2 // WrappedKeySecurityTokenTest.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2007 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.Generic;
30 using System.Collections.ObjectModel;
31 using System.IdentityModel.Selectors;
32 using System.IdentityModel.Tokens;
33 using System.Security.Cryptography.X509Certificates;
34 using System.ServiceModel;
35 using System.ServiceModel.Channels;
36 using System.ServiceModel.Security;
37 using System.ServiceModel.Security.Tokens;
38 using NUnit.Framework;
40 namespace MonoTests.System.ServiceModel
43 public class WrappedKeySecurityTokenTest
45 static readonly X509Certificate2 cert =
46 new X509Certificate2 ("Test/Resources/test.pfx", "mono");
48 WrappedKeySecurityToken GetReferent ()
50 string id = "referent";
51 byte [] key = new byte [32];
52 X509SecurityToken token = new X509SecurityToken (cert);
53 SecurityKeyIdentifierClause kic =
54 new X509ThumbprintKeyIdentifierClause (cert);
55 string alg = SecurityAlgorithms.RsaOaepKeyWrap;
56 return new WrappedKeySecurityToken (id, key, alg, token,
57 new SecurityKeyIdentifier (kic));
61 [ExpectedException (typeof (ArgumentNullException))]
62 public void CtorNullId ()
64 WrappedKeySecurityToken w = GetReferent ();
65 new WrappedKeySecurityToken (null, new byte [32],
68 w.WrappingTokenReference);
72 [ExpectedException (typeof (ArgumentNullException))]
73 public void CtorNullKey ()
75 WrappedKeySecurityToken w = GetReferent ();
76 new WrappedKeySecurityToken (w.Id, null,
79 w.WrappingTokenReference);
83 [ExpectedException (typeof (ArgumentNullException))]
84 public void CtorNullWrappingAlgorithm ()
86 WrappedKeySecurityToken w = GetReferent ();
87 new WrappedKeySecurityToken (w.Id, new byte [32],
90 w.WrappingTokenReference);
94 [ExpectedException (typeof (ArgumentNullException))]
95 public void CtorNullWrappingToken ()
97 WrappedKeySecurityToken w = GetReferent ();
98 new WrappedKeySecurityToken (w.Id, new byte [32],
101 w.WrappingTokenReference);
105 // null SecurityKeyIdentifier is allowed.
106 //[ExpectedException (typeof (ArgumentNullException))]
107 public void CtorNullWrappingTokenReference ()
109 WrappedKeySecurityToken w = GetReferent ();
110 new WrappedKeySecurityToken (w.Id, new byte [32],
117 [ExpectedException (typeof (ArgumentException))]
118 public void UserNameToken () // it does not support any encryption operation.
120 byte [] bytes = new byte [32];
121 SecurityToken wt = new UserNameSecurityToken ("eno", "enopass");
122 SecurityKeyIdentifierClause kic =
123 new X509ThumbprintKeyIdentifierClause (cert);
124 new WrappedKeySecurityToken ("urn:gyabo",
125 bytes, SecurityAlgorithms.RsaOaepKeyWrap, wt,
126 new SecurityKeyIdentifier (kic));
130 [ExpectedException (typeof (ArgumentException))]
131 public void X509TokenForSymmetricKeyWrap ()
133 byte [] bytes = new byte [32];
134 SecurityToken wt = new X509SecurityToken (cert);
135 SecurityKeyIdentifierClause kic =
136 new X509ThumbprintKeyIdentifierClause (cert);
137 new WrappedKeySecurityToken ("urn:gyabo",
138 bytes, SecurityAlgorithms.Aes256KeyWrap, wt,
139 new SecurityKeyIdentifier (kic));
143 public void BinarySecretTokenForSymmetricKeyWrap ()
145 byte [] bytes = new byte [32];
146 SecurityToken wt = new BinarySecretSecurityToken (bytes);
147 SecurityKeyIdentifierClause kic =
148 new X509ThumbprintKeyIdentifierClause (cert);
149 new WrappedKeySecurityToken ("urn:gyabo",
150 bytes, SecurityAlgorithms.Aes256KeyWrap, wt,
151 new SecurityKeyIdentifier (kic));
155 [ExpectedException (typeof (ArgumentException))]
156 public void BinarySecretTokenForAsymmetricKeyWrap ()
158 byte [] bytes = new byte [32];
159 SecurityToken wt = new BinarySecretSecurityToken (bytes);
160 SecurityKeyIdentifierClause kic =
161 new X509ThumbprintKeyIdentifierClause (cert);
162 new WrappedKeySecurityToken ("urn:gyabo",
163 bytes, SecurityAlgorithms.RsaOaepKeyWrap, wt,
164 new SecurityKeyIdentifier (kic));
168 [ExpectedException (typeof (NotSupportedException))]
169 public void CreateBinarySecretKeyIdentifierClause ()
171 byte [] bytes = new byte [32];
172 SecurityToken wt = new BinarySecretSecurityToken (bytes);
173 SecurityKeyIdentifierClause kic =
174 new BinarySecretKeyIdentifierClause (bytes);
175 WrappedKeySecurityToken token = new WrappedKeySecurityToken ("urn:gyabo",
176 bytes, SecurityAlgorithms.Aes256KeyWrap, wt,
177 new SecurityKeyIdentifier (kic));
178 token.CreateKeyIdentifierClause<BinarySecretKeyIdentifierClause> ();
182 public void X509WrappingToken1 ()
184 byte [] bytes = new byte [32];
185 X509SecurityToken xt = new X509SecurityToken (cert);
186 SecurityKeyIdentifierClause kic =
187 new X509ThumbprintKeyIdentifierClause (cert);
188 string alg = SecurityAlgorithms.RsaOaepKeyWrap;
189 WrappedKeySecurityToken token = new WrappedKeySecurityToken ("urn:gyabo",
191 new SecurityKeyIdentifier (kic));
192 Assert.AreEqual ("urn:gyabo", token.Id, "#1");
193 Assert.AreEqual (alg, token.WrappingAlgorithm, "#3");
194 Assert.AreEqual (xt, token.WrappingToken, "#4");
195 Assert.AreEqual (1, token.WrappingTokenReference.Count, "#5");
196 Assert.AreEqual (1, token.SecurityKeys.Count, "#6");
197 Assert.IsTrue (token.SecurityKeys [0] is InMemorySymmetricSecurityKey, "#7");
198 Assert.AreEqual (bytes, new X509AsymmetricSecurityKey (cert).DecryptKey (token.WrappingAlgorithm, token.GetWrappedKey ()), "#8");
199 // wrapped keys cannot be compared, due to the nature of rsa-oaep.
200 // Assert.AreEqual (new X509AsymmetricSecurityKey (cert).EncryptKey (token.WrappingAlgorithm, bytes), token.GetWrappedKey (), "#9-1");
201 // Assert.AreEqual (token.GetWrappedKey (), new WrappedKeySecurityToken ("urn:gyabo",
203 // new SecurityKeyIdentifier (kic)).GetWrappedKey (), "#9");