public async Task EncryptsHMACSecretInFile()
            {
                var hmac   = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA384);
                var client = new Client(
                    "c1",
                    "app one",
                    hmac,
                    TimeSpan.FromMinutes(1),
                    TimeSpan.FromMinutes(2),
                    RequestTargetEscaping.RFC2396,
                    new Claim("company", "Dalion"),
                    new Claim("scope", "HttpMessageSigning"));
                await _sut.Register(client);

                var dataRecords = await _fileManager.Read();

                var loaded = dataRecords.Single(r => r.Id == client.Id);

                loaded.SigAlg.Param.Should().NotBeNullOrEmpty();
                var unencryptedKey = Encoding.UTF8.GetString(hmac.Key);
                var encryptedKey   = new FakeStringProtector().Protect(unencryptedKey);

                loaded.SigAlg.Param.Should().Be($"<Secret>{encryptedKey}</Secret>");
                loaded.SigAlg.Encrypted.Should().BeTrue();
            }
Exemple #2
0
        public SignatureAlgorithmDataRecordConverterTests()
        {
            FakeFactory.Create(out _stringProtectorFactory);
            _sut = new SignatureAlgorithmDataRecordConverter(_stringProtectorFactory);

            _stringProtector = new FakeStringProtector();
            A.CallTo(() => _stringProtectorFactory.CreateSymmetric(A <string> ._))
            .Returns(_stringProtector);
        }
Exemple #3
0
 public void GivenHMACAlgorithm_ReturnsExpectedDataRecord()
 {
     using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
         var actual       = _sut.FromSignatureAlgorithm(hmac, _encryptionKey);
         var encryptedKey = new FakeStringProtector().Protect(_unencryptedKey);
         var expected     = new SignatureAlgorithmDataRecord {
             Type      = "HMAC",
             Hash      = HashAlgorithmName.SHA384.Name,
             Encrypted = true,
             Param     = $"<Secret>{encryptedKey}</Secret>"
         };
         actual.Should().BeEquivalentTo(expected);
     }
 }