public void RoundTripJWEKeyWrapping(CreateTokenTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.RoundTripJWE", theoryData);
var jsonWebTokenHandler = new JsonWebTokenHandler();
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
var jweCreatedInMemory = jsonWebTokenHandler.CreateToken(theoryData.Payload, theoryData.SigningCredentials, theoryData.EncryptingCredentials);
var jweCreatedInMemoryToken = new JsonWebToken(jweCreatedInMemory);
try
{
var tokenValidationResult = jsonWebTokenHandler.ValidateToken(jweCreatedInMemory, theoryData.ValidationParameters);
var outerToken = tokenValidationResult.SecurityToken as JsonWebToken;
jwtSecurityTokenHandler.ValidateToken(jweCreatedInMemory, theoryData.ValidationParameters, out SecurityToken validatedTokenFromJwtHandler);
IdentityComparer.AreEqual((validatedTokenFromJwtHandler as JwtSecurityToken).Claims, outerToken.Claims, context);
Assert.True(outerToken != null, "ValidateToken should not return a null token for the JWE token.");
TestUtilities.CallAllPublicInstanceAndStaticPropertyGets(outerToken, theoryData.TestId);
Assert.True(outerToken.InnerToken != null, "ValidateToken should not return a null token for the inner JWE token.");
TestUtilities.CallAllPublicInstanceAndStaticPropertyGets(outerToken.InnerToken, theoryData.TestId);
context.PropertiesToIgnoreWhenComparing = new Dictionary <Type, List <string> >
{
{ typeof(JsonWebToken), new List <string> {
"EncodedToken"
} },
};
if (!IdentityComparer.AreEqual(jweCreatedInMemoryToken.Payload, outerToken.Payload, context))
{
context.Diffs.Add("jweCreatedInMemory.Payload != jweValidated.Payload");
}
if (!IdentityComparer.AreEqual(jweCreatedInMemoryToken.Payload, outerToken.InnerToken.Payload, context))
{
context.Diffs.Add("jweCreatedInMemory.Payload != jweValidated.InnerToken.Payload");
}
TestUtilities.AssertFailIfErrors(string.Format(CultureInfo.InvariantCulture, "RoundTripJWE: "), context.Diffs);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
}
public void JsonWebKey_GetSets()
{
JsonWebKey jsonWebKey = new JsonWebKey();
TestUtilities.CallAllPublicInstanceAndStaticPropertyGets(jsonWebKey, "JsonWebKey_GetSets");
List <string> methods = new List <string> {
"Alg", "KeyOps", "Kid", "Kty", "X5t", "X5u", "Use"
};
foreach (string method in methods)
{
TestUtilities.GetSet(jsonWebKey, method, null, new object[] { Guid.NewGuid().ToString(), null, Guid.NewGuid().ToString() });
jsonWebKey.X5c.Add(method);
}
Assert.IsTrue(IdentityComparer.AreEqual <IEnumerable <string> >(jsonWebKey.X5c, methods, CompareContext.Default));
}
private void GetSigningTokens(string webKeySetString, List <SecurityToken> expectedTokens, ExpectedException expectedException)
{
JsonWebKeySet webKeySet = new JsonWebKeySet(webKeySetString);
try
{
IList <SecurityToken> tokens = webKeySet.GetSigningTokens();
expectedException.ProcessNoException();
if (expectedTokens != null)
{
Assert.IsTrue(IdentityComparer.AreEqual <IEnumerable <SecurityToken> >(tokens, expectedTokens));
}
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
private async Task<OpenIdConnectConfiguration> GetConfigurationAsync(string uri, ExpectedException expectedException, OpenIdConnectConfiguration expectedConfiguration, CompareContext context)
{
OpenIdConnectConfiguration openIdConnectConfiguration = null;
try
{
openIdConnectConfiguration = await OpenIdConnectConfigurationRetriever.GetAsync(uri, new FileDocumentRetriever(), CancellationToken.None);
expectedException.ProcessNoException(context);
}
catch (Exception exception)
{
expectedException.ProcessException(exception, context.Diffs);
}
if (expectedConfiguration != null)
IdentityComparer.AreEqual(openIdConnectConfiguration, expectedConfiguration, context);
return openIdConnectConfiguration;
}
public void Validate_NullOrEmptyParameters_ThrowsException()
{
var context = new CompareContext();
