public void Validation()
{
X509Certificate2 cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.cer"));
Authenticator a = new Authenticator(
X509CertificateValidator.None);
PolicyCollection pl = a.ValidateToken(new X509SecurityToken(cert));
Assert.AreEqual(1, pl.Count, "#1");
IAuthorizationPolicy p = pl [0];
Assert.AreEqual(ClaimSet.System, p.Issuer, "#2");
TestEvaluationContext ec = new TestEvaluationContext();
object o = null;
Assert.IsTrue(p.Evaluate(ec, ref o), "#3");
// mhm, should this really be converted to UTC?
Assert.AreEqual(cert.NotAfter.ToUniversalTime(), ec.ExpirationTime, "#4");
IList <IIdentity> identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.IsNotNull(identities, "#5");
Assert.AreEqual(1, identities.Count, "#6");
IIdentity ident = identities [0];
Assert.AreEqual(true, ident.IsAuthenticated, "#6-2");
Assert.AreEqual("X509", ident.AuthenticationType, "#6-3");
//Assert.AreEqual (cert.SubjectName.Name + "; " + cert.Thumbprint, ident.Name, "#6-4");
Assert.AreEqual(1, ec.ClaimSets.Count, "#7");
Assert.IsTrue(p.Evaluate(ec, ref o), "#8");
identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.AreEqual(2, identities.Count, "#9");
Assert.AreEqual(2, ec.ClaimSets.Count, "#10");
}
public void Validation ()
{
X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.cer");
Authenticator a = new Authenticator (
X509CertificateValidator.None);
PolicyCollection pl = a.ValidateToken (new X509SecurityToken (cert));
Assert.AreEqual (1, pl.Count, "#1");
IAuthorizationPolicy p = pl [0];
Assert.AreEqual (ClaimSet.System, p.Issuer, "#2");
TestEvaluationContext ec = new TestEvaluationContext ();
object o = null;
Assert.IsTrue (p.Evaluate (ec, ref o), "#3");
// mhm, should this really be converted to UTC?
Assert.AreEqual (cert.NotAfter.ToUniversalTime (), ec.ExpirationTime, "#4");
IList<IIdentity> identities = ec.Properties ["Identities"] as IList<IIdentity>;
Assert.IsNotNull (identities, "#5");
Assert.AreEqual (1, identities.Count, "#6");
IIdentity ident = identities [0];
Assert.AreEqual (true, ident.IsAuthenticated, "#6-2");
Assert.AreEqual ("X509", ident.AuthenticationType, "#6-3");
//Assert.AreEqual (cert.SubjectName.Name + "; " + cert.Thumbprint, ident.Name, "#6-4");
Assert.AreEqual (1, ec.ClaimSets.Count, "#7");
Assert.IsTrue (p.Evaluate (ec, ref o), "#8");
identities = ec.Properties ["Identities"] as IList<IIdentity>;
Assert.AreEqual (2, identities.Count, "#9");
Assert.AreEqual (2, ec.ClaimSets.Count, "#10");
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
}
outOfBandTokenResolver = null;
SecurityTokenAuthenticator result = null;
InitiatorServiceModelSecurityTokenRequirement initiatorRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement;
if (initiatorRequirement != null)
{
string tokenType = initiatorRequirement.TokenType;
if (IsIssuedSecurityTokenRequirement(initiatorRequirement))
{
throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenAuthenticator : GenericXmlSecurityTokenAuthenticator");
}
else if (tokenType == SecurityTokenTypes.X509Certificate)
{
if (initiatorRequirement.IsOutOfBandToken)
{
// when the client side soap security asks for a token authenticator, its for doing
// identity checks on the out of band server certificate
result = new X509SecurityTokenAuthenticator(X509CertificateValidator.None);
}
else if (initiatorRequirement.PreferSslCertificateAuthenticator)
{
result = CreateServerSslX509TokenAuthenticator();
}
else
{
result = CreateServerX509TokenAuthenticator();
}
}
else if (tokenType == SecurityTokenTypes.Rsa)
{
throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenAuthenticator : SecurityTokenTypes.Rsa");
}
else if (tokenType == SecurityTokenTypes.Kerberos)
{
throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenAuthenticator : SecurityTokenTypes.Kerberos");
}
else if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation
|| tokenType == ServiceModelSecurityTokenTypes.MutualSslnego
|| tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego
|| tokenType == ServiceModelSecurityTokenTypes.Spnego)
{
throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenAuthenticator : GenericXmlSecurityTokenAuthenticator");
}
}
else if ((tokenRequirement is RecipientServiceModelSecurityTokenRequirement) && tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate)
{
// uncorrelated duplex case
result = CreateServerX509TokenAuthenticator();
}
if (result == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.SecurityTokenManagerCannotCreateAuthenticatorForRequirement, tokenRequirement)));
}
return result;
}
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
if (tokenRequirement == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement");
}
outOfBandTokenResolver = null;
SecurityTokenAuthenticator authenticator = null;
InitiatorServiceModelSecurityTokenRequirement requirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement;
if (requirement != null)
{
string tokenType = requirement.TokenType;
if (this.IsIssuedSecurityTokenRequirement(requirement))
{
return new GenericXmlSecurityTokenAuthenticator();
}
if (tokenType == SecurityTokenTypes.X509Certificate)
{
if (requirement.IsOutOfBandToken)
{
authenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None);
}
else
{
authenticator = this.CreateServerX509TokenAuthenticator();
}
}
else if (tokenType == SecurityTokenTypes.Rsa)
{
authenticator = new RsaSecurityTokenAuthenticator();
}
else if (tokenType == SecurityTokenTypes.Kerberos)
{
authenticator = new KerberosRequestorSecurityTokenAuthenticator();
}
else if (((tokenType == ServiceModelSecurityTokenTypes.SecureConversation) || (tokenType == ServiceModelSecurityTokenTypes.MutualSslnego)) || ((tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) || (tokenType == ServiceModelSecurityTokenTypes.Spnego)))
{
authenticator = new GenericXmlSecurityTokenAuthenticator();
}
}
else if ((tokenRequirement is RecipientServiceModelSecurityTokenRequirement) && (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate))
{
authenticator = this.CreateServerX509TokenAuthenticator();
}
if (authenticator == null)
{
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateAuthenticatorForRequirement", new object[] { tokenRequirement })));
}
return authenticator;
}