protected override void ValidateLifetime(DateTime?notBefore, DateTime?expires, SecurityToken jwt, TokenValidationParameters validationParameters)
{
DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;
Assert.IsNotNull(derivedJwt);
ValidateLifetimeCalled = true;
base.ValidateLifetime(notBefore, expires, jwt, validationParameters);
}
protected override string ValidateIssuer(string issuer, SecurityToken jwt, TokenValidationParameters validationParameters)
{
DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;
Assert.IsNotNull(derivedJwt);
ValidateIssuerCalled = true;
return(base.ValidateIssuer(issuer, jwt, validationParameters));
}
protected override void ValidateIssuerSecurityKey(SecurityKey securityKey, SecurityToken securityToken, TokenValidationParameters validationParameters)
{
DerivedJwtSecurityToken derivedJwt = securityToken as DerivedJwtSecurityToken;
Assert.IsNotNull(derivedJwt);
ValidateIssuerSigningKeyCalled = true;
base.ValidateIssuerSecurityKey(securityKey, securityToken, validationParameters);
}
protected override void ValidateAudience(IEnumerable <string> audiences, SecurityToken jwt, TokenValidationParameters validationParameters)
{
DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;
Assert.IsNotNull(derivedJwt);
ValidateAudienceCalled = true;
base.ValidateAudience(audiences, jwt, validationParameters);
}
protected override JwtSecurityToken ValidateSignature(string securityToken, TokenValidationParameters validationParameters)
{
Jwt = base.ValidateSignature(securityToken, validationParameters);
DerivedJwtSecurityToken derivedJwt = Jwt as DerivedJwtSecurityToken;
Assert.IsNotNull(derivedJwt);
ValidateSignatureCalled = true;
return(Jwt);
}
public void JwtSecurityTokenHandler_Extensibility()
{
DerivedJwtSecurityTokenHandler handler = new DerivedJwtSecurityTokenHandler()
{
DerivedTokenType = typeof(DerivedJwtSecurityToken)
};
JwtSecurityToken jwt =
new JwtSecurityToken
(
issuer: Issuers.GotJwt,
audience: Audiences.AuthFactors,
claims: ClaimSets.Simple(Issuers.GotJwt, Issuers.GotJwt),
signingCredentials: KeyingMaterial.SymmetricSigningCreds_256_Sha2,
lifetime: new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(10))
);
string encodedJwt = handler.WriteToken(jwt);
JwtSecurityToken jwtReadAsDerived = handler.ReadToken(DerivedJwtSecurityToken.Prefix + encodedJwt) as JwtSecurityToken;
DerivedJwtSecurityToken jwtDerivedNotValidated = jwtReadAsDerived as DerivedJwtSecurityToken;
TokenValidationParameters tvp = new TokenValidationParameters()
{
SigningToken = KeyingMaterial.BinarySecretToken_256,
AudienceUriMode = Selectors.AudienceUriMode.Never,
ValidIssuer = Issuers.GotJwt,
};
ValidateDerived(jwtReadAsDerived, null, handler, tvp, ExpectedException.Null);
ValidateDerived(null, DerivedJwtSecurityToken.Prefix + encodedJwt, handler, tvp, ExpectedException.Null);
handler.Configuration = new SecurityTokenHandlerConfiguration()
{
IssuerTokenResolver = new SetReturnSecurityTokenResolver(KeyingMaterial.BinarySecretToken_256, KeyingMaterial.SymmetricSecurityKey_256),
SaveBootstrapContext = true,
CertificateValidator = AlwaysSucceedCertificateValidator.New,
IssuerNameRegistry = new SetNameIssuerNameRegistry(Audiences.AuthFactors),
AudienceRestriction = new AudienceRestriction(AudienceUriMode.Always),
};
handler.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Audiences.AuthFactors));
ValidateDerived(null, DerivedJwtSecurityToken.Prefix + encodedJwt, handler, null, ExpectedException.Null);
ValidateDerived(handler.ReadToken(DerivedJwtSecurityToken.Prefix + encodedJwt) as JwtSecurityToken, null, handler, null, ExpectedException.Null);
