public void TestPublicKeyIsStoredInPemFormat()
{
var result = SigningKey.Create();
Assert.IsTrue(result.PublicKey.StartsWith("-----BEGIN PUBLIC KEY-----\n"));
Assert.IsTrue(result.PublicKey.EndsWith("-----END PUBLIC KEY-----\n"));
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
_logger.LogInformation($"Worker running at {DateTime.Now}");
var key = SigningKey.Create();
var response = await _metrics.KeyGenerationWorker().RecordTimeToSavePublicKey(async() => await SaveKey(key.PublicKey, stoppingToken));
switch (response)
{
case KeyCreatedResponse createdResponse:
key.KeyId = createdResponse.Id;
_keyContainer.SetKey(key);
break;
case ProblemDetails _:
_metrics.KeyGenerationWorker().MarkErrorSavingToKeyService();
_logger.LogError("problem while saving public key");
break;
default:
_metrics.KeyGenerationWorker().MarkErrorUnhandledType();
_logger.LogError("unhandled type");
break;
}
await Task.Delay(TimeSpan.FromSeconds(_keyGenerationConfig.TimeBetweenGenerationInSeconds), stoppingToken);
}
}
public void TestCreateReturnsPrivateAndPublicKey()
{
var result = SigningKey.Create();
Assert.NotNull(result.PrivateKey);
Assert.NotNull(result.PublicKey);
Assert.NotNull(result.CreatedAt);
}
public void TestCreateJwt()
{
var keyContainer = new Mock <IKeyContainer>();
var mockOptions = new Mock <IOptions <IdentityOptions> >();
mockOptions.Setup(x => x.Value).Returns(new IdentityOptions
{
ClaimsIdentity = new ClaimsIdentityOptions
{
SecurityStampClaimType = "security"
}
});
var key = SigningKey.Create();
key.KeyId = "keyId";
keyContainer.Setup(x => x.GetKey()).Returns(key);
var mockIdentityConfigOption = new Mock <IOptions <IdentityConfig> >();
mockIdentityConfigOption.Setup(x => x.Value).Returns(new IdentityConfig
{
Audiences = new List <string> {
"aud1", "aud2"
},
Issuer = "auth_test",
IssueForAudience = "issuer"
});
var tokenFactory = new TokenFactory(keyContainer.Object, mockOptions.Object, mockIdentityConfigOption.Object);
var claims = new []
{
new Claim("name", "Alice"),
new Claim("role", "sudo"),
new Claim("security", "secure_data"),
};
var claimsPrincipal = new Mock <ClaimsPrincipal>();
claimsPrincipal.Setup(x => x.Claims).Returns(claims);
var handler = new JwtSecurityTokenHandler();
var token = handler.ReadJwtToken(tokenFactory.GenerateJwtToken(claimsPrincipal.Object));
Assert.AreEqual("keyId", token.Header.Kid);
Assert.AreEqual("Alice", token.Claims.FirstOrDefault(x => x.Type == "name")?.Value);
Assert.AreEqual("sudo", token.Claims.FirstOrDefault(x => x.Type == "role")?.Value);
Assert.IsNull(token.Claims.FirstOrDefault(x => x.Type == "security")?.Value);
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
try
{
_logger.LogInformation($"Worker running at {DateTime.Now}");
try
{
var key = SigningKey.Create();
var response = await SaveKey(key.PublicKey, stoppingToken);
switch (response)
{
case KeyCreatedResponse createdResponse:
key.KeyId = createdResponse.Id;
_signatureKeyContainer.Key = key;
break;
case ProblemDetails p:
throw new Exception($"{p.Status} {p.TitleProperty} {p.Detail}");
default:
throw new Exception("unhandled error");
}
await Task.Delay(TimeSpan.FromSeconds(_config.SignatureTtl - 30), stoppingToken);
}
catch (Exception ex)
{
_logger.LogError(ex, "failed to obtain signature key");
await Task.Delay(TimeSpan.FromSeconds(5));
}
}
catch (Exception e)
{
_logger.LogError(e, "caught exception");
await Task.Delay(TimeSpan.FromSeconds(5), stoppingToken);
}
}
}