public async Task When_Decrypting_Jwe_With_Symmetric_Key_Then_Result_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string content = "jws";
var jweProtectedHeader = new JweProtectedHeader
{
Kid = "kid"
};
var jwsProtectedHeader = new JwsProtectedHeader();
var jsonWebKey = new JsonWebKey();
var getJweParameter = new GetJweParameter
{
Jwe = "jwe",
Url = "http://google.be/",
Password = "******"
};
_jweParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jweProtectedHeader);
_jsonWebKeyHelperStub.Setup(j => j.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>()))
.Returns(Task.FromResult <JsonWebKey>(jsonWebKey));
_jweParserStub.Setup(j => j.ParseByUsingSymmetricPassword(It.IsAny <string>(), It.IsAny <JsonWebKey>(), It.IsAny <string>()))
.Returns(content);
_jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
// ACT & ASSERTS
var result = await _getJweInformationAction.ExecuteAsync(getJweParameter);
Assert.True(result.IsContentJws);
Assert.True(result.Content == content);
}
public void When_No_JsonWebKeys_Can_Be_Extracted_Then_Null_Is_Returned()
{
// ARRANGE
var header = new JwsProtectedHeader
{
Kid = "invalid"
};
InitializeFakeObjects();
_jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(header);
_parametersProviderStub.Setup(p => p.GetOpenIdConfigurationUrl())
.Returns("configuration");
var jwksClientStub = new Mock <IJwksClient>();
jwksClientStub.Setup(j => j.ResolveAsync(It.IsAny <string>()))
.Returns(Task.FromResult <JsonWebKeySet>(null));
_identityServerClientFactoryStub.Setup(i => i.CreateJwksClient()).Returns(jwksClientStub.Object);
_jsonWebKeyConverterStub.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>()))
.Returns(() => null);
// ACT
var result = _jwtTokenParser.UnSign("token").Result;
// ASSERT
Assert.Null(result);
}
public async Task When_Passing_Valid_Request_To_Unsign_Without_ClientId_Then_No_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
const string jws = "jws";
const string clientId = "client_id";
const string kid = "1";
var jsonWebKey = new JsonWebKey
{
Kid = kid,
SerializedKey = "serialized_key"
};
var payLoad = new JwsPayload();
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256,
Kid = kid
};
_jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_jsonWebKeyRepositoryMock.Setup(j => j.GetByKidAsync(It.IsAny <string>()))
.Returns(Task.FromResult(jsonWebKey));
_jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
.Returns(payLoad);
// ACT
var result = await _jwtParser.UnSignAsync(jws);
// ASSERT
Assert.NotNull(result);
_jwsParserMock.Verify(j => j.ValidateSignature(jws, jsonWebKey));
}
public async Task When_Json_Web_Key_Uri_Is_Not_Valid_And_Algorithm_Is_PS256_And_Unsign_Then_Null_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string clientId = "client_id";
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256
};
var client = new Core.Common.Models.Client
{
JwksUri = "invalid_url",
ClientId = clientId
};
var jsonWebKeys = new List <JsonWebKey>();
_jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
_jsonWebKeyConverterMock.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>()))
.Returns(jsonWebKeys);
// ACT
var result = await _jwtParser.UnSignAsync("jws", clientId);
// ASSERT
Assert.Null(result);
}
public async Task When_There_Is_No_Algorithm_Then_JwsPayload_Is_Returned()
{
// ARRANGE
var header = new JwsProtectedHeader
{
Kid = "kid",
Alg = SimpleIdentityServer.Core.Jwt.Constants.JwsAlgNames.NONE
};
var jsonWebKeys = new List <JsonWebKey>
{
new JsonWebKey
{
Kid = "kid"
}
};
InitializeFakeObjects();
_jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(header);
_parametersProviderStub.Setup(p => p.GetOpenIdConfigurationUrl())
.Returns("configuration");
var jwksClientStub = new Mock <IJwksClient>();
jwksClientStub.Setup(j => j.ResolveAsync(It.IsAny <string>()))
.Returns(Task.FromResult <JsonWebKeySet>(null));
_identityServerClientFactoryStub.Setup(i => i.CreateJwksClient()).Returns(jwksClientStub.Object);
_jsonWebKeyConverterStub.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>()))
.Returns(jsonWebKeys);
// ACT
await _jwtTokenParser.UnSign("token");
// ASSERT
_jwsParserStub.Verify(j => j.GetPayload(It.IsAny <string>()));
}
public async Task When_Extracting_Information_Of_Unsigned_Jws_Then_Information_Are_Returned()
{
// ARRANGE
