2 // SecurityBindingElementTest.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.Generic;
30 using System.Collections.ObjectModel;
32 using System.Net.Security;
33 using System.Security.Cryptography.X509Certificates;
34 using System.IdentityModel.Selectors;
35 using System.IdentityModel.Tokens;
36 using System.ServiceModel;
37 using System.ServiceModel.Channels;
38 using System.ServiceModel.Description;
39 using System.ServiceModel.Security;
40 using System.ServiceModel.Security.Tokens;
42 using NUnit.Framework;
44 namespace MonoTests.System.ServiceModel.Channels
47 public class SecurityBindingElementTest
49 #region Factory methods
52 public void CreateAnonymousForCertificateBindingElement ()
54 SymmetricSecurityBindingElement be =
55 SecurityBindingElement.CreateAnonymousForCertificateBindingElement ();
57 SecurityAssert.AssertSymmetricSecurityBindingElement (
58 SecurityAlgorithmSuite.Default,
59 true, // IncludeTimestamp
60 SecurityKeyEntropyMode.CombinedEntropy,
61 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
62 MessageSecurityVersion.Default,
63 true, // RequireSignatureConfirmation
64 SecurityHeaderLayout.Strict,
65 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
67 // ProtectionTokenParameters
68 true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true,
69 // LocalClientSettings
74 // test ProtectionTokenParameters
75 X509SecurityTokenParameters tp =
76 be.ProtectionTokenParameters
77 as X509SecurityTokenParameters;
78 Assert.IsNotNull (tp, "#2-1");
79 SecurityAssert.AssertSecurityTokenParameters (
80 SecurityTokenInclusionMode.Never,
81 SecurityTokenReferenceStyle.Internal,
82 true, tp, "Protection");
83 Assert.AreEqual (X509KeyIdentifierClauseType.Thumbprint, tp.X509ReferenceStyle, "#2-2");
87 public void CreateIssuedTokenBindingElement1 ()
89 IssuedSecurityTokenParameters tp =
90 new IssuedSecurityTokenParameters ();
91 SymmetricSecurityBindingElement be =
92 SecurityBindingElement.CreateIssuedTokenBindingElement (tp);
94 SecurityAssert.AssertSymmetricSecurityBindingElement (
95 SecurityAlgorithmSuite.Default,
96 true, // IncludeTimestamp
97 SecurityKeyEntropyMode.CombinedEntropy,
98 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
99 MessageSecurityVersion.Default,
100 false, // RequireSignatureConfirmation
101 SecurityHeaderLayout.Strict,
102 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
104 // ProtectionTokenParameters
105 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
106 // LocalClientSettings
111 // test ProtectionTokenParameters
112 Assert.AreEqual (tp, be.ProtectionTokenParameters, "#2-1");
113 SecurityAssert.AssertSecurityTokenParameters (
114 SecurityTokenInclusionMode.AlwaysToRecipient,
115 SecurityTokenReferenceStyle.Internal,
116 true, tp, "Protection");
120 public void CreateIssuedTokenForCertificateBindingElement1 ()
122 IssuedSecurityTokenParameters tp =
123 new IssuedSecurityTokenParameters ();
124 SymmetricSecurityBindingElement be =
125 SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement (tp);
127 SecurityAssert.AssertSymmetricSecurityBindingElement (
128 SecurityAlgorithmSuite.Default,
129 true, // IncludeTimestamp
130 SecurityKeyEntropyMode.CombinedEntropy,
131 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
132 MessageSecurityVersion.Default,
133 true, // RequireSignatureConfirmation
134 SecurityHeaderLayout.Strict,
135 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
137 // ProtectionTokenParameters
138 true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true,
139 // LocalClientSettings
144 // test ProtectionTokenParameters
145 X509SecurityTokenParameters ptp =
146 be.ProtectionTokenParameters
147 as X509SecurityTokenParameters;
148 Assert.IsNotNull (ptp, "#2-1");
149 SecurityAssert.AssertSecurityTokenParameters (
150 SecurityTokenInclusionMode.Never,
151 SecurityTokenReferenceStyle.Internal,
152 true, ptp, "Protection");
153 Assert.AreEqual (X509KeyIdentifierClauseType.Thumbprint, ptp.X509ReferenceStyle, "#2-2");
155 Assert.AreEqual (tp, be.EndpointSupportingTokenParameters.Endorsing [0], "EndpointParams.Endorsing[0]");
159 public void CreateIssuedTokenForSslBindingElement1 ()
161 IssuedSecurityTokenParameters tp =
162 new IssuedSecurityTokenParameters ();
163 SymmetricSecurityBindingElement be =
164 SecurityBindingElement.CreateIssuedTokenForSslBindingElement (tp);
166 SecurityAssert.AssertSymmetricSecurityBindingElement (
167 SecurityAlgorithmSuite.Default,
168 true, // IncludeTimestamp
169 SecurityKeyEntropyMode.CombinedEntropy,
170 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
171 MessageSecurityVersion.Default,
172 true, // RequireSignatureConfirmation
173 SecurityHeaderLayout.Strict,
174 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
