mcs/class/System.ServiceModel/Test/System.ServiceModel.Channels/SecurityAssert.cs

   1 //
   2 // SecurityAssert.cs
   3 //
   4 // Author:
   5 //      Atsushi Enomoto <atsushi@ximian.com>
   6 //
   7 // Copyright (C) 2006 Novell, Inc.  http://www.novell.com
   8 //
   9 // Permission is hereby granted, free of charge, to any person obtaining
  10 // a copy of this software and associated documentation files (the
  11 // "Software"), to deal in the Software without restriction, including
  12 // without limitation the rights to use, copy, modify, merge, publish,
  13 // distribute, sublicense, and/or sell copies of the Software, and to
  14 // permit persons to whom the Software is furnished to do so, subject to
  15 // the following conditions:
  16 //
  17 // The above copyright notice and this permission notice shall be
  18 // included in all copies or substantial portions of the Software.
  19 //
  20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  27 //
  28 using System;
  29 using System.Collections.Generic;
  30 using System.Collections.ObjectModel;
  31 using System.Net;
  32 using System.Net.Security;
  33 using System.Security.Cryptography.X509Certificates;
  34 using System.IdentityModel.Selectors;
  35 using System.IdentityModel.Tokens;
  36 using System.ServiceModel;
  37 using System.ServiceModel.Channels;
  38 using System.ServiceModel.Description;
  39 using System.ServiceModel.Security;
  40 using System.ServiceModel.Security.Tokens;
  41 using System.Xml;
  42 using NUnit.Framework;
  43
  44 namespace MonoTests.System.ServiceModel.Channels
  45 {
  46         public static class SecurityAssert
  47         {
  48                 public static void AssertLocalClientSecuritySettings (
  49                         bool cacheCookies,
  50                         int renewalThresholdPercentage,
  51                         bool detectReplays,
  52                         LocalClientSecuritySettings lc, string label)
  53                 {
  54                         Assert.IsNotNull (lc, label + " IsNotNull");
  55                         Assert.AreEqual (cacheCookies, lc.CacheCookies, label + ".CacheCookies");
  56                         Assert.AreEqual (renewalThresholdPercentage, lc.CookieRenewalThresholdPercentage, label + ".CookieRenewalThresholdPercentage");
  57                         Assert.AreEqual (detectReplays, lc.DetectReplays, label + ".DetectReplays");
  58                 }
  59
  60                 public static void AssertSecurityTokenParameters (
  61                         SecurityTokenInclusionMode protectionTokenInclusionMode,
  62                         SecurityTokenReferenceStyle protectionTokenReferenceStyle,
  63                         bool protectionTokenRequireDerivedKeys,
  64                         SecurityTokenParameters tp, string label)
  65                 {
  66                         Assert.IsNotNull (tp, label + " IsNotNull");
  67                         Assert.AreEqual (protectionTokenInclusionMode,
  68                                 tp.InclusionMode, label + ".InclusionMode");
  69                         Assert.AreEqual (protectionTokenReferenceStyle,
  70                                 tp.ReferenceStyle, label + ".ReferenceStyle");
  71                         Assert.AreEqual (protectionTokenRequireDerivedKeys,
  72                                 tp.RequireDerivedKeys, label + ".RequireDerivedKeys");
  73                 }
  74
  75                 public static void AssertSupportingTokenParameters (
  76                         int endorsing, int signed, int signedEncrypted, int signedEndorsing,
  77                         SupportingTokenParameters tp, string label)
  78                 {
  79                         Assert.IsNotNull (tp, label + " IsNotNull");
  80                         Assert.AreEqual (endorsing, tp.Endorsing.Count, label + ".Endoring.Count");
  81                         Assert.AreEqual (signed, tp.Signed.Count, label + ".Signed.Count");
  82                         Assert.AreEqual (signedEncrypted, tp.SignedEncrypted.Count, label + ".SignedEncrypted.Count");
  83                         Assert.AreEqual (signedEndorsing, tp.SignedEndorsing.Count, label + ".SignedEndorsing.Count");
  84                 }
  85
  86                 public static void AssertSecurityBindingElement (
  87                         SecurityAlgorithmSuite algorithm,
  88                         bool includeTimestamp,
  89                         SecurityKeyEntropyMode keyEntropyMode,
  90                         MessageSecurityVersion messageSecurityVersion,
  91                         SecurityHeaderLayout securityHeaderLayout,
  92                         // EndpointSupportingTokenParameters
  93                         int endorsing, int signed, int signedEncrypted, int signedEndorsing,
  94                         // LocalClientSettings
  95                         bool cacheCookies,
  96                         int renewalThresholdPercentage,
  97                         bool detectReplays,
  98                         SecurityBindingElement be, string label)
  99                 {
 100                         Assert.AreEqual (algorithm, be.DefaultAlgorithmSuite, label + ".DefaultAlgorithmSuite");
 101                         Assert.AreEqual (includeTimestamp, be.IncludeTimestamp, label + ".KeyEntropyMode");
 102                         Assert.AreEqual (keyEntropyMode,
 103                                 be.KeyEntropyMode, label + "#3");
 104
 105                         Assert.AreEqual (messageSecurityVersion,
 106                                 be.MessageSecurityVersion, label + ".MessageSecurityVersion");
 107                         Assert.AreEqual (securityHeaderLayout,
 108                                 be.SecurityHeaderLayout, label + ".SecurityHeaderLayout");
 109
 110                         // FIXME: they should be extracted step by step...
