Beispiel #1
0
        public async Task When_Passing_Jws_With_Algorithm_Other_Than_None_To_Unsign_And_Retrieve_Json_Web_Key_From_Uri_Then_Jwis_Is_Unsigned_And_Payload_Is_Returned()
        {
            // ARRANGE
            InitializeFakeObjects();
            const string jws           = "jws";
            const string clientId      = "client_id";
            const string kid           = "1";
            var          jsonWebKeySet = new JsonWebKeySet();
            var          json          = jsonWebKeySet.SerializeWithDataContract();
            var          jsonWebKey    = new JsonWebKey
            {
                Kid           = kid,
                SerializedKey = "serialized_key"
            };
            var payLoad            = new JwsPayload();
            var jwsProtectedHeader = new JwsProtectedHeader
            {
                Alg = Jwt.Constants.JwsAlgNames.PS256,
                Kid = kid
            };
            var client = new Core.Common.Models.Client
            {
                ClientId = clientId,
                JwksUri  = "http://localhost"
            };
            var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.Accepted)
            {
                Content = new StringContent(json)
            };
            var jsonWebKeys = new List <JsonWebKey>
            {
                jsonWebKey
            };
            var handler        = new FakeHttpMessageHandler(httpResponseMessage);
            var httpClientFake = new HttpClient(handler);

            _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
            .Returns(jwsProtectedHeader);
            _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
            .Returns(Task.FromResult(client));
            _jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
            .Returns(payLoad);
            _httpClientFactoryMock.Setup(h => h.GetHttpClient())
            .Returns(httpClientFake);
            _jsonWebKeyConverterMock.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>()))
            .Returns(jsonWebKeys);

            // ACT
            var result = await _jwtParser.UnSignAsync(jws, clientId);

            // ASSERT
            Assert.NotNull(result);
            _jwsParserMock.Verify(j => j.ValidateSignature(jws, jsonWebKey));
        }
Beispiel #2
0
        public async Task When_No_Json_Web_Key_Can_Be_Extracted_From_Uri_And_Algorithm_Is_PS256_And_Unsign_Then_Null_Is_Returned()
        {
            // ARRANGE
            InitializeFakeObjects();
            const string clientId           = "client_id";
            var          jsonWebKeySet      = new JsonWebKeySet();
            var          json               = jsonWebKeySet.SerializeWithDataContract();
            var          jwsProtectedHeader = new JwsProtectedHeader
            {
                Alg = Jwt.Constants.JwsAlgNames.PS256
            };
            var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.Accepted)
            {
                Content = new StringContent(json)
            };
            var client = new Core.Common.Models.Client
            {
                JwksUri  = "http://localhost",
                ClientId = clientId
            };
            var jsonWebKeys = new List <JsonWebKey>();

            _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
            .Returns(jwsProtectedHeader);
            _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
            .Returns(Task.FromResult(client));
            var handler        = new FakeHttpMessageHandler(httpResponseMessage);
            var httpClientFake = new HttpClient(handler);

            _httpClientFactoryMock.Setup(h => h.GetHttpClient())
            .Returns(httpClientFake);
            _jsonWebKeyConverterMock.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>()))
            .Returns(jsonWebKeys);

            // ACT
            var result = await _jwtParser.UnSignAsync("jws", clientId);

            // ASSERT
            Assert.Null(result);
        }