricSecurityBindingElement ();
 208                         p = new X509SecurityTokenParameters ();
 209                         p2 = new X509SecurityTokenParameters ();
 210                         be.InitiatorTokenParameters = p;
 211                         be.RecipientTokenParameters = p2;
 212                         be.SetKeyDerivation (false);
 213                         Assert.AreEqual (false, p.RequireDerivedKeys, "#1");
 214                         Assert.AreEqual (false, p2.RequireDerivedKeys, "#2");
 215
 216                         be = new AsymmetricSecurityBindingElement ();
 217                         p = new X509SecurityTokenParameters ();
 218                         p2 = new X509SecurityTokenParameters ();
 219                         be.SetKeyDerivation (false); // set in prior - makes no sense
 220                         be.InitiatorTokenParameters = p;
 221                         be.RecipientTokenParameters = p2;
 222                         Assert.AreEqual (true, p.RequireDerivedKeys, "#3");
 223                         Assert.AreEqual (true, p2.RequireDerivedKeys, "#4");
 224                 }
 225
 226                 [Test]
 227                 [ExpectedException (typeof (InvalidOperationException))]
 228                 [Category ("NotWorking")]
 229                 public void RejectInclusionModeNever ()
 230                 {
 231                         AsymmetricSecurityBindingElement sbe =
 232                                 new AsymmetricSecurityBindingElement ();
 233                         sbe.InitiatorTokenParameters = sbe.RecipientTokenParameters =
 234                                 new X509SecurityTokenParameters (
 235                                         X509KeyIdentifierClauseType.Thumbprint,
 236                                         // this leads to the failure.
 237                                         SecurityTokenInclusionMode.Never);
 238                         ServiceHost host = new ServiceHost (typeof (Foo));
 239                         HttpTransportBindingElement hbe =
 240                                 new HttpTransportBindingElement ();
 241                         CustomBinding binding = new CustomBinding (sbe, hbe);
 242                         host.AddServiceEndpoint (typeof (IFoo),
 243                                 binding, new Uri ("http://localhost:37564"));
 244                         ServiceCredentials cred = new ServiceCredentials ();
 245                         cred.ServiceCertificate.Certificate =
 246                                 new X509Certificate2 ("Test/Resources/test.pfx", "mono");
 247                         cred.ClientCertificate.Authentication.CertificateValidationMode =
 248                                 X509CertificateValidationMode.None;
 249                         host.Description.Behaviors.Add (cred);
 250                         try {
 251                                 host.Open ();
 252                         } finally {
 253                                 if (host.State == CommunicationState.Opened)
 254                                         host.Close ();
 255                         }
 256                 }
 257         }
 258 }