var validator = new AadIssuerValidator(_httpClient, ValidatorConstants.AadIssuer);
var jwtSecurityToken = new JwtSecurityToken();
var validationParams = new TokenValidationParameters();
Assert.Throws <ArgumentNullException>(ValidatorConstants.Issuer, () => validator.Validate(null, jwtSecurityToken, validationParams));
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(string.Empty, jwtSecurityToken, validationParams));
IdentityComparer.AreEqual(LogMessages.IDX40003, exception.Message);
Assert.Throws <ArgumentNullException>(ValidatorConstants.SecurityToken, () => validator.Validate(ValidatorConstants.AadIssuer, null, validationParams));
Assert.Throws <ArgumentNullException>(ValidatorConstants.ValidationParameters, () => validator.Validate(ValidatorConstants.AadIssuer, jwtSecurityToken, null));
TestUtilities.AssertFailIfErrors(context);
}
public void ReadReference(DSigSerializerTheoryData theoryData)
{
TestUtilities.WriteHeader($"{this}.ReadReference", theoryData);
var context = new CompareContext($"{this}.ReadReference, {theoryData.TestId}");
try
{
var reference = theoryData.Serializer.ReadReference(XmlUtilities.CreateDictionaryReader(theoryData.Xml));
theoryData.ExpectedException.ProcessNoException(context);
IdentityComparer.AreEqual(reference, theoryData.Reference, context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public void CompareTokenValidationParameters()
{
TestUtilities.WriteHeader($"{this}.CompareTokenValidationParameters", true);
var context = new CompareContext($"{this}.CompareTokenValidationParameters");
var tokenValidationParameters1 =
new TokenValidationParameters {
AuthenticationType = Guid.NewGuid().ToString()
};
var tokenValidationParameters2 =
new TokenValidationParameters()
{
AuthenticationType = Guid.NewGuid().ToString()
};
IdentityComparer.AreEqual(tokenValidationParameters1, tokenValidationParameters2, context);
Assert.True(context.Diffs.Count(s => s == "AuthenticationType:") == 1);
}
public void OpenIdConnectConfiguration_GetSets()
{
OpenIdConnectConfiguration configuration = new OpenIdConnectConfiguration();
TestUtilities.CallAllPublicInstanceAndStaticPropertyGets(configuration, "OpenIdConnectMetadata_GetSets");
List <string> methods = new List <string> {
"AuthorizationEndpoint", "EndSessionEndpoint", "Issuer", "JwksUri", "TokenEndpoint", "UserInfoEndpoint"
};
foreach (string method in methods)
{
TestUtilities.GetSet(configuration, method, null, new object[] { Guid.NewGuid().ToString(), null, Guid.NewGuid().ToString() });
}
string authorization_Endpoint = Guid.NewGuid().ToString();
string end_Session_Endpoint = Guid.NewGuid().ToString();
string issuer = Guid.NewGuid().ToString();
string jwks_Uri = Guid.NewGuid().ToString();
string token_Endpoint = Guid.NewGuid().ToString();
configuration = new OpenIdConnectConfiguration()
{
AuthorizationEndpoint = authorization_Endpoint,
EndSessionEndpoint = end_Session_Endpoint,
Issuer = issuer,
JwksUri = jwks_Uri,
TokenEndpoint = token_Endpoint,
};
List <SecurityKey> securityKeys = new List <SecurityKey> {
new X509SecurityKey(KeyingMaterial.Cert_1024), new X509SecurityKey(KeyingMaterial.DefaultCert_2048)
};
configuration.SigningKeys.Add(new X509SecurityKey(KeyingMaterial.Cert_1024));
configuration.SigningKeys.Add(new X509SecurityKey(KeyingMaterial.DefaultCert_2048));
Assert.AreEqual(configuration.AuthorizationEndpoint, authorization_Endpoint);
Assert.AreEqual(configuration.EndSessionEndpoint, end_Session_Endpoint);
Assert.AreEqual(configuration.Issuer, issuer);
Assert.AreEqual(configuration.JwksUri, jwks_Uri);
Assert.AreEqual(configuration.TokenEndpoint, token_Endpoint);
Assert.IsTrue(IdentityComparer.AreEqual <IEnumerable <SecurityKey> >(configuration.SigningKeys, securityKeys));
}
/// <summary>
/// Sets a property, then checks it, checking for an expected exception.
