mcs/class/System.ServiceModel/Test/System.ServiceModel.Security.Tokens/WrappedKeySecurityTokenTest.cs

   1 //
   2 // WrappedKeySecurityTokenTest.cs
   3 //
   4 // Author:
   5 //      Atsushi Enomoto <atsushi@ximian.com>
   6 //
   7 // Copyright (C) 2007 Novell, Inc.  http://www.novell.com
   8 //
   9 // Permission is hereby granted, free of charge, to any person obtaining
  10 // a copy of this software and associated documentation files (the
  11 // "Software"), to deal in the Software without restriction, including
  12 // without limitation the rights to use, copy, modify, merge, publish,
  13 // distribute, sublicense, and/or sell copies of the Software, and to
  14 // permit persons to whom the Software is furnished to do so, subject to
  15 // the following conditions:
  16 //
  17 // The above copyright notice and this permission notice shall be
  18 // included in all copies or substantial portions of the Software.
  19 //
  20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  27 //
  28 using System;
  29 using System.Collections.Generic;
  30 using System.Collections.ObjectModel;
  31 using System.IdentityModel.Selectors;
  32 using System.IdentityModel.Tokens;
  33 using System.Security.Cryptography.X509Certificates;
  34 using System.ServiceModel;
  35 using System.ServiceModel.Channels;
  36 using System.ServiceModel.Security;
  37 using System.ServiceModel.Security.Tokens;
  38 using NUnit.Framework;
  39
  40 namespace MonoTests.System.ServiceModel
  41 {
  42         [TestFixture]
  43         public class WrappedKeySecurityTokenTest
  44         {
  45                 static readonly X509Certificate2 cert =
  46                         new X509Certificate2 ("Test/Resources/test.pfx", "mono");
  47
  48                 WrappedKeySecurityToken GetReferent ()
  49                 {
  50                         string id = "referent";
  51                         byte [] key = new byte [32];
  52                         X509SecurityToken token = new X509SecurityToken (cert);
  53                         SecurityKeyIdentifierClause kic =
  54                                 new X509ThumbprintKeyIdentifierClause (cert);
  55                         string alg = SecurityAlgorithms.RsaOaepKeyWrap;
  56                         return new WrappedKeySecurityToken (id, key, alg, token,
  57                                 new SecurityKeyIdentifier (kic));
  58                 }
  59
  60                 [Test]
  61                 [ExpectedException (typeof (ArgumentNullException))]
  62                 public void CtorNullId ()
  63                 {
  64                         WrappedKeySecurityToken w = GetReferent ();
  65                         new WrappedKeySecurityToken (null, new byte [32],
  66                                 w.WrappingAlgorithm,
  67                                 w.WrappingToken,
  68                                 w.WrappingTokenReference);
  69                 }
  70
  71                 [Test]
  72                 [ExpectedException (typeof (ArgumentNullException))]
  73                 public void CtorNullKey ()
  74                 {
  75                         WrappedKeySecurityToken w = GetReferent ();
  76                         new WrappedKeySecurityToken (w.Id, null,
  77                                 w.WrappingAlgorithm,
  78                                 w.WrappingToken,
  79                                 w.WrappingTokenReference);
  80                 }
  81
  82                 [Test]
  83                 [ExpectedException (typeof (ArgumentNullException))]
  84                 public void CtorNullWrappingAlgorithm ()
  85                 {
  86                         WrappedKeySecurityToken w = GetReferent ();
  87                         new WrappedKeySecurityToken (w.Id, new byte [32],
  88                                 null,
  89                                 w.WrappingToken,
  90                                 w.WrappingTokenReference);
  91                 }
  92
  93                 [Test]
  94                 [ExpectedException (typeof (ArgumentNullException))]
  95                 public void CtorNullWrappingToken ()
  96                 {
  97                         WrappedKeySecurityToken w = GetReferent ();
  98                         new WrappedKeySecurityToken (w.Id, new byte [32],
  99                                 w.WrappingAlgorithm,
 100                                 null,
 101                                 w.WrappingTokenReference);
 102                 }
 103
 104                 [Test]
 105                 // null SecurityKeyIdentifier is allowed.
 106                 //[ExpectedException (typeof (ArgumentNullException))]
 107                 public void CtorNullWrappingTokenReference ()
 108                 {
 109                         WrappedKeySecurityToken w = GetReferent ();
 110                         new WrappedKeySecurityToken (w.Id, new byte [32],
 111                                 w.WrappingAlgorithm,
 112                                 w.WrappingToken,
 113                                 null);
 114                 }
 115
 116                 [Test]
 117                 [ExpectedException (typeof (ArgumentException))]
 118                 public void UserNameToken () // it does not support any encryption operation.