InitializeFakeObjects();
var getJwsParameter = new GetJwsParameter
{
Jws = "jws"
};
var jwsProtectedHeader = new JwsProtectedHeader
{
Kid = "kid",
Alg = Constants.JwsAlgNames.NONE
};
var jwsPayload = new JwsPayload();
_jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_jwsParserStub.Setup(j => j.GetPayload(It.IsAny <string>()))
.Returns(jwsPayload);
// ACT
var result = await _getJwsInformationAction.Execute(getJwsParameter);
// ASSERTS
Assert.NotNull(result);
}
public async Task When_Passing_Jws_With_None_Algorithm_To_Unsign_And_No_Uri_And_Jwks_Are_Defined_Then_Payload_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string jws = "jws";
const string clientId = "client_id";
var payLoad = new JwsPayload();
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.NONE
};
var client = new Core.Common.Models.Client
{
ClientId = clientId
};
_jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
_jwsParserMock.Setup(j => j.GetPayload(It.IsAny <string>()))
.Returns(payLoad);
// ACT
var result = await _jwtParser.UnSignAsync(jws, clientId);
// ASSERT
Assert.NotNull(result);
_jwsParserMock.Verify(j => j.GetPayload(jws));
}
public async Task When_JsonWebKey_Doesnt_Exist_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
const string url = "http://google.be/";
const string kid = "kid";
var getJwsParameter = new GetJwsParameter
{
Url = url,
Jws = "jws"
};
var jwsProtectedHeader = new JwsProtectedHeader
{
Kid = kid,
Alg = Constants.JwsAlgNames.RS256
};
_jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_jsonWebKeyHelperStub.Setup(h => h.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>()))
.Returns(Task.FromResult <JsonWebKey>(null));
// ACT & ASSERTS
var innerException = await Assert.ThrowsAsync <IdentityServerManagerException>(async() => await _getJwsInformationAction.Execute(getJwsParameter)).ConfigureAwait(false);
Assert.True(innerException.Code == ErrorCodes.InvalidRequestCode);
Assert.True(innerException.Message == string.Format(ErrorDescriptions.TheJsonWebKeyCannotBeFound, kid, url));
}
public async Task When_No_Uri_And_JsonWebKeys_Are_Defined_And_Algorithm_Is_PS256_And_Unsign_Then_Null_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string clientId = "client_id";
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256
};
var client = new Core.Common.Models.Client
{
ClientId = clientId
};
_jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
// ACT
var result = await _jwtParser.UnSignAsync("jws", clientId);
// ASSERT
Assert.Null(result);
}
public async Task When_Passing_Jws_With_Algorithm_Other_Than_None_To_Unsign_And_Retrieve_Json_Web_Key_From_Uri_Then_Jwis_Is_Unsigned_And_Payload_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string jws = "jws";
const string clientId = "client_id";
const string kid = "1";
var jsonWebKeySet = new JsonWebKeySet();
var json = jsonWebKeySet.SerializeWithDataContract();
var jsonWebKey = new JsonWebKey
{
Kid = kid,
SerializedKey = "serialized_key"
};
var payLoad = new JwsPayload();
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256,
Kid = kid
};
var client = new Core.Common.Models.Client
{
ClientId = clientId,
JwksUri = "http://localhost"
};
var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.Accepted)
{
Content = new StringContent(json)
};
var jsonWebKeys = new List <JsonWebKey>
{
jsonWebKey
};
var handler = new FakeHttpMessageHandler(httpResponseMessage);
var httpClientFake = new HttpClient(handler);
_jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
_jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
.Returns(payLoad);
_httpClientFactoryMock.Setup(h => h.GetHttpClient())
.Returns(httpClientFake);
_jsonWebKeyConverterMock.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>()))
.Returns(jsonWebKeys);
// ACT
var result = await _jwtParser.UnSignAsync(jws, clientId);
// ASSERT
Assert.NotNull(result);
_jwsParserMock.Verify(j => j.ValidateSignature(jws, jsonWebKey));
}
private JwsPayload UnSignWithJsonWebKey(JsonWebKey jsonWebKey, JwsProtectedHeader jwsProtectedHeader, string jws)
{
if (jsonWebKey == null
&& jwsProtectedHeader.Alg != Jwt.Constants.JwsAlgNames.NONE)
{
return null;
}
if (jwsProtectedHeader.Alg == Jwt.Constants.JwsAlgNames.NONE)
{
return _jwsParser.GetPayload(jws);
}
return _jwsParser.ValidateSignature(jws, jsonWebKey);
}
