public void StartNewSession_reports_failure_reason()
{
var flow = new RestFlow().Post("} invalid json {");
Exceptions.AssertThrowsInternalError(() => Client.StartNewSession(TestData.ClientInfo, flow),
"Invalid or unexpected response");
}
public void StartNewSession_throws_on_invalid_json()
{
var flow = new RestFlow().Post("{'reason': 'deprecated'}", HttpStatusCode.Forbidden);
Exceptions.AssertThrowsInternalError(() => Client.StartNewSession(TestData.ClientInfo, flow),
"The server responded with the failure reason: 'deprecated'");
}
public void Logout_throws_on_not_HTTP_OK()
{
var rest = new RestFlow()
.Post("", HttpStatusCode.NotFound);
Exceptions.AssertThrowsInternalError(() => Client.Logout(Session, rest), "404");
}
public void DecryptJson_throws_on_bad_schema()
{
// We need to use a type here with some required properties that are missing in the encrypted data
Exceptions.AssertThrowsInternalError(
() => Vault.DecryptJson <M.Item>(EncryptedItemOverview, ItemOverviewKey),
"JSON: Invalid JSON schema for Item");
}
public void ExtractDuoPasscodeFromDuoResponse_throws_on_invalid_response(string response)
{
var xml = XDocument.Parse(response);
Exceptions.AssertThrowsInternalError(() => Client.ExtractDuoPasscodeFromDuoResponse(xml),
"Invalid response");
}
public void GetS3Token_throws_on_non_zero_status()
{
var flow = new RestFlow().Post(ResponseWithError);
Exceptions.AssertThrowsInternalError(() => Client.GetS3Token(Username, Token, DeviceId, Timestamp, flow),
"Failed to retrieve the S3 token");
}
public void ValidateOtpInfo_throws_on_invalid_value()
{
var otp = new Util.OtpInfo(version: 3,
otpAlgorithm: 1,
otpLength: 0,
hashAlgorithm: 2,
timeStep: 30,
startTime: 0,
suite: "OCRA-1:HOTP-SHA256-0:QA08".ToBytes(),
hmacSeed: "6JF8i2kJM6S+rRl9Xb4aC8/zdoX1KtMF865ptl9xCv0=".Decode64(),
iptmk: "HBZNmlRMifj3dSz8nBzOsro7T4sfwVGJ0VpmQnYCVO4=".Decode64());
Action <string, object, string> check = (name, value, contains) =>
{
// This is a bit ugly but gets the job done.
// We clone the valid object and modify one field to something invalid.
var clone = (Util.OtpInfo)otp.GetType()
.GetMethod("MemberwiseClone", BindingFlags.NonPublic | BindingFlags.Instance)
.Invoke(otp, null);
clone.GetType().GetField(name).SetValue(clone, value);
Exceptions.AssertThrowsInternalError(() => Util.ValidateOtpInfo(clone), contains);
};
// Doesn't throw
Util.ValidateOtpInfo(otp);
check("Version", 13, "version");
check("OtpAlgorithm", 13, "algorithm");
check("OtpLength", 13, "length");
check("HashAlgorithm", 13, "hash");
check("Suite", "invalid suite".ToBytes(), "suite");
check("HmacSeed", "invalid hmac seed".ToBytes(), "HMAC length");
check("Iptmk", "invalid iptmk".ToBytes(), "IPTMK length");
}
public void StartNewSession_throws_on_unknown_status()
{
var flow = new RestFlow().Get("{'status': 'unknown', 'sessionID': 'blah'}");
Exceptions.AssertThrowsInternalError(() => Client.StartNewSession(TestData.ClientInfo, flow),
"Failed to start a new session, unsupported response status");
}
public void StartNewSession_throws_on_invalid_json()
{
var flow = new RestFlow().Get("} invalid json {");
Exceptions.AssertThrowsInternalError(() => Client.StartNewSession(TestData.ClientInfo, flow),
"Invalid or unexpected response");
}
public void ReauthorizeDevice_throws_on_error()
{
var flow = new RestFlow().Put("{'success': 0}");
Exceptions.AssertThrowsInternalError(() => Client.ReauthorizeDevice(TestData.ClientInfo, flow),
"Failed to reauthorize the device");
}
public void ProcessBytes_throws_on_invalid_output_buffer_size_offset(int bufferSize, int offset, int size)
{
Exceptions.AssertThrowsInternalError(
() => new ChaCha20(new byte[32], new byte[12])
.ProcessBytes(new byte[size], 0, size, new byte[bufferSize], offset),
"Output buffer is too short");
}
public void Stream_ReadExact_with_range_throws_on_too_short_buffer(int start, int size)
{
var s = new MemoryStream(new byte[10], writable: false);
var b = new byte[5];
Exceptions.AssertThrowsInternalError(() => s.ReadExact(b, start, size), "The buffer is too small");
}
public void ChooseInteractiveSecondFactor_throws_on_missing_factors()
{
var factors = new[] { new Client.SecondFactor(Client.SecondFactorKind.RememberMeToken) };
Exceptions.AssertThrowsInternalError(() => Client.ChooseInteractiveSecondFactor(factors),
