Author: atsushi
Date: 2007-02-20 21:34:10 -0500 (Tue, 20 Feb 2007)
New Revision: 73230
Added:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security.Tokens/DerivedKeySecurityToken.cs
Modified:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/ChangeLog
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/SecureMessageDecryptor.cs
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/SecureMessageGenerator.cs
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/WSSecurityMessageHeader.cs
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security.Tokens/ChangeLog
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security/ChangeLog
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security/WSSecurityTokenSerializer.cs
trunk/olive/class/System.ServiceModel/System.ServiceModel.dll.sources
trunk/olive/class/System.ServiceModel/System.ServiceModel/ChangeLog
trunk/olive/class/System.ServiceModel/System.ServiceModel/Constants.cs
trunk/olive/class/System.ServiceModel/Test/System.ServiceModel.Security/ChangeLog
trunk/olive/class/System.ServiceModel/Test/System.ServiceModel.Security/WSSecurityTokenSerializerTest.cs
Log:
2007-02-21 Atsushi Enomoto <[EMAIL PROTECTED]>
* DerivedKeySecurityToken.cs : new internal class to represent
wssc:DerivedKeyToken.
* WSSecurityTokenSerializer.cs : read/write DerivedKeyToken.
Supply OwnerType for LocalId key when there is ValueType attribute.
* Constants.cs : added WssdDefaultLabel.
* WSSecurityMessageHeader.cs, SecureMessageDecryptor.cs,
SecureMessageDecryptor.cs :
Implemented increment token reading in o:Security, as
DerivedKeyToken could reference to existing wrapped key.
Removed WsscDerivedKeyToken and all relevant code.
* SecureMessageGenerator.cs : replaced WsscDerivedKeyToken with
DerivedKeySecurityToken.
* WSSecurityTokenSerializerTest.cs : fixed DerivedKeyToken reader
tests, and added more.
Modified: trunk/olive/class/System.ServiceModel/System.ServiceModel/ChangeLog
===================================================================
--- trunk/olive/class/System.ServiceModel/System.ServiceModel/ChangeLog
2007-02-21 01:41:09 UTC (rev 73229)
+++ trunk/olive/class/System.ServiceModel/System.ServiceModel/ChangeLog
2007-02-21 02:34:10 UTC (rev 73230)
@@ -1,3 +1,7 @@
+2007-02-21 Atsushi Enomoto <[EMAIL PROTECTED]>
+
+ * Constants.cs : added WssdDefaultLabel.
+
2007-02-14 Atsushi Enomoto <[EMAIL PROTECTED]>
* ServiceRuntimeChannel.cs : ... and largely implemented.
Modified: trunk/olive/class/System.ServiceModel/System.ServiceModel/Constants.cs
===================================================================
--- trunk/olive/class/System.ServiceModel/System.ServiceModel/Constants.cs
2007-02-21 01:41:09 UTC (rev 73229)
+++ trunk/olive/class/System.ServiceModel/System.ServiceModel/Constants.cs
2007-02-21 02:34:10 UTC (rev 73230)
@@ -82,5 +82,7 @@
public const string WstCancelReplyAction =
"http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Cancel";;
public const string WstValidateReplyAction =
"http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Validate";;
+
+ public const string WsscDefaultLabel =
"WS-SecureConversationWS-SecureConversation";
}
}
Modified:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/ChangeLog
===================================================================
---
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/ChangeLog
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/ChangeLog
2007-02-21 02:34:10 UTC (rev 73230)
@@ -1,3 +1,13 @@
+2007-02-21 Atsushi Enomoto <[EMAIL PROTECTED]>
+
+ * WSSecurityMessageHeader.cs, SecureMessageDecryptor.cs,
+ SecureMessageDecryptor.cs :
+ Implemented increment token reading in o:Security, as
+ DerivedKeyToken could reference to existing wrapped key.
+ Removed WsscDerivedKeyToken and all relevant code.
+ * SecureMessageGenerator.cs : replaced WsscDerivedKeyToken with
+ DerivedKeySecurityToken.