public async Task When_JsonWebKey_Is_Extracted_And_The_Jws_Is_Unsigned_Then_Information_Are_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string url = "http://google.be/";
const string kid = "kid";
var getJwsParameter = new GetJwsParameter
{
Url = url,
Jws = "jws"
};
var jsonWebKeySet = new JsonWebKeySet();
var json = jsonWebKeySet.SerializeWithJavascript();
var jwsProtectedHeader = new JwsProtectedHeader
{
Kid = kid
};
var jsonWebKey = new JsonWebKey
{
Kid = kid
};
var dic = new Dictionary <string, object>
{
{
"kid", kid
}
};
var jwsPayload = new JwsPayload();
_jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_jsonWebKeyHelperStub.Setup(h => h.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>()))
.Returns(Task.FromResult(jsonWebKey));
_jwsParserStub.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
.Returns(jwsPayload);
_jsonWebKeyEnricherStub.Setup(j => j.GetJsonWebKeyInformation(It.IsAny <JsonWebKey>()))
.Returns(dic);
_jsonWebKeyEnricherStub.Setup(j => j.GetPublicKeyInformation(It.IsAny <JsonWebKey>()))
.Returns(() => new Dictionary <string, object>());
// ACT
var result = await _getJwsInformationAction.Execute(getJwsParameter);
// ASSERTS
Assert.NotNull(result);
Assert.True(result.JsonWebKey.ContainsKey("kid"));
Assert.True(result.JsonWebKey.First().Value == kid);
}
public void When_Sign_Payload_With_Rsa_Alogirthm_Then_Jws_Token_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const KeyType keyType = KeyType.RSA;
const string kid = "kid";
const JwsAlg jwsAlg = JwsAlg.RS384;
const string serializedKey = "serializedKey";
const string signature = "signature";
var jsonWebKey = new JsonWebKey
{
Kty = keyType,
Kid = kid,
SerializedKey = serializedKey
};
var jwsPayload = new JwsPayload();
var jwsProtectedHeader = new JwsProtectedHeader
{
Kid = kid,
Alg = Enum.GetName(typeof(JwsAlg), jwsAlg),
Type = "JWT"
};
_createJwsSignatureFake.Setup(c => c.SignWithRsa(It.IsAny <JwsAlg>(),
It.IsAny <string>(),
It.IsAny <string>()))
.Returns(signature);
var serializedJwsProtectedHeader = jwsProtectedHeader.SerializeWithDataContract();
var base64SerializedJwsProtectedHeader = serializedJwsProtectedHeader.Base64Encode();
var serializedJwsPayload = jwsPayload.SerializeWithJavascript();
var base64SerializedJwsPayload = serializedJwsPayload.Base64Encode();
var combined = string.Format("{0}.{1}",
base64SerializedJwsProtectedHeader,
base64SerializedJwsPayload);
var expectedResult = string.Format("{0}.{1}",
combined,
signature);
// ACT
var result = _jwsGenerator.Generate(jwsPayload, jwsAlg, jsonWebKey);
// ASSERT
_createJwsSignatureFake.Verify(c => c.SignWithRsa(jwsAlg, serializedKey, combined));
Assert.True(expectedResult == result);
}
public void When_Passing_No_JsonWebKey_And_Algorithm_Value_Other_Than_None_Then_Returns_Unsigned_Result()
{
// ARRANGE
InitializeFakeObjects();
const JwsAlg jwsAlg = JwsAlg.none;
const KeyType keyType = KeyType.RSA;
const string kid = "kid";
const string serializedKey = "serializedKey";
const string signature = "signature";
var jsonWebKey = new JsonWebKey
{
Kty = keyType,
Kid = kid,
SerializedKey = serializedKey
};
var jwsPayload = new JwsPayload();
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Enum.GetName(typeof(JwsAlg), jwsAlg),
Type = "JWT"
};
_createJwsSignatureFake.Setup(c => c.SignWithRsa(It.IsAny <JwsAlg>(),
It.IsAny <string>(),
It.IsAny <string>()))
.Returns(signature);
var serializedJwsProtectedHeader = jwsProtectedHeader.SerializeWithDataContract();
var base64SerializedJwsProtectedHeader = serializedJwsProtectedHeader.Base64Encode();
var serializedJwsPayload = jwsPayload.SerializeWithJavascript();
var base64SerializedJwsPayload = serializedJwsPayload.Base64Encode();
var combined = string.Format("{0}.{1}",
base64SerializedJwsProtectedHeader,
base64SerializedJwsPayload);
var expectedResult = string.Format("{0}.{1}",
combined,
string.Empty);
// ACT
var result = _jwsGenerator.Generate(jwsPayload, jwsAlg, null);
// ASSERT
_createJwsSignatureFake.Verify(c => c.SignWithRsa(It.IsAny <JwsAlg>(), It.IsAny <string>(), It.IsAny <string>()), Times.Never);
Assert.True(expectedResult == result);
}
public async Task When_Passing_Jws_With_Algorithm_Other_Than_None_To_Unsign_And_Retrieve_Json_Web_Key_From_Parameter_Then_Jws_Is_Unsigned_And_Payload_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string jws = "jws";
