public override SignatureVerificationFailure VerifySync(HttpRequestForSigning signedRequest, Signature signature, Client client)
{
var expires = signature.Created.HasValue && signature.Expires.HasValue
? signature.Expires.Value - signature.Created.Value
: new TimeSpan?();
var signingString = _signingStringComposer.Compose(
signedRequest,
signature.Headers,
signature.Created,
expires,
signature.Nonce);
_logger?.LogDebug("Composed the following signing string for request verification: {0}", signingString);
byte[] receivedSignature;
try {
receivedSignature = _base64Converter.FromBase64(signature.String);
}
catch (FormatException ex) {
return(SignatureVerificationFailure.InvalidSignatureString(ex.Message, ex));
}
var isValidSignature = client.SignatureAlgorithm.VerifySignature(signingString, receivedSignature);
_logger?.LogDebug("The verification of the signature {0}.", isValidSignature ? "succeeded" : "failed");
if (!isValidSignature)
{
return(SignatureVerificationFailure.InvalidSignatureString("The signature string does not match the expected value."));
}
return(null);
}
public override SignatureVerificationFailure VerifySync(HttpRequestForVerification signedRequest, Signature signature, Client client)
{
var compositionRequest = _stringCompositionRequestFactory.CreateForVerification(signedRequest, client, signature);
var signingString = _signingStringComposer.Compose(compositionRequest);
_logger?.LogDebug("Composed the following signing string for request verification: {0}", signingString);
byte[] receivedSignature;
try {
receivedSignature = _base64Converter.FromBase64(signature.String);
}
catch (FormatException ex) {
return(SignatureVerificationFailure.InvalidSignatureString(ex.Message, ex));
}
var isValidSignature = client.SignatureAlgorithm.VerifySignature(signingString, receivedSignature);
_logger?.LogDebug("The verification of the signature {0}.", isValidSignature ? "succeeded" : "failed");
if (!isValidSignature)
{
return(SignatureVerificationFailure.InvalidSignatureString("The signature string does not match the expected value."));
}
return(null);
}
public async Task WhenVerificationFails_ReturnsFailureResult()
{
A.CallTo(() => _signatureParser.Parse(_httpRequest, _options))
.Returns(_signature);
var client = new Client(_signature.KeyId, "Unit test app", new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA256), TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(1));
A.CallTo(() => _clientStore.Get(_signature.KeyId))
.Returns(client);
var verificationResultCreator = A.Fake <IVerificationResultCreator>();
A.CallTo(() => _verificationResultCreatorFactory.Create(client, _signature))
.Returns(verificationResultCreator);
var failure = SignatureVerificationFailure.InvalidSignatureString("Invalid signature.", null);
A.CallTo(() => _signatureVerifier.VerifySignature(A <HttpRequestForSigning> ._, A <Signature> ._, A <Client> ._))
.Returns(failure);
A.CallTo(() => verificationResultCreator.CreateForFailure(failure))
.Returns(new RequestSignatureVerificationResultFailure(client, _signature, failure));
var actual = await _sut.VerifySignature(_httpRequest, _options);
actual.Should().BeAssignableTo <RequestSignatureVerificationResultFailure>();
actual.As <RequestSignatureVerificationResultFailure>().IsSuccess.Should().BeFalse();
actual.As <RequestSignatureVerificationResultFailure>().Failure.Should().Be(failure);
}
public async Task WhenVerificationFails_InvokesConfiguredCallback()
{
_httpRequest.Headers["Authorization"] = "tests-scheme abc123";
var cause = SignatureVerificationFailure.InvalidSignatureString("Invalid signature");
var failureResult = new RequestSignatureVerificationResultFailure(
new Client(
"app1",
"Unit test app",
new CustomSignatureAlgorithm("test"),
TimeSpan.FromMinutes(1),
TimeSpan.FromMinutes(1),
RequestTargetEscaping.RFC3986),
new HttpRequestForVerification(),
cause);
A.CallTo(() => _requestSignatureVerifier.VerifySignature(_httpRequest, _options))
.Returns(failureResult);
RequestSignatureVerificationResult resultFromCallback = null;
_options.OnIdentityVerificationFailed = (request, failure) => {
resultFromCallback = failure;
return(Task.CompletedTask);
};
await _sut.DoAuthenticate();
resultFromCallback.Should().Be(failureResult);
}
public async Task WhenVerificationFails_ReturnsFailureResult()
{
_httpRequest.Headers["Authorization"] = "tests-scheme abc123";
var cause = SignatureVerificationFailure.InvalidSignatureString("Invalid signature");
A.CallTo(() => _requestSignatureVerifier.VerifySignature(_httpRequest, _options))
.Returns(new RequestSignatureVerificationResultFailure(
new Client("app1", "Unit test app", new CustomSignatureAlgorithm("test"), TimeSpan.FromMinutes(1)),
new Signature(),
cause));
var actual = await _sut.DoAuthenticate();
actual.Succeeded.Should().BeFalse();
actual.Failure.Should().BeAssignableTo <SignatureVerificationException>();
actual.Failure.Message.Should().Be(cause.ToString());
}