public void SoapRequestExpiredTest()
{
// Arrange
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
Thread.Sleep(_wait);
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
var client = new HelloWorldClient();
var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken());
// Act
try
{
channelWithIssuedToken.HelloSign("Schultz");
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (MessageSecurityException mse)
{
// Assert
var fe = mse.InnerException as FaultException;
Assert.IsNotNull(fe, "Expected inner fault exception");
Assert.AreEqual("An error occurred when verifying security for the message.", fe.Message);
}
}
public void OioWsTrustRequestFailDueToBodyTamperingTest()
{
// Arrange
IStsTokenService stsTokenService =
new StsTokenService(
TokenServiceConfigurationFactory.CreateConfiguration()
);
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
oS.utilReplaceInRequest("<trust:Lifetime>", "<trust:Lifetime testAttribute=\"Tampered\">");
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
// Act
try
{
stsTokenService.GetToken();
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (FaultException fe)
{
// Assert
Assert.AreEqual("Authentication failed", fe.Message);
}
}
public void SoapRequestFailDueToHeaderToTamperingTest()
{
// Arrange
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
oS.utilReplaceInRequest("https://digst.oioidws.wsp:9090/HelloWorld</a:To>",
"https://digst.oioidws.wsp:9090/HelloWorldTampered</a:To>");
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
// Act
var client = new HelloWorldClient();
var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken());
try
{
channelWithIssuedToken.HelloSign("Schultz");
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (MessageSecurityException mse)
{
// Assert
var fe = mse.InnerException as FaultException;
Assert.IsNotNull(fe, "Expected inner fault exception");
Assert.AreEqual("An error occurred when verifying security for the message.", fe.Message);
}
}
// A simple method created to test the status code returns
// Accepts the webdriver instance and the target url that needs to be accessed, response code after access is returned.
public static int NavigateTo(IWebDriver driver, string targetUrl)
{
int responseCode = 0;
SessionStateHandler responseHandler = delegate(Session targetSession)
{
if (targetSession.fullUrl == targetUrl)
{
responseCode = targetSession.responseCode;
}
};
FiddlerApplication.AfterSessionComplete += responseHandler;
//Hardcoding to 10 seconds wait, assuming the worst response time for any request
DateTime endTime = DateTime.Now.Add(TimeSpan.FromSeconds(10));
driver.Navigate().GoToUrl(targetUrl);
while (responseCode == 0 && DateTime.Now < endTime)
{
System.Threading.Thread.Sleep(300);
}
FiddlerApplication.AfterSessionComplete -= responseHandler;
return(responseCode);
}
public void OioWsTrustRequestExpiredTest()
{
// Arrange
IStsTokenService stsTokenService =
new StsTokenService(
TokenServiceConfigurationFactory.CreateConfiguration()
);
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
Thread.Sleep(_wait);
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
// Act
try
{
stsTokenService.GetToken();
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (MessageSecurityException mse)
{
// Assert
var fe = mse.InnerException as FaultException;
Assert.IsNotNull(fe, "Expected inner fault exception");
Assert.AreEqual("An error occurred when verifying security for the message.", fe.Message);
}
}
internal void OnBeforeResponse(Session osession)
{
SessionStateHandler handler = BeforeResponse;
if (handler != null)
{
handler(osession);
}
}
internal void OnBeforeReturningError(Session osession)
{
SessionStateHandler handler = BeforeReturningError;
if (handler != null)
{
handler(osession);
}
}
internal void OnAfterSessionComplete(Session osession)
{
SessionStateHandler handler = AfterSessionComplete;
if (handler != null)
{
handler(osession);
}
}
internal void OnResponseHeadersAvailable(Session osession)
{
SessionStateHandler handler = ResponseHeadersAvailable;
if (handler != null)
{
handler(osession);
}
}
internal void OnBeforeRequest(Session osession)
{
SessionStateHandler handler = BeforeRequest;
if (handler != null)
{
handler(osession);
}
}
public static void smethod_0()
{
if (Class22.sessionStateHandler_0 == null)
{
Class22.sessionStateHandler_0 = new SessionStateHandler(Class22.smethod_2);
}
FiddlerApplication.BeforeRequest += Class22.sessionStateHandler_0;
FiddlerApplication.Prefs.SetBoolPref("fiddler.network.streaming.abortifclientaborts", true);
FiddlerApplication.Startup(12345, FiddlerCoreStartupFlags.RegisterAsSystemProxy | FiddlerCoreStartupFlags.AllowRemoteClients | FiddlerCoreStartupFlags.ChainToUpstreamGateway | FiddlerCoreStartupFlags.MonitorAllConnections | FiddlerCoreStartupFlags.CaptureLocalhostTraffic);
Class22.bool_0 = true;
}
public void OioWsTrustRequestFailDueToTokenTamperingTest()
{
// Arrange
IStsTokenService stsTokenService =
new StsTokenService(
TokenServiceConfigurationFactory.CreateConfiguration()
);
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
// Use xml version instead of utilReplaceInRequest(...) because message id is dynamically
// For some reason there are two calls where the first call has en empty body.
if (oS.RequestBody.Length > 0)
{
var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody);
var bodyAsXml = XDocument.Load(new StringReader(bodyAsString));
var namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/");
namespaceManager.AddNamespace("o",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
var binarySecurityTokenElement =
bodyAsXml.XPathSelectElement(
"/s:Envelope/s:Header/o:Security/o:BinarySecurityToken",
namespaceManager);
// Følgende er en gammel udgave af Morten Mortensen MOCES certifikatet. Det får STS til at svare med "The request was invalid or malformed"
//binarySecurityTokenElement.Value =
// "MIIGLjCCBRagAwIBAgIEUw9wBzANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTQxMTEwMTQwMTQxWhcNMTcxMTEwMTQwMTMxWjB2MQswCQYDVQQGEwJESzEqMCgGA1UECgwhw5hrb25vbWlzdHlyZWxzZW4gLy8gQ1ZSOjEwMjEzMjMxMTswFwYDVQQDDBBNb3J0ZW4gTW9ydGVuc2VuMCAGA1UEBRMZQ1ZSOjEwMjEzMjMxLVJJRDo5Mzk0NzU1MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDVoVZz4QT+WP43mTl28pM9+Jy4JtBFV4R/LP2d2xLrAUGnDXn8dkAnTn4xcDll7t1kzCceI4/0ngN/CGwMpxynBbWRhoYWk4DesR34G2XehPiAf4E8Wsup2adyDWbqUUmrbFoyVsN8XCm/O32WSH19hn9nU5zOc0K4C2d0LJRcfsMCwSlQDu7BtEAjCRxYYw3pxnRu2vvzynW7j4txVbp82aGvZnJ0Fq6fvf+99sVBpyfAgHSAmhR5A5CzjlIpW9vG1WjGG8be5OgV+WurUzN9A1bjoXRpKkG9h035KKn6fRZEjI9Ztxd1JoeVkiBQaYdH1O3OW6rXKsfPLtyiCYsCAwEAAaOCAvEwggLtMA4GA1UdDwEB/wQEAwID+DCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL20uYWlhLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAgUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjUuMCUGA1UdEQQeMByBGmtmb2JzX3Rlc3RAbm92b25vcmRpc2suY29tMIGqBgNVHR8EgaIwgZ8wPKA6oDiGNmh0dHA6Ly9jcmwuc3lzdGVtdGVzdDE5LnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDE5LmNybDBfoF2gW6RZMFcxCzAJBgNVBAYTAkRLMRIwEAYDVQQKDAlUUlVTVDI0MDgxJDAiBgNVBAMMG1RSVVNUMjQwOCBTeXN0ZW10ZXN0IFhJWCBDQTEOMAwGA1UEAwwFQ1JMMTYwHwYDVR0jBBgwFoAUzAJVDOSBdK8gVNURFFeckVI4f6AwHQYDVR0OBBYEFKuH3e+mCu7y3/brN7zXSkvo6MwKMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAESudYwnM/vbo5cMrUvgnpSgJUZhsQnSzLMwJTsT45OS3O+yct1ci9vPI1ExFZeAisC0bROV3tlsPuDiAVgmErgrHbrz1CmNqIxNcQvkqeL1sQtsrMSRicyILvU7Ve0N0gryR/axG+7D3U488X3oxXtJlS/9WZd33FVDnTIo7Asb+c1clqlUa/DSeBBdZ19L4DbfEkamLA96trEkH1hUTZfRXLFvYW5w8w+muaBu7eL84zzTxpGZxYM14ap+cQHuq+uczDsGDDUKc/BHUmN1UuQ0QCCxHegMHUDD8KXVsosj5wUXOLzd8WwKjPyUTxKPAI5xv9/Bim4mAA7eYc+3lXs=";
// Følgende er den nye udgave af Morten Mortensen MOCES certifikatet. Det får STS til at svare korrekt med "The request was invalid or malformed".
