public async Task EncryptsHMACSecretInFile() { var hmac = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA384); var client = new Client( "c1", "app one", hmac, TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(2), RequestTargetEscaping.RFC2396, new Claim("company", "Dalion"), new Claim("scope", "HttpMessageSigning")); await _sut.Register(client); var dataRecords = await _fileManager.Read(); var loaded = dataRecords.Single(r => r.Id == client.Id); loaded.SigAlg.Param.Should().NotBeNullOrEmpty(); var unencryptedKey = Encoding.UTF8.GetString(hmac.Key); var encryptedKey = new FakeStringProtector().Protect(unencryptedKey); loaded.SigAlg.Param.Should().Be($"<Secret>{encryptedKey}</Secret>"); loaded.SigAlg.Encrypted.Should().BeTrue(); }
public SignatureAlgorithmDataRecordConverterTests() { FakeFactory.Create(out _stringProtectorFactory); _sut = new SignatureAlgorithmDataRecordConverter(_stringProtectorFactory); _stringProtector = new FakeStringProtector(); A.CallTo(() => _stringProtectorFactory.CreateSymmetric(A <string> ._)) .Returns(_stringProtector); }
public void GivenHMACAlgorithm_ReturnsExpectedDataRecord() { using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) { var actual = _sut.FromSignatureAlgorithm(hmac, _encryptionKey); var encryptedKey = new FakeStringProtector().Protect(_unencryptedKey); var expected = new SignatureAlgorithmDataRecord { Type = "HMAC", Hash = HashAlgorithmName.SHA384.Name, Encrypted = true, Param = $"<Secret>{encryptedKey}</Secret>" }; actual.Should().BeEquivalentTo(expected); } }