public void ValidateToken_TestTokenWithWrongVersion()
{
const string token = "89mvl3RkwXjpEj5WMxK7GUDEHEeeeZtwjMIOogTthvr44qBfYtQSIZH5MHOTC0GzoutDIeoPVZk3w";
var handler = new BrancaTokenHandler();
var exception = Assert.Throws <SecurityTokenException>(() => handler.DecryptToken(token, key));
exception.Message.Should().Be("Unsupported Branca version");
}
public void ValidateToken_TestTokenWithEightNullBytesAndNovember27Timestamp()
{
const string token = "1jJDJOEfuc4uBJh5ivaadjo6UaBZJDZ1NsWixVCz2mXw3824JRDQZIgflRqCNKz6yC7a0JKC";
var handler = new BrancaTokenHandler();
var decryptedToken = handler.DecryptToken(token, key);
decryptedToken.Payload.Should().Be(System.Text.Encoding.UTF8.GetString(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0 }));
decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(123206400).UtcDateTime);
}
public void ValidateToken_TestTokenWithEightNullBytesAndZeroTimestamp()
{
const string token = "1jIBheHWEwYIP59Wpm4QkjkIKuhc12NcYdp9Y60B6av7sZc3vJ5wBwmKJyQzGfJCrvuBgGnf";
var handler = new BrancaTokenHandler();
var decryptedToken = handler.DecryptToken(token, key);
decryptedToken.Payload.Should().Be(System.Text.Encoding.UTF8.GetString(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0 }));
decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(0).UtcDateTime);
}
public void ValidateToken_TestTokenWithEightNullBytesAndMaxTimestamp()
{
const string token = "1jrx6DUq9HmXvYdmhWMhXzx3klRzhlAjsc3tUFxDPCvZZLm16GYOzsBG4KwF1djjW1yTeZ2B";
var handler = new BrancaTokenHandler();
var decryptedToken = handler.DecryptToken(token, key);
decryptedToken.Payload.Should().Be(System.Text.Encoding.UTF8.GetString(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0 }));
decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(4294967295).UtcDateTime);
}
public void ValidateToken_TestTokenWithHelloWorldAndNovember27Timestamp()
{
const string token = "875GH234UdXU6PkYq8g7tIM80XapDQOH72bU48YJ7SK1iHiLkrqT8Mly7P59TebOxCyQeqpMJ0a7a";
var handler = new BrancaTokenHandler();
var decryptedToken = handler.DecryptToken(token, key);
decryptedToken.Payload.Should().Be("Hello world!");
decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(123206400).UtcDateTime);
}
public void ValidateToken_TestTokenWithHelloWorldAndMaxTimestamp()
{
const string token = "89i7YCwtsSiYfXvOKlgkCyElnGCOEYG7zLCjUp4MuDIZGbkKJgt79Sts9RdW2Yo4imonXsILmqtNb";
var handler = new BrancaTokenHandler();
var decryptedToken = handler.DecryptToken(token, key);
decryptedToken.Payload.Should().Be("Hello world!");
decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(4294967295).UtcDateTime);
}
public void ValidateToken_TestTokenWithHelloWorldAndZeroTimestamp()
{
const string token = "870S4BYjk7NvyViEjUNsTEmGXbARAX9PamXZg0b3JyeIdGyZkFJhNsOQW6m0K9KnXt3ZUBqDB6hF4";
var handler = new BrancaTokenHandler();
var decryptedToken = handler.DecryptToken(token, key);
decryptedToken.Payload.Should().Be("Hello world!");
decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(0).UtcDateTime);
}
public void EnryptAndDecryptToken_ExpectCorrectPayloadAndTimestamp()
{
var payload = Guid.NewGuid().ToString();
var handler = new BrancaTokenHandler();
var token = handler.CreateToken(payload, validKey);
var decryptedPayload = handler.DecryptToken(token, validKey);
decryptedPayload.Payload.Should().Be(payload);
decryptedPayload.Timestamp.Should().BeCloseTo(DateTime.UtcNow, 1000);
