2 // SecurityBindingElementTest.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.Generic;
30 using System.Collections.ObjectModel;
32 using System.Net.Security;
33 using System.Security.Cryptography.X509Certificates;
34 using System.IdentityModel.Selectors;
35 using System.IdentityModel.Tokens;
36 using System.ServiceModel;
37 using System.ServiceModel.Channels;
38 using System.ServiceModel.Description;
39 using System.ServiceModel.Security;
40 using System.ServiceModel.Security.Tokens;
42 using NUnit.Framework;
44 using MonoTests.Helpers;
46 namespace MonoTests.System.ServiceModel.Channels
49 public class SecurityBindingElementTest
51 #region Factory methods
54 public void CreateAnonymousForCertificateBindingElement ()
56 SymmetricSecurityBindingElement be =
57 SecurityBindingElement.CreateAnonymousForCertificateBindingElement ();
59 SecurityAssert.AssertSymmetricSecurityBindingElement (
60 SecurityAlgorithmSuite.Default,
61 true, // IncludeTimestamp
62 SecurityKeyEntropyMode.CombinedEntropy,
63 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
64 MessageSecurityVersion.Default,
65 true, // RequireSignatureConfirmation
66 SecurityHeaderLayout.Strict,
67 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
69 // ProtectionTokenParameters
70 true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true,
71 // LocalClientSettings
76 // test ProtectionTokenParameters
77 X509SecurityTokenParameters tp =
78 be.ProtectionTokenParameters
79 as X509SecurityTokenParameters;
80 Assert.IsNotNull (tp, "#2-1");
81 SecurityAssert.AssertSecurityTokenParameters (
82 SecurityTokenInclusionMode.Never,
83 SecurityTokenReferenceStyle.Internal,
84 true, tp, "Protection");
85 Assert.AreEqual (X509KeyIdentifierClauseType.Thumbprint, tp.X509ReferenceStyle, "#2-2");
89 public void CreateIssuedTokenBindingElement1 ()
91 IssuedSecurityTokenParameters tp =
92 new IssuedSecurityTokenParameters ();
93 SymmetricSecurityBindingElement be =
94 SecurityBindingElement.CreateIssuedTokenBindingElement (tp);
96 SecurityAssert.AssertSymmetricSecurityBindingElement (
97 SecurityAlgorithmSuite.Default,
98 true, // IncludeTimestamp
99 SecurityKeyEntropyMode.CombinedEntropy,
100 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
101 MessageSecurityVersion.Default,
102 false, // RequireSignatureConfirmation
103 SecurityHeaderLayout.Strict,
104 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
106 // ProtectionTokenParameters
107 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
108 // LocalClientSettings
113 // test ProtectionTokenParameters
114 Assert.AreEqual (tp, be.ProtectionTokenParameters, "#2-1");
115 SecurityAssert.AssertSecurityTokenParameters (
116 SecurityTokenInclusionMode.AlwaysToRecipient,
117 SecurityTokenReferenceStyle.Internal,
118 true, tp, "Protection");
122 public void CreateIssuedTokenForCertificateBindingElement1 ()
124 IssuedSecurityTokenParameters tp =
125 new IssuedSecurityTokenParameters ();
126 SymmetricSecurityBindingElement be =
127 SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement (tp);
129 SecurityAssert.AssertSymmetricSecurityBindingElement (
130 SecurityAlgorithmSuite.Default,
131 true, // IncludeTimestamp
132 SecurityKeyEntropyMode.CombinedEntropy,
133 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
134 MessageSecurityVersion.Default,
135 true, // RequireSignatureConfirmation
136 SecurityHeaderLayout.Strict,
137 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
139 // ProtectionTokenParameters
140 true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true,
141 // LocalClientSettings
146 // test ProtectionTokenParameters
147 X509SecurityTokenParameters ptp =
148 be.ProtectionTokenParameters
149 as X509SecurityTokenParameters;
150 Assert.IsNotNull (ptp, "#2-1");
151 SecurityAssert.AssertSecurityTokenParameters (