binarySecurityTokenElement.Value =
"MIIGJzCCBQ+gAwIBAgIEVp5ySzANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MSQwIgYDVQQDDBtUUlVTVDI0MDggU3lzdGVtdGVzdCBYSVggQ0EwHhcNMTYwNTE3MTE1NDM0WhcNMTkwNTE3MTE1NDE4WjB2MQswCQYDVQQGEwJESzEqMCgGA1UECgwhw5hrb25vbWlzdHlyZWxzZW4gLy8gQ1ZSOjEwMjEzMjMxMTswFwYDVQQDDBBNb3J0ZW4gTW9ydGVuc2VuMCAGA1UEBRMZQ1ZSOjEwMjEzMjMxLVJJRDo5Mzk0NzU1MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIwVzTYsKncrByNHU1M8HVHh5ZdiZAc2yQavTMFkQ0X9Wu4FGMcddH5XvnXsNHipBJ8gZh9HrIza6gujPrlZJvtQG+rhjiKhAaQbMN5yWY2E8H1Lv7aLB3bd1ShGccT/SeMJ3Lrn0xA8HedgYPlf4lYce8y20wlqe2ZBFG5664RBW3KuNapqP++XyJ0KMS5OE17Max/oOzBx4106DDXsMdMNQRtTBT0kJvAs0jiu9Wr/g9TMhM8wot+lsYMHZR8ecYbX70eQJLPI5YErjSkA5pzWO7z1SfewdQguUr71uIDjH2C1A2vIJFyPof6idpKYQJsSshQZWqLbExBr6JDtJYkCAwEAAaOCAuowggLmMA4GA1UdDwEB/wQEAwID+DCBlwYIKwYBBQUHAQEEgYowgYcwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3Jlc3BvbmRlcjBHBggrBgEFBQcwAoY7aHR0cDovL20uYWlhLnN5c3RlbXRlc3QxOS50cnVzdDI0MDguY29tL3N5c3RlbXRlc3QxOS1jYS5jZXIwggEgBgNVHSAEggEXMIIBEzCCAQ8GDSsGAQQBgfRRAgQGAgUwgf0wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHJBggrBgEFBQcCAjCBvDAMFgVEYW5JRDADAgEBGoGrRGFuSUQgdGVzdCBjZXJ0aWZpa2F0ZXIgZnJhIGRlbm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjUuIERhbklEIHRlc3QgY2VydGlmaWNhdGVzIGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjMuNi4xLjQuMS4zMTMxMy4yLjQuNi4yLjUuMB4GA1UdEQQXMBWBE0tGT0JTX1RFU1RAbm5pdC5jb20wgaoGA1UdHwSBojCBnzA8oDqgOIY2aHR0cDovL2NybC5zeXN0ZW10ZXN0MTkudHJ1c3QyNDA4LmNvbS9zeXN0ZW10ZXN0MTkuY3JsMF+gXaBbpFkwVzELMAkGA1UEBhMCREsxEjAQBgNVBAoMCVRSVVNUMjQwODEkMCIGA1UEAwwbVFJVU1QyNDA4IFN5c3RlbXRlc3QgWElYIENBMQ4wDAYDVQQDDAVDUkw2NDAfBgNVHSMEGDAWgBTMAlUM5IF0ryBU1REUV5yRUjh/oDAdBgNVHQ4EFgQUEWdFrMEb7hG5I2QaLQx4eevxXD8wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAetwAPoeMMHE9zRSVcGsK3TTo6+YqORR78HXFel4Yg4j7SE3HLSHcrOYaVT/ouUcLqufEWiKRVDpZ4QShSV1hfcF3UhufKCLhMf/sNuc97e/ptOVciN76q+6jNJ+1fAtwNk+myf8lqR1r5CGCk5TDZZv64GR3Q5nhQTBG6wCCUE2vP22bDjY9h+ibfSl4eQG56rNXsDSMMnOB6Fqm9mwPXKUedF8ezHJeRAb1JQtDxkt0oy94i53EaCj6Hd6LzI4Gfq7ReorkuVJvqv+pcpPfZN9FkbbK/o62DMTw3wb+uGh/8VehGOpV05EkafClZ0lqwXpndnI+dbS6PvJpmoqElg==";
oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting));
}
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
// Act
try
{
stsTokenService.GetToken();
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (FaultException fe)
{
// Assert
Assert.AreEqual("Authentication failed", fe.Message);
}
}
public void OioWsTrustRequestFailDueToHeaderSecurityTamperingTest()
{
// Arrange
IStsTokenService stsTokenService =
new StsTokenService(
TokenServiceConfigurationFactory.CreateConfiguration()
);
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
// Use xml version instead of utilReplaceInRequest(...) because message id is dynamically
// For some reason there are two calls where the first call has en empty body.