+
2007-02-16 Atsushi Enomoto <[EMAIL PROTECTED]>
* SecureMessageGenerator.cs : it was setting security tokens into
Modified:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/SecureMessageDecryptor.cs
===================================================================
---
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/SecureMessageDecryptor.cs
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/SecureMessageDecryptor.cs
2007-02-21 02:34:10 UTC (rev 73230)
@@ -221,7 +221,7 @@
header.Name == "Security") {
wss_header =
WSSecurityMessageHeader.Read (
srcmsg.Headers.GetReaderAtHeader (i),
- serializer, TokenResolver, doc,
nsmgr);
+ serializer, TokenResolver, doc,
nsmgr, tokens);
headers.Add (wss_header);
}
else
@@ -229,10 +229,6 @@
}
if (wss_header == null)
throw new InvalidOperationException ("In this
service contract, a WS-Security header is required in the Message, but was not
found.");
-
- foreach (object obj in wss_header.Contents)
- if (obj is SecurityToken)
- tokens.Add ((SecurityToken) obj);
}
void ExtractSecurity (XmlElement secElem)
Modified:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/SecureMessageGenerator.cs
===================================================================
---
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/SecureMessageGenerator.cs
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/SecureMessageGenerator.cs
2007-02-21 02:34:10 UTC (rev 73230)
@@ -322,10 +322,9 @@
Signature sig = null;
EncryptedData sigenc = null;
+ List<DerivedKeySecurityToken> derivedKeys =
+ new List<DerivedKeySecurityToken> ();
- List<WsscDerivedKeyToken> derivedKeys =
- new List<WsscDerivedKeyToken> ();
-
XmlElement body = doc.SelectSingleNode
("/s:Envelope/s:Body/*", nsmgr) as XmlElement;
string bodyId = null;
@@ -357,29 +356,11 @@
MessagePartSpecification sigSpec = SignaturePart;
MessagePartSpecification encSpec = EncryptionPart;
- WsscDerivedKeyToken derivedKey = null;
-
// encryption key (possibly also used for signing)
// FIXME: get correct SymmetricAlgorithm according to
the algorithm suite
if (secprop.EncryptionKey != null)
pkey.Key = secprop.EncryptionKey;
- // generate derived key if needed
- if (CounterParameters.RequireDerivedKeys) {
- // FIXME: it should replace pkey
- RijndaelManaged deriv = new RijndaelManaged ();
- deriv.KeySize =
suite.DefaultEncryptionKeyDerivationLength;
- deriv.Mode = CipherMode.CBC;
- deriv.Padding = PaddingMode.ISO10126;
- deriv.GenerateKey ();
- derivedKey = new WsscDerivedKeyToken ();
- derivedKey.Id = GenerateId (doc);
- derivedKey.Offset = 0;
- derivedKey.Nonce = deriv.Key;
- derivedKey.Length = derivedKey.Nonce.Length;
- derivedKeys.Add (derivedKey);
- }
-
string ekeyId = messageId + "-" + identForMessageId++;
ekey = new WrappedKeySecurityToken (ekeyId,
@@ -391,15 +372,33 @@
encToken,
encClause != null ? new SecurityKeyIdentifier
(encClause) : null);
- if (derivedKey != null)
- derivedKey.SecurityTokenReference =
- new LocalIdKeyIdentifierClause (ekeyId,
typeof (WrappedKeySecurityToken));
-
WrappedKeySecurityToken reqEncKey =
ShouldOutputEncryptedKey ? null :
RequestContext.RequestMessage.Properties.Security.ProtectionToken.SecurityToken
as WrappedKeySecurityToken;
ekeyClause = reqEncKey == null ?
(SecurityKeyIdentifierClause)
new LocalIdKeyIdentifierClause (ekeyId, typeof
(WrappedKeySecurityToken)) :
new InternalEncryptedKeyIdentifierClause
(sha1.ComputeHash (reqEncKey.GetWrappedKey ()));
+ // generate derived key if needed
+ if (CounterParameters.RequireDerivedKeys) {
+ // FIXME: it should replace pkey
+ RijndaelManaged deriv = new RijndaelManaged ();
+ deriv.KeySize =
suite.DefaultEncryptionKeyDerivationLength;
+ deriv.Mode = CipherMode.CBC;
+ deriv.Padding = PaddingMode.ISO10126;
+ deriv.GenerateKey ();
+ DerivedKeySecurityToken derivedKey = new
DerivedKeySecurityToken (
+ GenerateId (doc),
+ null, // algorithm
+ ekeyClause,
+ new InMemorySymmetricSecurityKey
(pkey.Key),
+ null, // name
+ null, // generation
+ null, // offset
+ deriv.Key.Length,
+ null, // label
+ deriv.Key);
+ derivedKeys.Add (derivedKey);
+ }
+
switch (protectionOrder) {
case MessageProtectionOrder.EncryptBeforeSign:
// FIXME: implement
@@ -524,7 +523,7 @@
if (ShouldOutputEncryptedKey)
header.Contents.Add (ekey);
- foreach (WsscDerivedKeyToken dk in derivedKeys)
+ foreach (DerivedKeySecurityToken dk in derivedKeys)
header.Contents.Add (dk);
// When we do not output EncryptedKey, output
ReferenceList here.
