public void TryValidate_Should_Return_True_And_Exception_Null_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(string.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeTrue("because the token should have been validated"); ex.Should() .BeNull("because a valid token verified should not raise any exception"); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = JwtValidator.GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = JwtValidator.GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(JwtValidator.GetBytes("ABC"), bytesToSign); signatureData[0]++; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); Assert.False(isValid); Assert.NotNull(ex); }
public void TryValidate_Should_Return_True_And_Exception_Null_When_Token_Is_Not_Yet_Usable_But_Validator_Has_Time_Margin() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new StaticDateTimeProvider(DateTimeOffset.FromUnixTimeSeconds(TestData.TokenTimestamp - 1)); var jwt = new JwtParts(TestData.TokenWithNbf); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider, timeMargin: 1); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeTrue("because token should be valid"); ex.Should() .BeNull("because valid token should not throw exception"); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Token_Is_Expired() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new StaticDateTimeProvider(DateTimeOffset.FromUnixTimeSeconds(TestData.TokenTimestamp)); var jwt = new JwtParts(TestData.TokenWithExp); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeFalse("because token should be invalid"); ex.Should() .NotBeNull("because invalid token should thrown exception"); ex.Should() .BeOfType(typeof(TokenExpiredException), "because expired token should thrown TokenExpiredException"); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Signature_Is_Not_Valid() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); ++signatureData[0]; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeFalse("because token should be invalid"); ex.Should() .NotBeNull("because invalid token should thrown exception"); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Argument_Is_Null_Or_Empty(string payloadJson, string decodedCrypto, string decodedSignature) { var jwtValidator = new JwtValidator(null, null); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); Assert.False(isValid); Assert.NotNull(ex); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Argument_Is_Null_Or_Empty(string payloadJson, string decodedCrypto, string decodedSignature) { var jwtValidator = new JwtValidator(null, null); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeFalse("because the token should not have been validated"); ex.Should() .NotBeNull("because an exception should have been thrown during the process"); }