/// </summary>
/// <param name="obj">object that has a 'setter'.</param>
/// <param name="property">the name of the property.</param>
/// <param name="propertyValue">value to set on the property.</param>
/// <param name="expectedException">checks that exception is correct.</param>
public static void SetGet(object obj, string property, object propertyValue, ExpectedException expectedException, GetSetContext context)
{
if (obj == null)
{
throw new TestException("obj == null");
}
if (string.IsNullOrWhiteSpace(property))
{
throw new TestException("string.IsNullOrWhiteSpace(property)");
}
Type type = obj.GetType();
PropertyInfo propertyInfo = type.GetProperty(property);
if (propertyInfo == null)
{
context.Errors.Add("'get is not found for property: '" + property + "', type: '" + type.ToString() + "'");
return;
}
if (!propertyInfo.CanWrite)
{
context.Errors.Add("can not write to property: '" + property + "', type: '" + type.ToString() + "'");
return;
}
var compareContext = new CompareContext();
try
{
propertyInfo.SetValue(obj, propertyValue);
object retval = propertyInfo.GetValue(obj);
IdentityComparer.AreEqual(propertyValue, retval, compareContext);
expectedException.ProcessNoException(compareContext);
}
catch (Exception exception)
{
// look for InnerException as exception is a wrapped exception.
expectedException.ProcessException(exception.InnerException, compareContext);
}
context.Errors.AddRange(compareContext.Diffs);
}
public void ClaimSourceAndClaimName()
{
string claimSources = "_claim_sources";
string claimNames = "_claim_names";
var context = new CompareContext();
JwtPayload payload = new JwtPayload();
payload.Add(claimSources, JsonClaims.ClaimSourcesAsDictionary);
payload.Add(claimNames, JsonClaims.ClaimNamesAsDictionary);
payload.Add("iss", IdentityUtilities.DefaultIssuer);
JwtSecurityToken jwtToken = new JwtSecurityToken(new JwtHeader(), payload);
JwtSecurityTokenHandler jwtHandler = new JwtSecurityTokenHandler();
string encodedJwt = jwtHandler.WriteToken(new JwtSecurityToken(new JwtHeader(), payload));
var validationParameters = new TokenValidationParameters
{
IssuerValidator = (issuer, st, tvp) => { return(issuer); },
RequireSignedTokens = false,
ValidateAudience = false,
ValidateLifetime = false,
};
SecurityToken validatedJwt = null;
var claimsPrincipal = jwtHandler.ValidateToken(encodedJwt, validationParameters, out validatedJwt);
var expectedIdentity = JsonClaims.ClaimsIdentityDistributedClaims(
IdentityUtilities.DefaultIssuer,
TokenValidationParameters.DefaultAuthenticationType,
JsonClaims.ClaimSourcesAsDictionary,
JsonClaims.ClaimNamesAsDictionary);
IdentityComparer.AreEqual(claimsPrincipal.Identity as ClaimsIdentity, expectedIdentity, context);
jwtToken = new JwtSecurityToken(new JwtHeader(), new JwtPayload(IdentityUtilities.DefaultIssuer, null, ClaimSets.EntityAsJsonClaim(IdentityUtilities.DefaultIssuer, IdentityUtilities.DefaultIssuer), null, null));
encodedJwt = jwtHandler.WriteToken(jwtToken);
SecurityToken validatedToken;
var cp = jwtHandler.ValidateToken(encodedJwt, validationParameters, out validatedToken);
IdentityComparer.AreEqual(
cp.FindFirst(typeof(Entity).ToString()),