Modified:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/WSSecurityMessageHeader.cs
===================================================================
---
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/WSSecurityMessageHeader.cs
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/System.ServiceModel.Channels/WSSecurityMessageHeader.cs
2007-02-21 02:34:10 UTC (rev 73230)
@@ -45,7 +45,7 @@
{
internal class WSSecurityMessageHeader : MessageHeader
{
- public static WSSecurityMessageHeader Read (XmlDictionaryReader
reader, SecurityTokenSerializer serializer, SecurityTokenResolver resolver,
XmlDocument doc, XmlNamespaceManager nsmgr)
+ public static WSSecurityMessageHeader Read (XmlDictionaryReader
reader, SecurityTokenSerializer serializer, SecurityTokenResolver resolver,
XmlDocument doc, XmlNamespaceManager nsmgr, List<SecurityToken> tokens)
{
WSSecurityMessageHeader ret = new
WSSecurityMessageHeader (serializer);
@@ -65,14 +65,6 @@
continue;
}
break;
- case Constants.WsscNamespace:
- switch (reader.LocalName) {
- case "DerivedKeyToken":
- // FIXME: actually
DerivedKeyToken should be read via WSSecurityTokenSerializer, but o
- ret.Contents.Add
(ReadDerivedKeyToken (reader, doc, serializer));
- continue;
- }
- break;
//case Constants.WstNamespace:
case Constants.Wss11Namespace:
if (reader.LocalName ==
"SignatureConfirmation") {
@@ -127,8 +119,11 @@
// This order (Token->KeyIdentifierClause) is
// important because WrappedKey could be read
// in both context (but must be a token here).
- if (serializer.CanReadToken (reader))
- ret.Contents.Add (serializer.ReadToken
(reader, resolver));
+ if (serializer.CanReadToken (reader)) {
+ SecurityToken token =
serializer.ReadToken (reader, resolver);
+ tokens.Add (token);
+ ret.Contents.Add (token);
+ }
else if (serializer.CanReadKeyIdentifierClause
(reader))
ret.Contents.Add
(serializer.ReadKeyIdentifierClause (reader));
else
@@ -164,46 +159,6 @@
return new Wss11SignatureConfirmation (id, value);
}
- static WsscDerivedKeyToken ReadDerivedKeyToken (XmlReader
reader, XmlDocument doc, SecurityTokenSerializer serializer)
- {
- WsscDerivedKeyToken dkt = new WsscDerivedKeyToken ();
- dkt.Id = reader.GetAttribute ("Id",
Constants.WsuNamespace);
- dkt.Algorithm = reader.GetAttribute ("Algorithm",
String.Empty);
- reader.ReadStartElement ();
-
- for (reader.MoveToContent ();
- reader.NodeType != XmlNodeType.EndElement;
- reader.MoveToContent ()) {
- if (reader.NodeType != XmlNodeType.Element)
- throw new XmlException (String.Format
("Unexpected {0} node in DerivedKeyToken element.", reader.NodeType));
- switch (reader.NamespaceURI) {
- case Constants.WssNamespace:
- switch (reader.LocalName) {
- case "SecurityTokenReference":
- dkt.SecurityTokenReference =
serializer.ReadKeyIdentifierClause (reader);
- continue;
- }
- break;
- case Constants.WsscNamespace:
- switch (reader.LocalName) {
- case "Length":
- dkt.Length =
reader.ReadElementContentAsInt ();
- continue;
- case "Offset":
- dkt.Offset=
reader.ReadElementContentAsInt ();
- continue;
- case "Nonce":
- dkt.Nonce =
Convert.FromBase64String (reader.ReadElementContentAsString ());
- continue;
- }
- break;
- }
- throw new XmlException (String.Format
("Unexpected element in DerivedKeyToken element. Name is '{0}' and namespace
URI is '{1}'.", reader.Name, reader.NamespaceURI));
- }
- reader.ReadEndElement ();
- return dkt;
- }
-
static WsuTimestamp ReadTimestamp (XmlDictionaryReader reader)
{
