Implement UserNameIdentityToken encryption
Description
Implement UserNameIdentityToken encryption:
- Server: decrypt password in UserNameIdentityToken if user token security policy != None or user token security policy is undefined and secure channel policy != None
- Client: encrypt password in UserNameIdentityToken if user token security policy != None or user token security policy is undefined and secure channel policy != None
Analysis
- Server:
- do not provide service for SecureChannel security policy None (no certificate)
- all elements available for decryption otherwise during activate session response treatment: server private key, server nonce, available user token security policies, user token to decrypt
- Client:
- provide service for SecureChannel security policy None
- retrieve and store server certificate even when security policy is None
- retrieve and store server session nonce
- unavailable elements necessary for encryption forging activate session request
- user token security policy: it shall be stored during create session response treatment base on user token PolicyId requested by application
- all other elements are available for encryption (unless not provided by server in SC with security policy None): server public key, server nonce, user token to encrypt
- provide service for SecureChannel security policy None
Tests
- Server tests: use UsernamePassword encryption in UACTT tests
- Client validation tests:
- Interoperability test (test_session.c):
- SC None + UsernamePassword B256Sha256
- SC B256Sha256 sign + UsernamePassword empty policy
- SC B256 sign + UsernamePassword B256Sha256
- Self test (toolkit_client_server):
- SC B256Sha256 sign + UsernamePassword default
- SC B256Sha256 sign + UsernamePassword B256
- Interoperability test (test_session.c):
Edited by Vincent Monfort