public void Validate_Should_Throw_Exception_When_Crypto_Does_Not_Match_Signature()
{
const string token = TestData.Token;
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(token);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(string.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign);
++signatureData[0]; // malformed signature
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
Action validateJwtWithBadSignature = ()
=> jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature);
validateJwtWithBadSignature.Should()
.Throw <SignatureVerificationException>("because the signature does not match the crypto");
}
public void CanValidateValidToken(string token, string projectId)
{
var validator = new JwtValidator();
var result = validator.Validate(token, projectId);
Assert.True(result.IsValid, result.ErrorMesage);
Assert.NotNull(result.Token);
}
private void RunValidationFor(int count, string token, string projectId)
{
var validator = new JwtValidator();
for (var i = 0; i < count; i++)
{
validator.Validate(token, projectId);
}
}
internal static void ValidateAuthorizationHeader(AuthenticationHeaderValue authenticationHeaderValue)
{
string token = string.IsNullOrWhiteSpace(authenticationHeaderValue?.Scheme) ? string.Empty : authenticationHeaderValue.Parameter;
if (string.IsNullOrWhiteSpace(token) || !JwtValidator.Validate(token))
{
throw new UnauthorizedAccessException();
}
}
public void Validate_Should_Throw_Exception_When_Argument_Is_Null_Or_Empty(string payloadJson, string decodedCrypto, string decodedSignature)
{
var jwtValidator = new JwtValidator(null, null);
Action validateJwtWithNullOrEmptyArgument = ()
=> jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature);
validateJwtWithNullOrEmptyArgument.Should()
.Throw <ArgumentException>("because the JWT argument must not be null or empty");
}
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
//configure the NLog stuff
LoggingConfiguration logConfig = new LoggingConfiguration();
FileTarget fileTarget = new FileTarget();
fileTarget.FileName = "${basedir}/logFile.txt";
logConfig.AddTarget("file", fileTarget);
fileTarget.Layout = @"${date:format=MM-dd-yyyy_HH\:mm\:ss} | ${message}";
var rule1 = new LoggingRule("*", LogLevel.Info, fileTarget);
logConfig.LoggingRules.Add(rule1);
LogManager.Configuration = logConfig;
//create configuration with validation for JWT tokens for federated authentication
StatelessAuthenticationConfiguration configuration = new StatelessAuthenticationConfiguration(ctx =>
{
if (string.IsNullOrEmpty(ctx.Request.Headers.Authorization))
{
//Auth header doesn't exist or is null, so assume no user
return(null);
}
try
{
//validate the token is legit
var validator = new JwtValidator(_config);
bool result = validator.Validate(ctx.Request.Headers.Authorization);
//if token was validated successfully, return User object
if (result)
{
//return new User, passing the token in to populate the various claims
return(new User(validator.DecodeToken(ctx.Request.Headers.Authorization)));
}
//if we somehow get here, return null
return(null);
}
catch (Exception ex)
{
//something happened during the validation, so return null
//return null;
throw ex;
}
});
StatelessAuthentication.Enable(pipelines, configuration);
}
public void Validate_Should_Not_Throw_Exception_When_Crypto_Matches_Signature()
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(TestData.Token);
var payloadJson = JwtValidator.GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = JwtValidator.GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(JwtValidator.GetBytes("ABC"), bytesToSign);
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature);
}
public void Validate_Should_Throw_Exception_When_Argument_Is_Null_Or_Empty(string payloadJson, string decodedCrypto, string decodedSignature)
{
var jwtValidator = new JwtValidator(null, null);
Assert.Throws <ArgumentException>(() => jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature));
}