public void ValidateTokenCallback() { // Create a JWT whose body will become valid 5 seconds from now. object tokenBody = new JwtTestBody { StringField = "Foo", NotBefore = DateTimeOffset.Now.AddSeconds(5).ToUnixTimeSeconds(), ExpiresAt = DateTimeOffset.Now.AddSeconds(60).ToUnixTimeSeconds(), }; X509Certificate2 fullCertificate = TestEnvironment.PolicyManagementCertificate; AsymmetricAlgorithm privateKey = TestEnvironment.PolicyManagementKey; var token = new AttestationToken(BinaryData.FromObjectAsJson(tokenBody), new AttestationTokenSigningKey(privateKey, fullCertificate)); string serializedToken = token.Serialize(); var validationOptions = new AttestationTokenValidationOptions(); validationOptions.TokenValidated += (args) => { Assert.AreEqual(1, args.Signer.SigningCertificates.Count); Assert.IsNotNull(args.Signer.SigningCertificates[0]); CollectionAssert.AreEqual(fullCertificate.Export(X509ContentType.Cert), args.Signer.SigningCertificates[0].Export(X509ContentType.Cert)); Assert.AreEqual(fullCertificate, args.Signer.SigningCertificates[0]); return(Task.CompletedTask); }; // ValidateTokenAsync will throw an exception if a callback is specified outside of an attestation client. // Note that validation callbacks are tested elsewhere in the AttestationClient codebase. Assert.ThrowsAsync(typeof(Exception), async() => await ValidateSerializedToken( serializedToken, tokenBody, validationOptions)); }
public async Task ValidateTokenCallback() { // Create a JWT whose body will become valid 5 seconds from now. object tokenBody = new JwtTestBody { StringField = "Foo", NotBefore = DateTimeOffset.Now.AddSeconds(5).ToUnixTimeSeconds(), ExpiresAt = DateTimeOffset.Now.AddSeconds(60).ToUnixTimeSeconds(), }; X509Certificate2 fullCertificate = TestEnvironment.PolicyManagementCertificate; AsymmetricAlgorithm privateKey = TestEnvironment.PolicyManagementKey; var token = new AttestationToken(tokenBody, new TokenSigningKey(privateKey, fullCertificate)); string serializedToken = token.ToString(); // This check should fail since the token won't be valid for another 5 seconds. Assert.ThrowsAsync(typeof(Exception), async() => await ValidateSerializedToken(serializedToken, tokenBody)); // This check should succeed since the token slack is greater than the 10 seconds before it becomes valid. await ValidateSerializedToken( serializedToken, tokenBody, new TokenValidationOptions(timeValidationSlack : 10, validationCallback : (AttestationToken tokenToValidate, AttestationSigner tokenSigner) => { Assert.AreEqual(1, tokenSigner.SigningCertificates.Count); Assert.IsNotNull(tokenSigner.SigningCertificates[0]); CollectionAssert.AreEqual(fullCertificate.Export(X509ContentType.Cert), tokenSigner.SigningCertificates[0].Export(X509ContentType.Cert)); Assert.AreEqual(fullCertificate, tokenSigner.SigningCertificates[0]); return(true); })); }
public async Task ValidateJustExpiredAttestationToken() { // Create a JWT whose body has just expired. object tokenBody = new JwtTestBody { StringField = "Foo", ExpiresAt = DateTimeOffset.Now.Subtract(TimeSpan.FromSeconds(5)).ToUnixTimeSeconds(), }; var token = new AttestationToken(BinaryData.FromObjectAsJson(tokenBody)); string serializedToken = token.Serialize(); // This check should fail since the token expired 5 seconds ago. Assert.ThrowsAsync(typeof(Exception), async() => await ValidateSerializedToken(serializedToken, tokenBody)); // This check should succeed since the token slack is greater than the 5 second expiration time. await ValidateSerializedToken(serializedToken, tokenBody, new AttestationTokenValidationOptions { TimeValidationSlack = 10 }); }
public async Task ValidateTooEarlyAttestationToken() { // Create a JWT whose body will become valid 5 seconds from now. object tokenBody = new JwtTestBody { StringField = "Foo", NotBefore = DateTimeOffset.Now.AddSeconds(5).ToUnixTimeSeconds(), ExpiresAt = DateTimeOffset.Now.AddSeconds(60).ToUnixTimeSeconds(), }; X509Certificate2 fullCertificate = TestEnvironment.PolicyManagementCertificate; AsymmetricAlgorithm privateKey = TestEnvironment.PolicyManagementKey; var token = new AttestationToken(BinaryData.FromObjectAsJson(tokenBody), new AttestationTokenSigningKey(privateKey, fullCertificate)); string serializedToken = token.Serialize(); // This check should fail since the token won't be valid for another 5 seconds. Assert.ThrowsAsync(typeof(Exception), async() => await ValidateSerializedToken(serializedToken, tokenBody)); // This check should succeed since the token slack is greater than the 10 seconds before it becomes valid. await ValidateSerializedToken(serializedToken, tokenBody, new AttestationTokenValidationOptions { TimeValidationSlack = 10 }); }