public void ReadWriteTokenDerivedKeyTokenRefToExistent () { WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer (true); // emitBSP SecurityToken token; using (XmlReader xr = XmlReader.Create (new StringReader (derived_key_token1))) { token = serializer.ReadToken (xr, GetResolver ( new WrappedKeySecurityToken ("uuid:urn:abc", new byte [32], SecurityAlgorithms.RsaOaepKeyWrap, new X509SecurityToken (cert), null) )); } StringWriter sw = new StringWriter (); using (XmlWriter w = XmlWriter.Create (sw, GetWriterSettings ())) { serializer.WriteToken (w, token); } Assert.AreEqual (derived_key_token1.Replace ('\'', '"').Replace (" ", "").Replace ("\n", "").Replace ("\r", ""), sw.ToString ()); }
[Category ("NotWorking")] // SslNegoCookieResolver needs updates and/or fixes. public void ReadSslnegoSCTNoStateEncoder () { string cookie = "QgBCAoNCBpkrdXVpZC03MDlhYjYwOC0yMDA0LTQ0ZDUtYjM5Mi1mM2M1YmY3YzY3ZmItMUIErZ3da7enifVFg+e0dObwRLNCCJ4egLowfrwP4Hgn0lOSqlA2fr0k4NAKgRZX+0BVs2EOnwJ6xkIOjzCAEnLHQMkIQhCPMJC+QxtByQhCFI8wgBJyx0DJCEIWjzCQvkMbQckIAQ=="; string xml = String.Format (@"<c:SecurityContextToken u:Id='uuid-709ab608-2004-44d5-b392-f3c5bf7c67fb-1' xmlns:c='http://schemas.xmlsoap.org/ws/2005/02/sc' xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> <c:Identifier>urn:uuid:b76bdd9d-89a7-45f5-83e7-b474e6f044b3</c:Identifier> <dnse:Cookie xmlns:dnse='http://schemas.microsoft.com/ws/2006/05/security'>{0}</dnse:Cookie> </c:SecurityContextToken>", cookie); string expectedKey = "gLowfrwP4Hgn0lOSqlA2fr0k4NAKgRZX+0BVs2EOesY="; WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer (MessageSecurityVersion.Default.SecurityVersion, false, new SamlSerializer (), new MyStateEncoder (), null); SecurityContextSecurityToken sct; using (XmlReader xr = XmlReader.Create (new StringReader (xml))) { // Token is not registered, but is restored from the cookie sct = serializer.ReadToken (xr, null) as SecurityContextSecurityToken; } Assert.IsNotNull (sct, "#1"); Assert.AreEqual (new UniqueId ("urn:uuid:b76bdd9d-89a7-45f5-83e7-b474e6f044b3"), sct.ContextId, "#2"); Assert.IsNotNull (sct.AuthorizationPolicies.Count, "#3"); Assert.AreEqual (0, sct.AuthorizationPolicies.Count, "#4"); Assert.AreEqual (1, sct.SecurityKeys.Count, "#5"); Assert.AreEqual (expectedKey, Convert.ToBase64String (((SymmetricSecurityKey) sct.SecurityKeys [0]).GetSymmetricKey ()), "#6"); byte [] xmlbin = Convert.FromBase64String (cookie); XmlDictionary dic = new XmlDictionary (); for (int i = 0; i < 12; i++) dic.Add ("n" + i); XmlDictionaryReader br = XmlDictionaryReader.CreateBinaryReader (xmlbin, 0, xmlbin.Length, dic, new XmlDictionaryReaderQuotas ()); while (br.LocalName != "n4") if (!br.Read ()) Assert.Fail ("Unxpected binary xmlreader failure."); byte [] key = br.ReadElementContentAsBase64 (); // Hmm, so, looks like the Cookie binary depends not // on SSL protection but on the state encoder ... // does it make sense, or is a different key resolved // as a result of TLS negotiation? Assert.AreEqual (expectedKey, Convert.ToBase64String (key), "#7"); }
public Microsoft.ResourceManagement.WebServices.Client.ContextualSecurityToken GetContextTokenFromResponse(ContextMessageProperty context) { Microsoft.ResourceManagement.WebServices.Client.ContextualSecurityToken returnToken = null; if (RequestedSecurityToken != null) { XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(new XmlNodeReader(RequestedSecurityToken)); XmlNamespaceManager nsManager = new XmlNamespaceManager(xmlDoc.NameTable); nsManager.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); DateTime effectiveTime = DateTime.Parse( RequestedSecurityToken.SelectSingleNode( "saml:Conditions/@NotBefore", nsManager ).Value); DateTime expirationTime = DateTime.Parse( RequestedSecurityToken.SelectSingleNode( "saml:Conditions/@NotOnOrAfter", nsManager ).Value); WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer(); SecurityToken requestedProofToken = serializer.ReadToken( new XmlNodeReader(this.RequestedProofToken), new SecurityContextSecurityTokenResolver(Int32.MaxValue, false)); SecurityKeyIdentifierClause requestedUnattachedReference = serializer.ReadKeyIdentifierClause(new XmlNodeReader(RequestedUnattachedReference)); SecurityKeyIdentifierClause requestedAttachedReference = serializer.ReadKeyIdentifierClause(new XmlNodeReader(RequestedAttachedReference)); returnToken = new ContextualSecurityToken( new GenericXmlSecurityToken( RequestedSecurityToken, requestedProofToken, effectiveTime, expirationTime, requestedUnattachedReference, requestedAttachedReference, new ReadOnlyCollection<IAuthorizationPolicy>(new List<IAuthorizationPolicy>()) ), context); } return returnToken; }