if (oS.RequestBody.Length > 0)
{
var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody);
var bodyAsXml = XDocument.Load(new StringReader(bodyAsString));
var namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/");
namespaceManager.AddNamespace("o",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
namespaceManager.AddNamespace("u",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
var createdTimestampElement =
bodyAsXml.XPathSelectElement("/s:Envelope/s:Header/o:Security/u:Timestamp/u:Created",
namespaceManager);
var dateTime = DateTime.Parse(createdTimestampElement.Value);
var addMinutes = dateTime.AddMinutes(1);
var longDateString = addMinutes.ToUniversalTime().ToString(TimeFormat);
createdTimestampElement.Value = longDateString;
oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting));
}
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
// Act
try
{
stsTokenService.GetToken();
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (FaultException fe)
{
// Assert
Assert.AreEqual("Authentication failed", fe.Message);
}
}
public void SoapRequestFailDueToHeaderSecurityTamperingTest()
{
// Arrange
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
// Use xml version instead of utilReplaceInRequest(...) because message id is dynamically
var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody);
var bodyAsXml = XDocument.Load(new StringReader(bodyAsString));
var namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope");
namespaceManager.AddNamespace("o",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
namespaceManager.AddNamespace("u",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
var createdTimestampElement =
bodyAsXml.XPathSelectElement("/s:Envelope/s:Header/o:Security/u:Timestamp/u:Created",
namespaceManager);
var dateTime = DateTime.Parse(createdTimestampElement.Value);
var addMinutes = dateTime.AddMinutes(1);
var longDateString = addMinutes.ToUniversalTime().ToString(TimeFormat);
createdTimestampElement.Value = longDateString;
oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting));
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
// Act
var client = new HelloWorldClient();
var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken());
try
{
channelWithIssuedToken.HelloSign("Schultz");
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (MessageSecurityException mse)
{
// Assert
var fe = mse.InnerException as FaultException;
Assert.IsNotNull(fe, "Expected inner fault exception");
Assert.IsTrue(fe.Message.StartsWith("An error occurred when verifying security for the message."));
}
}
public void OioWsTrustResponseFailDueToHeaderActionTamperingTest()
{
// Arrange
IStsTokenService stsTokenService =
new StsTokenService(
TokenServiceConfigurationFactory.CreateConfiguration()
);
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
// In order to enable response tampering, buffering mode must
// be enabled; this allows FiddlerCore to permit modification of
// the response in the BeforeResponse handler rather than streaming
// the response to the client as the response comes in.
oS.bBufferResponse = true;
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
_fiddlerApplicationOnBeforeResponse = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
oS.utilReplaceInResponse("<wsa:Action", "<wsa:Action testAttribute=\"Tampered\"");
};
FiddlerApplication.BeforeResponse += _fiddlerApplicationOnBeforeResponse;
// Act
try
{
stsTokenService.GetToken();
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (InvalidOperationException ioe)
{
// Assert
Assert.AreEqual("SOAP signature recieved from STS does not validate!", ioe.Message);
}
}
public void OioWsTrustRequestFailDueToReplayAttackTest()
{
// Arrange
IStsTokenService stsTokenService =
new StsTokenService(
TokenServiceConfigurationFactory.CreateConfiguration()
);
byte[] recordedRequest = null;
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
// For some reason there are two calls where the first call has en empty body.
if (oS.RequestBody.Length > 0)
{
if (recordedRequest == null)
{
// record request
recordedRequest = oS.RequestBody;
}
else
{
// Replay
oS.RequestBody = recordedRequest;
}
}
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
stsTokenService.GetToken();
// Act
try
{
stsTokenService.GetToken();
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (FaultException fe)