 119                 {
 120                         byte [] bytes = new byte [32];
 121                         SecurityToken wt = new UserNameSecurityToken ("eno", "enopass");
 122                         SecurityKeyIdentifierClause kic =
 123                                 new X509ThumbprintKeyIdentifierClause (cert);
 124                         new WrappedKeySecurityToken ("urn:gyabo",
 125                                 bytes, SecurityAlgorithms.RsaOaepKeyWrap, wt,
 126                                 new SecurityKeyIdentifier (kic));
 127                 }
 128
 129                 [Test]
 130                 [ExpectedException (typeof (ArgumentException))]
 131                 public void X509TokenForSymmetricKeyWrap ()
 132                 {
 133                         byte [] bytes = new byte [32];
 134                         SecurityToken wt = new X509SecurityToken (cert);
 135                         SecurityKeyIdentifierClause kic =
 136                                 new X509ThumbprintKeyIdentifierClause (cert);
 137                         new WrappedKeySecurityToken ("urn:gyabo",
 138                                 bytes, SecurityAlgorithms.Aes256KeyWrap, wt,
 139                                 new SecurityKeyIdentifier (kic));
 140                 }
 141
 142                 [Test]
 143                 public void BinarySecretTokenForSymmetricKeyWrap ()
 144                 {
 145                         byte [] bytes = new byte [32];
 146                         SecurityToken wt = new BinarySecretSecurityToken (bytes);
 147                         SecurityKeyIdentifierClause kic =
 148                                 new X509ThumbprintKeyIdentifierClause (cert);
 149                         new WrappedKeySecurityToken ("urn:gyabo",
 150                                 bytes, SecurityAlgorithms.Aes256KeyWrap, wt,
 151                                 new SecurityKeyIdentifier (kic));
 152                 }
 153
 154                 [Test]
 155                 [ExpectedException (typeof (ArgumentException))]
 156                 public void BinarySecretTokenForAsymmetricKeyWrap ()
 157                 {
 158                         byte [] bytes = new byte [32];
 159                         SecurityToken wt = new BinarySecretSecurityToken (bytes);
 160                         SecurityKeyIdentifierClause kic =
 161                                 new X509ThumbprintKeyIdentifierClause (cert);
 162                         new WrappedKeySecurityToken ("urn:gyabo",
 163                                 bytes, SecurityAlgorithms.RsaOaepKeyWrap, wt,
 164                                 new SecurityKeyIdentifier (kic));
 165                 }
 166
 167                 [Test]
 168                 [ExpectedException (typeof (NotSupportedException))]
 169                 public void CreateBinarySecretKeyIdentifierClause ()
 170                 {
 171                         byte [] bytes = new byte [32];
 172                         SecurityToken wt = new BinarySecretSecurityToken (bytes);
 173                         SecurityKeyIdentifierClause kic =
 174                                 new BinarySecretKeyIdentifierClause (bytes);
 175                         WrappedKeySecurityToken token = new WrappedKeySecurityToken ("urn:gyabo",
 176                                 bytes, SecurityAlgorithms.Aes256KeyWrap, wt,
 177                                 new SecurityKeyIdentifier (kic));
 178                         token.CreateKeyIdentifierClause<BinarySecretKeyIdentifierClause> ();
 179                 }
 180
 181                 [Test]
 182                 public void X509WrappingToken1 ()
 183                 {
 184                         byte [] bytes = new byte [32];
 185                         X509SecurityToken xt = new X509SecurityToken (cert);
 186                         SecurityKeyIdentifierClause kic =
 187                                 new X509ThumbprintKeyIdentifierClause (cert);
 188                         string alg = SecurityAlgorithms.RsaOaepKeyWrap;
 189                         WrappedKeySecurityToken token = new WrappedKeySecurityToken ("urn:gyabo",
 190                                 bytes, alg, xt,
 191                                 new SecurityKeyIdentifier (kic));
 192                         Assert.AreEqual ("urn:gyabo", token.Id, "#1");
 193                         Assert.AreEqual (alg, token.WrappingAlgorithm, "#3");
 194                         Assert.AreEqual (xt, token.WrappingToken, "#4");
 195                         Assert.AreEqual (1, token.WrappingTokenReference.Count, "#5");
 196                         Assert.AreEqual (1, token.SecurityKeys.Count, "#6");
 197                         Assert.IsTrue (token.SecurityKeys [0] is InMemorySymmetricSecurityKey, "#7");
 198                         Assert.AreEqual (bytes, new X509AsymmetricSecurityKey (cert).DecryptKey (token.WrappingAlgorithm, token.GetWrappedKey ()), "#8");
 199                         // wrapped keys cannot be compared, due to the nature of rsa-oaep.
 200                         // Assert.AreEqual (new X509AsymmetricSecurityKey (cert).EncryptKey (token.WrappingAlgorithm, bytes), token.GetWrappedKey (), "#9-1");
 201                         // Assert.AreEqual (token.GetWrappedKey (), new WrappedKeySecurityToken ("urn:gyabo",
 202                         //      bytes, alg, xt,
 203                         //      new SecurityKeyIdentifier (kic)).GetWrappedKey (), "#9");
 204                 }
 205         }
 206 }