176 // ProtectionTokenParameters
177 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
178 // LocalClientSettings
183 Assert.AreEqual (tp, be.EndpointSupportingTokenParameters.Endorsing [0], "EndpointParams.Endorsing[0]");
185 // FIXME: test ProtectionTokenParameters
189 public void CreateKerberosBindingElement ()
191 SymmetricSecurityBindingElement be =
192 SecurityBindingElement.CreateKerberosBindingElement ();
194 SecurityAssert.AssertSymmetricSecurityBindingElement (
195 SecurityAlgorithmSuite.Basic128,
196 true, // IncludeTimestamp
197 SecurityKeyEntropyMode.CombinedEntropy,
198 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
199 MessageSecurityVersion.Default,
200 false, // RequireSignatureConfirmation
201 SecurityHeaderLayout.Strict,
202 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
204 // ProtectionTokenParameters
205 true, SecurityTokenInclusionMode.Once, SecurityTokenReferenceStyle.Internal, true,
206 // LocalClientSettings
211 // FIXME: test ProtectionTokenParameters
215 public void CreateSslNegotiationBindingElement ()
217 SymmetricSecurityBindingElement be =
218 SecurityBindingElement.CreateSslNegotiationBindingElement (true, true);
220 SecurityAssert.AssertSymmetricSecurityBindingElement (
221 SecurityAlgorithmSuite.Default,
222 true, // IncludeTimestamp
223 SecurityKeyEntropyMode.CombinedEntropy,
224 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
225 MessageSecurityVersion.Default,
226 false, // RequireSignatureConfirmation
227 SecurityHeaderLayout.Strict,
228 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
230 // ProtectionTokenParameters
231 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
232 // LocalClientSettings
237 // FIXME: also try different constructor arguments
239 // test ProtectionTokenParameters
240 Assert.AreEqual (typeof (SslSecurityTokenParameters), be.ProtectionTokenParameters.GetType (), "#1");
241 SslSecurityTokenParameters sp = be.ProtectionTokenParameters as SslSecurityTokenParameters;
242 Assert.AreEqual (true, sp.RequireCancellation, "#2");
243 Assert.AreEqual (true, sp.RequireClientCertificate, "#3");
247 public void CreateSspiNegotiationBindingElement ()
249 SymmetricSecurityBindingElement be =
250 SecurityBindingElement.CreateSspiNegotiationBindingElement ();
252 SecurityAssert.AssertSymmetricSecurityBindingElement (
253 SecurityAlgorithmSuite.Default,
254 true, // IncludeTimestamp
255 SecurityKeyEntropyMode.CombinedEntropy,
256 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
257 MessageSecurityVersion.Default,
258 false, // RequireSignatureConfirmation
259 SecurityHeaderLayout.Strict,
260 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
262 // ProtectionTokenParameters
263 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
264 // LocalClientSettings
269 // FIXME: Try boolean argument as well.
271 // FIXME: test ProtectionTokenParameters
275 public void CreateUserNameForCertificateBindingElement ()
277 SymmetricSecurityBindingElement be =
278 SecurityBindingElement.CreateUserNameForCertificateBindingElement ();
280 SecurityAssert.AssertSymmetricSecurityBindingElement (
281 SecurityAlgorithmSuite.Default,
282 true, // IncludeTimestamp
283 SecurityKeyEntropyMode.CombinedEntropy,
284 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
285 MessageSecurityVersion.Default,
286 false, // RequireSignatureConfirmation
287 SecurityHeaderLayout.Strict,
288 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
290 // ProtectionTokenParameters
291 true, SecurityTokenInclusionMode.Never, SecurityTokenReferenceStyle.Internal, true,
292 // LocalClientSettings
297 UserNameSecurityTokenParameters up =
298 be.EndpointSupportingTokenParameters.SignedEncrypted [0] as UserNameSecurityTokenParameters;
301 // FIXME: test ProtectionTokenParameters
305 public void CreateUserNameForSslBindingElement ()
307 SymmetricSecurityBindingElement be =
308 SecurityBindingElement.CreateUserNameForSslBindingElement ();
310 SecurityAssert.AssertSymmetricSecurityBindingElement (
311 SecurityAlgorithmSuite.Default,
312 true, // IncludeTimestamp
313 SecurityKeyEntropyMode.CombinedEntropy,
314 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
315 MessageSecurityVersion.Default,
316 false, // RequireSignatureConfirmation
317 SecurityHeaderLayout.Strict,
318 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
320 // ProtectionTokenParameters
321 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
322 // LocalClientSettings
327 UserNameSecurityTokenParameters up =
328 be.EndpointSupportingTokenParameters.SignedEncrypted [0] as UserNameSecurityTokenParameters;
331 // FIXME: test ProtectionTokenParameters
334 // non-symmetric return value by definition, but still
335 // returns symmetric binding elements.