const string clientId = "client_id";
const string kid = "1";
var jsonWebKey = new JsonWebKey
{
Kid = kid,
SerializedKey = "serialized_key"
};
var payLoad = new JwsPayload();
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256,
Kid = kid
};
var client = new Core.Common.Models.Client
{
ClientId = clientId,
JsonWebKeys = new List <JsonWebKey>
{
jsonWebKey
}
};
_jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
_jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
.Returns(payLoad);
// ACT
var result = await _jwtParser.UnSignAsync(jws, clientId);
// ASSERT
Assert.NotNull(result);
_jwsParserMock.Verify(j => j.ValidateSignature(jws, jsonWebKey));
}
public async Task When_No_Json_Web_Key_Can_Be_Extracted_From_Uri_And_Algorithm_Is_PS256_And_Unsign_Then_Null_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string clientId = "client_id";
var jsonWebKeySet = new JsonWebKeySet();
var json = jsonWebKeySet.SerializeWithDataContract();
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256
};
var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.Accepted)
{
Content = new StringContent(json)
};
var client = new Core.Common.Models.Client
{
JwksUri = "http://localhost",
ClientId = clientId
};
var jsonWebKeys = new List <JsonWebKey>();
_jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
var handler = new FakeHttpMessageHandler(httpResponseMessage);
var httpClientFake = new HttpClient(handler);
_httpClientFactoryMock.Setup(h => h.GetHttpClient())
.Returns(httpClientFake);
_jsonWebKeyConverterMock.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>()))
.Returns(jsonWebKeys);
// ACT
var result = await _jwtParser.UnSignAsync("jws", clientId);
// ASSERT
Assert.Null(result);
}
public async Task When_The_Signature_Is_Not_Valid_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
const string url = "http://google.be/";
const string kid = "kid";
var getJwsParameter = new GetJwsParameter
{
Url = url,
Jws = "jws"
};
var jsonWebKeySet = new JsonWebKeySet();
var json = jsonWebKeySet.SerializeWithJavascript();
var jwsProtectedHeader = new JwsProtectedHeader
{
Kid = kid
};
var jsonWebKey = new JsonWebKey
{
Kid = kid
};
_jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_jsonWebKeyHelperStub.Setup(h => h.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>()))
.Returns(Task.FromResult(jsonWebKey));
_jwsParserStub.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
.Returns(() => null);
// ACT & ASSERTS
var innerException = await Assert.ThrowsAsync <IdentityServerManagerException>(async() => await _getJwsInformationAction.Execute(getJwsParameter)).ConfigureAwait(false);
Assert.NotNull(innerException);
Assert.True(innerException.Code == ErrorCodes.InvalidRequestCode);
Assert.True(innerException.Message == ErrorDescriptions.TheSignatureIsNotCorrect);
}
public async Task When_No_Uri_And_Sign_Alg_Are_Specified_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var getJwsParameter = new GetJwsParameter
{
Jws = "jws"
};
var jwsProtectedHeader = new JwsProtectedHeader
{
Kid = "kid",
Alg = Constants.JwsAlgNames.RS256
};
_jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
// ACT & ASSERTS
var innerException = await Assert.ThrowsAsync <IdentityServerManagerException>(async() => await _getJwsInformationAction.Execute(getJwsParameter)).ConfigureAwait(false);
Assert.NotNull(innerException);
Assert.True(innerException.Code == ErrorCodes.InvalidRequestCode);
Assert.True(innerException.Message == ErrorDescriptions.TheSignatureCannotBeChecked);
}
public async Task When_Requesting_Uri_Returned_Error_And_Algorithm_Is_PS256_And_Unsign_Then_Null_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string clientId = "client_id";
const string json = "json";
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256
};
var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(json)
};
var client = new Core.Common.Models.Client
{
JwksUri = "http://localhost",
ClientId = clientId
};
_jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
var handler = new FakeHttpMessageHandler(httpResponseMessage);
var httpClientFake = new HttpClient(handler);
_httpClientFactoryMock.Setup(h => h.GetHttpClient())
.Returns(httpClientFake);
// ACT
var result = await _jwtParser.UnSignAsync("jws", clientId);
// ASSERT
Assert.Null(result);
}
