public async Task Thumbprint_missing_cert_should_throw()
{
ISecretValidator validator = new X509ThumbprintSecretValidator(new Logger <X509ThumbprintSecretValidator>(new LoggerFactory()));
var clientId = "mtls_client_invalid";
var client = await _clients.FindEnabledClientByIdAsync(clientId);
var secret = new ParsedSecret
{
Id = clientId,
Credential = "secret",
Type = IdentityServerConstants.ParsedSecretTypes.X509Certificate
};
Func <Task> act = async() => await validator.ValidateAsync(client.ClientSecrets, secret);
act.Should().Throw <InvalidOperationException>();
}
public async Task Thumbprint_valid_secret_should_match()
{
ISecretValidator validator = new X509ThumbprintSecretValidator(new Logger <X509ThumbprintSecretValidator>(new LoggerFactory()));
var clientId = "mtls_client_valid";
var client = await _clients.FindEnabledClientByIdAsync(clientId);
var secret = new ParsedSecret
{
Id = clientId,
Credential = TestCert.Load(),
Type = IdentityServerConstants.ParsedSecretTypes.X509Certificate
};
var result = await validator.ValidateAsync(client.ClientSecrets, secret);
result.Success.Should().BeTrue();
}
public async Task Thumbprint_invalid_secret_type_should_not_match()
{
ISecretValidator validator = new X509ThumbprintSecretValidator(new Logger <X509ThumbprintSecretValidator>(new LoggerFactory()));
var clientId = "mtls_client_invalid";
var client = await _clients.FindEnabledClientByIdAsync(clientId);
var secret = new ParsedSecret
{
Id = clientId,
Credential = "secret",
Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret
};
var result = await validator.ValidateAsync(client.ClientSecrets, secret);
result.Success.Should().BeFalse();
}
