public async Task CertificateCache_Caches()
        {
            MockClock clock = new MockClock(DateTime.UtcNow);

            // The fake only fakes the fetching of the certificates from the web.
            // The rest of the code can't be mocked and that's what we are testing here.
            var certCache = new FakeCertificateCache(clock);

            var firstCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);

            // Move the clock a little, but not enough to invalidate the cache, which lasts for 1 hour.
            clock.UtcNow = clock.UtcNow.AddMinutes(30);
            var secondCallCached = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);

            Assert.NotNull(firstCall);
            Assert.Same(firstCall, secondCallCached);
        }
        public async Task CertificateCache_Refreshes()
        {
            MockClock clock = new MockClock(DateTime.UtcNow);
            // The fake only fakes the fetching of the certificates from the web.
            // The rest of the code can't be mocked and that's what we are testing here.
            var certCache = new FakeCertificateCache(clock);

            var firstCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);

            // Move the clock so the cache expires
            clock.UtcNow = clock.UtcNow.AddMinutes(61);
            var secondCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);

            Assert.NotNull(firstCall);
            Assert.NotNull(secondCall);
            Assert.NotSame(firstCall, secondCall);
        }
        public void ValidationSettingsToSignedTokenVerificationOptions()
        {
            MockClock            clock = new MockClock(DateTime.UtcNow);
            FakeCertificateCache cache = new FakeCertificateCache();
            var options = new GoogleJsonWebSignature.ValidationSettings
            {
                Clock                        = clock,
                Audience                     = new[] { "audience" },
                HostedDomain                 = "hosted_domain",
                IssuedAtClockTolerance       = TimeSpan.FromSeconds(5),
                ExpirationTimeClockTolerance = TimeSpan.FromSeconds(10),
                CertificateCache             = cache,
                ForceGoogleCertRefresh       = true
            }.ToVerificationOptions();

            Assert.Same(clock, options.Clock);
            Assert.Single(options.TrustedAudiences, "audience");
            Assert.Equal(TimeSpan.FromSeconds(5), options.IssuedAtClockTolerance);
            Assert.Equal(TimeSpan.FromSeconds(10), options.ExpiryClockTolerance);
            Assert.Same(cache, options.CertificateCache);
            Assert.True(options.ForceCertificateRefresh);
            Assert.Equal(GoogleAuthConsts.JsonWebKeySetUrl, options.CertificatesUrl);
            Assert.Equal(GoogleJsonWebSignature.ValidJwtIssuers.Count(), options.TrustedIssuers.Count);
        }