public async Task WhenRequestTargetEscapingSettingIsAMismatch_VerificationFails()
{
_serviceProvider = new ServiceCollection()
.Configure(services => ConfigureServices(services, RequestTargetEscaping.RFC3986, RequestTargetEscaping.Unescaped))
.BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
var request = new HttpRequestMessage {
RequestUri = new Uri("https://dalion.eu/api/%7BBrooks%7D%20was%20here/api/David%20%26%20Partners%20%2B%20Siebe%20at%20100%25%20%2A%20co.?query%2Bstring=%7BBrooks%7D"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = _requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
var receivedRequest = await request.ToServerSideHttpRequest();
var verificationResult = await _verifier.VerifySignature(receivedRequest, _authenticationOptions);
verificationResult.IsSuccess.Should().BeFalse();
if (verificationResult is RequestSignatureVerificationResultFailure failureResult)
{
_output.WriteLine("Request signature verification failed: {0}", failureResult.Failure);
}
}
public OwinSystemTests(ITestOutputHelper output)
{
_output = output;
_serviceProvider = new ServiceCollection().Configure(ConfigureServices).BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_options = new SignedHttpRequestAuthenticationOptions();
}
public NonceSystemTests()
{
_serviceProvider = new ServiceCollection().Configure(ConfigureServices).BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_nonceEnabled = true;
_authenticationOptions = new SignedRequestAuthenticationOptions();
}
public SupportsOptionalCreatedAndExpiresHeaders(ITestOutputHelper output)
{
_output = output;
_serviceProvider = new ServiceCollection().Configure(ConfigureServices).BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_options = new SignedRequestAuthenticationOptions();
}
public UpdateSigningSettingsBeforeSigning(ITestOutputHelper output)
{
_output = output;
_serviceProvider = new ServiceCollection().Configure(ConfigureServices).BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_options = new SignedRequestAuthenticationOptions();
}
public SignedRequestAuthenticationHandler(
IOptionsMonitor <SignedRequestAuthenticationOptions> options,
UrlEncoder encoder,
ISystemClock clock,
IRequestSignatureVerifier requestSignatureVerifier,
ILoggerFactory loggerFactory = null) : base(options, loggerFactory, encoder, clock)
{
_requestSignatureVerifier = requestSignatureVerifier ?? throw new ArgumentNullException(nameof(requestSignatureVerifier));
}
private static async Task SampleVerify(IRequestSignatureVerifier verifier, HttpRequestMessage clientRequest, ILogger <SampleRSA> logger)
{
var receivedRequest = await clientRequest.ToServerSideHttpRequest();
var verificationResult = await verifier.VerifySignature(receivedRequest, new SignedRequestAuthenticationOptions());
if (verificationResult is RequestSignatureVerificationResultSuccess successResult)
{
var simpleClaims = successResult.Principal.Claims.Select(c => new { c.Type, c.Value }).ToList();
var claimsString = string.Join(", ", simpleClaims.Select(c => $"{{type:{c.Type},value:{c.Value}}}"));
logger?.LogInformation("Request signature verification succeeded: {0}", claimsString);
}
else if (verificationResult is RequestSignatureVerificationResultFailure failureResult)
{
logger?.LogWarning("Request signature verification failed: {0}", failureResult.Failure);
}
}
public VerifyRequestWithDigest()
{
var keyId = new KeyId("e0e8dcd638334c409e1b88daf821d135");
var serviceProvider = new ServiceCollection()
.AddHttpMessageSigning(
keyId,
provider => new SigningSettings {
SignatureAlgorithm = SignatureAlgorithm.CreateForSigning("yumACY64r%hm"),
DigestHashAlgorithm = HashAlgorithmName.SHA256,
EnableNonce = false,
Expires = TimeSpan.FromMinutes(1),
Headers = new [] {
(HeaderName)"Dalion-App-Id"
}
})
.AddHttpMessageSignatureVerification(provider => {
var clientStore = new InMemoryClientStore();
clientStore.Register(new Client(
new KeyId("e0e8dcd638334c409e1b88daf821d135"),
"HttpMessageSigningSampleHMAC",
SignatureAlgorithm.CreateForVerification("yumACY64r%hm"),
TimeSpan.FromMilliseconds(1),
TimeSpan.FromMinutes(1),
new Claim(SignedHttpRequestClaimTypes.Role, "users.read")));
return(clientStore);
})
.BuildServiceProvider();
var requestSignerFactory = serviceProvider.GetRequiredService <IRequestSignerFactory>();
var requestSigner = requestSignerFactory.CreateFor(keyId);
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
requestSigner.Sign(request).GetAwaiter().GetResult();
_verifier = serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_request = request.ToServerSideHttpRequest().GetAwaiter().GetResult();
}
public VerifyRequestWithDigest()
{
var keyId = new KeyId("e0e8dcd638334c409e1b88daf821d135");
var cert = new X509Certificate2(File.ReadAllBytes("./dalion.local.pfx"), "CertP@ss123", X509KeyStorageFlags.Exportable);
var serviceProvider = new ServiceCollection()
.AddHttpMessageSigning()
.UseKeyId(keyId)
.UseSignatureAlgorithm(SignatureAlgorithm.CreateForSigning("yumACY64r%hm"))
.UseExpires(TimeSpan.FromMinutes(1))
.UseHeaders((HeaderName)"Dalion-App-Id")
.Services
.AddHttpMessageSignatureVerification()
.UseClient(Client.Create(
"e0e8dcd638334c409e1b88daf821d135",
"HttpMessageSigningSampleHMAC",
SignatureAlgorithm.CreateForVerification("yumACY64r%hm"),
options => options.Claims = new [] {
new Claim(SignedHttpRequestClaimTypes.Role, "users.read")
}
))
.Services
.BuildServiceProvider();
var requestSignerFactory = serviceProvider.GetRequiredService <IRequestSignerFactory>();
var requestSigner = requestSignerFactory.CreateFor(keyId);
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
requestSigner.Sign(request).GetAwaiter().GetResult();
_verifier = serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
_request = request.ToServerSideHttpRequest().GetAwaiter().GetResult();
}
public SignedRequestAuthenticationHandlerForTests(IOptionsMonitor <SignedRequestAuthenticationOptions> options, UrlEncoder encoder,
Microsoft.AspNetCore.Authentication.ISystemClock clock, IRequestSignatureVerifier requestSignatureVerifier, ILoggerFactory logger = null) : base(options, encoder, clock, requestSignatureVerifier, logger)
{
}