 111
 112                         // EndpointSupportingTokenParameters
 113                         SupportingTokenParameters tp = be.EndpointSupportingTokenParameters;
 114                         AssertSupportingTokenParameters (
 115                                 endorsing, signed, signedEncrypted, signedEndorsing,
 116                                 tp, label + ".Endpoint");
 117
 118                         // OptionalEndpointSupportingTokenParameters
 119                         tp = be.OptionalEndpointSupportingTokenParameters;
 120                         Assert.IsNotNull (tp, label + "#3-0");
 121                         Assert.AreEqual (0, tp.Endorsing.Count, label + "#3-1");
 122                         Assert.AreEqual (0, tp.Signed.Count, label + "#3-2");
 123                         Assert.AreEqual (0, tp.SignedEncrypted.Count, label + "#3-3");
 124                         Assert.AreEqual (0, tp.SignedEndorsing.Count, label + "#3-4");
 125
 126                         // OperationSupportingTokenParameters
 127                         IDictionary<string,SupportingTokenParameters> oper = be.OperationSupportingTokenParameters;
 128                         Assert.IsNotNull (oper, label + "#4-1");
 129                         Assert.AreEqual (0, oper.Count, label + "#4-2");
 130
 131                         // OptionalOperationSupportingTokenParameters
 132                         oper = be.OptionalOperationSupportingTokenParameters;
 133                         Assert.IsNotNull (oper, label + "#5-1");
 134                         Assert.AreEqual (0, oper.Count, label + "#5-2");
 135
 136                         // LocalClientSettings
 137                         LocalClientSecuritySettings lc =
 138                                 be.LocalClientSettings;
 139                         AssertLocalClientSecuritySettings (
 140                                 cacheCookies,
 141                                 renewalThresholdPercentage,
 142                                 detectReplays,
 143                                 lc, "");
 144                         // FIXME: IdentityVerifier
 145                         Assert.AreEqual (TimeSpan.FromMinutes (5), lc.MaxClockSkew, label + "#7-5");
 146                         Assert.AreEqual (TimeSpan.MaxValue, lc.MaxCookieCachingTime, label + "#7-6");
 147                         Assert.AreEqual (true, lc.ReconnectTransportOnFailure, label + "#7-7");
 148                         Assert.AreEqual (900000, lc.ReplayCacheSize, label + "#7-8");
 149                         Assert.AreEqual (TimeSpan.FromMinutes (5), lc.ReplayWindow, label + "#7-9");
 150                         Assert.AreEqual (TimeSpan.FromHours (10), lc.SessionKeyRenewalInterval, label + "#7-10");
 151                         Assert.AreEqual (TimeSpan.FromMinutes (5), lc.SessionKeyRolloverInterval, label + "#7-11");
 152                         Assert.AreEqual (TimeSpan.FromMinutes (5), lc.TimestampValidityDuration, label + "#7-12");
 153
 154                         // FIXME: LocalServiceSettings
 155                 }
 156
 157                 public static void AssertSymmetricSecurityBindingElement (
 158                         SecurityAlgorithmSuite algorithm,
 159                         bool includeTimestamp,
 160                         SecurityKeyEntropyMode keyEntropyMode,
 161                         MessageProtectionOrder messageProtectionOrder,
 162                         MessageSecurityVersion messageSecurityVersion,
 163                         bool requireSignatureConfirmation,
 164                         SecurityHeaderLayout securityHeaderLayout,
 165                         // EndpointSupportingTokenParameters
 166                         int endorsing, int signed, int signedEncrypted, int signedEndorsing,
 167                         // ProtectionTokenParameters
 168                         bool hasProtectionTokenParameters,
 169                         SecurityTokenInclusionMode protectionTokenInclusionMode,
 170                         SecurityTokenReferenceStyle protectionTokenReferenceStyle,
 171                         bool protectionTokenRequireDerivedKeys,
 172                         // LocalClientSettings
 173                         bool cacheCookies,
 174                         int renewalThresholdPercentage,
 175                         bool detectReplays,
 176                         SymmetricSecurityBindingElement be, string label)
 177                 {
 178                         AssertSecurityBindingElement (
 179                                 algorithm,
 180                                 includeTimestamp,
 181                                 keyEntropyMode,
 182                                 messageSecurityVersion,
 183                                 securityHeaderLayout,
 184                                 // EndpointSupportingTokenParameters
 185                                 endorsing, signed, signedEncrypted, signedEndorsing,
 186                                 // LocalClientSettings
 187                                 cacheCookies,
 188                                 renewalThresholdPercentage,
