Example #1
0
        public void Can_verify_signature_with_multiple_signed_headers()
        {
            var uri    = new Uri("https://intelliflo.com");
            var method = "POST";
            var body   = "hey";

            var unsignedRequest = SignatureRequest.CreateSignRequest(uri, time, appId, secret, method, body);

            unsignedRequest.Headers.Add("Content-Type", "text/plain");
            unsignedRequest.Headers.Add("Accept", "text/plain");
            unsignedRequest.SignedHeaders.Clear();
            foreach (var key in unsignedRequest.Headers.Keys)
            {
                unsignedRequest.SignedHeaders.Add(key);
            }

            var signedUrl = underTest.Sign(unsignedRequest);

            var signedRequest = SignatureRequest.CreateVerificationRequest(signedUrl, time.AddSeconds(1), secret, method, 60, body, unsignedRequest.Headers);

            signedRequest.SignedHeaders.Clear();

            foreach (var header in unsignedRequest.SignedHeaders)
            {
                signedRequest.SignedHeaders.Add(header);
            }

            underTest.Verify(signedRequest).Should().BeTrue();
        }
Example #2
0
        public void CreateSignRequest_With_Default_Parameters_Should_Create_Expected_Request()
        {
            var actual = SignatureRequest.CreateSignRequest(
                new Uri("http://google.com?q=dragon"),
                new DateTime(2013, 5, 23, 10, 11, 13, DateTimeKind.Utc),
                "credential1",
                "secret1");


            actual.Should().BeEquivalentTo(
                new SignatureRequest
            {
                Algorithm = "IO2-HMAC-SHA256",
                Body      = null,
                Headers   = new Dictionary <string, string>
                {
                    ["Host"] = "google.com"
                },
                Credential    = "credential1",
                CurrentTime   = DateTime.MinValue,
                Url           = new Uri("http://google.com?q=dragon"),
                Method        = "GET",
                ExpirySeconds = 60,
                SignedHeaders = new List <string>
                {
                    "Host"
                },
                Timestamp = new DateTime(2013, 5, 23, 10, 11, 13, DateTimeKind.Utc),
                Secret    = "secret1",
                Signature = null
            });
        }
Example #3
0
        public static IEnumerable <object[]> CreateTestCases()
        {
            yield return(new object[]
            {
                SignatureRequest.CreateSignRequest(
                    new Uri(
                        "http://development.matrix.local.co.uk/Pages/Account/IOAppInstall.aspx?event=before_appinstall&ioUserID=81960&ioAppID=fbd9844&ioReturnUrl=https://uat-apps.intelligent-office.net/preview-apps/fbd9844/install/preview?token=fbd9844-1518435999701"),
                    new DateTime(2018, 2, 22, 11, 46, 39, DateTimeKind.Utc),
                    "xxx",
                    "fbd9844",
                    "GET",
                    null,
                    900),
                "http://development.matrix.local.co.uk/Pages/Account/IOAppInstall.aspx?event=before_appinstall&ioUserID=81960&ioAppID=fbd9844&ioReturnUrl=https://uat-apps.intelligent-office.net/preview-apps/fbd9844/install/preview?token=fbd9844-1518435999701&x-iflo-Algorithm=IO2-HMAC-SHA256&x-iflo-Credential=xxx&x-iflo-Date=20180222T114639Z&x-iflo-SignedHeaders=host&x-iflo-Signature=52ca5b4b18373eb2d255eb9ee68bc8968a0ace9d69b8870c4aed37dd1bc2e7c3"
            });

