public void round_trip_query_should_validate() { Signature signature = new HS256Signature(_symmetricKey); var payload = new EncodingParameters("token"); payload.QueryParameters.Add(new KeyValuePair <string, string>("x", "1")); payload.QueryParameters.Add(new KeyValuePair <string, string>("y", "2")); var token = signature.Sign(payload); var cnfJson = new Cnf( new JsonWebKey { Kty = "oct", Alg = "HS256", K = Base64Url.Encode(_symmetricKey) }).ToJson(); var jwk = CnfParser.Parse(cnfJson); var key = jwk.ToPublicKey(); signature = key.ToSignature(); var result = signature.Verify(token); result.Should().NotBeNull(); payload.Encode().IsSame(result).Should().BeTrue(); }
public virtual async Task <EncodedParameters> ReadEncodedParametersAsync(IDictionary <string, object> env, EncodedParameters popValues) { if (env == null) { throw new ArgumentNullException("env"); } if (popValues == null) { throw new ArgumentNullException("popValues"); } var logger = Logging.GetLogger(); var ctx = new OwinContext(env); var parameters = new EncodingParameters(popValues.AccessToken); if (ValidateMethod) { logger.WriteVerbose("Validating method"); parameters.Method = new HttpMethod(ctx.Request.Method); } if (ValidateHost) { logger.WriteVerbose("Validating host"); parameters.Host = ctx.Request.Host.Value; } if (ValidatePath) { logger.WriteVerbose("Validating path"); parameters.Path = ctx.Request.Uri.AbsolutePath; } var queryParamsToValidate = GetQueryParamsToValidate(ctx.Request.Query, popValues.QueryParameters?.Keys); foreach (var item in queryParamsToValidate) { logger.WriteVerbose("Validating query string parameter: " + item.Key); parameters.QueryParameters.Add(item); } var headersToValidate = GetRequestHeadersToValidate(ctx.Request.Headers, popValues.RequestHeaders?.Keys); foreach (var item in headersToValidate) { logger.WriteVerbose("Validating request header: " + item.Key); parameters.RequestHeaders.Add(item); } if (ValidateBody) { logger.WriteVerbose("Validating body"); parameters.Body = await ReadBodyAsync(ctx.Request); } return(parameters.Encode()); }
public void encode_should_capture_path() { var subject = new EncodingParameters("token"); subject.Path = "/path"; var result = subject.Encode(); result.Path.Should().Be("/path"); }
public void encode_should_capture_host() { var subject = new EncodingParameters("token"); subject.Host = "foo.com"; var result = subject.Encode(); result.Host.Should().Be("foo.com"); }
public void encode_should_capture_method() { var subject = new EncodingParameters("token"); subject.Method = HttpMethod.Put; var result = subject.Encode(); result.Method.Should().Be("PUT"); }
public void encode_should_capture_body() { var subject = new EncodingParameters("token"); subject.Body = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; var result = subject.Encode(); result.BodyHash.Should().Be("vnPfBFvKBXMv9S6m1FMSeSi1VLnnmqYXGr4xk9ImCp8"); }
public void encode_should_capture_query() { var subject = new EncodingParameters("token"); subject.QueryParameters.Add(new KeyValuePair <string, string>("foo", "bar1")); subject.QueryParameters.Add(new KeyValuePair <string, string>("foo", "bar2")); var result = subject.Encode(); result.QueryParameters.Should().NotBeNull(); result.QueryParameters.Keys.Should().ContainInOrder(new string[] { "foo", "foo" }); result.QueryParameters.HashedValue.Should().Be("EgePUeakH8URmSH3yz8zE39c0r4kYVYsuQRSZa_MdvQ"); }
public void encode_should_capture_headers() { var subject = new EncodingParameters("token"); subject.RequestHeaders.Add(new KeyValuePair <string, string>("foo", "bar1")); subject.RequestHeaders.Add(new KeyValuePair <string, string>("foo", "bar2")); var result = subject.Encode(); result.RequestHeaders.Should().NotBeNull(); result.RequestHeaders.Keys.Should().ContainInOrder(new string[] { "foo", "foo" }); result.RequestHeaders.HashedValue.Should().Be("trcKLrzChz2G8_T50KpExyZ9DTfcsMTXsGGd3YwftLc"); }
public void encode_should_capture_access_token_and_timestamp() { var subject = new EncodingParameters("token"); subject.AccessToken.Should().Be("token"); var now = DateTimeOffset.UtcNow; subject.TimeStamp = now; var result = subject.Encode(); result.AccessToken.Should().Be("token"); result.TimeStamp.Should().Be(now.ToEpochTime()); result.Method.Should().BeNull(); result.Host.Should().BeNull(); result.Path.Should().BeNull(); result.QueryParameters.Should().BeNull(); result.RequestHeaders.Should().BeNull(); result.BodyHash.Should().BeNull(); }