public async Task ValidateClientCredentialsAsync_DelegatesToApplicationManager()
{
// Arrange
var options = new IdentityServiceOptions();
var store = new Mock <IApplicationStore <IdentityServiceApplication> >();
store.Setup(s => s.FindByClientIdAsync(It.IsAny <string>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(new IdentityServiceApplication());
store.As <IApplicationClientSecretStore <IdentityServiceApplication> >()
.Setup(s => s.HasClientSecretAsync(It.IsAny <IdentityServiceApplication>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(false);
var manager = new ApplicationManager <IdentityServiceApplication>(
Options.Create(new ApplicationOptions()),
store.Object,
Mock.Of <IPasswordHasher <IdentityServiceApplication> >(),
Array.Empty <IApplicationValidator <IdentityServiceApplication> >(),
Mock.Of <ILogger <ApplicationManager <IdentityServiceApplication> > >(),
new ApplicationErrorDescriber());
var clientValidator = new ClientApplicationValidator <IdentityServiceApplication>(
Options.Create(options),
GetSessionManager(),
manager,
new ProtocolErrorProvider());
// Act
var validation = await clientValidator.ValidateClientCredentialsAsync("clientId", null);
// Assert
Assert.True(validation);
}
private static IOptionsSnapshot <IdentityServiceOptions> CreateOptions()
{
var identityServiceOptions = new IdentityServiceOptions();
var optionsSetup = new IdentityServiceOptionsDefaultSetup();
optionsSetup.Configure(identityServiceOptions);
SigningCredentials signingCredentials = new SigningCredentials(CryptoUtilities.CreateTestKey(), "RS256");
identityServiceOptions.SigningKeys.Add(signingCredentials);
identityServiceOptions.Issuer = "http://server.example.com";
identityServiceOptions.IdTokenOptions.UserClaims.AddSingle(
IdentityServiceClaimTypes.Subject,
ClaimTypes.NameIdentifier);
identityServiceOptions.RefreshTokenOptions.UserClaims.AddSingle(
IdentityServiceClaimTypes.Subject,
ClaimTypes.NameIdentifier);
var mock = new Mock <IOptionsSnapshot <IdentityServiceOptions> >();
mock.Setup(m => m.Value).Returns(identityServiceOptions);
mock.Setup(m => m.Get(It.IsAny <string>())).Returns(identityServiceOptions);
return(mock.Object);
}
public async Task ValidateClientIdAsync_ChecksThatTheClientIdExist(bool exists)
{
// Arrange
var options = new IdentityServiceOptions();
var store = new Mock <IApplicationStore <IdentityServiceApplication> >();
store.Setup(s => s.FindByClientIdAsync(It.IsAny <string>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(exists ? new IdentityServiceApplication() : null);
var manager = new ApplicationManager <IdentityServiceApplication>(
Options.Create(new ApplicationOptions()),
store.Object,
Mock.Of <IPasswordHasher <IdentityServiceApplication> >(),
Array.Empty <IApplicationValidator <IdentityServiceApplication> >(),
Mock.Of <ILogger <ApplicationManager <IdentityServiceApplication> > >(),
new ApplicationErrorDescriber());
var clientValidator = new ClientApplicationValidator <IdentityServiceApplication>(
Options.Create(options),
GetSessionManager(),
manager,
new ProtocolErrorProvider());
// Act
var validation = await clientValidator.ValidateClientIdAsync("clientId");
// Assert
Assert.Equal(exists, validation);
}
public JwtIdTokenIssuer(
ITokenClaimsManager claimsManager,
ISigningCredentialsPolicyProvider credentialsProvider,
JwtSecurityTokenHandler handler,
IOptions <IdentityServiceOptions> options)