WsuTimestamp ret = new WsuTimestamp ();
@@ -280,28 +235,6 @@
if (obj is WsuTimestamp) {
WsuTimestamp ts = (WsuTimestamp) obj;
ts.WriteTo (writer);
- } else if (obj is WsscDerivedKeyToken) {
- WsscDerivedKeyToken dk =
(WsscDerivedKeyToken) obj;
- writer.WriteStartElement ("c",
"DerivedKeyToken", Constants.WsscNamespace);
- if (dk.Id != null)
- writer.WriteAttributeString
("u", "Id", Constants.WsuNamespace, dk.Id);
- if (dk.Algorithm != null)
- writer.WriteAttributeString
("Algorithm", dk.Algorithm);
- serializer.WriteKeyIdentifierClause
(writer, dk.SecurityTokenReference);
- writer.WriteStartElement ("Offset",
Constants.WsscNamespace);
- writer.WriteValue (dk.Offset);
- writer.WriteEndElement ();
-
- writer.WriteStartElement ("Length",
Constants.WsscNamespace);
- writer.WriteValue (dk.Length);
- writer.WriteEndElement ();
-
- writer.WriteStartElement ("Nonce",
Constants.WsscNamespace);
- byte [] bytes = dk.Nonce;
- writer.WriteBase64 (bytes, 0,
bytes.Length);
- writer.WriteEndElement ();
-
- writer.WriteEndElement ();
} else if (obj is SecurityToken) {
serializer.WriteToken (writer,
(SecurityToken) obj);
} else if (obj is EncryptedKey) {
@@ -369,16 +302,6 @@
}
}
- internal class WsscDerivedKeyToken
- {
- public string Id;
- public string Algorithm;
- public SecurityKeyIdentifierClause SecurityTokenReference;
- public int Length;
- public int Offset;
- public byte [] Nonce;
- }
-
internal class SecurityTokenReferenceKeyInfo : KeyInfoClause
{
SecurityKeyIdentifierClause clause;
Modified:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security/ChangeLog
===================================================================
---
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security/ChangeLog
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security/ChangeLog
2007-02-21 02:34:10 UTC (rev 73230)
@@ -1,3 +1,8 @@
+2007-02-21 Atsushi Enomoto <[EMAIL PROTECTED]>
+
+ * WSSecurityTokenSerializer.cs : read/write DerivedKeyToken.
+ Supply OwnerType for LocalId key when there is ValueType attribute.
+
2007-02-20 Atsushi Enomoto <[EMAIL PROTECTED]>
* WSSecurityTokenSerializer.cs : handle X509 issue serial key
Modified:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security/WSSecurityTokenSerializer.cs
===================================================================
---
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security/WSSecurityTokenSerializer.cs
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security/WSSecurityTokenSerializer.cs
2007-02-21 02:34:10 UTC (rev 73230)
@@ -32,6 +32,7 @@
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.ServiceModel.Security.Tokens;
+using System.Text;
using System.Xml;
namespace System.ServiceModel.Security
@@ -216,6 +217,10 @@
return true;
}
break;
+ case Constants.WsscNamespace:
+ if (reader.LocalName == "DerivedKeyToken")
+ return true;
+ break;
case EncryptedXml.XmlEncNamespaceUrl:
switch (reader.LocalName) {
case "EncryptedKey":
@@ -281,10 +286,17 @@
switch (reader.LocalName) {
case "Reference":
+ Type ownerType = null;
+ if (reader.MoveToAttribute ("ValueType")) {
+ if (reader.Value !=
Constants.WSSEncryptedKeyToken)
+ throw new XmlException
("Unexpected ValueType in 'Reference' element");
+ ownerType = typeof
(WrappedKeySecurityToken);
+ }
+ reader.MoveToElement ();
string uri = reader.GetAttribute ("URI");
if (uri == null)
uri = "#";
- LocalIdKeyIdentifierClause local = new
LocalIdKeyIdentifierClause (uri.Substring (1));
