public void JwtSecurityTokenRequirement_Constructor()
{
// This class is a bit thin, most of the tests are in JwtConfigTests, just added a couple of missed cases that are easy to code directly.
// *** null param
JwtSecurityTokenRequirement JwtSecurityTokenRequirement;
ExpectedException expectedException = new ExpectedException(typeExpected: typeof(ArgumentNullException), substringExpected: "element");
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(null);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** wrong namespace
XmlDocument xmlDocument = new XmlDocument();
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10601");
XmlElement xmlElement = new CustomXmlElement("prefix", "localName", "http://www.gotJwt.com", xmlDocument);
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unknown X509RevocationMode
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606");
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateRevocationMode", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateRevocationMode",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unknown ValidationMode
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606");
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidationMode", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateValidationMode",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unknown TrustedStoreLocation
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606");
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateTrustedStoreLocation", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateTrustedStoreLocation",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unbale to create type
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10613", inner: typeof(TypeLoadException));
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidator", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateValidatorType",
});
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidationMode", "http://www.gotJwt.com", xmlDocument)
{
Value = "Custom",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
}
public bool AsExpected(JwtSecurityTokenRequirement requirement)
{
bool asExpected = true;
JwtSecurityTokenRequirement controlRequirement = new JwtSecurityTokenRequirement();
if (requirement == null)
{
return(false);
}
Assert.IsFalse(
MaxTokenSizeInBytes != null && MaxTokenSizeInBytes.Value != requirement.MaximumTokenSizeInBytes,
string.Format(CultureInfo.InvariantCulture,
"MaximumTokenSizeInBytes (expected, config): '{0}'. '{1}'.",
MaxTokenSizeInBytes.ToString(),
requirement.MaximumTokenSizeInBytes.ToString()));
Assert.IsFalse(
MaxTokenSizeInBytes == null &&
requirement.MaximumTokenSizeInBytes != controlRequirement.MaximumTokenSizeInBytes,
string.Format(CultureInfo.InvariantCulture,
"MaximumTokenSizeInBytes should be default (default, config): '{0}'. '{1}'.",
controlRequirement.MaximumTokenSizeInBytes.ToString(),
requirement.MaximumTokenSizeInBytes.ToString()));
Assert.IsFalse(
MaxClockSkew != null && MaxClockSkew.Value != requirement.MaxClockSkew,
string.Format(CultureInfo.InvariantCulture,
"MaxClockSkew (expected, config): '{0}'. '{1}'.",
MaxClockSkew.ToString(),
requirement.MaxClockSkew.ToString()));
Assert.IsFalse(
MaxClockSkew == null && requirement.MaxClockSkew != controlRequirement.MaxClockSkew,
string.Format(CultureInfo.InvariantCulture,
"MaxClockSkew should be default (default, config): '{0}'. '{1}'.",
controlRequirement.MaxClockSkew.ToString(),
requirement.MaxClockSkew.ToString()));
Assert.IsFalse(
DefaultTokenLifetimeInMinutes != null &&
DefaultTokenLifetimeInMinutes.Value != requirement.DefaultTokenLifetimeInMinutes,
string.Format(CultureInfo.InvariantCulture,
"DefaultTokenLifetimeInMinutes (expected, config): '{0}'. '{1}'.",
DefaultTokenLifetimeInMinutes.ToString(),
requirement.DefaultTokenLifetimeInMinutes.ToString()));
Assert.IsFalse(
DefaultTokenLifetimeInMinutes == null &&
requirement.DefaultTokenLifetimeInMinutes != controlRequirement.DefaultTokenLifetimeInMinutes,
string.Format(CultureInfo.InvariantCulture,
"DefaultTokenLifetimeInMinutes should be default (default, config): '{0}'. '{1}'.",
controlRequirement.DefaultTokenLifetimeInMinutes.ToString(),
requirement.DefaultTokenLifetimeInMinutes.ToString()));
// make sure nameclaim and roleclaim are same, or null together.
