public static TheoryData <OpenIdConnectTheoryData> OpenIdConnectTheoryData()
{
return(new TheoryData <OpenIdConnectTheoryData>()
{
new OpenIdConnectTheoryData
{
OpenIdConnectMetadataFileName = OpenIdConfigData.OpenIdConnectMetadataFileEnd2End,
SigningCredentials = new SigningCredentials(
KeyingMaterial.RsaSecurityKey_2048,
SecurityAlgorithms.RsaSha256
),
TestId = "validRS256"
},
new OpenIdConnectTheoryData
{
OpenIdConnectMetadataFileName = OpenIdConfigData.OpenIdConnectMetadataFileEnd2EndEC,
SigningCredentials = new SigningCredentials(
KeyingMaterial.JsonWebKeyP256,
SecurityAlgorithms.EcdsaSha256
),
TestId = "validES256"
},
new OpenIdConnectTheoryData
{
OpenIdConnectMetadataFileName = OpenIdConfigData.OpenIdConnectMetadataFileEnd2EndEC,
SigningCredentials = new SigningCredentials(
KeyingMaterial.JsonWebKeyP384,
SecurityAlgorithms.EcdsaSha384
),
TestId = "validES384"
},
new OpenIdConnectTheoryData
{
OpenIdConnectMetadataFileName = OpenIdConfigData.OpenIdConnectMetadataFileEnd2EndEC,
SigningCredentials = new SigningCredentials(
KeyingMaterial.JsonWebKeyP521,
SecurityAlgorithms.EcdsaSha512
),
TestId = "validES521"
},
new OpenIdConnectTheoryData
{
OpenIdConnectMetadataFileName = OpenIdConfigData.OpenIdConnectMetadataFileEnd2EndEC,
SigningCredentials = new SigningCredentials(
KeyingMaterial.Ecdsa384Key,
SecurityAlgorithms.EcdsaSha384
),
ExpectedException = ExpectedException.SecurityTokenSignatureKeyNotFoundException(),
TestId = "Ecdsa384KeyNotPartOfJWKS"
}
});
}
public static TheoryData <string, string, TokenValidationParameters, JwtPayload, ExpectedException> CreationJWEParams()
{
var theoryData = new TheoryData <string, string, TokenValidationParameters, JwtPayload, ExpectedException>();
JwtPayload expectedPayload = new JwtPayload(ClaimSets.DefaultClaimsAsCreatedInPayload());
theoryData.Add(
"Test1",
EncodedJwts.JweTest1,
Default.SymmetricEncyptSignInfiniteLifetimeTokenValidationParameters,
expectedPayload,
ExpectedException.NoExceptionExpected
);
theoryData.Add(
"Test2",
EncodedJwts.JweTest2,
Default.SymmetricEncyptSignInfiniteLifetimeTokenValidationParameters,
expectedPayload,
ExpectedException.NoExceptionExpected
);
// signing key not found
theoryData.Add(
"Test3",
EncodedJwts.JweTest3,
new TokenValidationParameters
{
IssuerSigningKey = NotDefault.SymmetricSigningKey256,
TokenDecryptionKey = Default.SymmetricEncryptionKey256,
ValidateLifetime = false
},
expectedPayload,
ExpectedException.SecurityTokenSignatureKeyNotFoundException("IDX10501:")
);
// encryption key not found
theoryData.Add(
"Test4",
EncodedJwts.JweTest4,
new TokenValidationParameters
{
IssuerSigningKey = Default.SymmetricSigningKey256,
TokenDecryptionKey = NotDefault.SymmetricEncryptionKey,
ValidateLifetime = false
},
expectedPayload,
ExpectedException.SecurityTokenDecryptionFailedException("IDX10609:")
);
return(theoryData);
}
public static TheoryData <string, SecurityTokenDescriptor, TokenValidationParameters, ExpectedException> RoundTripJWEParams()
{
var theoryData = new TheoryData <string, SecurityTokenDescriptor, TokenValidationParameters, ExpectedException>();
theoryData.Add(
"Test1",
Default.SymmetricEncryptSignSecurityTokenDescriptor(),
Default.SymmetricEncyptSignTokenValidationParameters,
ExpectedException.NoExceptionExpected
);
theoryData.Add(
"Test2",
Default.SecurityTokenDescriptor(Default.SymmetricEncryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(Default.SymmetricEncryptionKey256, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
// signing key not found
theoryData.Add(
"Test3",
Default.SymmetricEncryptSignSecurityTokenDescriptor(),
new TokenValidationParameters
{
IssuerSigningKey = NotDefault.SymmetricSigningKey256,
TokenDecryptionKey = Default.SymmetricEncryptionKey256,