handler.DerivedTokenType = typeof(JwtSecurityToken);
JwtSecurityToken jwtRead = handler.ReadToken(encodedJwt) as JwtSecurityToken;
ValidateDerived(jwtRead, null, handler, tvp, ExpectedException.Null);
ValidateDerived(null, encodedJwt, handler, tvp, ExpectedException.Null);
ValidateDerived(null, encodedJwt, handler, null, ExpectedException.Null);
ValidateDerived(jwtRead as JwtSecurityToken, null, handler, null, ExpectedException.Null);
}
private void ValidateDerived(JwtSecurityToken jwt, string encodedJwt, DerivedJwtSecurityTokenHandler derivedHandler, TokenValidationParameters tvp, ExpectedException ee)
{
try
{
if (tvp != null)
{
if (jwt != null)
{
derivedHandler.ValidateToken(jwt, tvp);
}
else
{
derivedHandler.ValidateToken(encodedJwt, tvp);
}
}
else
{
if (jwt != null)
{
derivedHandler.ValidateToken(jwt);
}
else
{
derivedHandler.ValidateToken(encodedJwt);
}
}
DerivedJwtSecurityToken jwtDerived = jwt as DerivedJwtSecurityToken;
if (jwtDerived == null && jwt != null)
{
Assert.IsFalse(derivedHandler.DerivedTokenType == typeof(DerivedJwtSecurityToken), "Expected DerivedJwtSecurityToken type, got: " + jwt.GetType());
}
else if (jwtDerived != null)
{
Assert.IsFalse(!jwtDerived.ValidateAudienceCalled, "!jwtDerived.ValidateAudienceCalled");
Assert.IsFalse(!jwtDerived.ValidateIssuerCalled, "!jwtDerived.ValidateAudienceCalled");
Assert.IsFalse(!jwtDerived.ValidateLifetimeCalled, "!jwtDerived.ValidateLifetimeCalled");
Assert.IsFalse(!jwtDerived.ValidateSignatureCalled, "!jwtDerived.ValidateSignatureCalled");
Assert.IsFalse(!jwtDerived.ValidateSigningTokenCalled, "!jwtDerived.ValidateSigningTokenCalled");
}
ExpectedException.ProcessNoException(ee);
}
catch (Exception ex)
{
ExpectedException.ProcessException(ee, ex);
}
}
protected override void ValidateSigningToken(JwtSecurityToken jwt)
{
DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;
if (derivedJwt != null)
{
derivedJwt.ValidateSigningTokenCalled = true;
}
Assert.IsFalse(jwt.GetType() != DerivedTokenType, "jwt.GetType() != DerivedTokenType, types:" + jwt.GetType() + ", " + DerivedTokenType.ToString());
base.ValidateSigningToken(jwt);
}
protected override void ValidateSignature(JwtSecurityToken jwt, byte[] encodedBytes, byte[] signatureBytes, IEnumerable <SecurityToken> signingTokens)
{
DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;
if (derivedJwt != null)
{
derivedJwt.ValidateSignatureCalled = true;
}
Assert.IsFalse(jwt.GetType() != DerivedTokenType, "jwt.GetType() != DerivedTokenType, types:" + jwt.GetType() + ", " + DerivedTokenType.ToString());
base.ValidateSignature(jwt, encodedBytes, signatureBytes, signingTokens);
}
protected override string ValidateIssuer(JwtSecurityToken jwt, TokenValidationParameters validationParameters)
{
DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;
if (derivedJwt != null)
{
derivedJwt.ValidateIssuerCalled = true;
}
Assert.IsFalse(jwt.GetType() != DerivedTokenType, "jwt.GetType() != DerivedTokenType, types:" + jwt.GetType() + ", " + DerivedTokenType.ToString());
return(base.ValidateIssuer(jwt, validationParameters));
}
protected override void ValidateAudience(JwtSecurityToken jwt, TokenValidationParameters validationParameters)
{
DerivedJwtSecurityToken derivedJwt = jwt as DerivedJwtSecurityToken;
if (derivedJwt != null)
{
derivedJwt.ValidateAudienceCalled = true;
}
Assert.IsFalse(jwt.GetType() != DerivedTokenType, "jwt.GetType() != DerivedTokenType, types:" + jwt.GetType() + ", " + DerivedTokenType.ToString());
base.ValidateAudience(jwt, validationParameters);
}
