public async Task EncryptsHMACSecretInDatabase()
            {
                using (var sut = new SqlServerClientStore(
                           new SqlServerClientStoreSettings {
                    ConnectionString = _connectionString,
                    SharedSecretEncryptionKey = new SharedSecretEncryptionKey("The_Big_Secret")
                },
                           new SignatureAlgorithmConverter(new FakeStringProtectorFactory()))) {
                    var hmac   = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA384);
                    var client = new Client(
                        "c1",
                        "app one",
                        hmac,
                        TimeSpan.FromMinutes(1),
                        TimeSpan.FromMinutes(2),
                        RequestTargetEscaping.RFC2396,
                        new Claim("company", "Dalion"),
                        new Claim("scope", "HttpMessageSigning"));
                    await sut.Register(client);

                    var loaded = await LoadFromDb(client.Id);

                    loaded.SigParameter.Should().NotBeNullOrEmpty();
                    var unencryptedKey = Encoding.UTF8.GetString(hmac.Key);
                    var encryptedKey   = new FakeStringProtector().Protect(unencryptedKey);
                    loaded.SigParameter.Should().Be(encryptedKey);
                    loaded.IsSigParameterEncrypted.Should().BeTrue();
                }
            }
Esempio n. 2
0
        public SignatureAlgorithmConverterTests()
        {
            FakeFactory.Create(out _stringProtectorFactory);
            _sut = new SignatureAlgorithmConverter(_stringProtectorFactory);

            _stringProtector = new FakeStringProtector();
            A.CallTo(() => _stringProtectorFactory.CreateSymmetric(A <string> ._))
            .Returns(_stringProtector);
        }
Esempio n. 3
0
            public void GivenHMACAlgorithm_ReturnsExpectedDataRecord()
            {
                using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
                    _sut.SetSignatureAlgorithm(_dataRecord, hmac, _encryptionKey);

                    _dataRecord.SigType.Should().Be("HMAC");
                    _dataRecord.SigHashAlgorithm.Should().Be(HashAlgorithmName.SHA384.Name);
                    _dataRecord.IsSigParameterEncrypted.Should().BeTrue();
                    var encryptedKey = new FakeStringProtector().Protect(_unencryptedKey);
                    _dataRecord.SigParameter.Should().Be(encryptedKey);
                }
            }