{
// Assert
Assert.AreEqual("The specified request failed", fe.Message);
}
}
public void SoapRequestFailDueToTokenTamperingTest()
{
// Arrange
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
// Use xml version instead of utilReplaceInRequest(...) because message id is dynamically
var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody);
var bodyAsXml = XDocument.Load(new StringReader(bodyAsString));
var namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope");
namespaceManager.AddNamespace("o",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
namespaceManager.AddNamespace("u", "urn:oasis:names:tc:SAML:2.0:assertion");
namespaceManager.AddNamespace("xenc", "http://www.w3.org/2001/04/xmlenc#");
var cipherValueElement =
bodyAsXml.XPathSelectElement(
"/s:Envelope/s:Header/o:Security/u:EncryptedAssertion/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue",
namespaceManager);
cipherValueElement.Value =
"caOITLZYC9wHy4gxMdtxoYjYY9V2t3Jj5ZTRnJxz0Uvd/XS0pOIx9E0htm0jjO0KgLzlYaFMFxkO/U8eCjv2U2AUkSf0o/TZbRUdNUmn5HUC60ZeNGVKdxytzCnq59Qif5q5Um3A4rP8GbMitISPOeyz7UotqmWm48UepnZ+mO34SXFMsrkVUclxW630wPBdeeL3p+CpByn9Cv1qiqPMnX0OO9WqVhszH6KijdiLnlXLwdiLNZWtvftm9r+lhA+Xl3q1GqonYm1/mFVUsUA2aV+T2raFdtAKPQPVNKoe9F9z1j5cpx+VOpi+RZzqcOfCjM2wRFQFP8TFAIZb7OW4Ji+AKf3DQ7kpd8VPOK5Wb4EN/KgV1tLcwTDKcdz6SI55NBL6NgP3otYCM1KahZ8nrVLi+66xnsqsiehF294OloDt3tUkWcgfPEQ2csXwIQ+r99O3KKNi+k3g5WzND4LoWPtunUSWDnkAOZM3fDqkNjtf8cL3JbhGrEmoTht277MGKhMCHiUfgadWp80niLboshlYECsjGFFb/JNuFmv5f2JNMcW6pZ8g+o3KvK4Ck62X3CfDlJ5sdRYs6oaD9wx8fEwC6kCkaxDI1WjMz/4uQWiuQsc0nu7sLBlVvN9aMeuPvxhzrmTyUTNbd56JvOBBbpZaL1b0aQojrSVfzPtyJRrj0Dof5MEQ46iGFemJ1hkY2/jNqit55GybcI3h+ZLneVXRr0+1DOLiPzWHbTmr5V/FPPLB+odVUp3hvemRjNEVv5YGsPPK7SoZWEbSpwXJxdLAW07lFZ7wGZByFY0VaGYWpFNjd8TDwt2jmuWKf5KSFO0nRZKNEFziWqr+v/bs0v7F16qHOjTGn8ZdhRDDky8L+2DyHYwc0VY3TYM1JDG2Uqak2M032G2acuTZdujDMIiXMM39VubhANkaLE8L8blpfYVXZSVdI+FrRudcMdI9fQTJFNTAg0DWBi2e3UM4f4M9mPmNp8vUd9nhfbhULuhgQpufYI5mpKWdiBirDUL4bo7i/mzddUDwIjXhpSqSErGJt5D6oazV2+4j+vDXT0tc2LtnS6srB1zIKzg7fJ9N7DAn6ky9ASYJMPkPX8uEMoFi71g9ILN6WYOHp9c9WxG1y4hTO5e7WgPP3K4Umho20GyjNlChPrAyhE8T79OTKupJPT9JTV1ABscCwMY0fccbs91nThu2URfxUSdgh8NMY3W/gbYMywNRkl4jVmUhO+6GPNNMnfY+iKlli0k/cEB0XmZC/7npPeQ61LCy04Jvxo7ALx8JVtBZYhgd453HpyQagqheLIpeeFqHVSrHbJXqDPowXmhr2CYe7Op+lEcGCF3kpdIruigs//x/vCFFLDghLoCGbyc6ISBTXxJzXudU4ooLj4yuKd11ZMzYpItecFjnpxiCuI7c+D3rZbU+3BQ9HZcv+rlGfG2pGXC0DEUC0QhJQ1hsW+qBkG5es7XoD8EHYlF7cSkpIHIUMoV/McDFa4if4V6Zqc+kiRBqI2iBryQ68jteuVjymSB6bSMpMshwPqkHBDk+SZUc8uKFJMF1aAaWc0/aks6/z59a8WVCczMvhERqgXUJtsMDMepPT+qAyH73P5FzdIVC1d5KOuY2lyBnlvKnHvhO6n7/pBfWVCfvzEV/oSIcZ2nX5BPkX7Wj2s0muLO3/n6Fu60cxCcTCSDe9XN84bxa3tcVuRUNmThU/aQYtahF04VE47LtGF13aPicz5/IH9d40MRKy15hgcE8ZL/M/M7RvunvL8TqcUPNGvIQwfF/w6OUbWLOkZf4eC/sFrZp+Vtsd1tc11Ju0M6qp2/rj7hukZuZXPIJdwKoT/REGJYAaNJBQJr1Gp+H3oE4e034JkQdY78VmCzrxdFq2DBWpfDSOFY18vWgOZ5SD3U5+Gw0w8ohvBPVDX2nJJXNqp8Vaz57T0r/APvVXMx4f9lKXPSfWr33o5PPibPLnB+z7+iTaH6WVMNOpO70X01bxcL0UvnZa+P9WXhEcpNF5iXOvl1ZA/UFWoo+td4auVevHxtmdQRXwphu4ongCKFMyRH+Qn6+GNaqI95eegU7rPZDTNwvdEGkGtHlFQ82d9s6oV7yhbw3IFfNd+hPDRGtWG8NaaPGFRBc5Rt2WBkSIQKb1BCNTzbEfbK4mGY4Kr4LmXnJtFprziRAk92tRaCs+tInH5W08jKX+j0ukYyjPosz4IpasXwVOpgSltnrvC2ck+8cAY7C/bOopAg2PD+3m8U6gWmSCaabtrMnpYgD79gw9H8qP/UCQKsVUhoFsBBMtybbOqj/sRKeyaLdjEUyEmzjPm+0KDCO/yKJUFzwhbFnq/rMzyFyeFXdgUmAfOeP8av3f5AbIASlSELWHtw7N9ByxUsQ5+vacL35L2dd6o0DCZ932ivznw5JfK3iSdSwWkyW/160Uv9/RtcYEseNLMejIEHrEtHgs3okSBkMdXv3LaQBLAvbTPWNeCmOELg7B9P3deh2PH5Izdv/CNRwF7dBcz5zgC2tgMBYS1ZscP0JhT4aUvOFUxtu0ZmfNztcKUOcJEgaLqbarpnA8ekCkHtBW8vq7YeGKhbg0UgOJmBqrSB251gESO9ol/lJ13YY4wWCUuPjFrqHgwJ4ywzOQKEmCP7zte/abiTPatf7YRJ8IDMAmR0Va5iGNJ3zxGViF+bT3f9mS10MqWgO3knWZ2qbcdk5bN4eiBgWD3jjZ+P7JIzlCifDyPHMVVMiylsEtY/M3vnEOl+0XMvnZbjU2jiDJksvFEOX3umqPTabewLSoL8boIiHfTkxnXueLhT9Yx744W4mHfS/Rt+5AAji6VF7AfgMXCQHE92HuOiMpUE1e0W3fcRwgJ0Nn5trAFup3BLkzSd96Z2vCEhgp9CitUm1edrCjBPSur9svuGmUI3hz/vqL1HGpjs78wQOvCC+L11v3Tppn18PRXC1O4itwH3g1qZTKPOGudLDJ7klpAjDRBLuxAtiwKMfaXULR70HLAP/5D8df/bHn+sWWRdKoga87rvr5pIbJcKw5EwjGUV1+xcBzSr5J+SNU069eD5U038YFQwyOApLg7DE6hNZ9TsoTT3C2QH6DUQZcrvWbSFKpAqpp5wdidWLu0ewhjVCj+wZLmmP2YJTKLbzF6XY717NViJM9VJJR2F/OHcjqXxvJRfJ3yeoBlTk0IqMmgza2eS2SWmutGXWU0ympJWeFfli3ZO0C0oWDa0fwm7Hm0l7ISl16hJidx0PPERVjFBZsUAnU7nIpDVwSEjHiHH4cWYNlLL+FyGWQW5s/l6+9B4LwFJEBQeT0Dag7xBMorWrSlyMsT4yJsVO/q9rTKZ15of5CnrZF22nOYu8/octGQFAxL2pY+42MxpzRVGfSRdXfCvwEu9FObLy6RsCrazR+wAdh5sQloCSL5FAWgwpyePaMdCMMgw+H+zgGGcGzKiS0wkN3Hz1pCjwbuHg4v2RcY21LR+cRux23TbLsyV+K1w6cH1Xfe3pf4gJQ+YwWWwUOqlcgc6eczM2ZF1P1Z/94MbWs+BCrolg4jBgpWlA0f1KIOgvCdE9U5eQ3PtMa2TqTrWhhON5rjJHVa+e7MAIMj5vmRgQAWeMi41inbspisGy/9Fr6L71spQUU7cznw2TqNczDKRUP9XnE7ovYXJ5XATdZghEqDpNBkuHcsgFmGNRZyh5pI5Oj+AlCHPI2oQXI5jptKC1rpr+TxU8oMNln4aQw4Dol9vij7eDEHLmlrKqyJpLNA43//est+6LF7Y0k53uLfHqNfvZCgbv6y25AFJLl64fYHT8sZ6JqzFxUR8F4KFV3aZRCIZ3fQfHEDZMbIGM0EK/2FP3/dDHN5KvswyNZ1Gqo30uvcupL4iwLCsRAcz7CQYJGIVmAXS/K9zs6UEdP1wCI7xYjGuDG4dyFv3M/+XyZIza0gh3ilIWPIVpzvgh9W1Q7gyBd2ZU5nkvgrLQULZXk3s3YW5UqB4neoLAVOCyES0VthiE7j0TUI/wJOmvd/HfkzYsp8zJyfJpqsNQ9x/6aijOhwJ9Cr7noLRc1TiCSGrryz/QZN2978zqaL+gxkfstdqzfPr//7QqoVve/GIOreFZP7qhGBnxqNWBUrO0auIacRYdkE7Fbr9P/Sw5RghphLq2Fss3dl/iiPi7eYckZGBK6tRvMfSiTb51qS8LKV4+dps8gtUr0UDeO+/l7Tm134l9UAhxlnfy9+qium1O90CIDspgWjZe6x8mA2DnpFjyJyEiTAZ1yaO4BBGQTUO/aNabjhm4Zn4bMQHVOJ2iGLxMGH2NEFOd4+uMuYhxIq1K+My1Mi4v7eegInoD4uBcvleChyBrLt25fEznUbcI+rvfWseb0vPvayiqLRn2N/ClaVFby+0gsfo5Ebz5WML5rGFKm/u/RBkPqsK3RqtCd8JB5sV2CqhtajmJ+bzGAkgX4ViHYsaEVrkEnFxyIwIi6p0VEgeK/j+9uLcY994pX6f0jyDQIr9Nc2i9naCSl2VtoujwQInW7D/e70hJRldW2CjPOhpDZyl/aG8ZqvL2/XwCL5518vZpbifSiupX/wDLofenk/951bAWrD83xaB9pxr+gkzZPx8ZR7xRe0JYZDZnn2T8t0wX1/zYB8yiWCB2kGxMqJh7Rrh0L65DCsKWsKWR+HV1b5Bpc26U5eeH6W4Zgoo2yuNQsb5rR05L8pxB7q5gOEVH8TVpK0y8o9W6eCNWiOetHhzreBdmobWBzQNNOl78xA/gh6IQPQfaEGnQYS38s8XM7+Cu4QwVDYdJSFBYupJr5rn7DtDP88w7XO8OdKguj5cAq/5ICJQPaD5S7jShOl5ccpLoLikrgVksZr/BxuhkkIsakJnAltlDHWzNkVC8wzO/x0FHZKvmOEQsLoueHqxfCyJLbooZwpHoNjXwzvfJ5XcRa1xY2uZDMit4tSQd0qebz8kun2mIIDwREqa5xqn2XzHE9b7j3bKTVhcsPMoIm1ENGEmQJi7dpjOT65v4s9hFMT47fcjZyhT+5xEstBkaRnIZ8rLY9gIVCAEFLUZXFOfHSIPlz8aHKwwr/sEGwWrpn6lPNXMezTTLjG73APQBz56OAUCnZmmEDq1BnH8aQsmXHofuK+tKUJX9wsPslD4BqHUq1CaWUr5zpWItUHOKaHxCKs/s42Mbbvw0LGFoBqEbxqiuIOW1qr2cPEBYZvPPgqBNlmQE6v417392L/qD07qh59smAkIba/FD/AqrDanhnvi5HF2EgGd34kqq7solQ31so+2cDwxC+1et8UVY21X58nRWn83YpX7sjzjkJABG20EQtkR7v/aQDUN0rhl7KLyQl55g1PV+27CdTvPEr+PsYuGG6OgUV1GVaPRqR4PjbsI92hSB+4s+XbtYMZdw6l9EvR7b4AimKK3Ijh8HM9QIPdaoXnffEfVsyt3B6nCdbYcNGMCrW1LTHxxmxJkCH5hdkJkzcOjXkl3dQ5MoOm/hx0N9zMPfBnl8eyQUg83RXP65Z0SVRHiesNZqJLml/TBtvOmUQjwUNyJd1CDN5Py4K5xE03uqXsRD9LI5jyotXDLeBdnb3pMcCpv5pYPhAg5+48ArKsRoipURKfF4Ygzn04bGaLJqFCmKpYVjUJeYiuejOCbEe2WiCzSvQDtXEOH+xR9qBgvf3QT5YF2mLIogOgxv8AN8Z22WlLWOlQAwIRPVgZ8cOgTVbnGWfS/idA0njHQNwdwkWS8WLc0lOQQeDld3WIRr3PvtfRaaAUMcIMwCPbEjzx7FU/Zmit2UdJK2dm8zwwziTSivrbdeN1s2nXxLvngNmqerFymHqrk6HL6dI4MXfet2ca47UpRBm+bCcuFaDEMi1K+HzBjuNevh4+ZFP1X61F07+vv6STDLtOMVX1g9SMwIflceceiWfSqpEIKssnESQ3JLUG7CrreYYLGrosP9G77G0JG/DXa3Zma6RfF8j1wkmFwnsQru/mBxQkb7oSn79jpvpmQxxmIaCnV0YKWhmpgZudcS6P2nJXsjvjAgONs490EPG+lH8OhKVLguP6sbCDQGf52de2bJeN3ADGFFXmKnqs8v8lDv1P9jp25PENIUOG5cv25/MCAA7G8xPplUPRJZLO9IzhvHCTpdADRNwrWES2OttqlIlTz563yf3WZNtMumcLeLnbdeyqeemDWzx7/zopRWEhOGV2gkoyxeX0mLTtHvgmyq0weueNv19/9lL3aAbf+1WUQptctVw5hVVa5br32ZjdHKjYkK5kH5FdVjCkA+ctizt+nh53mxOxlOxDRUZZLpyYw0lZf2dw01cZDrBYnyIHBb7ih52dUm5rE0hWIBgbZzMov0fbebHbWwlyI6KN6gFzkptAagaEBaj1FQqrJTLtrGOtBO6yg+XAnUlKYEWYiOF2rqYEBQcA2m6+1b+N8NLrpwkWGEI3Ci/L22rv8/ubUcG1+lfmpEhBdPYR2f3VNpn7BQduiByWjOctcBvlOkMVMIssxY7AGt2K3/vH0c4Hm7ZUqHZfuMyWhpCKz+l8qYITqSA2Y3wuhb/GRZ64UeQAS+WvnKpG+Iy4U6O5Z3KyBukuzmHDUUF/57rTt0noqpnGmhlvdGJwsfbeaA11XcC+vlsNW37pbls827w+A+hKQlIy7KMRhDWkxbXsJn1z3Loixfllk2qSuDfsGIIMctnrdi/JIOZX1TXewivhVVs7TK0F+LmUYRdINorvtgVxwLYdGOVhsJauNR56mYCkKJ+IcMvYvFbl2RwHBLyjYQhjp4acYjbSJrbf+MJbEe8hGAicBJjsoIV3kxsN+Bzii/D8vNDDBBNaDI/uVJviiLiIpRhyV32vpwnYz5qsEBOz0tKE1DZo7G9M9lovy2pyUNlQ/Uksr9cOIGI0d+BBsxZZQvvcoPeaNesrbxNa6lDsiXQMwqZD9V4hXwJh6BlqCAn25iMlpt23hoV1tIqfEOJf6mmD1fIazNsVo/onJS4FJ3ucLGdhASiu8QgG+1FHvXOvIGyL+SP0xHKLqXd8o6KkEs1x9ty8b+pOBbuLcrP04qEJ7p8J7+pOZGSggy9bucwMdQkNtKQxOaDEOUMUADNi7McSyyyfgyGyl63tIIhh6Ipejbp03z0a4XTUn2NyKj/tSNpu4JkQtjdKuxKRJYQ7lgqRf8gQIi/phUtOIGd59KeF45JlNBXF6qIVlmvbxttM3H+rU1EN7F1cEjd3duZwDpvTl4jJb82qC3itoQ/mbIgQoyeobCh07+h1ZyxqoThsu5p+9YHqpkMoojXYBu+8nGj504+IVuc/H3fSy5V2QyBkXrnLWWgvSy2hPce7Ne/9873AaQgooSQdJ7WEKNJoV/8DrTVl7xcVE9Wvd5qB8keh2BkR+FlFPWeSdi5bQH0juOLQ4Hwl7035vkzLqYykvfPWsVFU4UODwj2yT8h1JdlouHrJ+K7NLZNFlydHNqOJqzZZ7JLtjboFbpT4IWpjpt5tM9KGvv5Ppetgygg8H0tFdmynhOnMrsxgs9mmk8t5obUaRnE3JXRXmSHoTdjspzKaTbHyhP1mOAKms7yVAUMXxseb+w/UD6PFCPUhVm0JZUk9g1ogvh/D1OM5EtFnoWJloAkTDVnANz9h1KgrZVGKMgqvEvDOOOFLNUa79NRWOF/s/XtPYCuTHkSirthqwbOtV44ksWkFBCg5jD7gWQXy91j0kTv2uihYEXYqw0cCf2m17Myejo9K/J+0Ipimn/jlGGVzzTgrOl7/4qgU7tsgSJIxAcQ6nLBjuV3EdRbTfmDfpEMrJrQMEL8ec8xOuAAZDrmEa2K+qzEQLzDOGGJKj60VUpP+/5FewM2giT+fMkQSy9BeFIPOwFw3/XavRIb6oRzQOG2CbNSz+qnxFkhbL9nifcB6ckMRHBHX/zSkQr0P6EbyKuLVX9xk1eZxgByG4ZSmgrYEtnaPwaD0OS7g+bEpHHs0jM5bYsmzVDmrJskncCI2yff9dOcWSlLQJelh8ZyAomQ1naakPTAWF6zfwbo8M4h8x8+OyZabUI3yHHbuxTUZYRa5ff5B+15mF9IWLyp1SwLU7xwRM4bvA2VetklWzxz8hSC0s1rWeXykGIu4+oC4KKmgmhJLygkrXnIB2DOtA1/a4BrUZoYee8HrP/kJ37jD5QQxZLccMl45LsTLdAm8B0FRiId0q56/9cvRUTWU7DvumDLvaU6FJcFiUBuvhN2Os+wlzDJGZQVmFglFSA8WJIwk5wPmpOW31bSLVimpnBoTy3G7OdwdWl5xrebYkWLQTXXbcflO17MHWhEsDTkGLDHM6ZY2LZd9k1SvXBRGPgCUuMMpIp4qdKL3xOBPLdzjf3KPG4SbWoZZJbPXEIP5Ryg96nLJ2nuYCcQ8tZOxTqKIiLnhyd5GVvzbEZGh66q70oAWhznC0AtepPoMQv/Vb4PzAcEIL8kH28MgQvzJUrOeituNVlRDA1a6hGSmVKW4XEqzvkm+SS6cKHKlXHWhcLH3dfCeh/+kNoKhoSplyL0jzZ07C3T7fFdOxR4QJBUgTNCI2Dq/W54/BiAdb9OM/oKxT6EpcIW1PbIIN3n1Y0E43bAiTxElr8euUGAopUruAZcbyKnzRUcTaU9eKQtMERfOKqI5maAdqOBmjwNhMHoi/ifNgkFZOU7a+eMAmOBvEkv0zQUpKtuxuQbKnusLmSOr9fMLTc0BWc3o+I3ONU78w178Mw3wvvW+GP/K3yv8Sn9DoGiFTm2cNJMcF4Zm+1WwVHxcaE67sJ7e4QMU2UWhLaPqDLpkZSWUAy+rRd+WWmJ0MLrxlAqDlzZS8GB7Lp/avJSMaKemRM1ynZhHU23ZABUdwX814Orwt27lnN2xHk26EGNsE/q8LTkyODL6cntxbVVy2jENoH4Kzz/8On4vEaJTgrjldGI0umraglkV4Eh+h5Zs7CwIk0r6eQqlwu1US1fdzGsVMn3vGmemWe3xUPjfrbFGCFadB72Agom6jDpQoUaD+ztftoKw9rJshE78e6rkcCnsWgfjImaYJte6Ut20L8Otb+RGNUQcdwuaC9jOY76CjVh5iSxy/sD6rJLHLQZAI6WNYEOhdrgeLP0XJI6a9rmBMRQxvEw0DFLxksomIdTSxgAm8Ron8WOS3eXfZeQjMq92nbEGD8KN4sfhwiFrR3zgboEO/bvpMShYY6KryddOuE1ChKSTdIGYXxphKXBAZsTQWTQxUiuEv792f4523cQKL4+XFBCwY1dCXLfXLOdAMizFrpoosTkJSfXkvz6Ox4i2XYDxnu+d2nLzCUykh98ONiPOJoWTeQIHFvzsAEj3rvkX7omgN+GqevKDkf7l88tq6wuRS9Tals6Vf5ve6CqxspMwckMDb/ZuFmeHJlyGmE1rhd9ze+Fjyd4QkJA9zxL4WOkFJP/PVoA+mxR2jMFdsnK+R4PGqErC+tIp/CmdoTRp4JlOIGEgrmHUrVhVruUR8BwboHZDo8adfC80ieLq+yYISz04wPUECkyQ808fozYVDTyEGHRILU4aOWU4c52w0GNv/00h61CrzTFHPdN7h7Djx1Ob5KdsghGM987BTHCku6IuLhjdBO1YyNBM6DqBsuik7H2dY8+qL8zC/kz/omfVCn6JOYOQ6Fl6detFNBASk+farDREvV66oqwIT8as57qXNT7Mo1wE1arhdrIUEJz3/yZguHxjOuaXeOdLTnCjPsq8MBRhrtkj6aXkG8iksfP8/gUamEXHxve17HpipfDe4ieKuX0INlJAbUSrdwhPVje9vWZwNcyy+Hfdi544szMbPSPw/WIILSTdkVJtarWowJZVYVYGUbcyNcXxLII5VWz3Q6lWRV1h3IWixGtuU8IzxoHT8F1ECyS1Dcx3QJ8w3Ksw6PCnd3byfKAj2POu+qfGM6FOO52QAWViqOyDks2AoDfPmp8p91FMrvyWy0No/Mg2a83CSByxzvnXvMht0ekzacBRfROMz1mwqX7/kMDsqBSLugoOyptGfTnWojezaijWXkRYyZj4maK/SzQKm4ks4yFqTiV1OlPA8v058q21tleIEMefCqKLp5bJMffYVZal5bpUCESr2l4HCDCCGQX0BtRdQ2GrxTbffQCfnQ9Iq0YjW9TLJCowJKhS0uOORYplr0jWqXz/w5CwSyjM7JbsLIjZ0r/Au413tTOUucyz5ZvboSwlzcJ6O0R5VulIdcOlgjVeEFJn8sdawn11H6qo3Uf2zIrEX5KlsntuS8KlLgKF3n6r4d5EXlNMBYfBZntzHFF0JqOs/5RAtil6+E1VpSyUZRxA==";
oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting));
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
// Act
var client = new HelloWorldClient();
var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken());
try
{
channelWithIssuedToken.HelloSign("Schultz");
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (MessageSecurityException mse)
{
// Assert
var fe = mse.InnerException as FaultException;
Assert.IsNotNull(fe, "Expected inner fault exception");
Assert.IsTrue(fe.Message.StartsWith("An error occurred when verifying security for the message."));
}
}
public void OioWsTrustResponseExpiredTest()
{
// Arrange
IStsTokenService stsTokenService =
new StsTokenService(
TokenServiceConfigurationFactory.CreateConfiguration()
);
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
// it not set then Thread.Sleep is ignored on the response.
oS.bBufferResponse = true;
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
_fiddlerApplicationOnBeforeResponse = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
Thread.Sleep(_wait);
};
FiddlerApplication.BeforeResponse += _fiddlerApplicationOnBeforeResponse;
// Act
try
{
stsTokenService.GetToken();
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (MessageSecurityException mse)
{
// Assert
Assert.IsTrue(mse.Message.StartsWith("The security timestamp is stale because its expiration time"));
}
}
public void NavigateToViewWithJsErrorProxy(string targetUrl)
{
string errorScript =
@"window.__webdriver_javascript_errors = [];
window.onerror = function(errorMsg, url, line) {
window.__webdriver_javascript_errors.push(
errorMsg + ' (found at ' + url + ', line ' + line + ')');
};";
SessionStateHandler responseheadersAvailable = delegate(Session targetSession)
{
// Tell Fiddler to buffer the response so that we can modify
// it before it gets back to the browser.