},
ExpectedException.SecurityTokenSignatureKeyNotFoundException("IDX10501:")
);
// encryption key not found
theoryData.Add(
"Test4",
Default.SymmetricEncryptSignSecurityTokenDescriptor(),
new TokenValidationParameters
{
IssuerSigningKey = Default.SymmetricSigningKey256,
TokenDecryptionKey = NotDefault.SymmetricEncryptionKey,
},
ExpectedException.SecurityTokenDecryptionFailedException("IDX10609:")
);
return(theoryData);
}
public static TheoryData <string, SecurityTokenDescriptor, TokenValidationParameters, ExpectedException> RoundTripJWEParams()
{
var theoryData = new TheoryData <string, SecurityTokenDescriptor, TokenValidationParameters, ExpectedException>();
theoryData.Add(
"Test1",
Default.SymmetricEncryptSignSecurityTokenDescriptor(),
Default.SymmetricEncryptSignTokenValidationParameters,
ExpectedException.NoExceptionExpected
);
theoryData.Add(
"Test2",
Default.SecurityTokenDescriptor(Default.SymmetricEncryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(Default.SymmetricEncryptionKey256, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
var encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaPKCS1, SecurityAlgorithms.Aes128CbcHmacSha256);
theoryData.Add(
"Test3",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaPKCS1, SecurityAlgorithms.Aes192CbcHmacSha384);
theoryData.Add(
"RsaPKCS1-Aes192CbcHmacSha384",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaPKCS1, SecurityAlgorithms.Aes256CbcHmacSha512);
theoryData.Add(
"RsaPKCS1-Aes256CbcHmacSha512",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes128CbcHmacSha256);
theoryData.Add(
"RsaOAEP-Aes128CbcHmacSha256",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes192CbcHmacSha384);
theoryData.Add(
"RsaOAEP-Aes192CbcHmacSha384",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes256CbcHmacSha512);
theoryData.Add(
"RsaOAEP-Aes256CbcHmacSha512",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256);
theoryData.Add(
"RsaOaepKeyWrap-Aes128CbcHmacSha256",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384);
theoryData.Add(
"RsaOaepKeyWrap-Aes192CbcHmacSha384",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512);
theoryData.Add(
"RsaOaepKeyWrap-Aes256CbcHmacSha512",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
// signing key not found
theoryData.Add(
"SigningKey-Not-Found",
Default.SymmetricEncryptSignSecurityTokenDescriptor(),
new TokenValidationParameters
{
IssuerSigningKey = NotDefault.SymmetricSigningKey256,
TokenDecryptionKey = Default.SymmetricEncryptionKey256,
},
ExpectedException.SecurityTokenSignatureKeyNotFoundException("IDX10501:")
);
// encryption key not found
theoryData.Add(
"EncryptionKey-Not-Found",
Default.SymmetricEncryptSignSecurityTokenDescriptor(),
new TokenValidationParameters
{
IssuerSigningKey = Default.SymmetricSigningKey256,
TokenDecryptionKey = NotDefault.SymmetricEncryptionKey,
},
ExpectedException.SecurityTokenDecryptionFailedException("IDX10603:")
);
// symmetric key wrap
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.SymmetricSecurityKey2_128, SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);
theoryData.Add(
"SymmetricSecurityKey2_128-Aes128KW-Aes128CbcHmacSha256",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.SymmetricSecurityKey2_128, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256KW, SecurityAlgorithms.Aes128CbcHmacSha256);
theoryData.Add(
"SymmetricEncryptionKey256-Aes256KW-Aes128CbcHmacSha256",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(Default.SymmetricEncryptionKey256, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384);
theoryData.Add(
"RsaOaepKeyWrap-Aes192CbcHmacSha384",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);
return(theoryData);
}