c
/
mono
mirror da https://github.com/mono/mono.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266
							//
// SecurityAssert.cs
//
// Author:
//	Atsushi Enomoto <[email protected]>
//
// Copyright (C) 2006 Novell, Inc.  http://www.novell.com
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
// 
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Description;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Xml;
using NUnit.Framework;

namespace MonoTests.System.ServiceModel.Channels
{
	public static class SecurityAssert
	{
		public static void AssertLocalClientSecuritySettings (
			bool cacheCookies,
			int renewalThresholdPercentage,
			bool detectReplays,
			LocalClientSecuritySettings lc, string label)
		{
			Assert.IsNotNull (lc, label + " IsNotNull");
			Assert.AreEqual (cacheCookies, lc.CacheCookies, label + ".CacheCookies");
			Assert.AreEqual (renewalThresholdPercentage, lc.CookieRenewalThresholdPercentage, label + ".CookieRenewalThresholdPercentage");
			Assert.AreEqual (detectReplays, lc.DetectReplays, label + ".DetectReplays");
		}

		public static void AssertSecurityTokenParameters (
			SecurityTokenInclusionMode protectionTokenInclusionMode,
			SecurityTokenReferenceStyle protectionTokenReferenceStyle,
			bool protectionTokenRequireDerivedKeys,
			SecurityTokenParameters tp, string label)
		{
			Assert.IsNotNull (tp, label + " IsNotNull");
			Assert.AreEqual (protectionTokenInclusionMode,
				tp.InclusionMode, label + ".InclusionMode");
			Assert.AreEqual (protectionTokenReferenceStyle,
				tp.ReferenceStyle, label + ".ReferenceStyle");
			Assert.AreEqual (protectionTokenRequireDerivedKeys,
				tp.RequireDerivedKeys, label + ".RequireDerivedKeys");
		}

		public static void AssertSupportingTokenParameters (
			int endorsing, int signed, int signedEncrypted, int signedEndorsing,
			SupportingTokenParameters tp, string label)
		{
			Assert.IsNotNull (tp, label + " IsNotNull");
			Assert.AreEqual (endorsing, tp.Endorsing.Count, label + ".Endoring.Count");
			Assert.AreEqual (signed, tp.Signed.Count, label + ".Signed.Count");
			Assert.AreEqual (signedEncrypted, tp.SignedEncrypted.Count, label + ".SignedEncrypted.Count");
			Assert.AreEqual (signedEndorsing, tp.SignedEndorsing.Count, label + ".SignedEndorsing.Count");
		}

		public static void AssertSecurityBindingElement (
			SecurityAlgorithmSuite algorithm,
			bool includeTimestamp,
			SecurityKeyEntropyMode keyEntropyMode,
			MessageSecurityVersion messageSecurityVersion,
			SecurityHeaderLayout securityHeaderLayout,
			// EndpointSupportingTokenParameters
			int endorsing, int signed, int signedEncrypted, int signedEndorsing,
			// LocalClientSettings
			bool cacheCookies,
			int renewalThresholdPercentage,
			bool detectReplays,
			SecurityBindingElement be, string label)
		{
			Assert.AreEqual (algorithm, be.DefaultAlgorithmSuite, label + ".DefaultAlgorithmSuite");
			Assert.AreEqual (includeTimestamp, be.IncludeTimestamp, label + ".KeyEntropyMode");
			Assert.AreEqual (keyEntropyMode,
				be.KeyEntropyMode, label + "#3");

			Assert.AreEqual (messageSecurityVersion,
				be.MessageSecurityVersion, label + ".MessageSecurityVersion");
			Assert.AreEqual (securityHeaderLayout,
				be.SecurityHeaderLayout, label + ".SecurityHeaderLayout");

			// FIXME: they should be extracted step by step...

			// EndpointSupportingTokenParameters
			SupportingTokenParameters tp = be.EndpointSupportingTokenParameters;
			AssertSupportingTokenParameters (
				endorsing, signed, signedEncrypted, signedEndorsing,
				tp, label + ".Endpoint");

			// OptionalEndpointSupportingTokenParameters
			tp = be.OptionalEndpointSupportingTokenParameters;
			Assert.IsNotNull (tp, label + "#3-0");
			Assert.AreEqual (0, tp.Endorsing.Count, label + "#3-1");
			Assert.AreEqual (0, tp.Signed.Count, label + "#3-2");
			Assert.AreEqual (0, tp.SignedEncrypted.Count, label + "#3-3");
			Assert.AreEqual (0, tp.SignedEndorsing.Count, label + "#3-4");

			// OperationSupportingTokenParameters
			IDictionary<string,SupportingTokenParameters> oper = be.OperationSupportingTokenParameters;
			Assert.IsNotNull (oper, label + "#4-1");
			Assert.AreEqual (0, oper.Count, label + "#4-2");

			// OptionalOperationSupportingTokenParameters
			oper = be.OptionalOperationSupportingTokenParameters;
			Assert.IsNotNull (oper, label + "#5-1");
			Assert.AreEqual (0, oper.Count, label + "#5-2");