ReponseCode = targetSession.responseCode;
};
SessionStateHandler beforeRequestHandler = delegate(Session targetSession)
{
// Tell Fiddler to buffer the response so that we can modify
// it before it gets back to the browser.
targetSession.bBufferResponse = true;
};
SessionStateHandler beforeResponseHandler = delegate(Session targetSession)
{
if (targetSession.fullUrl.ContainsEx(targetUrl) &&
targetSession.oResponse.headers.ExistsAndContains("Content-Type", "html"))
{
targetSession.utilDecodeResponse();
string responseBody = targetSession.GetResponseBodyAsString();
string headTag = Regex.Match(responseBody, "<head.*>", RegexOptions.IgnoreCase).ToString();
string addition = headTag + "<script>" + errorScript + "</script>";
targetSession.utilReplaceOnceInResponse(headTag, addition, false);
}
};
FiddlerApplication.BeforeRequest += beforeRequestHandler;
FiddlerApplication.BeforeResponse += beforeResponseHandler;
FiddlerApplication.ResponseHeadersAvailable += responseheadersAvailable;
Driver.Navigate(targetUrl);
FiddlerApplication.BeforeResponse -= beforeResponseHandler;
FiddlerApplication.BeforeRequest -= beforeRequestHandler;
FiddlerApplication.ResponseHeadersAvailable -= responseheadersAvailable;
}
public static int NavigateTo(this IWebDriver driver, string targetUrl, TimeSpan timeout, bool printDebugInfo)
{
if (driver == null)
{
throw new ArgumentNullException("driver", "Driver cannot be null");
}
if (string.IsNullOrEmpty(targetUrl))
{
throw new ArgumentException("URL cannot be null or the empty string.", "targetUrl");
}
int responseCode = 0;
DateTime endTime = DateTime.Now.Add(timeout);
SessionStateHandler responseHandler = delegate(Session targetSession)
{
if (printDebugInfo)
{
Console.WriteLine("DEBUG: Received response for resource with URL {0}", targetSession.fullUrl);
}
if (targetSession.fullUrl == targetUrl)
{
responseCode = targetSession.responseCode;
if (printDebugInfo)
{
Console.WriteLine("DEBUG: Found response for {0}, setting response code.", targetSession.fullUrl);
}
}
};
// Attach the event handler, perform the navigation, and wait for
// the status code to be non-zero, or to timeout. Then detach the
// event handler and return the response code.
FiddlerApplication.AfterSessionComplete += responseHandler;
driver.Url = targetUrl;
while (responseCode == 0 && DateTime.Now < endTime)
{
System.Threading.Thread.Sleep(100);
}
FiddlerApplication.AfterSessionComplete -= responseHandler;
return(responseCode);
}
public void SoapResponseExpiredTest()
{
// Arrange
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
// it not set then Thread.Sleep is ignored on the response.
oS.bBufferResponse = true;
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
_fiddlerApplicationOnBeforeResponse = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
Thread.Sleep(_wait);
};
FiddlerApplication.BeforeResponse += _fiddlerApplicationOnBeforeResponse;
var client = new HelloWorldClient();
var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken());
// Act
try
{
channelWithIssuedToken.HelloSign("Schultz");
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (MessageSecurityException mse)
{
// Assert
Assert.IsTrue(mse.Message.StartsWith("The security timestamp is stale because its expiration time"));
}
}
public static void GetOauthTokens(Action <int, OauthToken> onResult)
{
if (FiddlerApplication.IsStarted())
{
onResult(0, null);
return;
}
FiddlerApplication.Startup(0, FiddlerCoreStartupFlags.Default);
Proxy oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(0, true, "localhost");
SessionStateHandler handler = null;
handler = (Session oS) => {
if (oS.fullUrl.StartsWith("https://restapi.ele.me/marketing/promotion/weixin/") && oS.RequestMethod == "POST")
{
OauthToken token = new OauthToken();
token.Url = oS.fullUrl;
token.RequestBody = jsSerializer.Deserialize <dynamic>(oS.GetRequestBodyAsString());
token.UserName = token.RequestBody["weixin_username"];
FiddlerApplication.BeforeRequest -= handler;
if (null != oSecureEndpoint)
{
oSecureEndpoint.Dispose();
}
FiddlerApplication.Shutdown();
onResult(1, token);
}
else if (oS.fullUrl.StartsWith("http://close.local"))
{
FiddlerApplication.BeforeRequest -= handler;
if (null != oSecureEndpoint)
{
oSecureEndpoint.Dispose();
}
FiddlerApplication.Shutdown();
}
};
FiddlerApplication.BeforeRequest += handler;
}
public void SoapRequestFailDueToReplayAttackTest()
{
// Arrange
byte[] recordedRequest = null;
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
if (recordedRequest == null)
{
// record request
recordedRequest = oS.RequestBody;
}
else
{
// Replay
oS.RequestBody = recordedRequest;
}
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
var client = new HelloWorldClient();
var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken());
channelWithIssuedToken.HelloSign("Schultz");
// Act
try
{
channelWithIssuedToken.HelloSign("Schultz");
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (MessageSecurityException mse)
{
// Assert
var fe = mse.InnerException as FaultException;
Assert.IsNotNull(fe, "Expected inner fault exception");
Assert.IsTrue(fe.Message.StartsWith("An error occurred when verifying security for the message."));
}
}
public void SoapRequestSucceedIsSoap12Test()
{
var soap12 = "http://www.w3.org/2003/05/soap-envelope";
var isSoap12 = false;
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
// Use xml version instead of utilReplaceInRequest(...)
// because message id is dynamically
var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody);
var bodyAsXml = XDocument.Load(new StringReader(bodyAsString));
var namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("s", soap12);
// If we can find the root element, it's because the namespace
// of SOAP 1.2 matches
var envelopeElement =
bodyAsXml.XPathSelectElement(
"/s:Envelope",
namespaceManager
);
isSoap12 = (null != envelopeElement);
};
FiddlerApplication.BeforeRequest +=
_fiddlerApplicationOnBeforeRequest;
// Act
var client = new HelloWorldClient();
var channelWithIssuedToken =
client.ChannelFactory.CreateChannelWithIssuedToken(
_stsTokenService.GetToken()
);
channelWithIssuedToken.HelloSign("Schultz");
Assert.IsTrue(isSoap12, "Succeed with a valid SOAP 1.2 header.");
}
public void SoapRequestSucceedNoLibertyHeaderTest()
{
var soap12 = "http://www.w3.org/2003/05/soap-envelope";
var noLibHead = false;
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
// Use xml version instead of utilReplaceInRequest(...)
// because message id is dynamically
var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody);
var bodyAsXml = XDocument.Load(new StringReader(bodyAsString));
var namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("s", soap12);
// If we can't find the Liberty Header, it's because it's no
// longer part of the SOAP 1.2 message
var frameworkElement =
bodyAsXml.XPathSelectElement(
"/s:Envelope/s:Header/Framework",
namespaceManager
);
noLibHead = (null == frameworkElement);
};
FiddlerApplication.BeforeRequest +=
_fiddlerApplicationOnBeforeRequest;
// Act
var client = new HelloWorldClient();
var channelWithIssuedToken =
client.ChannelFactory.CreateChannelWithIssuedToken(
_stsTokenService.GetToken()
);
channelWithIssuedToken.HelloSign("Schultz");
Assert.IsTrue(noLibHead, "Succeed with no Liberty header.");
}
public void OioWsTrustRequestFailDueToHeaderMessageIdTamperingTest()
{
// Arrange
IStsTokenService stsTokenService = new StsTokenService(TokenServiceConfigurationFactory.CreateConfiguration());
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (StsHostName != oS.hostname)
{
return;
}
// Use xml version instead of utilReplaceInRequest(...) because message id is dynamically
// For some reason there are two calls where the first call has en empty body.