152 SecurityTokenInclusionMode.Never,
153 SecurityTokenReferenceStyle.Internal,
154 true, ptp, "Protection");
155 Assert.AreEqual (X509KeyIdentifierClauseType.Thumbprint, ptp.X509ReferenceStyle, "#2-2");
157 Assert.AreEqual (tp, be.EndpointSupportingTokenParameters.Endorsing [0], "EndpointParams.Endorsing[0]");
161 public void CreateIssuedTokenForSslBindingElement1 ()
163 IssuedSecurityTokenParameters tp =
164 new IssuedSecurityTokenParameters ();
165 SymmetricSecurityBindingElement be =
166 SecurityBindingElement.CreateIssuedTokenForSslBindingElement (tp);
168 SecurityAssert.AssertSymmetricSecurityBindingElement (
169 SecurityAlgorithmSuite.Default,
170 true, // IncludeTimestamp
171 SecurityKeyEntropyMode.CombinedEntropy,
172 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
173 MessageSecurityVersion.Default,
174 true, // RequireSignatureConfirmation
175 SecurityHeaderLayout.Strict,
176 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
178 // ProtectionTokenParameters
179 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
180 // LocalClientSettings
185 Assert.AreEqual (tp, be.EndpointSupportingTokenParameters.Endorsing [0], "EndpointParams.Endorsing[0]");
187 // FIXME: test ProtectionTokenParameters
191 public void CreateKerberosBindingElement ()
193 SymmetricSecurityBindingElement be =
194 SecurityBindingElement.CreateKerberosBindingElement ();
196 SecurityAssert.AssertSymmetricSecurityBindingElement (
197 SecurityAlgorithmSuite.Basic128,
198 true, // IncludeTimestamp
199 SecurityKeyEntropyMode.CombinedEntropy,
200 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
201 MessageSecurityVersion.Default,
202 false, // RequireSignatureConfirmation
203 SecurityHeaderLayout.Strict,
204 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
206 // ProtectionTokenParameters
207 true, SecurityTokenInclusionMode.Once, SecurityTokenReferenceStyle.Internal, true,
208 // LocalClientSettings
213 // FIXME: test ProtectionTokenParameters
217 public void CreateSslNegotiationBindingElement ()
219 SymmetricSecurityBindingElement be =
220 SecurityBindingElement.CreateSslNegotiationBindingElement (true, true);
222 SecurityAssert.AssertSymmetricSecurityBindingElement (
223 SecurityAlgorithmSuite.Default,
224 true, // IncludeTimestamp
225 SecurityKeyEntropyMode.CombinedEntropy,
226 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
227 MessageSecurityVersion.Default,
228 false, // RequireSignatureConfirmation
229 SecurityHeaderLayout.Strict,
230 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
232 // ProtectionTokenParameters
233 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
234 // LocalClientSettings
239 // FIXME: also try different constructor arguments
241 // test ProtectionTokenParameters
242 Assert.AreEqual (typeof (SslSecurityTokenParameters), be.ProtectionTokenParameters.GetType (), "#1");
243 SslSecurityTokenParameters sp = be.ProtectionTokenParameters as SslSecurityTokenParameters;
244 Assert.AreEqual (true, sp.RequireCancellation, "#2");
245 Assert.AreEqual (true, sp.RequireClientCertificate, "#3");
249 public void CreateSspiNegotiationBindingElement ()
251 SymmetricSecurityBindingElement be =
252 SecurityBindingElement.CreateSspiNegotiationBindingElement ();
254 SecurityAssert.AssertSymmetricSecurityBindingElement (
255 SecurityAlgorithmSuite.Default,
256 true, // IncludeTimestamp
257 SecurityKeyEntropyMode.CombinedEntropy,
258 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
259 MessageSecurityVersion.Default,
260 false, // RequireSignatureConfirmation
261 SecurityHeaderLayout.Strict,
262 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
264 // ProtectionTokenParameters
265 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
266 // LocalClientSettings
271 // FIXME: Try boolean argument as well.