338 public void CreateSecureConversationBindingElement ()
340 SymmetricSecurityBindingElement be =
341 SecurityBindingElement.CreateSecureConversationBindingElement (new SymmetricSecurityBindingElement ())
342 as SymmetricSecurityBindingElement;
344 SecurityAssert.AssertSymmetricSecurityBindingElement (
345 SecurityAlgorithmSuite.Default,
346 true, // IncludeTimestamp
347 SecurityKeyEntropyMode.CombinedEntropy,
348 MessageProtectionOrder.SignBeforeEncryptAndEncryptSignature,
349 MessageSecurityVersion.Default,
350 false, // RequireSignatureConfirmation
351 SecurityHeaderLayout.Strict,
352 // EndpointSupportingTokenParameters: endorsing, signed, signedEncrypted, signedEndorsing (by count)
354 // ProtectionTokenParameters
355 true, SecurityTokenInclusionMode.AlwaysToRecipient, SecurityTokenReferenceStyle.Internal, true,
356 // LocalClientSettings
361 // test ProtectionTokenParameters
362 SecureConversationSecurityTokenParameters tp =
363 be.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
364 Assert.IsNotNull (tp, "#2-1");
366 SecurityAssert.AssertSecurityTokenParameters (
367 SecurityTokenInclusionMode.AlwaysToRecipient,
368 SecurityTokenReferenceStyle.Internal,
369 true, tp, "Protection");
375 public void SetKeyDerivation ()
377 SetKeyDerivationCorrect (new TransportSecurityBindingElement (), "transport");
378 SetKeyDerivationIncorrect (new TransportSecurityBindingElement (), "transport");
379 SetKeyDerivationCorrect (new SymmetricSecurityBindingElement (), "symmetric");
380 SetKeyDerivationIncorrect (new SymmetricSecurityBindingElement (), "symmetric");
381 SetKeyDerivationCorrect (new AsymmetricSecurityBindingElement (), "asymmetric");
382 SetKeyDerivationIncorrect (new AsymmetricSecurityBindingElement (), "asymmetric");
385 void SetKeyDerivationCorrect (SecurityBindingElement be, string label)
387 X509SecurityTokenParameters p, p2;
388 p = new X509SecurityTokenParameters ();
389 p2 = new X509SecurityTokenParameters ();
390 Assert.AreEqual (true, p.RequireDerivedKeys, label + "#1");
391 Assert.AreEqual (true, p2.RequireDerivedKeys, label + "#2");
392 be.EndpointSupportingTokenParameters.Endorsing.Add (p);
393 be.EndpointSupportingTokenParameters.Endorsing.Add (p2);
394 be.SetKeyDerivation (false);
395 Assert.AreEqual (false, p.RequireDerivedKeys, label + "#3");
396 Assert.AreEqual (false, p2.RequireDerivedKeys, label + "#4");
399 void SetKeyDerivationIncorrect (SecurityBindingElement be, string label)
401 X509SecurityTokenParameters p, p2;
402 p = new X509SecurityTokenParameters ();
403 p2 = new X509SecurityTokenParameters ();
404 // setting in prior - makes no sense
405 be.SetKeyDerivation (false);
406 be.EndpointSupportingTokenParameters.Endorsing.Add (p);
407 be.EndpointSupportingTokenParameters.Endorsing.Add (p2);
408 Assert.AreEqual (true, p.RequireDerivedKeys, label + "#5");
409 Assert.AreEqual (true, p2.RequireDerivedKeys, label + "#6");
413 [ExpectedException (typeof (ArgumentException))]
414 [Category ("NotWorking")]
415 public void CheckDuplicateAuthenticatorTypesClient ()
417 SymmetricSecurityBindingElement be =
418 new SymmetricSecurityBindingElement ();
419 be.ProtectionTokenParameters =
420 new X509SecurityTokenParameters ();
421 be.EndpointSupportingTokenParameters.Endorsing.Add (
422 new X509SecurityTokenParameters ());
423 // This causes multiple supporting token authenticator
425 be.OptionalEndpointSupportingTokenParameters.Endorsing.Add (
426 new X509SecurityTokenParameters ());
427 Binding b = new CustomBinding (be, new HttpTransportBindingElement ());
428 ClientCredentials cred = new ClientCredentials ();