if (oS.RequestBody.Length > 0)
{
var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody);
var bodyAsXml = XDocument.Load(new StringReader(bodyAsString));
var namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/");
namespaceManager.AddNamespace("a", "http://www.w3.org/2005/08/addressing");
var messageIdElement = bodyAsXml.XPathSelectElement("/s:Envelope/s:Header/a:MessageID",
namespaceManager);
messageIdElement.Value = "uuid:0e07468e-42b2-4813-b837-6c2c6122a9c9";
oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting));
}
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
// Act
try
{
stsTokenService.GetToken();
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (FaultException fe)
{
// Assert
Assert.AreEqual("Authentication failed", fe.Message);
}
}
public static void NavigateTo(this IWebDriver driver, string targetUrl)
{
if (driver == null)
{
throw new ArgumentNullException("driver", "Driver cannot be null");
}
if (string.IsNullOrEmpty(targetUrl))
{
throw new ArgumentNullException("targetUrl", "URL cannot be null or empty string");
}
string errorScript = "window.__webdriver_javascript_errors = []; window.onerror = function(errorMsg, url, line) { window.__webdriver_javascript_errors.push(errorMsg + ' (found at ' + url + ', line ' + line + ')'); };";
SessionStateHandler beforeRequestHandler = delegate(Session targetSession)
{
// Tell Fiddler to buffer the response so that we can modify
// it before it gets back to the browser.
targetSession.bBufferResponse = true;
};
SessionStateHandler beforeResponseHandler = delegate(Session targetSession)
{
if (targetSession.fullUrl == targetUrl &&
targetSession.oResponse.headers.ExistsAndContains("Content-Type", "html"))
{
targetSession.utilDecodeResponse();
string responseBody = targetSession.GetResponseBodyAsString();
string headTag = Regex.Match(
responseBody,
"<head.*>",
RegexOptions.IgnoreCase).ToString();
string addition = headTag + "<script>" + errorScript + "</script>";
targetSession.utilReplaceOnceInResponse(headTag, addition, false);
}
};
FiddlerApplication.BeforeRequest += beforeRequestHandler;
FiddlerApplication.BeforeResponse += beforeResponseHandler;
driver.Url = targetUrl;
FiddlerApplication.BeforeResponse -= beforeResponseHandler;
FiddlerApplication.BeforeRequest -= beforeRequestHandler;
}
public static void NavigateTo(IWebDriver driver, string targetUrl, string userName, string password, TimeSpan timeout, bool printDebugInfo)
{
if (driver == null)
{
throw new ArgumentNullException("driver", "Driver cannot be null");
}
if (string.IsNullOrEmpty(targetUrl))
{
throw new ArgumentException("URL cannot be null or the empty string.", "targetUrl");
}
if (string.IsNullOrEmpty(userName))
{
throw new ArgumentException("User name cannot be null or the empty string.", "userName");
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentException("Password cannot be null or the empty string.", "password");
}
DateTime endTime = DateTime.Now.Add(timeout);
SessionStateHandler responseHandler = delegate(Session targetSession)
{
if (printDebugInfo)
{
Console.WriteLine("DEBUG: Received response for resource with URL {0}", targetSession.fullUrl);
}
byte[] credentialsArray = System.Text.Encoding.UTF8.GetBytes(string.Format("{0}:{1}", userName, password));
string encodedCredentials = Convert.ToBase64String(credentialsArray);
targetSession.oRequest.headers["Authorization"] = string.Format("Basic {0}", encodedCredentials);
};
// Attach the event handler, perform the navigation, and wait for
// the status code to be non-zero, or to timeout. Then detach the
// event handler and return the response code.
FiddlerApplication.BeforeRequest += responseHandler;
driver.Url = targetUrl;
FiddlerApplication.BeforeRequest -= responseHandler;
}
public static void Start()
{
FiddlerApplication.Shutdown();
FiddlerApplication.OnValidateServerCertificate += FiddlerApplication_OnValidateServerCertificate;
SessionStateHandler _bResp;
if ((_bResp = _beforeResponse) == null)
{
_bResp = (_beforeResponse = new SessionStateHandler(BeforeResponse));
FiddlerApplication.BeforeResponse += _bResp;
}
SessionStateHandler _bReq;
if ((_bReq = _beforeRequest) == null)
{
_bReq = (_beforeRequest = new SessionStateHandler(BeforeRequest));
FiddlerApplication.BeforeRequest += _bReq;
}
InstallCert();
FiddlerApplication.Startup(Server.FiddlerPort, FiddlerCoreStartupFlags.DecryptSSL);
}
public void SoapRequestFailDueToHeaderMessageIdTamperingTest()
{
// Arrange
_fiddlerApplicationOnBeforeRequest = delegate(Session oS)
{
// Only act on requests to WSP
if (WspHostName != oS.hostname)
{
return;
}
// Use xml version instead of utilReplaceInRequest(...) because message id is dynamically
var bodyAsString = Encoding.UTF8.GetString(oS.RequestBody);
var bodyAsXml = XDocument.Load(new StringReader(bodyAsString));
var namespaceManager = new XmlNamespaceManager(new NameTable());
namespaceManager.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope");
namespaceManager.AddNamespace("a", "http://www.w3.org/2005/08/addressing");
var messageIdElement = bodyAsXml.XPathSelectElement("/s:Envelope/s:Header/a:MessageID", namespaceManager);
messageIdElement.Value = "urn:uuid:0e07468e-42b2-4813-b837-6c2c6122a9c9";
oS.RequestBody = Encoding.UTF8.GetBytes(bodyAsXml.ToString(SaveOptions.DisableFormatting));
};
FiddlerApplication.BeforeRequest += _fiddlerApplicationOnBeforeRequest;
// Act
var client = new HelloWorldClient();
var channelWithIssuedToken = client.ChannelFactory.CreateChannelWithIssuedToken(_stsTokenService.GetToken());
try
{
channelWithIssuedToken.HelloSign("Schultz");
Assert.IsTrue(false, "Expected exception was not thrown!!!");
}
catch (MessageSecurityException mse)
{
// Assert
var fe = mse.InnerException as FaultException;
Assert.IsNotNull(fe, "Expected inner fault exception");
Assert.AreEqual("An error occurred when verifying security for the message.", fe.Message);
}
}
public static void Start()
{
FiddlerApplication.Shutdown();
FiddlerApplication.OnValidateServerCertificate += FiddlerApplication_OnValidateServerCertificate;
SessionStateHandler _bResp;
if ((_bResp = _beforeResponse) == null)
{
_bResp = (_beforeResponse = new SessionStateHandler(BeforeResponse));
FiddlerApplication.BeforeResponse += _bResp;
}
SessionStateHandler _bReq;
if ((_bReq = _beforeRequest) == null)
{
_bReq = (_beforeRequest = new SessionStateHandler(BeforeRequest));
FiddlerApplication.BeforeRequest += _bReq;
}
InstallCert();
ushort iPort = 7777;
FiddlerCoreStartupSettings startupSettings =
new FiddlerCoreStartupSettingsBuilder()
.ListenOnPort(iPort)
//.RegisterAsSystemProxy()
.DecryptSSL()
//.AllowRemoteClients()
//.ChainToUpstreamGateway()
//.MonitorAllConnections()
//.HookUsingPACFile()
//.CaptureLocalhostTraffic()
//.CaptureFTP()
.OptimizeThreadPool()
//.SetUpstreamGatewayTo("http=CorpProxy:80;https=SecureProxy:443;ftp=ftpGW:20")
.Build();
Fiddler.FiddlerApplication.Startup(startupSettings);
}