			// LocalClientSettings
			LocalClientSecuritySettings lc =
				be.LocalClientSettings;
			AssertLocalClientSecuritySettings (
				cacheCookies,
				renewalThresholdPercentage,
				detectReplays,
				lc, "");
			// FIXME: IdentityVerifier
			Assert.AreEqual (TimeSpan.FromMinutes (5), lc.MaxClockSkew, label + "#7-5");
			Assert.AreEqual (TimeSpan.MaxValue, lc.MaxCookieCachingTime, label + "#7-6");
			Assert.AreEqual (true, lc.ReconnectTransportOnFailure, label + "#7-7");
			Assert.AreEqual (900000, lc.ReplayCacheSize, label + "#7-8");
			Assert.AreEqual (TimeSpan.FromMinutes (5), lc.ReplayWindow, label + "#7-9");
			Assert.AreEqual (TimeSpan.FromHours (10), lc.SessionKeyRenewalInterval, label + "#7-10");
			Assert.AreEqual (TimeSpan.FromMinutes (5), lc.SessionKeyRolloverInterval, label + "#7-11");
			Assert.AreEqual (TimeSpan.FromMinutes (5), lc.TimestampValidityDuration, label + "#7-12");

			// FIXME: LocalServiceSettings
		}

		public static void AssertSymmetricSecurityBindingElement (
			SecurityAlgorithmSuite algorithm,
			bool includeTimestamp,
			SecurityKeyEntropyMode keyEntropyMode,
			MessageProtectionOrder messageProtectionOrder,
			MessageSecurityVersion messageSecurityVersion,
			bool requireSignatureConfirmation,
			SecurityHeaderLayout securityHeaderLayout,
			// EndpointSupportingTokenParameters
			int endorsing, int signed, int signedEncrypted, int signedEndorsing,
			// ProtectionTokenParameters
			bool hasProtectionTokenParameters,
			SecurityTokenInclusionMode protectionTokenInclusionMode,
			SecurityTokenReferenceStyle protectionTokenReferenceStyle,
			bool protectionTokenRequireDerivedKeys,
			// LocalClientSettings
			bool cacheCookies,
			int renewalThresholdPercentage,
			bool detectReplays,
			SymmetricSecurityBindingElement be, string label)
		{
			AssertSecurityBindingElement (
				algorithm,
				includeTimestamp,
				keyEntropyMode,
				messageSecurityVersion,
				securityHeaderLayout,
				// EndpointSupportingTokenParameters
				endorsing, signed, signedEncrypted, signedEndorsing,
				// LocalClientSettings
				cacheCookies,
				renewalThresholdPercentage,
				detectReplays,
				be, label);

			Assert.AreEqual (messageProtectionOrder, be.MessageProtectionOrder, label + ".MessageProtectionOrder");
			Assert.AreEqual (requireSignatureConfirmation, be.RequireSignatureConfirmation, label + ".RequireSignatureConfirmation");

			if (!hasProtectionTokenParameters)
				Assert.IsNull (be.ProtectionTokenParameters, label + ".ProtectionTokenParameters (null)");
			else
				AssertSecurityTokenParameters (
					protectionTokenInclusionMode,
					protectionTokenReferenceStyle,
					protectionTokenRequireDerivedKeys,
					be.ProtectionTokenParameters, label + ".ProtectionTokenParameters");
		}

		public static void AssertAsymmetricSecurityBindingElement (
			SecurityAlgorithmSuite algorithm,
			bool includeTimestamp,
			SecurityKeyEntropyMode keyEntropyMode,
			MessageProtectionOrder messageProtectionOrder,
			MessageSecurityVersion messageSecurityVersion,
			bool requireSignatureConfirmation,
			SecurityHeaderLayout securityHeaderLayout,
			// EndpointSupportingTokenParameters
			int endorsing, int signed, int signedEncrypted, int signedEndorsing,
			// InitiatorTokenParameters
			bool hasInitiatorTokenParameters,
			SecurityTokenInclusionMode initiatorTokenInclusionMode,
			SecurityTokenReferenceStyle initiatorTokenReferenceStyle,
			bool initiatorTokenRequireDerivedKeys,
			// RecipientTokenParameters
			bool hasRecipientTokenParameters,
			SecurityTokenInclusionMode recipientTokenInclusionMode,
			SecurityTokenReferenceStyle recipientTokenReferenceStyle,
			bool recipientTokenRequireDerivedKeys,
			// LocalClientSettings
			bool cacheCookies,
			int renewalThresholdPercentage,
			bool detectReplays,
			AsymmetricSecurityBindingElement be, string label)
		{
			AssertSecurityBindingElement (
				algorithm,
				includeTimestamp,
				keyEntropyMode,
				messageSecurityVersion,
				securityHeaderLayout,
				// EndpointSupportingTokenParameters
				endorsing, signed, signedEncrypted, signedEndorsing,
				// LocalClientSettings
				cacheCookies,
				renewalThresholdPercentage,
				detectReplays,
				be, label);

			Assert.AreEqual (messageProtectionOrder, be.MessageProtectionOrder, label + ".MessageProtectionOrder");
			Assert.AreEqual (requireSignatureConfirmation, be.RequireSignatureConfirmation, label + ".RequireSignatureConfirmation");

			if (!hasInitiatorTokenParameters)
				Assert.IsNull (be.InitiatorTokenParameters, label + ".InitiatorTokenParameters (null)");
			else
				AssertSecurityTokenParameters (
					initiatorTokenInclusionMode,
					initiatorTokenReferenceStyle,
					initiatorTokenRequireDerivedKeys,
					be.InitiatorTokenParameters, label + ".InitiatorTokenParameters");
			if (!hasRecipientTokenParameters)
				Assert.IsNull (be.RecipientTokenParameters, label + ".RecipientTokenParameters (null)");
			else
				AssertSecurityTokenParameters (
					recipientTokenInclusionMode,
					recipientTokenReferenceStyle,
					recipientTokenRequireDerivedKeys,
					be.RecipientTokenParameters, label + ".RecipientTokenParameters");
		}
	}
}