private static void ValidateEncryptedToken(IHttpContext context, Decrypted input, List <ValidationFailures> failures, List <string> messages)
{
if (input != null)
{
try
{
EncryptedTokenValidationStatus tokenStatus = ApiEncryptionValidation.ValidateEncryptedToken(context, input.Value);
switch (tokenStatus)
{
case EncryptedTokenValidationStatus.Unkown:
failures.Add(ServiceProxy.ValidationFailures.UnknownTokenValidationResult);
messages.Add("ApiEncryptionValidation.ValidateToken failed");
break;
case EncryptedTokenValidationStatus.HashFailed:
failures.Add(ServiceProxy.ValidationFailures.TokenHashFailed);
messages.Add("ApiEncryptionValidation.ValidateToken failed: TokenHashFailed");
break;
case EncryptedTokenValidationStatus.NonceFailed:
failures.Add(ServiceProxy.ValidationFailures.TokenNonceFailed);
messages.Add("ApiEncryptionValidation.ValidateToken failed: TokenNonceFailed");
break;
case EncryptedTokenValidationStatus.Success:
break;
}
}
catch (Exception ex)
{
failures.Add(ServiceProxy.ValidationFailures.TokenValidationError);
messages.Add(ex.Message);
}
}
}
public void Validation_ShouldBeAbleToCreateToken()
{
Prepare();
IHttpContext context = CreateFakeContext(MethodBase.GetCurrentMethod().Name);
SecureSession session = SecureSession.Get(context);
string postString = ApiParameters.ParametersToJsonParamsObjectString("random information");
EncryptedValidationToken token = ApiEncryptionValidation.CreateEncryptedValidationToken(postString, session);
}
public void Validation_ValidateNonceShouldFailIfTooOld()
{
Prepare();
DateTime tenMinutesAgo = DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(10));
Instant nonce = new Instant(tenMinutesAgo);
EncryptedTokenValidationStatus status = ApiEncryptionValidation.ValidateNonce(nonce.ToString(), 5);
Expect.IsFalse(status == EncryptedTokenValidationStatus.Success);
Expect.AreEqual(EncryptedTokenValidationStatus.NonceFailed, status);
}
public void Securesession_ShouldBeAbleToSetValidationToken()
{
ConsoleLogger logger = new ConsoleLogger();
SecureChannel.InitializeDatabase(logger);
IRequest request = CreateFakeRequest();
SecureSession session = SecureSession.Get(request);
ApiEncryptionValidation.SetEncryptedValidationToken(request.Headers, "Some random data", session.PublicKey);
Expect.IsNotNull(request.Headers[CustomHeaders.ValidationToken]);
OutLine(request.Headers[CustomHeaders.ValidationToken]);
}
public void Validation_ShouldBeAbleToSetAndValidateValidationToken()
{
Prepare();
SecureSession session = SecureSession.Get(SecureSession.GenerateId());
string postString = ApiParameters.ParametersToJsonParamsObjectString("random info");
SecureServiceProxyClient <Echo> client = new SecureServiceProxyClient <Echo>("http://blah.com");
HttpWebRequest request = client.GetServiceProxyRequest("Send");
ApiEncryptionValidation.SetEncryptedValidationToken(request.Headers, postString, session.PublicKey);
Cookie cookie = new Cookie(SecureSession.CookieName, session.Identifier, "", "blah.cxm");
request.CookieContainer.Add(cookie);
request.Headers[Headers.SecureSession] = session.Identifier;
Expect.IsNotNull(request.Headers);
Expect.IsNotNull(request.Headers[Headers.Nonce]);
Expect.IsNotNull(request.Headers[Headers.ValidationToken]);
Expect.AreEqual(EncryptedTokenValidationStatus.Success, ApiEncryptionValidation.ValidateEncryptedToken(request.Headers, postString));
}