+ LocalIdKeyIdentifierClause local = new
LocalIdKeyIdentifierClause (uri.Substring (1), ownerType);
reader.Skip ();
reader.MoveToContent ();
reader.ReadEndElement ();
@@ -378,6 +390,10 @@
return ReadUserNameTokenCore (reader,
tokenResolver);
}
break;
+ case Constants.WsscNamespace:
+ if (reader.LocalName == "DerivedKeyToken")
+ return ReadDerivedKeyToken (reader,
tokenResolver);
+ break;
case EncryptedXml.XmlEncNamespaceUrl:
switch (reader.LocalName) {
case "EncryptedKey":
@@ -389,6 +405,77 @@
throw new NotImplementedException ();
}
+ DerivedKeySecurityToken ReadDerivedKeyToken (
+ XmlReader reader, SecurityTokenResolver tokenResolver)
+ {
+ try {
+ return ReadDerivedKeyTokenCore (reader,
tokenResolver);
+ } catch (XmlException) {
+ throw;
+ } catch (Exception ex) {
+ throw new XmlException ("Cannot read
DerivedKeyToken", ex);
+ }
+ }
+
+ DerivedKeySecurityToken ReadDerivedKeyTokenCore (
+ XmlReader reader, SecurityTokenResolver tokenResolver)
+ {
+ if (tokenResolver == null)
+ throw new ArgumentNullException
("tokenResolver");
+ string id = reader.GetAttribute ("Id",
Constants.WsuNamespace);
+ string algorithm = reader.MoveToAttribute ("Algorithm")
? reader.Value : null;
+ reader.MoveToElement ();
+ reader.ReadStartElement ();
+ reader.MoveToContent ();
+ SecurityKeyIdentifierClause kic =
ReadKeyIdentifierClause (reader);
+ int? generation = null, offset = null, length = null;
+ byte [] nonce = null;
+ string name = null, label = null;
+ for (reader.MoveToContent ();
+ reader.NodeType != XmlNodeType.EndElement;
+ reader.MoveToContent ())
+ switch (reader.LocalName) {
+ case "Properties":
+ reader.ReadStartElement ("Properties",
Constants.WsscNamespace);
+ for (reader.MoveToContent ();
+ reader.NodeType !=
XmlNodeType.EndElement;
+ reader.MoveToContent ())
+ switch (reader.LocalName) {
+ case "Name":
+ name =
reader.ReadElementContentAsString ("Name", Constants.WsscNamespace);
+ break;
+ case "Label":
+ label =
reader.ReadElementContentAsString ("Label", Constants.WsscNamespace);
+ break;
+ case "Nonce":
+ nonce =
Convert.FromBase64String (reader.ReadElementContentAsString ("Nonce",
Constants.WsscNamespace));
+ break;
+ }
+ reader.ReadEndElement ();
+ break;
+ case "Offset":
+ offset = reader.ReadElementContentAsInt
("Offset", Constants.WsscNamespace);
+ break;
+ case "Length":
+ length = reader.ReadElementContentAsInt
("Length", Constants.WsscNamespace);
+ break;
+ case "Nonce":
+ nonce = Convert.FromBase64String
(reader.ReadElementContentAsString ("Nonce", Constants.WsscNamespace));
+ break;
+ case "Label":
+ label =
reader.ReadElementContentAsString ("Label", Constants.WsscNamespace);
+ break;
+ }
+ reader.ReadEndElement ();
+
+ // resolve key reference
+ SymmetricSecurityKey key =
tokenResolver.ResolveSecurityKey (kic) as SymmetricSecurityKey;
+ if (key == null)
+ throw new XmlException ("Cannot resolve the
security key referenced by the DerivedKeyToken as a symmetric key");
+
+ return new DerivedKeySecurityToken (id, algorithm, kic,
key, name, generation, offset, length, label, nonce);
+ }
+
WrappedKeySecurityToken ReadWrappedKeySecurityTokenCore (
XmlReader reader, SecurityTokenResolver tokenResolver)
{
@@ -632,6 +719,8 @@
throw new NotImplementedException
("WriteTokenCore() is not implemented for " + token);
else if (token is WrappedKeySecurityToken)
WriteWrappedKeySecurityToken (writer,
(WrappedKeySecurityToken) token);
+ else if (token is DerivedKeySecurityToken)
+ WriteDerivedKeySecurityToken (writer,
