Exemple #1
0
        public void Contains_Found()
        {
            var collection = new ServiceNameCollection(new[] { "first", "second" });

            Assert.True(collection.Contains("first"));
            Assert.True(collection.Contains("second"));
        }
Exemple #2
0
        public void Contains_NotFound()
        {
            var collection = new ServiceNameCollection(new[] { "first", "second" });

            Assert.False(collection.Contains(null));
            Assert.False(collection.Contains(string.Empty));
            Assert.False(collection.Contains("third"));
        }
Exemple #3
0
        public void Contains_Found()
        {
            var collection = new ServiceNameCollection(new[] { "first", "second", "localhost:3000/test", "www.test.com" });

            Assert.True(collection.Contains("first"));
            Assert.True(collection.Contains("second"));
            Assert.True(collection.Contains("localhost:3000/test"));
            Assert.True(collection.Contains("www.test.com"));
        }
Exemple #4
0
        // Assumes already normalized
        private bool Contains(string newServiceName)
        {
            if (newServiceName == null)
            {
                return(false);
            }

            return(ServiceNameCollection.Contains(newServiceName, serviceNames));
        }
Exemple #5
0
 public void Contains_NotFound()
 {
     var collection = new ServiceNameCollection(new[] { "first", "second" });
     Assert.False(collection.Contains(null));
     Assert.False(collection.Contains(string.Empty));
     Assert.False(collection.Contains("third"));
 }
Exemple #6
0
 public void Contains_Found()
 {
     var collection = new ServiceNameCollection(new[] { "first", "second" });
     Assert.True(collection.Contains("first"));
     Assert.True(collection.Contains("second"));
 }
Exemple #7
0
        /// <summary>
        /// ServiceBinding check has the following logic:
        /// 1. Check PolicyEnforcement - never => return true;
        /// 1. Check status returned from SecurityContext which is obtained when querying for the serviceBinding
        /// 2. Check PolicyEnforcement
        ///     a. WhenSupported - valid when OS does not support, null serviceBinding is valid
        ///     b. Always - a non-empty servicebinding must be available
        /// 3. if serviceBinding is non null, check that an expected value is in the ServiceNameCollection - ignoring case
        ///    note that the empty string must be explicitly specified in the serviceNames.
        /// </summary>
        /// <param name="securityContext to ">status Code returned when obtaining serviceBinding from SecurityContext</param>
        /// <returns>If servicebinding is valid</returns>
        public void CheckServiceBinding(SafeDeleteContext securityContext, string defaultServiceBinding)
        {
            if (_policyEnforcement == PolicyEnforcement.Never)
            {
                return;
            }

            string serviceBinding = null;
            int    statusCode     = SspiWrapper.QuerySpecifiedTarget(securityContext, out serviceBinding);

            if (statusCode != (int)SecurityStatus.OK)
            {
                // only two acceptable non-zero values
                // client OS not patched: stausCode == TargetUnknown
                // service OS not patched: statusCode == Unsupported
                if (statusCode != (int)SecurityStatus.TargetUnknown && statusCode != (int)SecurityStatus.Unsupported)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.InvalidServiceBindingInSspiNegotiationNoServiceBinding)));
                }

                // if policyEnforcement is Always we needed to see a TargetName (SPN)
                if (_policyEnforcement == PolicyEnforcement.Always)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.InvalidServiceBindingInSspiNegotiationNoServiceBinding)));
                }

                // in this case we accept because either the client or service is not patched.
                if (_policyEnforcement == PolicyEnforcement.WhenSupported)
                {
                    return;
                }

                // guard against futures, force failure and fix as necessary
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.InvalidServiceBindingInSspiNegotiationNoServiceBinding)));
            }

            switch (_policyEnforcement)
            {
            case PolicyEnforcement.WhenSupported:
                // serviceBinding == null => client is not patched
                if (serviceBinding == null)
                {
                    return;
                }
                break;

            case PolicyEnforcement.Always:
                // serviceBinding == null => client is not patched
                // serviceBinding == "" => SB was not specified
                if (string.IsNullOrEmpty(serviceBinding))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched, string.Empty)));
                }
                break;
            }

            // iff no values were 'user' set, then check the defaultServiceBinding
            if (_serviceNameCollection == null || _serviceNameCollection.Count < 1)
            {
                if (defaultServiceBinding == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched, string.Empty)));
                }

                if (string.Compare(defaultServiceBinding, serviceBinding, StringComparison.OrdinalIgnoreCase) == 0)
                {
                    return;
                }

                if (string.IsNullOrEmpty(serviceBinding))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched, string.Empty)));
                }
                else
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched, serviceBinding)));
                }
            }

            if (_serviceNameCollection != null)
            {
                if (_serviceNameCollection.Contains(serviceBinding))
                {
                    return;
                }
            }

            if (string.IsNullOrEmpty(serviceBinding))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched, string.Empty)));
            }
            else
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.InvalidServiceBindingInSspiNegotiationServiceBindingNotMatched, serviceBinding)));
            }
        }