"doesn't contain any supported methods");
}
public void ConvertRecoveryWordsToRecoveryKey_throws_on_invalid_word()
{
var words = RecoveryWords.Take(11).Append("blah-blah").ToArray();
Exceptions.AssertThrowsInternalError(() => Util.ConvertRecoveryWordsToRecoveryKey(words),
"Recovery word 'blah-blah' is invalid");
}
public void RequestToken_throws_on_missing_cookie()
{
var flow = new RestFlow().Get("");
Exceptions.AssertThrowsInternalError(() => Client.RequestToken(flow),
"cookie is not set by the server");
}
public void DownloadDb_throws_on_invalid_deflated_content()
{
var flow = new RestFlow().Get("Not really deflated".ToBytes());
Exceptions.AssertThrowsInternalError(() => Client.DownloadDb(Version, S3Token, flow),
"Failed to decompress the database");
}
public void GetBlob_throws_on_not_HTTP_OK()
{
var rest = new RestFlow()
.Get("".ToBytes(), HttpStatusCode.NotFound);
Exceptions.AssertThrowsInternalError(() => Client.GetBlob(Session, rest), "404");
}
public void GetSharedFolderList_throws_on_not_HTTP_OK()
{
var rest = new RestFlow()
.Get("", HttpStatusCode.NotFound);
Exceptions.AssertThrowsInternalError(() => Client.GetSharedFolderList(Session, rest), "404");
}
private void RegisterDeviceWithToken_throws_on_invalid_response()
{
var rest = new RestFlow().Post("NOT A GREAT SUCCESS");
Exceptions.AssertThrowsInternalError(
() => Remote.RegisterDeviceWithToken(Username, Uki, DeviceName, Token, rest));
}
private void Fetch_throws_on_invalid_json_in_response(string response)
{
var rest = new RestFlow().Post(response);
var e = Exceptions.AssertThrowsInternalError(() => Remote.Fetch(Username, Uki, rest));
Assert.StartsWith("Invalid JSON in response", e.Message);
}
private static void VerifyThrowsInvalidFormat(CipherMode mode,
byte[] iv,
byte[] ciphertext,
byte[] mac,
string expectedMessage)
{
Exceptions.AssertThrowsInternalError(() => new CipherString(mode, iv, ciphertext, mac), expectedMessage);
}
public void Decrypt_throws_on_mismatching_tag()
{
var blob = TestBlob.Decode64();
blob[blob.Length - 1] += 1;
Exceptions.AssertThrowsInternalError(() => Opdata01.Decrypt(blob, TestKey), "tag doesn't match");
}
public void Decrypt_throws_on_invalid_signature()
{
var blob = TestBlob.Decode64();
blob[0] += 1;
Exceptions.AssertThrowsInternalError(() => Opdata01.Decrypt(blob, TestKey), "invalid signature");
}
public void ParseVault_throws_on_truncated_blob(int cut)
{
Exceptions.AssertThrowsInternalError(
() => Client.ParseVault(TestData.Blob.Sub(0, TestData.Blob.Length - cut),
TestData.EncryptionKey,
TestData.PrivateKey),
"Blob is truncated or corrupted");
}
[InlineData("{}")] // Missing properties
public void GetSharedFolderList_throws_on_invalid_json(string response)
{
var rest = new RestFlow()
.Get(response);
Exceptions.AssertThrowsInternalError(() => Client.GetSharedFolderList(Session, rest),
"JSON deserialization error");
}
public void RequestUserInfo_throws_on_unknown_error()
{
var flow = new RestFlow()
.Post(GetFixture("lookup-unknown-error-response"));
Exceptions.AssertThrowsInternalError(() => Client.RequestUserInfo(Username, OAuthCookieValue, "com", flow),
"Unexpected response: message: 'Unknown error', status code: '600/");
}
public void GetErrorAttribute_throws_when_attribute_is_not_present()
{
var xml = XDocument.Parse("<response><error blah='blah-blah' /></response>");
Exceptions.AssertThrowsInternalError(
() => Client.GetErrorAttribute(xml, "poof"),
"Unknown response schema: attribute 'poof' is missing");
}
public void RequestIterationCount_throws_on_invalid_response(string response)
{
var flow = new RestFlow().Post(response);
Exceptions.AssertThrowsInternalError(
() => Client.RequestIterationCount(Username, flow),
"Request iteration count failed: unexpected response");
}
public void Generate_throws_on_negative_byteCount()
{
foreach (var generate in Generators)
{
Exceptions.AssertThrowsInternalError(() => generate("password".ToBytes(), "salt".ToBytes(), 1, -1),
"Byte count should be nonnegative");
}
}
public void Decrypt_throws_on_modified_ciphertext(TestCase tc)
{
// Change the first byte of the ciphertext
var modified = Modified(tc.CiphertextWithTag, 0);
Exceptions.AssertThrowsInternalError(() => AesGcm.Decrypt(tc.Key, modified, tc.Iv, tc.AuthData),
"auth tag");
}
