public async Task WhenEncryptionKeyIsNullOrEmpty_DoesNotEncryptHMACSecretInDatabase(string nullOrEmpty)
{
using (var sut = new SqlServerClientStore(new SqlServerClientStoreSettings {
ConnectionString = _connectionString,
SharedSecretEncryptionKey = nullOrEmpty
},
new SignatureAlgorithmConverter(new FakeStringProtectorFactory()))) {
var hmac = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA384);
var client = new Client(
"c1",
"app one",
hmac,
TimeSpan.FromMinutes(1),
TimeSpan.FromMinutes(2),
RequestTargetEscaping.RFC2396,
new Claim("company", "Dalion"),
new Claim("scope", "HttpMessageSigning"));
await sut.Register(client);
var loaded = await LoadFromDb(client.Id);
loaded.SigParameter.Should().NotBeNullOrEmpty();
var unencryptedKey = Encoding.UTF8.GetString(hmac.Key);
loaded.SigParameter.Should().Be(unencryptedKey);
loaded.IsSigParameterEncrypted.Should().BeFalse();
}
}
/// <summary>Configures HTTP message signature verification to use a SQL Server <see cref="IClientStore"/>.</summary>
/// <param name="builder">The <see cref="IHttpMessageSigningVerificationBuilder" /> that is used to configure verification.</param>
/// <param name="clientStoreSettingsFactory">The factory that creates the settings for the SQL Server connection.</param>
/// <returns>The <see cref="IHttpMessageSigningVerificationBuilder" /> that can be used to continue configuring the verification settings.</returns>
public static IHttpMessageSigningVerificationBuilder UseSqlServerClientStore(
this IHttpMessageSigningVerificationBuilder builder,
Func <IServiceProvider, SqlServerClientStoreSettings> clientStoreSettingsFactory)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (clientStoreSettingsFactory == null)
{
throw new ArgumentNullException(nameof(clientStoreSettingsFactory));
}
builder.Services
.AddMemoryCache()
.AddSingleton <ISignatureAlgorithmConverter, SignatureAlgorithmConverter>()
.AddSingleton(prov => {
var settings = clientStoreSettingsFactory(prov);
if (settings == null)
{
throw new ValidationException($"Invalid {nameof(SqlServerClientStoreSettings)} were specified.");
}
settings.Validate();
return(settings);
});
return(builder
// The actual store
.UseClientStore(prov => {
var sqlSettings = prov.GetRequiredService <SqlServerClientStoreSettings>();
var decorator = prov.GetRequiredService <ICachingClientStoreDecorator>();
var store = new SqlServerClientStore(sqlSettings, prov.GetRequiredService <ISignatureAlgorithmConverter>());
return decorator.DecorateWithCaching(store, sqlSettings.ClientCacheEntryExpiration);
}));
}
public SqlServerClientStoreTests(SqlServerFixture fixture)
: base(fixture)
{
_sut = new SqlServerClientStore(
new SqlServerClientStoreSettings {
ConnectionString = fixture.SqlServerConfig.GetConnectionStringForTestDatabase()
},
new SignatureAlgorithmConverter(new FakeStringProtectorFactory()));
_connectionString = fixture.SqlServerConfig.GetConnectionStringForTestDatabase();
}