429 cred.ClientCertificate.Certificate =
430 new X509Certificate2 ("Test/Resources/test.pfx", "mono");
431 IChannelFactory<IReplyChannel> ch = b.BuildChannelFactory<IReplyChannel> (new Uri ("http://localhost:37564"), cred);
435 if (ch.State == CommunicationState.Closed)
441 [ExpectedException (typeof (ArgumentException))]
442 [Category ("NotWorking")]
443 public void CheckDuplicateAuthenticatorTypesService ()
445 SymmetricSecurityBindingElement be =
446 new SymmetricSecurityBindingElement ();
447 be.ProtectionTokenParameters =
448 new X509SecurityTokenParameters ();
449 be.EndpointSupportingTokenParameters.Endorsing.Add (
450 new X509SecurityTokenParameters ());
451 // This causes multiple supporting token authenticator
453 be.OptionalEndpointSupportingTokenParameters.Endorsing.Add (
454 new X509SecurityTokenParameters ());
455 Binding b = new CustomBinding (be, new HttpTransportBindingElement ());
456 ServiceCredentials cred = new ServiceCredentials ();
457 cred.ServiceCertificate.Certificate =
458 new X509Certificate2 ("Test/Resources/test.pfx", "mono");
459 IChannelListener<IReplyChannel> ch = b.BuildChannelListener<IReplyChannel> (new Uri ("http://localhost:37564"), cred);
463 if (ch.State == CommunicationState.Closed)
469 [ExpectedException (typeof (InvalidOperationException))]
470 [Category ("NotWorking")]
471 public void NonEndorsibleParameterInEndorsingSupport ()
473 SymmetricSecurityBindingElement be =
474 new SymmetricSecurityBindingElement ();
475 be.ProtectionTokenParameters =
476 new X509SecurityTokenParameters ();
477 be.EndpointSupportingTokenParameters.Endorsing.Add (
478 new UserNameSecurityTokenParameters ());
479 Binding b = new CustomBinding (be, new HttpTransportBindingElement ());
480 X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
481 EndpointAddress ea = new EndpointAddress (new Uri ("http://localhost:37564"), new X509CertificateEndpointIdentity (cert));
482 CalcProxy client = new CalcProxy (b, ea);
483 client.ClientCredentials.UserName.UserName = "rupert";
487 void AssertSecurityCapabilities (
488 ProtectionLevel request, ProtectionLevel response,
489 bool supportsClientAuth, bool supportsClientWinId,
490 bool supportsServerAuth, ISecurityCapabilities c,
493 Assert.AreEqual (request, c.SupportedRequestProtectionLevel, label + ".request");
494 Assert.AreEqual (response, c.SupportedResponseProtectionLevel, label + ".response");
495 Assert.AreEqual (supportsClientAuth, c.SupportsClientAuthentication, label + ".client-auth");
496 Assert.AreEqual (supportsClientWinId, c.SupportsClientWindowsIdentity, label + ".client-identity");
497 Assert.AreEqual (supportsServerAuth, c.SupportsServerAuthentication, label + ".server-auth");
500 ISecurityCapabilities GetSecurityCapabilities (SecurityBindingElement be)
502 BindingContext bc = new BindingContext (
503 new CustomBinding (),
504 new BindingParameterCollection ());
505 return be.GetProperty<ISecurityCapabilities> (bc);
509 [ExpectedException (typeof (ArgumentNullException))]
510 public void GetPropertyNullBindingContext1 ()
512 new SymmetricSecurityBindingElement ()
513 .GetProperty<ISecurityCapabilities> (null);
517 [ExpectedException (typeof (ArgumentNullException))]
518 public void GetPropertyNullBindingContext2 ()
520 new AsymmetricSecurityBindingElement ()
521 .GetProperty<ISecurityCapabilities> (null);
525 public void GetPropertySecurityCapabilities ()
527 ISecurityCapabilities c;
528 RsaSecurityTokenParameters rsa =
529 new RsaSecurityTokenParameters ();
530 UserNameSecurityTokenParameters user =
531 new UserNameSecurityTokenParameters ();