 189                                 detectReplays,
 190                                 be, label);
 191
 192                         Assert.AreEqual (messageProtectionOrder, be.MessageProtectionOrder, label + ".MessageProtectionOrder");
 193                         Assert.AreEqual (requireSignatureConfirmation, be.RequireSignatureConfirmation, label + ".RequireSignatureConfirmation");
 194
 195                         if (!hasProtectionTokenParameters)
 196                                 Assert.IsNull (be.ProtectionTokenParameters, label + ".ProtectionTokenParameters (null)");
 197                         else
 198                                 AssertSecurityTokenParameters (
 199                                         protectionTokenInclusionMode,
 200                                         protectionTokenReferenceStyle,
 201                                         protectionTokenRequireDerivedKeys,
 202                                         be.ProtectionTokenParameters, label + ".ProtectionTokenParameters");
 203                 }
 204
 205                 public static void AssertAsymmetricSecurityBindingElement (
 206                         SecurityAlgorithmSuite algorithm,
 207                         bool includeTimestamp,
 208                         SecurityKeyEntropyMode keyEntropyMode,
 209                         MessageProtectionOrder messageProtectionOrder,
 210                         MessageSecurityVersion messageSecurityVersion,
 211                         bool requireSignatureConfirmation,
 212                         SecurityHeaderLayout securityHeaderLayout,
 213                         // EndpointSupportingTokenParameters
 214                         int endorsing, int signed, int signedEncrypted, int signedEndorsing,
 215                         // InitiatorTokenParameters
 216                         bool hasInitiatorTokenParameters,
 217                         SecurityTokenInclusionMode initiatorTokenInclusionMode,
 218                         SecurityTokenReferenceStyle initiatorTokenReferenceStyle,
 219                         bool initiatorTokenRequireDerivedKeys,
 220                         // RecipientTokenParameters
 221                         bool hasRecipientTokenParameters,
 222                         SecurityTokenInclusionMode recipientTokenInclusionMode,
 223                         SecurityTokenReferenceStyle recipientTokenReferenceStyle,
 224                         bool recipientTokenRequireDerivedKeys,
 225                         // LocalClientSettings
 226                         bool cacheCookies,
 227                         int renewalThresholdPercentage,
 228                         bool detectReplays,
 229                         AsymmetricSecurityBindingElement be, string label)
 230                 {
 231                         AssertSecurityBindingElement (
 232                                 algorithm,
 233                                 includeTimestamp,
 234                                 keyEntropyMode,
 235                                 messageSecurityVersion,
 236                                 securityHeaderLayout,
 237                                 // EndpointSupportingTokenParameters
 238                                 endorsing, signed, signedEncrypted, signedEndorsing,
 239                                 // LocalClientSettings
 240                                 cacheCookies,
 241                                 renewalThresholdPercentage,
 242                                 detectReplays,
 243                                 be, label);
 244
 245                         Assert.AreEqual (messageProtectionOrder, be.MessageProtectionOrder, label + ".MessageProtectionOrder");
 246                         Assert.AreEqual (requireSignatureConfirmation, be.RequireSignatureConfirmation, label + ".RequireSignatureConfirmation");
 247
 248                         if (!hasInitiatorTokenParameters)
 249                                 Assert.IsNull (be.InitiatorTokenParameters, label + ".InitiatorTokenParameters (null)");
 250                         else
 251                                 AssertSecurityTokenParameters (
 252                                         initiatorTokenInclusionMode,
 253                                         initiatorTokenReferenceStyle,
 254                                         initiatorTokenRequireDerivedKeys,
 255                                         be.InitiatorTokenParameters, label + ".InitiatorTokenParameters");
 256                         if (!hasRecipientTokenParameters)
 257                                 Assert.IsNull (be.RecipientTokenParameters, label + ".RecipientTokenParameters (null)");
 258                         else
 259                                 AssertSecurityTokenParameters (
 260                                         recipientTokenInclusionMode,
 261                                         recipientTokenReferenceStyle,
 262                                         recipientTokenRequireDerivedKeys,
 263                                         be.RecipientTokenParameters, label + ".RecipientTokenParameters");
 264                 }
 265         }
 266 }