new Claim(typeof(Entity).ToString(), JsonExtensions.SerializeToJson(Entity.Default), JsonClaimValueTypes.Json, IdentityUtilities.DefaultIssuer, IdentityUtilities.DefaultIssuer, cp.Identity as ClaimsIdentity),
context);
TestUtilities.AssertFailIfErrors(context.Diffs);
}
private void RunAudienceVariation(List <Claim> audienceClaims, List <string> expectedAudiences, CompareContext context)
{
var handler = new JwtSecurityTokenHandler();
var tokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(audienceClaims);
tokenDescriptor.Audience = null;
var jwt = handler.CreateEncodedJwt(tokenDescriptor);
SecurityToken token = null;
var claimsPrincipal = handler.ValidateToken(jwt, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, out token);
var jwtToken = token as JwtSecurityToken;
var audiences = jwtToken.Audiences;
IdentityComparer.AreEqual(audiences, expectedAudiences as IEnumerable <string>, context);
ClaimsIdentity identity = claimsPrincipal.Identity as ClaimsIdentity;
IdentityComparer.AreEqual(identity.FindAll(JwtRegisteredClaimNames.Aud), audienceClaims, context);
}
public void Validate_IssuerMatchedInValidIssuer_ReturnsIssuer(string tidClaimType, string tenantId, string issuer)
{
var context = new CompareContext();
var validator = new AadIssuerValidator(_httpClient, issuer);
var tidClaim = new Claim(tidClaimType, tenantId);
var issClaim = new Claim(ValidatorConstants.ClaimNameIss, issuer);
var jwtSecurityToken = new JwtSecurityToken(issuer: issuer, claims: new[] { issClaim, tidClaim });
validator.AadIssuerV2 = issuer;
var actualIssuer = validator.Validate(issuer, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuer = issuer
});
IdentityComparer.AreEqual(issuer, actualIssuer, context);
TestUtilities.AssertFailIfErrors(context);
}
public void Constructors()
{
var header1 = new JwtHeader();
SigningCredentials signingCredentials = null;
var header2 = new JwtHeader(signingCredentials);
var context = new CompareContext
{
PropertiesToIgnoreWhenComparing = new Dictionary <Type, List <string> >
{
{ typeof(JwtHeader), new List <string> {
"Item"
} },
}
};
IdentityComparer.AreEqual(header1, header2, context);
TestUtilities.AssertFailIfErrors("JwtHeaderTests.Constructors", context.Diffs);
}
public void CompareSamlAssertions()
{
TestUtilities.WriteHeader($"{this}.CompareSamlAssertions", true);
var context = new CompareContext($"{this}.CompareSamlAssertions");
var samlAssertion1 = new SamlAssertion(Guid.NewGuid().ToString(), Default.Issuer, DateTime.Parse(Default.IssueInstantString), null, new SamlAdvice(), new List <SamlStatement> {
new SamlAttributeStatement(new SamlSubject(), new List <SamlAttribute> {
new SamlAttribute("1", "2", "3")
})
});
var samlAssertion2 = new SamlAssertion(Guid.NewGuid().ToString(), Default.Issuer, DateTime.Parse(Default.IssueInstantString), null, new SamlAdvice(), new List <SamlStatement> {
new SamlAttributeStatement(new SamlSubject(), new List <SamlAttribute> {
new SamlAttribute("1", "2", "3")
})
});
IdentityComparer.AreEqual(samlAssertion1, samlAssertion2, context);
Assert.True(context.Diffs.Count(s => s == "AssertionId:") == 1);
}
public void RoundTripFromJson()
{
var context = new CompareContext {
Title = "RoundTripFromJson"
};
var oidcConfig1 = OpenIdConnectConfiguration.Create(OpenIdConfigData.JsonAllValues);