273 // FIXME: test ProtectionTokenParameters
277 public void CreateUserNameForCertificateBindingElement ()
279 SymmetricSecurityBindingElement be =
280 SecurityBindingElement.CreateUserNameForCertificateBindingElement ();
282 SecurityAssert.AssertSymmetricSecurityBindingElement (
283 SecurityAlgorithmSuite.Default,
284 true, // IncludeTimestamp
285 SecurityKeyEntropyMode.CombinedEntropy,
286 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
287 MessageSecurityVersion.Default,
288 false, // RequireSignatureConfirmation
289 SecurityHeaderLayout.Strict,
290 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
292 // ProtectionTokenParameters
293 true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true,
294 // LocalClientSettings
299 UserNameSecurityTokenParameters up =
300 be.EndpointSupportingTokenParameters.SignedEncrypted [0] as UserNameSecurityTokenParameters;
303 // FIXME: test ProtectionTokenParameters
307 public void CreateUserNameForSslBindingElement ()
309 SymmetricSecurityBindingElement be =
310 SecurityBindingElement.CreateUserNameForSslBindingElement ();
312 SecurityAssert.AssertSymmetricSecurityBindingElement (
313 SecurityAlgorithmSuite.Default,
314 true, // IncludeTimestamp
315 SecurityKeyEntropyMode.CombinedEntropy,
316 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
317 MessageSecurityVersion.Default,
318 false, // RequireSignatureConfirmation
319 SecurityHeaderLayout.Strict,
320 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
322 // ProtectionTokenParameters
323 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
324 // LocalClientSettings
329 UserNameSecurityTokenParameters up =
330 be.EndpointSupportingTokenParameters.SignedEncrypted [0] as UserNameSecurityTokenParameters;
333 // FIXME: test ProtectionTokenParameters
336 // non-symmetric return value by definition, but still
337 // returns symmetric binding elements.
340 public void CreateSecureConversationBindingElement ()
342 SymmetricSecurityBindingElement be =
343 SecurityBindingElement.CreateSecureConversationBindingElement (new SymmetricSecurityBindingElement ())
344 as SymmetricSecurityBindingElement;
346 SecurityAssert.AssertSymmetricSecurityBindingElement (
347 SecurityAlgorithmSuite.Default,
348 true, // IncludeTimestamp
349 SecurityKeyEntropyMode.CombinedEntropy,
350 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
351 MessageSecurityVersion.Default,
352 false, // RequireSignatureConfirmation
353 SecurityHeaderLayout.Strict,
354 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
356 // ProtectionTokenParameters
357 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
358 // LocalClientSettings
363 // test ProtectionTokenParameters
364 SecureConversationSecurityTokenParameters tp =
365 be.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
366 Assert.IsNotNull (tp, "#2-1");
368 SecurityAssert.AssertSecurityTokenParameters (
369 SecurityTokenInclusionMode.AlwaysToRecipient,
370 SecurityTokenReferenceStyle.Internal,
371 true, tp, "Protection");
377 public void SetKeyDerivation ()
379 SetKeyDerivationCorrect (new TransportSecurityBindingElement (), "transport");
380 SetKeyDerivationIncorrect (new TransportSecurityBindingElement (), "transport");
381 SetKeyDerivationCorrect (new SymmetricSecurityBindingElement (), "symmetric");
382 SetKeyDerivationIncorrect (new SymmetricSecurityBindingElement (), "symmetric");
383 SetKeyDerivationCorrect (new AsymmetricSecurityBindingElement (), "asymmetric");
384 SetKeyDerivationIncorrect (new AsymmetricSecurityBindingElement (), "asymmetric");
387 void SetKeyDerivationCorrect (SecurityBindingElement be, string label)
389 X509SecurityTokenParameters p, p2;
390 p = new X509SecurityTokenParameters ();
391 p2 = new X509SecurityTokenParameters ();
392 Assert.AreEqual (true, p.RequireDerivedKeys, label + "#1");
393 Assert.AreEqual (true, p2.RequireDerivedKeys, label + "#2");
394 be.EndpointSupportingTokenParameters.Endorsing.Add (p);
395 be.EndpointSupportingTokenParameters.Endorsing.Add (p2);
396 be.SetKeyDerivation (false);
397 Assert.AreEqual (false, p.RequireDerivedKeys, label + "#3");
398 Assert.AreEqual (false, p2.RequireDerivedKeys, label + "#4");
401 void SetKeyDerivationIncorrect (SecurityBindingElement be, string label)