(DerivedKeySecurityToken) token);
else if (token is SecurityContextSecurityToken)
throw new NotImplementedException
("WriteTokenCore() is not implemented for " + token);
else if (token is SspiSecurityToken)
@@ -674,6 +763,27 @@
w.WriteEndElement ();
}
+ void WriteDerivedKeySecurityToken (XmlWriter w,
DerivedKeySecurityToken token)
+ {
+ string ns = Constants.WsscNamespace;
+ w.WriteStartElement ("c", "DerivedKeyToken", ns);
+ w.WriteAttributeString ("u", "Id",
Constants.WsuNamespace, token.Id);
+ WriteKeyIdentifierClause (w, token.TokenReference);
+ if (token.Name != null) {
+ w.WriteStartElement ("Properties", ns);
+ w.WriteElementString ("Name", ns, token.Name);
+ w.WriteEndElement ();
+ }
+ if (token.Offset != null)
+ w.WriteElementString ("Offset", ns,
Convert.ToString (token.Offset));
+ if (token.Length != null)
+ w.WriteElementString ("Length", ns,
Convert.ToString (token.Length));
+ if (token.Label != null)
+ w.WriteElementString ("Label", ns, token.Label);
+ w.WriteElementString ("Nonce", ns,
Convert.ToBase64String (token.Nonce));
+ w.WriteEndElement ();
+ }
+
void WriteWrappedKeySecurityToken (XmlWriter w,
WrappedKeySecurityToken token)
{
string encNS = EncryptedXml.XmlEncNamespaceUrl;
Modified:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security.Tokens/ChangeLog
===================================================================
---
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security.Tokens/ChangeLog
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security.Tokens/ChangeLog
2007-02-21 02:34:10 UTC (rev 73230)
@@ -1,3 +1,8 @@
+2007-02-21 Atsushi Enomoto <[EMAIL PROTECTED]>
+
+ * DerivedKeySecurityToken.cs : new internal class to represent
+ wssc:DerivedKeyToken.
+
2007-02-16 Atsushi Enomoto <[EMAIL PROTECTED]>
* WrappedKeySecurityToken.cs : reverted previous change. Key hash
Added:
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security.Tokens/DerivedKeySecurityToken.cs
===================================================================
---
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security.Tokens/DerivedKeySecurityToken.cs
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/System.ServiceModel.Security.Tokens/DerivedKeySecurityToken.cs
2007-02-21 02:34:10 UTC (rev 73230)
@@ -0,0 +1,115 @@
+using System;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.ServiceModel;
+using System.ServiceModel.Security;
+using System.Text;
+
+namespace System.ServiceModel.Security.Tokens
+{
+ internal class DerivedKeySecurityToken : SecurityToken
+ {
+ string algorithm;
+ SecurityKeyIdentifierClause reference;
+ SecurityToken resolved_token; // store resolved one.
+ int? generation, offset, length;
+ // properties
+ string id, name, label;
+ byte [] nonce;
+ ReadOnlyCollection<SecurityKey> keys;
+
+ public DerivedKeySecurityToken (string id, string algorithm,
+ SecurityKeyIdentifierClause reference,
+ SymmetricSecurityKey referencedKey,
+ string name,
+ int? generation,
+ int? offset,
+ int? length,
+ string label,
+ byte [] nonce)
+ {
+ algorithm = algorithm ??
SecurityAlgorithms.Psha1KeyDerivation;
+
+ this.id = id;
+ this.algorithm = algorithm;
+ this.reference = reference;
+ this.generation = generation;
+ this.offset = offset;
+ this.length = length;
+ this.nonce = nonce;
+ this.name = name;
+ this.label = label;
+
+ SecurityKey key = new InMemorySymmetricSecurityKey (
+ referencedKey.GenerateDerivedKey (
+ algorithm,
+ Encoding.UTF8.GetBytes (label ??