532 X509SecurityTokenParameters x509 =
533 new X509SecurityTokenParameters ();
534 SecureConversationSecurityTokenParameters sc1 =
535 new SecureConversationSecurityTokenParameters ();
536 sc1.BootstrapSecurityBindingElement =
537 new SymmetricSecurityBindingElement (); // empty
538 SecureConversationSecurityTokenParameters sc2 =
539 new SecureConversationSecurityTokenParameters ();
540 sc2.BootstrapSecurityBindingElement =
541 new SymmetricSecurityBindingElement (x509);
542 SecureConversationSecurityTokenParameters sc3 =
543 new SecureConversationSecurityTokenParameters ();
544 sc3.BootstrapSecurityBindingElement =
545 new AsymmetricSecurityBindingElement (null, x509);
546 SecureConversationSecurityTokenParameters sc4 =
547 new SecureConversationSecurityTokenParameters ();
548 sc4.BootstrapSecurityBindingElement =
549 new AsymmetricSecurityBindingElement (x509, null);
552 c = GetSecurityCapabilities (
553 new SymmetricSecurityBindingElement ());
554 AssertSecurityCapabilities (
555 ProtectionLevel.EncryptAndSign,
556 ProtectionLevel.EncryptAndSign,
557 false, false, false, c, "#1");
559 // x509 parameters for both
560 c = GetSecurityCapabilities (
561 new SymmetricSecurityBindingElement (x509));
562 AssertSecurityCapabilities (
563 ProtectionLevel.EncryptAndSign,
564 ProtectionLevel.EncryptAndSign,
565 true, true, true, c, "#2");
567 // no initiator parameters
568 c = GetSecurityCapabilities (
569 new AsymmetricSecurityBindingElement (x509, null));
570 AssertSecurityCapabilities (
571 ProtectionLevel.EncryptAndSign,
572 ProtectionLevel.EncryptAndSign,
573 false, false, true, c, "#3");
575 // no recipient parameters
576 c = GetSecurityCapabilities (
577 new AsymmetricSecurityBindingElement (null, x509));
578 AssertSecurityCapabilities (
579 ProtectionLevel.EncryptAndSign,
580 ProtectionLevel.EncryptAndSign,
581 true, true, false, c, "#4");
583 // initiator does not support identity
584 c = GetSecurityCapabilities (
585 new AsymmetricSecurityBindingElement (x509, rsa));
586 AssertSecurityCapabilities (
587 ProtectionLevel.EncryptAndSign,
588 ProtectionLevel.EncryptAndSign,
589 true, false, true, c, "#5");
591 // recipient does not support server auth
592 c = GetSecurityCapabilities (
593 new AsymmetricSecurityBindingElement (user, x509));
594 AssertSecurityCapabilities (
595 ProtectionLevel.EncryptAndSign,
596 ProtectionLevel.EncryptAndSign,
597 true, true, false, c, "#6");
599 // secureconv with no symm. bootstrap params
600 c = GetSecurityCapabilities (
601 new SymmetricSecurityBindingElement (sc1));
602 AssertSecurityCapabilities (
603 ProtectionLevel.EncryptAndSign,
604 ProtectionLevel.EncryptAndSign,
605 false, false, false, c, "#7");
607 // secureconv with x509 symm. bootstrap params
608 c = GetSecurityCapabilities (
609 new SymmetricSecurityBindingElement (sc2));
610 AssertSecurityCapabilities (
611 ProtectionLevel.EncryptAndSign,
612 ProtectionLevel.EncryptAndSign,
613 true, true, true, c, "#8");
615 // secureconv with x509 initiator bootstrap params
616 c = GetSecurityCapabilities (
617 new SymmetricSecurityBindingElement (sc3));
618 AssertSecurityCapabilities (
619 ProtectionLevel.EncryptAndSign,
620 ProtectionLevel.EncryptAndSign,
621 true, true, false, c, "#9");
623 // secureconv with x509 recipient bootstrap params
624 c = GetSecurityCapabilities (
625 new SymmetricSecurityBindingElement (sc4));
626 AssertSecurityCapabilities (
627 ProtectionLevel.EncryptAndSign,
628 ProtectionLevel.EncryptAndSign,
629 false, false, true, c, "#10");
631 // FIXME: find out such cases that returns other ProtectionLevel values.