public async Task EncryptsHMACSecretInFile()
{
var hmac = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA384);
var client = new Client(
"c1",
"app one",
hmac,
TimeSpan.FromMinutes(1),
TimeSpan.FromMinutes(2),
RequestTargetEscaping.RFC2396,
new Claim("company", "Dalion"),
new Claim("scope", "HttpMessageSigning"));
await _sut.Register(client);
var dataRecords = await _fileManager.Read();
var loaded = dataRecords.Single(r => r.Id == client.Id);
loaded.SigAlg.Param.Should().NotBeNullOrEmpty();
var unencryptedKey = Encoding.UTF8.GetString(hmac.Key);
var encryptedKey = new FakeStringProtector().Protect(unencryptedKey);
loaded.SigAlg.Param.Should().Be($"<Secret>{encryptedKey}</Secret>");
loaded.SigAlg.Encrypted.Should().BeTrue();
}
public SignatureAlgorithmDataRecordConverterTests()
{
FakeFactory.Create(out _stringProtectorFactory);
_sut = new SignatureAlgorithmDataRecordConverter(_stringProtectorFactory);
_stringProtector = new FakeStringProtector();
A.CallTo(() => _stringProtectorFactory.CreateSymmetric(A <string> ._))
.Returns(_stringProtector);
}
public void GivenHMACAlgorithm_ReturnsExpectedDataRecord()
{
using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
var actual = _sut.FromSignatureAlgorithm(hmac, _encryptionKey);
var encryptedKey = new FakeStringProtector().Protect(_unencryptedKey);
var expected = new SignatureAlgorithmDataRecord {
Type = "HMAC",
Hash = HashAlgorithmName.SHA384.Name,
Encrypted = true,
Param = $"<Secret>{encryptedKey}</Secret>"
};
actual.Should().BeEquivalentTo(expected);
}
}