var oidcConfig2 = new OpenIdConnectConfiguration(OpenIdConfigData.JsonAllValues);
var oidcJson1 = OpenIdConnectConfiguration.Write(oidcConfig1);
var oidcJson2 = OpenIdConnectConfiguration.Write(oidcConfig2);
var oidcConfig3 = OpenIdConnectConfiguration.Create(oidcJson1);
var oidcConfig4 = new OpenIdConnectConfiguration(oidcJson2);
IdentityComparer.AreEqual(oidcConfig1, oidcConfig2, context);
IdentityComparer.AreEqual(oidcConfig1, oidcConfig3, context);
IdentityComparer.AreEqual(oidcConfig1, oidcConfig4, context);
IdentityComparer.AreEqual(oidcJson1, oidcJson2, context);
TestUtilities.AssertFailIfErrors(context);
}
public void ReadAction(Saml2TheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.ReadAction", theoryData);
try
{
var reader = XmlUtilities.CreateDictionaryReader(theoryData.Xml);
var action = (theoryData.Saml2Serializer as Saml2SerializerPublic).ReadActionPublic(reader);
theoryData.ExpectedException.ProcessNoException(context);
IdentityComparer.AreEqual(action, theoryData.Action, context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public void OidcCreateAuthenticationRequestUrl(string testId, OpenIdConnectMessage message, string expectedMessage)
{
TestUtilities.WriteHeader(testId, "OidcCreateAuthenticationRequestUrl", true);
var context = new CompareContext();
#if NET452
if (!message.SkuTelemetryValue.Equals("ID_NET451"))
{
context.Diffs.Add($"{message.SkuTelemetryValue} != ID_NET451");
}
#elif NETCOREAPP2_0
if (!message.SkuTelemetryValue.Equals("ID_NETSTANDARD1_4"))
{
context.Diffs.Add($"{message.SkuTelemetryValue} != ID_NETSTANDARD1_4");
}
#endif
IdentityComparer.AreEqual(message.CreateAuthenticationRequestUrl(), expectedMessage, context);
TestUtilities.AssertFailIfErrors(context);
}
private OpenIdConnectConfiguration RunOpenIdConnectConfigurationTest(object obj, OpenIdConnectConfiguration compareTo, ExpectedException expectedException, bool asString = true)
{
bool exceptionHit = false;
OpenIdConnectConfiguration openIdConnectConfiguration = null;
try
{
if (obj is string)
{
openIdConnectConfiguration = new OpenIdConnectConfiguration(obj as string);
}
else if (obj is IDictionary <string, object> )
{
openIdConnectConfiguration = new OpenIdConnectConfiguration(obj as IDictionary <string, object>);
}
else
{
if (asString)
{
openIdConnectConfiguration = new OpenIdConnectConfiguration(obj as string);
}
else
{
openIdConnectConfiguration = new OpenIdConnectConfiguration(obj as IDictionary <string, object>);
}
}
expectedException.ProcessNoException();
}
catch (Exception ex)
{
exceptionHit = true;
expectedException.ProcessException(ex);
}
if (!exceptionHit && compareTo != null)
{
Assert.IsTrue(IdentityComparer.AreEqual(openIdConnectConfiguration, compareTo), "jsonWebKey created from: " + (obj == null ? "NULL" : obj.ToString() + " did not match expected."));
}
return(openIdConnectConfiguration);
}
public void RoundTripJWS()
{
TestUtilities.WriteHeader($"{this}.RoundTripToken");
var context = new CompareContext();
var tokenHandler = new JsonWebTokenHandler();
var tokenValidationParameters = new TokenValidationParameters()
{
ValidAudience = Default.Audience,
ValidIssuer = Default.Issuer,
IssuerSigningKey = KeyingMaterial.JsonWebKeyRsa256SigningCredentials.Key,
};