            yield return(new object[]
            {
                SignatureRequest.CreateSignRequest(
                    new Uri(
                        "http://development.matrix.local.co.uk/Pages/Account/IOAppInstall.aspx?event=before_appinstall&ioUserID=81960&ioAppID=fbd9844&ioReturnUrl=https%3A%2F%2Fuat-apps.intelligent-office.net%2Fpreview-apps%2Ffbd9844%2Finstall%2Fpreview%3Ftoken%3Dfbd9844-1518435999701"),
                    new DateTime(2019, 2, 22, 11, 46, 39, DateTimeKind.Utc),
                    "aaa",
                    "fbd9844"),
                "http://development.matrix.local.co.uk/Pages/Account/IOAppInstall.aspx?event=before_appinstall&ioUserID=81960&ioAppID=fbd9844&ioReturnUrl=https:%2F%2Fuat-apps.intelligent-office.net%2Fpreview-apps%2Ffbd9844%2Finstall%2Fpreview%3Ftoken%3Dfbd9844-1518435999701&x-iflo-Algorithm=IO2-HMAC-SHA256&x-iflo-Credential=aaa&x-iflo-Date=20190222T114639Z&x-iflo-SignedHeaders=host&x-iflo-Signature=1e8504d60c37391426e233818b9f2cd7dde4f2bd6e3719609103d09d28f30db6"
            });

            yield return(new object[]
            {
                SignatureRequest.CreateSignRequest(
                    new Uri(
                        "http://dragon.local.co.uk/Pages/Account/IOAppInstall.aspx?event=before_appinstall&ioUserID=81960&ioAppID=fbd9844&ioReturnUrl=https://uat-apps.intelligent-office.net/preview-apps/fbd9844/install/preview?token=fbd9844-1518435999701"),
                    new DateTime(2018, 2, 22, 11, 46, 39, DateTimeKind.Utc),
                    "xxx",
                    "fbd9844",
                    "GET",
                    null,
                    900),
                "http://dragon.local.co.uk/Pages/Account/IOAppInstall.aspx?event=before_appinstall&ioUserID=81960&ioAppID=fbd9844&ioReturnUrl=https://uat-apps.intelligent-office.net/preview-apps/fbd9844/install/preview?token=fbd9844-1518435999701&x-iflo-Algorithm=IO2-HMAC-SHA256&x-iflo-Credential=xxx&x-iflo-Date=20180222T114639Z&x-iflo-SignedHeaders=host&x-iflo-Signature=8cc267d46588af28dab6404eaa0e92986895ea21d3a369f3496634b92ad1921a"
            });

            yield return(new object[]
            {
                SignatureRequest.CreateSignRequest(
                    new Uri(
                        "https://developer.intelliflo.com/docs/Pre-SignedURLs?x=y&foo=bar"),
                    new DateTime(2018, 2, 22, 11, 46, 39, DateTimeKind.Utc),
                    "myCredential",
                    "mySecret",
                    "GET",
                    null,
                    900),
                "https://developer.intelliflo.com/docs/Pre-SignedURLs?x=y&foo=bar&x-iflo-Algorithm=IO2-HMAC-SHA256&x-iflo-Credential=myCredential&x-iflo-Date=20180222T114639Z&x-iflo-SignedHeaders=host&x-iflo-Signature=7664790e62b988b01ebff76716cd5c6c651cc6b0ba350c7b6be29278f347a77e"
            });
        }
Example #4
0
        public void Verify_When_v2_Algorithm_User_Should_Return_True(string url, string method, string body, int futureSeconds)
        {
            var uri = new Uri(url);

            var unsignedRequest = SignatureRequest.CreateSignRequest(uri, time, appId, secret, method, body, algorithm: "IO2-HMAC-SHA256");

            var signedUrl = underTest.Sign(unsignedRequest);

            var signedRequest = SignatureRequest.CreateVerificationRequest(signedUrl, time.AddSeconds(futureSeconds), secret, method, 60, body);

            underTest.Verify(signedRequest).Should().BeTrue();
        }
Example #5
0
        public void Cannot_verify_signature(string url, string method, string body, string testSecret, int futureSeconds)
        {
            var uri = new Uri(First(url));

            var unsignedRequest = SignatureRequest.CreateSignRequest(uri, time, appId, First(testSecret), First(method), First(body));

            var signedUrl = underTest.Sign(unsignedRequest);

            signedUrl = new Uri(signedUrl.AbsoluteUri.Replace(First(url), Second(url)));

            var signedRequest = SignatureRequest.CreateVerificationRequest(signedUrl, time.AddSeconds(futureSeconds), testSecret, Second(method), 60, Second(body));

            underTest.Verify(signedRequest).Should().BeFalse();
        }