Constants.WsscDefaultLabel),
+ nonce,
+ (length ?? 32) * 8,
+ offset ?? 0));
+ keys = new ReadOnlyCollection<SecurityKey> (
+ new SecurityKey [] {key});
+ }
+
+ public override string Id {
+ get { return id; }
+ }
+
+ public override ReadOnlyCollection<SecurityKey> SecurityKeys {
+ get { return keys; }
+ }
+
+ public override DateTime ValidFrom {
+ get { return resolved_token.ValidFrom; }
+ }
+
+ public override DateTime ValidTo {
+ get { return resolved_token.ValidTo; }
+ }
+
+ public SecurityKeyIdentifierClause TokenReference {
+ get { return reference; }
+ }
+
+ public int? Generation {
+ get { return generation; }
+ }
+
+ public int? Length {
+ get { return length; }
+ }
+
+ public int? Offset {
+ get { return offset; }
+ }
+
+ public string Label {
+ get { return label; }
+ }
+
+ public byte [] Nonce {
+ get { return nonce; }
+ }
+
+ public string Name {
+ get { return name; }
+ }
+
+ public override bool MatchesKeyIdentifierClause (
+ SecurityKeyIdentifierClause keyIdentifierClause)
+ {
+ LocalIdKeyIdentifierClause l = keyIdentifierClause
+ as LocalIdKeyIdentifierClause;
+ return l != null && l.LocalId == Id;
+ }
+
+ public override SecurityKey ResolveKeyIdentifierClause (
+ SecurityKeyIdentifierClause keyIdentifierClause)
+ {
+ LocalIdKeyIdentifierClause l = keyIdentifierClause
+ as LocalIdKeyIdentifierClause;
+ return keys [0];
+ }
+ }
+}
Modified: trunk/olive/class/System.ServiceModel/System.ServiceModel.dll.sources
===================================================================
--- trunk/olive/class/System.ServiceModel/System.ServiceModel.dll.sources
2007-02-21 01:41:09 UTC (rev 73229)
+++ trunk/olive/class/System.ServiceModel/System.ServiceModel.dll.sources
2007-02-21 02:34:10 UTC (rev 73230)
@@ -535,6 +535,7 @@
System.ServiceModel.Security.Tokens/BinarySecretSecurityToken.cs
System.ServiceModel.Security.Tokens/ClaimTypeRequirement.cs
System.ServiceModel.Security.Tokens/CommunicationSecurityTokenProvider.cs
+System.ServiceModel.Security.Tokens/DerivedKeySecurityToken.cs
System.ServiceModel.Security.Tokens/IIssuanceSecurityTokenAuthenticator.cs
System.ServiceModel.Security.Tokens/ISecurityContextSecurityTokenCache.cs
System.ServiceModel.Security.Tokens/InitiatorServiceModelSecurityTokenRequirement.cs
Modified:
trunk/olive/class/System.ServiceModel/Test/System.ServiceModel.Security/ChangeLog
===================================================================
---
trunk/olive/class/System.ServiceModel/Test/System.ServiceModel.Security/ChangeLog
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/Test/System.ServiceModel.Security/ChangeLog
2007-02-21 02:34:10 UTC (rev 73230)
@@ -1,3 +1,8 @@
+2007-02-21 Atsushi Enomoto <[EMAIL PROTECTED]>
+
+ * WSSecurityTokenSerializerTest.cs : fixed DerivedKeyToken reader
+ tests, and added more.
+
2007-02-16 Atsushi Enomoto <[EMAIL PROTECTED]>
* WSSecurityTokenSerializerTest.cs : more WrappedKeySecurityToken.
Modified:
trunk/olive/class/System.ServiceModel/Test/System.ServiceModel.Security/WSSecurityTokenSerializerTest.cs
===================================================================
---
trunk/olive/class/System.ServiceModel/Test/System.ServiceModel.Security/WSSecurityTokenSerializerTest.cs
2007-02-21 01:41:09 UTC (rev 73229)
+++
trunk/olive/class/System.ServiceModel/Test/System.ServiceModel.Security/WSSecurityTokenSerializerTest.cs
2007-02-21 02:34:10 UTC (rev 73230)
@@ -51,17 +51,24 @@
static X509Certificate2 cert = new X509Certificate2
("Test/Resources/test.pfx", "mono");
- const string derived_key_token1 = @"<c:DerivedKeyToken
xmlns:c='http://schemas.xmlsoap.org/ws/2005/02/sc'>
- <o:SecurityTokenReference
xmlns:o='http://docs.oasis-open.org/wss/2004/0
-1/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
- <o:Reference
ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-
-message-security-1.1#EncryptedKey' URI='#uuid:urn:abc' />
+ const string derived_key_token1 = @"<c:DerivedKeyToken
u:Id='_1'
xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:c='http://schemas.xmlsoap.org/ws/2005/02/sc'>
+ <o:SecurityTokenReference
xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
+ <o:Reference
ValueType='http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey'
URI='#uuid:urn:abc' />
</o:SecurityTokenReference>
<c:Offset>0</c:Offset>
<c:Length>24</c:Length>
<c:Nonce>BIUeTKeOhR5HeE646ZyA+w==</c:Nonce>
</c:DerivedKeyToken>";
+ const string derived_key_token2 = @"<c:DerivedKeyToken
u:Id='_1'
xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:c='http://schemas.xmlsoap.org/ws/2005/02/sc'>
+ <o:SecurityTokenReference
xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
+ <o:Reference ValueType='urn:my-own-way' URI='#uuid:urn:abc' />
+ </o:SecurityTokenReference>
+ <c:Offset>0</c:Offset>
+ <c:Length>24</c:Length>
+ <c:Nonce>BIUeTKeOhR5HeE646ZyA+w==</c:Nonce>
+ </c:DerivedKeyToken>";
+
const string wrapped_key1 = @"<e:EncryptedKey Id='_0'
xmlns:e='http://www.w3.org/2001/04/xmlenc#'>
<e:EncryptionMethod
Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'>
<DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'
xmlns='http://www.w3.org/2000/09/xmldsig#'></DigestMethod>
@@ -585,7 +592,6 @@
[Test]
[ExpectedException (typeof (XmlException))] // tokenResolver is
null
- [Category ("NotWorking")]
public void ReadTokenDerivedKeyTokenNullResolver ()
{
WSSecurityTokenSerializer serializer =
@@ -597,7 +603,6 @@
[Test]
[ExpectedException (typeof (XmlException))] // DerivedKeyToken
requires a reference to an existent token.
- [Category ("NotWorking")]
public void ReadTokenDerivedKeyTokenRefToNonExistent ()
{
WSSecurityTokenSerializer serializer =
@@ -608,19 +613,55 @@
}
[Test]
- [Ignore ("still fails")]
- public void ReadTokenDerivedKeyTokenRefToExistent ()
+ public void ReadWriteTokenDerivedKeyTokenRefToExistent ()
{
WSSecurityTokenSerializer serializer =
+ new WSSecurityTokenSerializer (true); // emitBSP
+ SecurityToken token;
+ using (XmlReader xr = XmlReader.Create (new
StringReader (derived_key_token1))) {
+ token = serializer.ReadToken (xr,
+ GetResolver (
+ new WrappedKeySecurityToken
("uuid:urn:abc", new byte [32], SecurityAlgorithms.RsaOaepKeyWrap, new
X509SecurityToken (cert), null)
+ ));
+ }
+ StringWriter sw = new StringWriter ();
+ using (XmlWriter w = XmlWriter.Create (sw,
GetWriterSettings ())) {
+ serializer.WriteToken (w, token);
+ }
+ Assert.AreEqual (derived_key_token1.Replace ('\'',
'"').Replace (" ", "").Replace ("\n", ""), sw.ToString ());
+ }
+
+ [Test]
+ [ExpectedException (typeof (XmlException))] // not sure how
this exception type makes sense.
+ public void ReadTokenDerivedKeyTokenRefToExistent2 ()
+ {
+ WSSecurityTokenSerializer serializer =
WSSecurityTokenSerializer.DefaultInstance;
using (XmlReader xr = XmlReader.Create (new
StringReader (derived_key_token1))) {
- SecurityToken token = serializer.ReadToken (xr,
+ // different token value type to be resolved
+ // than what is explicitly specified in
+ // <o:Reference>.
+ serializer.ReadToken (xr,
GetResolver (new X509SecurityToken
(cert, "uuid:urn:abc")));
- Assert.IsTrue (token is
SecurityContextSecurityToken, "#1");
}
}
[Test]
+ [ExpectedException (typeof (XmlException))] // not sure how
this exception type makes sense.
+ public void ReadTokenDerivedKeyTokenRefUnsupported ()
+ {
+ WSSecurityTokenSerializer serializer =
+ WSSecurityTokenSerializer.DefaultInstance;
+ using (XmlReader xr = XmlReader.Create (new
StringReader (derived_key_token2))) {
+ // different token value type to be resolved
+ // than what is explicitly specified in
+ // <o:Reference>.
+ serializer.ReadToken (xr,
+ GetResolver (new X509SecurityToken
(cert, "uuid:urn:abc")));
+ }
+ }
+
+ [Test]
[Category ("NotWorking")]
public void ReadSecurityContextSecurityTokenNoRegisteredToken ()
{
_______________________________________________
Mono-patches maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-patches