string jwtString = tokenHandler.CreateToken(Default.PayloadString, KeyingMaterial.JsonWebKeyRsa256SigningCredentials);
var tokenValidationResult = tokenHandler.ValidateToken(jwtString, tokenValidationParameters);
var validatedToken = tokenValidationResult.SecurityToken as JsonWebToken;
IdentityComparer.AreEqual(Default.Payload, validatedToken.Payload, context);
TestUtilities.AssertFailIfErrors(context);
}
public void CompareSamlAuthorizationDecisionStatements()
{
TestUtilities.WriteHeader($"{this}.CompareSamlAuthorizationDecisionStatements", true);
var context = new CompareContext($"{this}.CompareSamlAuthorizationDecisionStatements");
var samlAction = new SamlAction(Guid.NewGuid().ToString());
var samlAttributeStatement1 =
new SamlAuthorizationDecisionStatement(new SamlSubject(),
Guid.NewGuid().ToString(), Default.SamlAccessDecision, new List <SamlAction> {
samlAction
});
var samlAttributeStatement2 =
new SamlAuthorizationDecisionStatement(new SamlSubject(),
Guid.NewGuid().ToString(), Default.SamlAccessDecision, new List <SamlAction> {
samlAction
});
IdentityComparer.AreEqual(samlAttributeStatement1, samlAttributeStatement2, context);
Assert.True(context.Diffs.Count(s => s == "Resource:") == 1);
}
public void JWECompressionTest(CreateTokenTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.JWECompressionTest", theoryData);
try
{
var handler = new JsonWebTokenHandler();
CompressionProviderFactory.Default = theoryData.CompressionProviderFactory;
var jwtToken = handler.CreateToken(theoryData.Payload, theoryData.SigningCredentials, theoryData.EncryptingCredentials, theoryData.CompressionAlgorithm);
var validationResult = handler.ValidateToken(jwtToken, theoryData.ValidationParameters);
IdentityComparer.AreEqual(theoryData.Payload, (validationResult.SecurityToken as JsonWebToken).Payload, context);
theoryData.ExpectedException.ProcessNoException(context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
}
public void ReadAdvice(Saml2TheoryData theoryData)
{
TestUtilities.WriteHeader($"{this}.ReadAdvice", theoryData);
var context = new CompareContext($"{this}.ReadAdvice, {theoryData.TestId}");
try
{
var reader = XmlUtilities.CreateDictionaryReader(theoryData.Xml);
var advice = (theoryData.Saml2Serializer as Saml2SerializerPublic).ReadAdvicePublic(reader);
theoryData.ExpectedException.ProcessNoException();
IdentityComparer.AreEqual(advice, theoryData.Advice, context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex);
}
TestUtilities.AssertFailIfErrors(context);
}
public void ReadTransforms(DSigSerializerTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.ReadTransform", theoryData);
try
{
var reference = new Reference();
var reader = XmlUtilities.CreateDictionaryReader(theoryData.Xml);
theoryData.Serializer.ReadTransforms(reader, reference);
theoryData.ExpectedException.ProcessNoException(context);
IdentityComparer.AreEqual(reference.Transforms, theoryData.Transforms, context);
IdentityComparer.AreEqual(reference.CanonicalizingTransfrom, theoryData.CanonicalizingTransfrom, context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public void TryGetClaim()
{
var context = new CompareContext();
var jsonWebToken = new JsonWebToken("{}", jObject.ToString());
// Tries to retrieve a value that does not exist in the payload.
