public void Validation() { X509Certificate2 cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.cer")); Authenticator a = new Authenticator( X509CertificateValidator.None); PolicyCollection pl = a.ValidateToken(new X509SecurityToken(cert)); Assert.AreEqual(1, pl.Count, "#1"); IAuthorizationPolicy p = pl [0]; Assert.AreEqual(ClaimSet.System, p.Issuer, "#2"); TestEvaluationContext ec = new TestEvaluationContext(); object o = null; Assert.IsTrue(p.Evaluate(ec, ref o), "#3"); // mhm, should this really be converted to UTC? Assert.AreEqual(cert.NotAfter.ToUniversalTime(), ec.ExpirationTime, "#4"); IList <IIdentity> identities = ec.Properties ["Identities"] as IList <IIdentity>; Assert.IsNotNull(identities, "#5"); Assert.AreEqual(1, identities.Count, "#6"); IIdentity ident = identities [0]; Assert.AreEqual(true, ident.IsAuthenticated, "#6-2"); Assert.AreEqual("X509", ident.AuthenticationType, "#6-3"); //Assert.AreEqual (cert.SubjectName.Name + "; " + cert.Thumbprint, ident.Name, "#6-4"); Assert.AreEqual(1, ec.ClaimSets.Count, "#7"); Assert.IsTrue(p.Evaluate(ec, ref o), "#8"); identities = ec.Properties ["Identities"] as IList <IIdentity>; Assert.AreEqual(2, identities.Count, "#9"); Assert.AreEqual(2, ec.ClaimSets.Count, "#10"); }
public void Validation () { X509Certificate2 cert = new X509Certificate2 ("Test/Resources/test.cer"); Authenticator a = new Authenticator ( X509CertificateValidator.None); PolicyCollection pl = a.ValidateToken (new X509SecurityToken (cert)); Assert.AreEqual (1, pl.Count, "#1"); IAuthorizationPolicy p = pl [0]; Assert.AreEqual (ClaimSet.System, p.Issuer, "#2"); TestEvaluationContext ec = new TestEvaluationContext (); object o = null; Assert.IsTrue (p.Evaluate (ec, ref o), "#3"); // mhm, should this really be converted to UTC? Assert.AreEqual (cert.NotAfter.ToUniversalTime (), ec.ExpirationTime, "#4"); IList<IIdentity> identities = ec.Properties ["Identities"] as IList<IIdentity>; Assert.IsNotNull (identities, "#5"); Assert.AreEqual (1, identities.Count, "#6"); IIdentity ident = identities [0]; Assert.AreEqual (true, ident.IsAuthenticated, "#6-2"); Assert.AreEqual ("X509", ident.AuthenticationType, "#6-3"); //Assert.AreEqual (cert.SubjectName.Name + "; " + cert.Thumbprint, ident.Name, "#6-4"); Assert.AreEqual (1, ec.ClaimSets.Count, "#7"); Assert.IsTrue (p.Evaluate (ec, ref o), "#8"); identities = ec.Properties ["Identities"] as IList<IIdentity>; Assert.AreEqual (2, identities.Count, "#9"); Assert.AreEqual (2, ec.ClaimSets.Count, "#10"); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } outOfBandTokenResolver = null; SecurityTokenAuthenticator result = null; InitiatorServiceModelSecurityTokenRequirement initiatorRequirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement; if (initiatorRequirement != null) { string tokenType = initiatorRequirement.TokenType; if (IsIssuedSecurityTokenRequirement(initiatorRequirement)) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenAuthenticator : GenericXmlSecurityTokenAuthenticator"); } else if (tokenType == SecurityTokenTypes.X509Certificate) { if (initiatorRequirement.IsOutOfBandToken) { // when the client side soap security asks for a token authenticator, its for doing // identity checks on the out of band server certificate result = new X509SecurityTokenAuthenticator(X509CertificateValidator.None); } else if (initiatorRequirement.PreferSslCertificateAuthenticator) { result = CreateServerSslX509TokenAuthenticator(); } else { result = CreateServerX509TokenAuthenticator(); } } else if (tokenType == SecurityTokenTypes.Rsa) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenAuthenticator : SecurityTokenTypes.Rsa"); } else if (tokenType == SecurityTokenTypes.Kerberos) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenAuthenticator : SecurityTokenTypes.Kerberos"); } else if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation || tokenType == ServiceModelSecurityTokenTypes.MutualSslnego || tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego || tokenType == ServiceModelSecurityTokenTypes.Spnego) { throw ExceptionHelper.PlatformNotSupported("CreateSecurityTokenAuthenticator : GenericXmlSecurityTokenAuthenticator"); } } else if ((tokenRequirement is RecipientServiceModelSecurityTokenRequirement) && tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate) { // uncorrelated duplex case result = CreateServerX509TokenAuthenticator(); } if (result == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.SecurityTokenManagerCannotCreateAuthenticatorForRequirement, tokenRequirement))); } return result; }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } outOfBandTokenResolver = null; SecurityTokenAuthenticator authenticator = null; InitiatorServiceModelSecurityTokenRequirement requirement = tokenRequirement as InitiatorServiceModelSecurityTokenRequirement; if (requirement != null) { string tokenType = requirement.TokenType; if (this.IsIssuedSecurityTokenRequirement(requirement)) { return new GenericXmlSecurityTokenAuthenticator(); } if (tokenType == SecurityTokenTypes.X509Certificate) { if (requirement.IsOutOfBandToken) { authenticator = new X509SecurityTokenAuthenticator(X509CertificateValidator.None); } else { authenticator = this.CreateServerX509TokenAuthenticator(); } } else if (tokenType == SecurityTokenTypes.Rsa) { authenticator = new RsaSecurityTokenAuthenticator(); } else if (tokenType == SecurityTokenTypes.Kerberos) { authenticator = new KerberosRequestorSecurityTokenAuthenticator(); } else if (((tokenType == ServiceModelSecurityTokenTypes.SecureConversation) || (tokenType == ServiceModelSecurityTokenTypes.MutualSslnego)) || ((tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego) || (tokenType == ServiceModelSecurityTokenTypes.Spnego))) { authenticator = new GenericXmlSecurityTokenAuthenticator(); } } else if ((tokenRequirement is RecipientServiceModelSecurityTokenRequirement) && (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate)) { authenticator = this.CreateServerX509TokenAuthenticator(); } if (authenticator == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(System.ServiceModel.SR.GetString("SecurityTokenManagerCannotCreateAuthenticatorForRequirement", new object[] { tokenRequirement }))); } return authenticator; }