private static void SendConcurrentRequests(IRequestSignerFactory requestSignerFactory, ILogger <WebApplicationClient> logger)
{
for (var i = 0; i < 199; i++)
{
Task.Factory.StartNew(() => SendRFC3986EscapedRequest(requestSignerFactory, logger), TaskCreationOptions.LongRunning);
}
}
private static async Task SendPostRequest(IRequestSignerFactory requestSignerFactory, ILogger <WebApplicationClient> logger)
{
var request = new HttpRequestMessage {
Method = HttpMethod.Post,
RequestUri = new Uri("http://localhost:" + Port + "/userinfo"),
Content = new StringContent("{\"id\": 42 }", Encoding.UTF8, MediaTypeNames.Application.Json)
};
var requestSigner = requestSignerFactory.CreateFor(KeyId);
await requestSigner.Sign(request);
using (var httpClient = new HttpClient()) {
var response = await httpClient.SendAsync(request);
if (response.IsSuccessStatusCode)
{
logger?.LogInformation("{0} - POST request response: {1}", response.StatusCode, response.StatusCode);
}
else
{
logger?.LogError("{0} - POST request response: {1}", response.StatusCode, response.ReasonPhrase);
}
var responseContentTask = response.Content?.ReadAsStringAsync();
var responseContent = responseContentTask == null ? null : await responseContentTask;
if (responseContent != null)
{
logger?.LogInformation(responseContent);
}
}
}
private static async Task SendEncodedRequest(IRequestSignerFactory requestSignerFactory, ILogger <WebApplicationClient> logger)
{
var request = new HttpRequestMessage {
Method = HttpMethod.Get,
RequestUri = new Uri("http://localhost:" + Port + "/userinfo/api/%7BBrooks%7D%20was%20here/api/David%20%26%20Partners%20%2B%20Siebe%20at%20100%25%20%2A%20co.")
};
var requestSigner = requestSignerFactory.CreateFor(KeyId);
await requestSigner.Sign(request);
using (var httpClient = new HttpClient()) {
var response = await httpClient.SendAsync(request);
if (response.IsSuccessStatusCode)
{
logger?.LogInformation("{0} - Encoded GET request response: {1}", response.StatusCode, response.StatusCode);
}
else
{
logger?.LogError("{0} - Encoded GET request response: {1}", response.StatusCode, response.ReasonPhrase);
}
var responseContentTask = response.Content?.ReadAsStringAsync();
var responseContent = responseContentTask == null ? null : await responseContentTask;
if (responseContent != null)
{
logger?.LogInformation(responseContent);
}
}
}
private static async Task SendUnescapedRequest(IRequestSignerFactory requestSignerFactory, ILogger <WebApplicationClient> logger)
{
var request = new HttpRequestMessage {
Method = HttpMethod.Get,
RequestUri = new Uri("http://localhost:" + Port + "/userinfo/api/{Brooks} was here/api/David & Partners + Siebe at 100% * co.?query+string={brooks}")
};
var requestSigner = requestSignerFactory.CreateFor(KeyId);
await requestSigner.Sign(request);
using (var httpClient = new HttpClient()) {
var response = await httpClient.SendAsync(request);
if (response.IsSuccessStatusCode)
{
logger?.LogInformation("{0} - Escaped GET request response: {1}", response.StatusCode, response.StatusCode);
}
else
{
logger?.LogError("{0} - Escaped GET request response: {1}", response.StatusCode, response.ReasonPhrase);
}
var responseContentTask = response.Content?.ReadAsStringAsync();
var responseContent = responseContentTask == null ? null : await responseContentTask;
if (responseContent != null)
{
logger?.LogInformation(responseContent);
}
}
}
public async Task WhenRequestTargetEscapingSettingIsAMismatch_VerificationFails()
{
_serviceProvider = new ServiceCollection()
.Configure(services => ConfigureServices(services, RequestTargetEscaping.RFC3986, RequestTargetEscaping.Unescaped))
.BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
var request = new HttpRequestMessage {
RequestUri = new Uri("https://dalion.eu/api/%7BBrooks%7D%20was%20here/api/David%20%26%20Partners%20%2B%20Siebe%20at%20100%25%20%2A%20co.?query%2Bstring=%7BBrooks%7D"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = _requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
var receivedRequest = await request.ToServerSideHttpRequest();
var verificationResult = await _verifier.VerifySignature(receivedRequest, _authenticationOptions);
verificationResult.IsSuccess.Should().BeFalse();
if (verificationResult is RequestSignatureVerificationResultFailure failureResult)
{
_output.WriteLine("Request signature verification failed: {0}", failureResult.Failure);
}
}
public OwinSystemTests(ITestOutputHelper output)
{
_output = output;
_serviceProvider = new ServiceCollection().Configure(ConfigureServices).BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_options = new SignedHttpRequestAuthenticationOptions();
}
public NonceSystemTests()
{
_serviceProvider = new ServiceCollection().Configure(ConfigureServices).BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_nonceEnabled = true;
_authenticationOptions = new SignedRequestAuthenticationOptions();
}
public Signer()
{
var serviceProvider = new ServiceCollection()
.AddHttpMessageSigning()
.BuildServiceProvider();
_requestSignerFactory = serviceProvider.GetRequiredService <IRequestSignerFactory>();
}
public SupportsOptionalCreatedAndExpiresHeaders(ITestOutputHelper output)
{
_output = output;
_serviceProvider = new ServiceCollection().Configure(ConfigureServices).BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_options = new SignedRequestAuthenticationOptions();
}
public UpdateSigningSettingsBeforeSigning(ITestOutputHelper output)
{
_output = output;
_serviceProvider = new ServiceCollection().Configure(ConfigureServices).BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_options = new SignedRequestAuthenticationOptions();
}
private static async Task <HttpRequestMessage> SampleSignRSA(IRequestSignerFactory requestSignerFactory)
{
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = requestSignerFactory.CreateFor("4d8f14b6c4184dc1b677c88a2b60bfd2");
await requestSigner.Sign(request);
return(request);
}
private static async Task <HttpRequestMessage> SampleSignHMAC(IRequestSignerFactory requestSignerFactory)
{
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
return(request);
}
private static async Task SendGetRequest(IRequestSignerFactory requestSignerFactory, ILogger <AspNetCoreWebApplicationClient> logger)
{
var request = new HttpRequestMessage {
Method = HttpMethod.Get,
RequestUri = new Uri("http://localhost:" + Port + "/userinfo")
};
var requestSigner = requestSignerFactory.CreateFor(KeyId);
await requestSigner.Sign(request);
using (var httpClient = new HttpClient()) {
var response = await httpClient.SendAsync(request);
logger?.LogInformation("GET request response: " + response.StatusCode);
var responseContentTask = response.Content?.ReadAsStringAsync();
var responseContent = responseContentTask == null ? null : await responseContentTask;
if (responseContent != null)
{
logger?.LogInformation(responseContent);
}
}
}
public HttpSigningRequestHandler(IRequestSignerFactory requestSignerFactory, SigningKey signingKey)
{
_requestSignerFactory = requestSignerFactory;
_signingKey = signingKey;
}