403 X509SecurityTokenParameters p, p2;
404 p = new X509SecurityTokenParameters ();
405 p2 = new X509SecurityTokenParameters ();
406 // setting in prior - makes no sense
407 be.SetKeyDerivation (false);
408 be.EndpointSupportingTokenParameters.Endorsing.Add (p);
409 be.EndpointSupportingTokenParameters.Endorsing.Add (p2);
410 Assert.AreEqual (true, p.RequireDerivedKeys, label + "#5");
411 Assert.AreEqual (true, p2.RequireDerivedKeys, label + "#6");
415 [ExpectedException (typeof (ArgumentException))]
416 [Category ("NotWorking")]
417 public void CheckDuplicateAuthenticatorTypesClient ()
419 SymmetricSecurityBindingElement be =
420 new SymmetricSecurityBindingElement ();
421 be.ProtectionTokenParameters =
422 new X509SecurityTokenParameters ();
423 be.EndpointSupportingTokenParameters.Endorsing.Add (
424 new X509SecurityTokenParameters ());
425 // This causes multiple supporting token authenticator
427 be.OptionalEndpointSupportingTokenParameters.Endorsing.Add (
428 new X509SecurityTokenParameters ());
429 Binding b = new CustomBinding (be, new HttpTransportBindingElement ());
430 ClientCredentials cred = new ClientCredentials ();
431 cred.ClientCertificate.Certificate =
432 new X509Certificate2 ("Test/Resources/test.pfx", "mono");
433 IChannelFactory<IReplyChannel> ch = b.BuildChannelFactory<IReplyChannel> (new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()), cred);
437 if (ch.State == CommunicationState.Closed)
443 [ExpectedException (typeof (ArgumentException))]
444 [Category ("NotWorking")]
445 public void CheckDuplicateAuthenticatorTypesService ()
447 SymmetricSecurityBindingElement be =
448 new SymmetricSecurityBindingElement ();
449 be.ProtectionTokenParameters =
450 new X509SecurityTokenParameters ();
451 be.EndpointSupportingTokenParameters.Endorsing.Add (
452 new X509SecurityTokenParameters ());
453 // This causes multiple supporting token authenticator
455 be.OptionalEndpointSupportingTokenParameters.Endorsing.Add (
456 new X509SecurityTokenParameters ());
457 Binding b = new CustomBinding (be, new HttpTransportBindingElement ());
458 ServiceCredentials cred = new ServiceCredentials ();
459 cred.ServiceCertificate.Certificate =
460 new X509Certificate2 ("Test/Resources/test.pfx", "mono");
461 IChannelListener<IReplyChannel> ch = b.BuildChannelListener<IReplyChannel> (new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()), cred);
465 if (ch.State == CommunicationState.Closed)
471 [ExpectedException (typeof (InvalidOperationException))]
472 [Category ("NotWorking")]
473 public void NonEndorsibleParameterInEndorsingSupport ()
475 SymmetricSecurityBindingElement be =
476 new SymmetricSecurityBindingElement ();
477 be.ProtectionTokenParameters =
478 new X509SecurityTokenParameters ();
479 be.EndpointSupportingTokenParameters.Endorsing.Add (
480 new UserNameSecurityTokenParameters ());
481 Binding b = new CustomBinding (be, new HttpTransportBindingElement ());
482 X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
483 EndpointAddress ea = new EndpointAddress (new Uri ("http://localhost:" + NetworkHelpers.FindFreePort ()), new X509CertificateEndpointIdentity (cert));
484 CalcProxy client = new CalcProxy (b, ea);
485 client.ClientCredentials.UserName.UserName = "rupert";
489 void AssertSecurityCapabilities (
490 ProtectionLevel request, ProtectionLevel response,
491 bool supportsClientAuth, bool supportsClientWinId,
492 bool supportsServerAuth, ISecurityCapabilities c,
495 Assert.AreEqual (request, c.SupportedRequestProtectionLevel, label + ".request");
496 Assert.AreEqual (response, c.SupportedResponseProtectionLevel, label + ".response");
497 Assert.AreEqual (supportsClientAuth, c.SupportsClientAuthentication, label + ".client-auth");
498 Assert.AreEqual (supportsClientWinId, c.SupportsClientWindowsIdentity, label + ".client-identity");
499 Assert.AreEqual (supportsServerAuth, c.SupportsServerAuthentication, label + ".server-auth");
502 ISecurityCapabilities GetSecurityCapabilities (SecurityBindingElement be)
504 BindingContext bc = new BindingContext (
505 new CustomBinding (),
506 new BindingParameterCollection ());
507 return be.GetProperty<ISecurityCapabilities> (bc);
