public void ShouldAuthenticate()
{
// Arrange
IHmacConfiguration configuration = CreateConfiguration();
IRestSharpHmacSigner signer = new RestSharpHmacSigner(configuration, _keyRepository);
HmacAuthenticator authenticator = new HmacAuthenticator(configuration, signer);
IRestClient client = CreateClient();
IRestRequest request = CreateRequest(configuration);
// Act
authenticator.Authenticate(client, request);
Parameter contentMd5Param = request.Parameters.FirstOrDefault(p => p.Name == "Content-MD5");
Parameter authorizationParam = request.Parameters.FirstOrDefault(p => p.Name == "Authorization");
Parameter dateParam = request.Parameters.FirstOrDefault(p => p.Name == "Date");
string dateString = dateParam != null ? dateParam.Value as string ?? string.Empty : string.Empty;
DateTimeOffset parsedDate;
bool isValidDate = DateTimeOffset.TryParseExact(dateString, "ddd, dd MMM yyyy HH:mm:ss G\\MT", _dateHeaderCulture, DateTimeStyles.AssumeUniversal, out parsedDate);
HmacSignatureData signatureData = signer.GetSignatureDataFromRestRequest(client, request);
string signature = signer.CreateSignature(signatureData);
// Assert
Assert.IsNotNull(contentMd5Param);
Assert.AreEqual(ParameterType.HttpHeader, contentMd5Param.Type);
Assert.AreEqual(_base64Md5Hash, contentMd5Param.Value);
Assert.IsNotNull(authorizationParam);
Assert.AreEqual(ParameterType.HttpHeader, authorizationParam.Type);
Assert.IsNotNull(authorizationParam.Value);
Assert.IsInstanceOfType(authorizationParam.Value, typeof(string));
Assert.AreEqual((string)authorizationParam.Value, "HMAC " + signature);
Assert.IsNotNull(dateParam);
Assert.AreEqual(ParameterType.HttpHeader, dateParam.Type);
Assert.IsNotNull(dateParam.Value);
Assert.IsTrue(isValidDate);
}
public async Task HmacNotPresent()
{
// Arrange
var validator = new Mock <ISignatureValidator>();
var provider = new ClientIdRequestClaimsProvider("name");
var authenticator = new HmacAuthenticator(validator.Object, provider, "name", "role");
var message = new HttpRequestMessage();
message.Headers.Add(HmacAuthentication.ClientIdHeader, "test");
validator.Setup(x => x.IsValid(It.IsAny <HttpRequestMessage>())).ReturnsAsync(false);
// Act
var candidate = await authenticator.Authenticate(message);
// Assert
Assert.That(candidate, Is.Null);
}
public async Task ValidSignature()
{
// Arrange
var validator = new Mock <ISignatureValidator>();
var provider = new ClientIdRequestClaimsProvider("name");
var authenticator = new HmacAuthenticator(validator.Object, provider, "name", "role");
var message = new HttpRequestMessage();
message.Headers.Add(HmacAuthentication.ClientIdHeader, "test");
validator.Setup(x => x.IsValid(It.IsAny <HttpRequestMessage>())).ReturnsAsync(true);
// Act
var candidate = await authenticator.Authenticate(message);
// Assert
Assert.That(candidate, Is.Not.Null);
Assert.That(candidate.IsAuthenticated, Is.EqualTo(true));
Assert.That(candidate.AuthenticationType, Is.EqualTo(HmacAuthentication.AuthenticationScheme));
Assert.That(candidate.Name, Is.EqualTo("test"));
}