}
public void ValidateToken_CiphertextModification_ExpectSecurityTokenException()
{
var handler = new BrancaTokenHandler();
var token = handler.CreateToken("test", key);
var decoded = Base62.Decode(token);
decoded[decoded.Length - 17] ^= 1; // Last byte before the Poly1305 tag
Assert.Throws <CryptographicException>(() => handler.DecryptToken(Base62.Encode(decoded), key));
}
public void EnryptAndDecryptToken_WithExplicitTimestamp_ExpectCorrectPayloadAndTimestamp()
{
var payload = Guid.NewGuid().ToString();
var timestamp = new DateTime(2020, 08, 22).ToUniversalTime();
var handler = new BrancaTokenHandler();
var token = handler.CreateToken(payload, timestamp, validKey);
var decryptedPayload = handler.DecryptToken(token, validKey);
decryptedPayload.Payload.Should().Be(payload);
decryptedPayload.Timestamp.Should().Be(timestamp);
}
public void EnryptAndDecryptToken_WithExplicitBrancaTimestamp_ExpectCorrectPayloadAndTimestamp()
{
var payload = Guid.NewGuid().ToString();
var timestamp = uint.MinValue;
var handler = new BrancaTokenHandler();
var token = handler.CreateToken(payload, timestamp, validKey);
var decryptedPayload = handler.DecryptToken(token, validKey);
decryptedPayload.Payload.Should().Be(payload);
decryptedPayload.Timestamp.Should().Be(new DateTime(1970, 01, 01, 0, 0, 0, DateTimeKind.Utc));
decryptedPayload.BrancaFormatTimestamp.Should().Be(timestamp);
}
public void CreateAndDecryptToken_WithSecurityTokenDescriptor_ExpectCorrectBrancaTimestampAndNoIatClaim()
{
var handler = new BrancaTokenHandler();
var token = handler.CreateToken(new SecurityTokenDescriptor
{
EncryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(validKey), ExtendedSecurityAlgorithms.XChaCha20Poly1305)
});
var parsedToken = handler.DecryptToken(token, validKey);
var jObject = JObject.Parse(parsedToken.Payload);
jObject["iat"].Should().BeNull();
parsedToken.Timestamp.Should().BeCloseTo(DateTime.UtcNow, 1000);
}
public IActionResult Branca()
{
var handler = new BrancaTokenHandler();
var token = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = "me",
Audience = "you",
EncryptingCredentials = options.BrancaEncryptingCredentials
});
var parsedToken = handler.DecryptToken(token, ((SymmetricSecurityKey)options.BrancaEncryptingCredentials.Key).Key);
return(View("Index", new TokenModel
{
Type = "Branca",
Token = token,
Payload = parsedToken.Payload
}));
}
public Result <BrancaToken> Decrypt(string key, string keyType, string token)
{
if (string.IsNullOrWhiteSpace(key))
{
throw new ArgumentNullException(nameof(key));
}
if (string.IsNullOrWhiteSpace(keyType))
{
throw new ArgumentNullException(nameof(keyType));
}
if (string.IsNullOrWhiteSpace(token))
{
throw new ArgumentNullException(nameof(token));
}
byte[] keyBytes;
try
{
keyBytes = ParseKey(key, keyType);
}
catch
{
return(Result <BrancaToken> .Failure("Unable to parse key"));
}
if (keyBytes.Length != 32)
{
return(Result <BrancaToken> .Failure("Invalid key length"));
}
var handler = new BrancaTokenHandler();
try
{
return(Result <BrancaToken> .Success(handler.DecryptToken(token, keyBytes)));
}
catch
{
return(Result <BrancaToken> .Failure("Unable to decrypt token"));
}
}
public void DecryptToken_WhenTokenIsNullOrWhitespace_ExpectArgumentNullException(string token)
{
var handler = new BrancaTokenHandler();
Assert.Throws <ArgumentNullException>(() => handler.DecryptToken(token, validKey));
}