{
_claimsManager = claimsManager;
_credentialsProvider = credentialsProvider;
_handler = handler;
_options = options.Value;
}
private IOptions <IdentityServiceOptions> GetOptions()
{
var IdentityServiceOptions = new IdentityServiceOptions();
var optionsSetup = new IdentityServiceOptionsDefaultSetup();
optionsSetup.Configure(IdentityServiceOptions);
var mock = new Mock <IOptions <IdentityServiceOptions> >();
mock.Setup(m => m.Value).Returns(IdentityServiceOptions);
return(mock.Object);
}
private IOptions <IdentityServiceOptions> GetOptions()
{
var IdentityServiceOptions = new IdentityServiceOptions()
{
Issuer = "http://www.example.com/issuer"
};
IdentityServiceOptions.SigningKeys.Add(new SigningCredentials(CryptoUtilities.CreateTestKey(), "RS256"));
var optionsSetup = new IdentityServiceOptionsDefaultSetup();
optionsSetup.Configure(IdentityServiceOptions);
var mock = new Mock <IOptions <IdentityServiceOptions> >();
mock.Setup(m => m.Value).Returns(IdentityServiceOptions);
return(mock.Object);
}
private IOptions <IdentityServiceOptions> GetOptions()
{
var identityServiceOptions = new IdentityServiceOptions()
{
Issuer = "http://www.example.com/issuer"
};
var optionsSetup = new IdentityServiceOptionsDefaultSetup();
optionsSetup.Configure(identityServiceOptions);
identityServiceOptions.SigningKeys.Add(new SigningCredentials(CryptoUtilities.CreateTestKey(), "RS256"));
identityServiceOptions.IdTokenOptions.UserClaims.AddSingle("sub", ClaimTypes.NameIdentifier);
var mock = new Mock <IOptions <IdentityServiceOptions> >();
mock.Setup(m => m.Value).Returns(identityServiceOptions);
return(mock.Object);
}
public async Task GetCredentialsAsync_ReadsCredentialsFromOptions()
{
// Arrange
var reference = new DateTimeOffset(2000, 01, 01, 00, 00, 00, TimeSpan.Zero);
var identityServiceOptions = new IdentityServiceOptions();
identityServiceOptions.SigningKeys.Add(new SigningCredentials(CryptoUtilities.CreateTestKey("RSAKey"), "RS256"));
identityServiceOptions.SigningKeys.Add(new SigningCredentials(new X509SecurityKey(GetCertificate(reference)), "RS256"));
var mock = new Mock <IOptionsSnapshot <IdentityServiceOptions> >();
mock.Setup(m => m.Value).Returns(identityServiceOptions);
mock.Setup(m => m.Get(It.IsAny <string>())).Returns(identityServiceOptions);
var source = new DefaultSigningCredentialsSource(mock.Object, new TestTimeStampManager(reference));
// Act
var credentials = (await source.GetCredentials()).ToList();
// Assert
Assert.Equal(2, credentials.Count);
var rsaDescriptor = Assert.Single(credentials, c => c.Id == "RSAKey");
Assert.Equal("RSA", rsaDescriptor.Algorithm);
Assert.Equal(reference, rsaDescriptor.NotBefore);
Assert.Equal(reference.AddDays(1), rsaDescriptor.Expires);
Assert.Equal(identityServiceOptions.SigningKeys[0], rsaDescriptor.Credentials);
Assert.True(rsaDescriptor.Metadata.ContainsKey("n"));
Assert.True(rsaDescriptor.Metadata.ContainsKey("e"));
var certificateDescriptor = Assert.Single(credentials, c => c.Id != "RSAKey");
Assert.Equal("RSA", certificateDescriptor.Algorithm);
Assert.Equal(reference, certificateDescriptor.NotBefore);
Assert.Equal(reference.AddHours(1), certificateDescriptor.Expires);
Assert.Equal(identityServiceOptions.SigningKeys[1], certificateDescriptor.Credentials);
Assert.True(certificateDescriptor.Metadata.ContainsKey("n"));
Assert.True(certificateDescriptor.Metadata.ContainsKey("e"));
}