511 [ExpectedException (typeof (ArgumentNullException))]
512 public void GetPropertyNullBindingContext1 ()
514 new SymmetricSecurityBindingElement ()
515 .GetProperty<ISecurityCapabilities> (null);
519 [ExpectedException (typeof (ArgumentNullException))]
520 public void GetPropertyNullBindingContext2 ()
522 new AsymmetricSecurityBindingElement ()
523 .GetProperty<ISecurityCapabilities> (null);
527 public void GetPropertySecurityCapabilities ()
529 ISecurityCapabilities c;
530 RsaSecurityTokenParameters rsa =
531 new RsaSecurityTokenParameters ();
532 UserNameSecurityTokenParameters user =
533 new UserNameSecurityTokenParameters ();
534 X509SecurityTokenParameters x509 =
535 new X509SecurityTokenParameters ();
536 SecureConversationSecurityTokenParameters sc1 =
537 new SecureConversationSecurityTokenParameters ();
538 sc1.BootstrapSecurityBindingElement =
539 new SymmetricSecurityBindingElement (); // empty
540 SecureConversationSecurityTokenParameters sc2 =
541 new SecureConversationSecurityTokenParameters ();
542 sc2.BootstrapSecurityBindingElement =
543 new SymmetricSecurityBindingElement (x509);
544 SecureConversationSecurityTokenParameters sc3 =
545 new SecureConversationSecurityTokenParameters ();
546 sc3.BootstrapSecurityBindingElement =
547 new AsymmetricSecurityBindingElement (null, x509);
548 SecureConversationSecurityTokenParameters sc4 =
549 new SecureConversationSecurityTokenParameters ();
550 sc4.BootstrapSecurityBindingElement =
551 new AsymmetricSecurityBindingElement (x509, null);
554 c = GetSecurityCapabilities (
555 new SymmetricSecurityBindingElement ());
556 AssertSecurityCapabilities (
557 ProtectionLevel.EncryptAndSign,
558 ProtectionLevel.EncryptAndSign,
559 false, false, false, c, "#1");
561 // x509 parameters for both
562 c = GetSecurityCapabilities (
563 new SymmetricSecurityBindingElement (x509));
564 AssertSecurityCapabilities (
565 ProtectionLevel.EncryptAndSign,
566 ProtectionLevel.EncryptAndSign,
567 true, true, true, c, "#2");
569 // no initiator parameters
570 c = GetSecurityCapabilities (
571 new AsymmetricSecurityBindingElement (x509, null));
572 AssertSecurityCapabilities (
573 ProtectionLevel.EncryptAndSign,
574 ProtectionLevel.EncryptAndSign,
575 false, false, true, c, "#3");
577 // no recipient parameters
578 c = GetSecurityCapabilities (
579 new AsymmetricSecurityBindingElement (null, x509));
580 AssertSecurityCapabilities (
581 ProtectionLevel.EncryptAndSign,
582 ProtectionLevel.EncryptAndSign,
583 true, true, false, c, "#4");
585 // initiator does not support identity
586 c = GetSecurityCapabilities (
587 new AsymmetricSecurityBindingElement (x509, rsa));
588 AssertSecurityCapabilities (
589 ProtectionLevel.EncryptAndSign,
590 ProtectionLevel.EncryptAndSign,
591 true, false, true, c, "#5");
593 // recipient does not support server auth
594 c = GetSecurityCapabilities (
595 new AsymmetricSecurityBindingElement (user, x509));
596 AssertSecurityCapabilities (
597 ProtectionLevel.EncryptAndSign,
598 ProtectionLevel.EncryptAndSign,
599 true, true, false, c, "#6");
601 // secureconv with no symm. bootstrap params
602 c = GetSecurityCapabilities (
603 new SymmetricSecurityBindingElement (sc1));
604 AssertSecurityCapabilities (
605 ProtectionLevel.EncryptAndSign,
606 ProtectionLevel.EncryptAndSign,
607 false, false, false, c, "#7");
609 // secureconv with x509 symm. bootstrap params
610 c = GetSecurityCapabilities (
611 new SymmetricSecurityBindingElement (sc2));
612 AssertSecurityCapabilities (
613 ProtectionLevel.EncryptAndSign,
614 ProtectionLevel.EncryptAndSign,
615 true, true, true, c, "#8");
617 // secureconv with x509 initiator bootstrap params
618 c = GetSecurityCapabilities (
619 new SymmetricSecurityBindingElement (sc3));
620 AssertSecurityCapabilities (
621 ProtectionLevel.EncryptAndSign,
622 ProtectionLevel.EncryptAndSign,
623 true, true, false, c, "#9");
625 // secureconv with x509 recipient bootstrap params
626 c = GetSecurityCapabilities (
627 new SymmetricSecurityBindingElement (sc4));
628 AssertSecurityCapabilities (
629 ProtectionLevel.EncryptAndSign,
630 ProtectionLevel.EncryptAndSign,
631 false, false, true, c, "#10");
633 // FIXME: find out such cases that returns other ProtectionLevel values.