public void ShouldAuthenticate()
        {
            // Arrange
            IHmacConfiguration   configuration = CreateConfiguration();
            IRestSharpHmacSigner signer        = new RestSharpHmacSigner(configuration, _keyRepository);
            HmacAuthenticator    authenticator = new HmacAuthenticator(configuration, signer);
            IRestClient          client        = CreateClient();
            IRestRequest         request       = CreateRequest(configuration);

            // Act
            authenticator.Authenticate(client, request);
            Parameter         contentMd5Param    = request.Parameters.FirstOrDefault(p => p.Name == "Content-MD5");
            Parameter         authorizationParam = request.Parameters.FirstOrDefault(p => p.Name == "Authorization");
            Parameter         dateParam          = request.Parameters.FirstOrDefault(p => p.Name == "Date");
            string            dateString         = dateParam != null ? dateParam.Value as string ?? string.Empty : string.Empty;
            DateTimeOffset    parsedDate;
            bool              isValidDate   = DateTimeOffset.TryParseExact(dateString, "ddd, dd MMM yyyy HH:mm:ss G\\MT", _dateHeaderCulture, DateTimeStyles.AssumeUniversal, out parsedDate);
            HmacSignatureData signatureData = signer.GetSignatureDataFromRestRequest(client, request);
            string            signature     = signer.CreateSignature(signatureData);

            // Assert
            Assert.IsNotNull(contentMd5Param);
            Assert.AreEqual(ParameterType.HttpHeader, contentMd5Param.Type);
            Assert.AreEqual(_base64Md5Hash, contentMd5Param.Value);
            Assert.IsNotNull(authorizationParam);
            Assert.AreEqual(ParameterType.HttpHeader, authorizationParam.Type);
            Assert.IsNotNull(authorizationParam.Value);
            Assert.IsInstanceOfType(authorizationParam.Value, typeof(string));
            Assert.AreEqual((string)authorizationParam.Value, "HMAC " + signature);
            Assert.IsNotNull(dateParam);
            Assert.AreEqual(ParameterType.HttpHeader, dateParam.Type);
            Assert.IsNotNull(dateParam.Value);
            Assert.IsTrue(isValidDate);
        }
Beispiel #2
0
        public async Task HmacNotPresent()
        {
            // Arrange
            var validator = new Mock <ISignatureValidator>();
            var provider  = new ClientIdRequestClaimsProvider("name");

            var authenticator = new HmacAuthenticator(validator.Object, provider, "name", "role");

            var message = new HttpRequestMessage();

            message.Headers.Add(HmacAuthentication.ClientIdHeader, "test");

            validator.Setup(x => x.IsValid(It.IsAny <HttpRequestMessage>())).ReturnsAsync(false);

            // Act
            var candidate = await authenticator.Authenticate(message);

            // Assert
            Assert.That(candidate, Is.Null);
        }
Beispiel #3
0
        public async Task ValidSignature()
        {
            // Arrange
            var validator = new Mock <ISignatureValidator>();
            var provider  = new ClientIdRequestClaimsProvider("name");

            var authenticator = new HmacAuthenticator(validator.Object, provider, "name", "role");

            var message = new HttpRequestMessage();

            message.Headers.Add(HmacAuthentication.ClientIdHeader, "test");

            validator.Setup(x => x.IsValid(It.IsAny <HttpRequestMessage>())).ReturnsAsync(true);

            // Act
            var candidate = await authenticator.Authenticate(message);

            // Assert
            Assert.That(candidate, Is.Not.Null);
            Assert.That(candidate.IsAuthenticated, Is.EqualTo(true));
            Assert.That(candidate.AuthenticationType, Is.EqualTo(HmacAuthentication.AuthenticationScheme));
            Assert.That(candidate.Name, Is.EqualTo("test"));
        }