var success = jsonWebToken.TryGetClaim("doesnotexist", out Claim doesNotExist);
IdentityComparer.AreEqual(null, doesNotExist, context);
IdentityComparer.AreEqual(false, success, context);
foreach (var claim in payloadClaims)
{
success = jsonWebToken.TryGetClaim(claim.Type, out var claimToCompare);
IdentityComparer.AreEqual(claim, claimToCompare, context);
IdentityComparer.AreEqual(true, success, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_FromB2CAuthority_WithTfpIssuer_ThrowsException()
{
var context = new CompareContext();
Claim issClaim = new Claim(ValidatorConstants.ClaimNameIss, ValidatorConstants.B2CIssuerTfp);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: ValidatorConstants.B2CIssuerTfp, claims: new[] { issClaim });
AadIssuerValidator validator = CreateIssuerValidator(ValidatorConstants.B2CAuthorityWithV2);
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(
ValidatorConstants.B2CIssuerTfp,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { ValidatorConstants.B2CIssuerTfp },
}));
IdentityComparer.AreEqual(LogMessages.IDX40002, exception.Message, context);
TestUtilities.AssertFailIfErrors(context);
}
public void TestStubTest1(TestStubTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.TestStubTest1", theoryData);
try
{
var obj = new object();
theoryData.ExpectedException.ProcessNoException(context);
if (theoryData.CompareTo != null)
{
IdentityComparer.AreEqual(obj, theoryData.CompareTo, context);
}
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_NullOrEmptyTenantId_ThrowsException()
{
var context = new CompareContext();
var validator = new AadIssuerValidator(_httpClient, ValidatorConstants.AadIssuer);
var jwtSecurityToken = new JwtSecurityToken();
var jsonWebToken = new JsonWebToken($"{{}}", $"{{}}");
var securityToken = Substitute.For <SecurityToken>();
var validationParameters = new TokenValidationParameters();
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(ValidatorConstants.AadIssuer, jwtSecurityToken, validationParameters));
IdentityComparer.AreEqual(LogMessages.IDX40003, exception.Message, context);
exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(ValidatorConstants.AadIssuer, jsonWebToken, validationParameters));
IdentityComparer.AreEqual(LogMessages.IDX40003, exception.Message, context);
exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(ValidatorConstants.AadIssuer, securityToken, validationParameters));
IdentityComparer.AreEqual(LogMessages.IDX40003, exception.Message, context);
TestUtilities.AssertFailIfErrors(context);
}
private async Task<OpenIdConnectConfiguration> GetConfigurationFromHttpAsync(string uri, ExpectedException expectedException, OpenIdConnectConfiguration expectedConfiguration = null)
{
OpenIdConnectConfiguration openIdConnectConfiguration = null;
try
{
openIdConnectConfiguration = await OpenIdConnectConfigurationRetriever.GetAsync(uri, CancellationToken.None);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
if (expectedConfiguration != null)
{
Assert.True(IdentityComparer.AreEqual(openIdConnectConfiguration, expectedConfiguration));
}
return openIdConnectConfiguration;
}
public void SamlSecurityTokenReadFrom(SamlTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.SamlSecurityTokenReadFrom", theoryData);
try
{
var sr = new StringReader(theoryData.SamlTokenTestSet.Xml);
var reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr));
var assertion = theoryData.SamlSerializer.ReadAssertion(reader);
theoryData.ExpectedException.ProcessNoException(context);
IdentityComparer.AreEqual(assertion, (theoryData.SamlTokenTestSet.SecurityToken as SamlSecurityToken).Assertion, context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_NoHttpclientFactory_ReturnsIssuer(string tidClaimType, string tenantId, string issuer)
{
var context = new CompareContext();
var validator = new AadIssuerValidator(null, issuer);
var tidClaim = new Claim(tidClaimType, tenantId);
var issClaim = new Claim(ValidatorConstants.ClaimNameIss, issuer);
var jwtSecurityToken = new JwtSecurityToken(issuer: issuer, claims: new[] { issClaim, tidClaim });
var tokenValidationParams = new TokenValidationParameters()
{
ConfigurationManager = new MockConfigurationManager <OpenIdConnectConfiguration>(new OpenIdConnectConfiguration()
{
Issuer = issuer
})
};
IdentityComparer.AreEqual(issuer, validator.Validate(issuer, jwtSecurityToken, tokenValidationParams), context);
TestUtilities.AssertFailIfErrors(context);
}