Assert.IsFalse(NameClaimType == null && requirement.NameClaimType != null, "NameClaimType == null && requirement.NameClaimType != null");
Assert.IsFalse(NameClaimType != null && requirement.NameClaimType == null, "NameClaimType != null && requirement.NameClaimType == null");
if ((NameClaimType != null && requirement.NameClaimType != null) &&
(NameClaimType != requirement.NameClaimType))
{
Assert.Fail(string.Format(CultureInfo.InvariantCulture, "NameClaimType (expected, config): '{0}'. '{1}'.", NameClaimType, requirement.NameClaimType));
asExpected = false;
}
Assert.IsFalse(RoleClaimType == null && requirement.RoleClaimType != null, "RoleClaimType == null && requirement.RoleClaimType != null");
Assert.IsFalse(RoleClaimType != null && requirement.RoleClaimType == null, "RoleClaimType != null && requirement.RoleClaimType == null");
if ((RoleClaimType != null && requirement.RoleClaimType != null) &&
(RoleClaimType != requirement.RoleClaimType))
{
Assert.Fail(string.Format(CultureInfo.InvariantCulture, "RoleClaimType (expected, config): '{0}'. '{1}'.", RoleClaimType, requirement.RoleClaimType));
asExpected = false;
}
// != null => this variation sets a custom validator.
if (CertValidator != null)
{
if (requirement.CertificateValidator == null)
{
return(false);
}
Assert.IsFalse(CertValidator.GetType() != requirement.CertificateValidator.GetType(), string.Format("CertificateValidator.GetType() != requirement.CertificateValidator.GetType(). (expected, config): '{0}'. '{1}'.", CertValidator.GetType(), requirement.CertificateValidator.GetType()));
}
else
{
if (CertValidationMode.HasValue || CertRevocationMode.HasValue || CertStoreLocation.HasValue)
{
Assert.IsFalse(requirement.CertificateValidator == null, string.Format("X509CertificateValidationMode.HasValue || X09RevocationMode.HasValue || StoreLocation.HasValue is true, there should be a validator"));
// get and check _certificateValidationMode
Type type = requirement.CertificateValidator.GetType();
FieldInfo fi = type.GetField("validator", BindingFlags.NonPublic | BindingFlags.Instance);
X509CertificateValidator validator = (X509CertificateValidator)fi.GetValue(requirement.CertificateValidator);
// make sure we created the right validator
if (CertValidationMode == CertMode.ChainTrust && (validator.GetType() != X509CertificateValidator.ChainTrust.GetType()) ||
CertValidationMode == CertMode.PeerTrust && (validator.GetType() != X509CertificateValidator.PeerTrust.GetType()) ||
CertValidationMode == CertMode.PeerOrChainTrust && (validator.GetType() != X509CertificateValidator.PeerOrChainTrust.GetType()) ||
CertValidationMode == CertMode.None && (validator.GetType() != X509CertificateValidator.None.GetType()))
{
Assert.Fail(string.Format(CultureInfo.InvariantCulture, "X509CertificateValidator type. expected: '{0}', actual: '{1}'", CertValidationMode.HasValue ? CertValidationMode.Value.ToString() : "null", validator.GetType().ToString()));
asExpected = false;
}
// if these 'Modes' HasValue, then it should be matched, otherwise expect default.
fi = type.GetField("certificateValidationMode", BindingFlags.NonPublic | BindingFlags.Instance);
CertMode certMode = (CertMode)fi.GetValue(requirement.CertificateValidator);
if (CertValidationMode.HasValue)
{
Assert.IsFalse(CertValidationMode.Value != certMode, string.Format(CultureInfo.InvariantCulture, "X509CertificateValidationMode. expected: '{0}', actual: '{1}'", CertValidationMode.Value.ToString(), certMode.ToString()));
// if mode includes chain building, revocation mode Policy s/b null.
if (CertValidationMode.Value == X509CertificateValidationMode.ChainTrust ||
CertValidationMode.Value == X509CertificateValidationMode.PeerOrChainTrust)
{
// check inner policy
if (CertRevocationMode.HasValue)
{
fi = type.GetField("chainPolicy", BindingFlags.NonPublic | BindingFlags.Instance);
X509ChainPolicy chainPolicy =
(X509ChainPolicy)fi.GetValue(requirement.CertificateValidator);
Assert.IsFalse(
chainPolicy.RevocationMode != CertRevocationMode.Value,
string.Format(
CultureInfo.InvariantCulture,
"chainPolicy.RevocationMode. . expected: '{0}', actual: '{1}'",
CertRevocationMode.Value.ToString(),
chainPolicy.RevocationMode.ToString()));
}
}
}
}
}
return(asExpected);
}
public void JwtSecurityTokenRequirement_Defaults()
{
JwtSecurityTokenRequirement jwtSecurityTokenRequirement = new JwtSecurityTokenRequirement();
}
