public void ReadWriteTokenDerivedKeyTokenRefToExistent ()
{
WSSecurityTokenSerializer serializer =
new WSSecurityTokenSerializer (true); // emitBSP
SecurityToken token;
using (XmlReader xr = XmlReader.Create (new StringReader (derived_key_token1))) {
token = serializer.ReadToken (xr,
GetResolver (
new WrappedKeySecurityToken ("uuid:urn:abc", new byte [32], SecurityAlgorithms.RsaOaepKeyWrap, new X509SecurityToken (cert), null)
));
}
StringWriter sw = new StringWriter ();
using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) {
serializer.WriteToken (w, token);
}
Assert.AreEqual (derived_key_token1.Replace ('\'', '"').Replace (" ", "").Replace ("\n", "").Replace ("\r", ""), sw.ToString ());
}
[Category ("NotWorking")] // SslNegoCookieResolver needs updates and/or fixes.
public void ReadSslnegoSCTNoStateEncoder ()
{
string cookie = "QgBCAoNCBpkrdXVpZC03MDlhYjYwOC0yMDA0LTQ0ZDUtYjM5Mi1mM2M1YmY3YzY3ZmItMUIErZ3da7enifVFg+e0dObwRLNCCJ4egLowfrwP4Hgn0lOSqlA2fr0k4NAKgRZX+0BVs2EOnwJ6xkIOjzCAEnLHQMkIQhCPMJC+QxtByQhCFI8wgBJyx0DJCEIWjzCQvkMbQckIAQ==";
string xml = String.Format (@"<c:SecurityContextToken u:Id='uuid-709ab608-2004-44d5-b392-f3c5bf7c67fb-1' xmlns:c='http://schemas.xmlsoap.org/ws/2005/02/sc' xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<c:Identifier>urn:uuid:b76bdd9d-89a7-45f5-83e7-b474e6f044b3</c:Identifier>
<dnse:Cookie xmlns:dnse='http://schemas.microsoft.com/ws/2006/05/security'>{0}</dnse:Cookie>
</c:SecurityContextToken>", cookie);
string expectedKey = "gLowfrwP4Hgn0lOSqlA2fr0k4NAKgRZX+0BVs2EOesY=";
WSSecurityTokenSerializer serializer =
new WSSecurityTokenSerializer (MessageSecurityVersion.Default.SecurityVersion,
false,
new SamlSerializer (),
new MyStateEncoder (),
null);
SecurityContextSecurityToken sct;
using (XmlReader xr = XmlReader.Create (new StringReader (xml))) {
// Token is not registered, but is restored from the cookie
sct = serializer.ReadToken (xr, null) as SecurityContextSecurityToken;
}
Assert.IsNotNull (sct, "#1");
Assert.AreEqual (new UniqueId ("urn:uuid:b76bdd9d-89a7-45f5-83e7-b474e6f044b3"), sct.ContextId, "#2");
Assert.IsNotNull (sct.AuthorizationPolicies.Count, "#3");
Assert.AreEqual (0, sct.AuthorizationPolicies.Count, "#4");
Assert.AreEqual (1, sct.SecurityKeys.Count, "#5");
Assert.AreEqual (expectedKey, Convert.ToBase64String (((SymmetricSecurityKey) sct.SecurityKeys [0]).GetSymmetricKey ()), "#6");
byte [] xmlbin = Convert.FromBase64String (cookie);
XmlDictionary dic = new XmlDictionary ();
for (int i = 0; i < 12; i++)
dic.Add ("n" + i);
XmlDictionaryReader br = XmlDictionaryReader.CreateBinaryReader (xmlbin, 0, xmlbin.Length, dic, new XmlDictionaryReaderQuotas ());
while (br.LocalName != "n4")
if (!br.Read ())
Assert.Fail ("Unxpected binary xmlreader failure.");
byte [] key = br.ReadElementContentAsBase64 ();
// Hmm, so, looks like the Cookie binary depends not
// on SSL protection but on the state encoder ...
// does it make sense, or is a different key resolved
// as a result of TLS negotiation?
Assert.AreEqual (expectedKey, Convert.ToBase64String (key), "#7");
}
public Microsoft.ResourceManagement.WebServices.Client.ContextualSecurityToken GetContextTokenFromResponse(ContextMessageProperty context)
{
Microsoft.ResourceManagement.WebServices.Client.ContextualSecurityToken returnToken = null;
if (RequestedSecurityToken != null)
{
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.Load(new XmlNodeReader(RequestedSecurityToken));
XmlNamespaceManager nsManager = new XmlNamespaceManager(xmlDoc.NameTable);
nsManager.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion");
DateTime effectiveTime = DateTime.Parse(
RequestedSecurityToken.SelectSingleNode(
"saml:Conditions/@NotBefore",
nsManager
).Value);
DateTime expirationTime = DateTime.Parse(
RequestedSecurityToken.SelectSingleNode(
"saml:Conditions/@NotOnOrAfter",
nsManager
).Value);
WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer();
SecurityToken requestedProofToken =
serializer.ReadToken(
new XmlNodeReader(this.RequestedProofToken),
new SecurityContextSecurityTokenResolver(Int32.MaxValue, false));
SecurityKeyIdentifierClause requestedUnattachedReference =
serializer.ReadKeyIdentifierClause(new XmlNodeReader(RequestedUnattachedReference));
SecurityKeyIdentifierClause requestedAttachedReference =
serializer.ReadKeyIdentifierClause(new XmlNodeReader(RequestedAttachedReference));
returnToken = new ContextualSecurityToken(
new GenericXmlSecurityToken(
RequestedSecurityToken,
requestedProofToken,
effectiveTime,
expirationTime,
requestedUnattachedReference,
requestedAttachedReference,
new ReadOnlyCollection<IAuthorizationPolicy>(new List<IAuthorizationPolicy>())
), context);
}
return returnToken;
}
