protected override void ValidateLifetime(DateTime?notBefore, DateTime?expires, SecurityToken jwt, TokenValidationParameters validationParameters)
        {
            DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;

            Assert.IsNotNull(derivedJwt);
            ValidateLifetimeCalled = true;
            base.ValidateLifetime(notBefore, expires, jwt, validationParameters);
        }
        protected override string ValidateIssuer(string issuer, SecurityToken jwt, TokenValidationParameters validationParameters)
        {
            DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;

            Assert.IsNotNull(derivedJwt);
            ValidateIssuerCalled = true;
            return(base.ValidateIssuer(issuer, jwt, validationParameters));
        }
        protected override void ValidateIssuerSecurityKey(SecurityKey securityKey, SecurityToken securityToken, TokenValidationParameters validationParameters)
        {
            DerivedJwtSecurityToken derivedJwt = securityToken as DerivedJwtSecurityToken;

            Assert.IsNotNull(derivedJwt);
            ValidateIssuerSigningKeyCalled = true;
            base.ValidateIssuerSecurityKey(securityKey, securityToken, validationParameters);
        }
        protected override void ValidateAudience(IEnumerable <string> audiences, SecurityToken jwt, TokenValidationParameters validationParameters)
        {
            DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;

            Assert.IsNotNull(derivedJwt);
            ValidateAudienceCalled = true;
            base.ValidateAudience(audiences, jwt, validationParameters);
        }
        protected override JwtSecurityToken ValidateSignature(string securityToken, TokenValidationParameters validationParameters)
        {
            Jwt = base.ValidateSignature(securityToken, validationParameters);
            DerivedJwtSecurityToken derivedJwt = Jwt as DerivedJwtSecurityToken;

            Assert.IsNotNull(derivedJwt);
            ValidateSignatureCalled = true;
            return(Jwt);
        }
Beispiel #6
0
        public void JwtSecurityTokenHandler_Extensibility()
        {
            DerivedJwtSecurityTokenHandler handler = new DerivedJwtSecurityTokenHandler()
            {
                DerivedTokenType = typeof(DerivedJwtSecurityToken)
            };

            JwtSecurityToken jwt =
                new JwtSecurityToken
                (
                    issuer: Issuers.GotJwt,
                    audience: Audiences.AuthFactors,
                    claims: ClaimSets.Simple(Issuers.GotJwt, Issuers.GotJwt),
                    signingCredentials: KeyingMaterial.SymmetricSigningCreds_256_Sha2,
                    lifetime: new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(10))
                );

            string           encodedJwt       = handler.WriteToken(jwt);
            JwtSecurityToken jwtReadAsDerived = handler.ReadToken(DerivedJwtSecurityToken.Prefix + encodedJwt) as JwtSecurityToken;

            DerivedJwtSecurityToken jwtDerivedNotValidated = jwtReadAsDerived as DerivedJwtSecurityToken;

            TokenValidationParameters tvp = new TokenValidationParameters()
            {
                SigningToken    = KeyingMaterial.BinarySecretToken_256,
                AudienceUriMode = Selectors.AudienceUriMode.Never,
                ValidIssuer     = Issuers.GotJwt,
            };

            ValidateDerived(jwtReadAsDerived, null, handler, tvp, ExpectedException.Null);
            ValidateDerived(null, DerivedJwtSecurityToken.Prefix + encodedJwt, handler, tvp, ExpectedException.Null);
            handler.Configuration = new SecurityTokenHandlerConfiguration()
            {
                IssuerTokenResolver  = new SetReturnSecurityTokenResolver(KeyingMaterial.BinarySecretToken_256, KeyingMaterial.SymmetricSecurityKey_256),
                SaveBootstrapContext = true,
                CertificateValidator = AlwaysSucceedCertificateValidator.New,
                IssuerNameRegistry   = new SetNameIssuerNameRegistry(Audiences.AuthFactors),
                AudienceRestriction  = new AudienceRestriction(AudienceUriMode.Always),
            };

            handler.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Audiences.AuthFactors));

            ValidateDerived(null, DerivedJwtSecurityToken.Prefix + encodedJwt, handler, null, ExpectedException.Null);
            ValidateDerived(handler.ReadToken(DerivedJwtSecurityToken.Prefix + encodedJwt) as JwtSecurityToken, null, handler, null, ExpectedException.Null);

            handler.DerivedTokenType = typeof(JwtSecurityToken);

            JwtSecurityToken jwtRead = handler.ReadToken(encodedJwt) as JwtSecurityToken;

            ValidateDerived(jwtRead, null, handler, tvp, ExpectedException.Null);
            ValidateDerived(null, encodedJwt, handler, tvp, ExpectedException.Null);
            ValidateDerived(null, encodedJwt, handler, null, ExpectedException.Null);
            ValidateDerived(jwtRead as JwtSecurityToken, null, handler, null, ExpectedException.Null);
        }
Beispiel #7
0
        private void ValidateDerived(JwtSecurityToken jwt, string encodedJwt, DerivedJwtSecurityTokenHandler derivedHandler, TokenValidationParameters tvp, ExpectedException ee)
        {
            try
            {
                if (tvp != null)
                {
                    if (jwt != null)
                    {
                        derivedHandler.ValidateToken(jwt, tvp);
                    }
                    else
                    {
                        derivedHandler.ValidateToken(encodedJwt, tvp);
                    }
                }
                else
                {
                    if (jwt != null)
                    {
                        derivedHandler.ValidateToken(jwt);
                    }
                    else
                    {
                        derivedHandler.ValidateToken(encodedJwt);
                    }
                }

                DerivedJwtSecurityToken jwtDerived = jwt as DerivedJwtSecurityToken;
                if (jwtDerived == null && jwt != null)
                {
                    Assert.IsFalse(derivedHandler.DerivedTokenType == typeof(DerivedJwtSecurityToken), "Expected DerivedJwtSecurityToken type, got: " + jwt.GetType());
                }
                else if (jwtDerived != null)
                {
                    Assert.IsFalse(!jwtDerived.ValidateAudienceCalled, "!jwtDerived.ValidateAudienceCalled");

                    Assert.IsFalse(!jwtDerived.ValidateIssuerCalled, "!jwtDerived.ValidateAudienceCalled");

                    Assert.IsFalse(!jwtDerived.ValidateLifetimeCalled, "!jwtDerived.ValidateLifetimeCalled");

                    Assert.IsFalse(!jwtDerived.ValidateSignatureCalled, "!jwtDerived.ValidateSignatureCalled");

                    Assert.IsFalse(!jwtDerived.ValidateSigningTokenCalled, "!jwtDerived.ValidateSigningTokenCalled");
                }

                ExpectedException.ProcessNoException(ee);
            }
            catch (Exception ex)
            {
                ExpectedException.ProcessException(ee, ex);
            }
        }
        protected override void ValidateSigningToken(JwtSecurityToken jwt)
        {
            DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;

            if (derivedJwt != null)
            {
                derivedJwt.ValidateSigningTokenCalled = true;
            }

            Assert.IsFalse(jwt.GetType() != DerivedTokenType, "jwt.GetType() != DerivedTokenType, types:" + jwt.GetType() + ",  " + DerivedTokenType.ToString());

            base.ValidateSigningToken(jwt);
        }
        protected override void ValidateSignature(JwtSecurityToken jwt, byte[] encodedBytes, byte[] signatureBytes, IEnumerable <SecurityToken> signingTokens)
        {
            DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;

            if (derivedJwt != null)
            {
                derivedJwt.ValidateSignatureCalled = true;
            }

            Assert.IsFalse(jwt.GetType() != DerivedTokenType, "jwt.GetType() != DerivedTokenType, types:" + jwt.GetType() + ",  " + DerivedTokenType.ToString());

            base.ValidateSignature(jwt, encodedBytes, signatureBytes, signingTokens);
        }
        protected override string ValidateIssuer(JwtSecurityToken jwt, TokenValidationParameters validationParameters)
        {
            DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;

            if (derivedJwt != null)
            {
                derivedJwt.ValidateIssuerCalled = true;
            }

            Assert.IsFalse(jwt.GetType() != DerivedTokenType, "jwt.GetType() != DerivedTokenType, types:" + jwt.GetType() + ",  " + DerivedTokenType.ToString());

            return(base.ValidateIssuer(jwt, validationParameters));
        }
        protected override void ValidateAudience(JwtSecurityToken jwt, TokenValidationParameters validationParameters)
        {
            DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;

            if (derivedJwt != null)
            {
                derivedJwt.ValidateAudienceCalled = true;
            }

            Assert.IsFalse(jwt.GetType() != DerivedTokenType, "jwt.GetType() != DerivedTokenType, types:" + jwt.GetType() + ",  " + DerivedTokenType.ToString());

            base.ValidateAudience(jwt, validationParameters);
        }