public void ClientAssertionRequestValidatorExpirationTimeTest()
{
var credential = ClientCredentialWrapper.CreateWithSecret(TestConstants.ClientSecret);
credential.Audience = _audience1;
credential.ContainsX5C = false;
credential.CachedAssertion = TestConstants.DefaultClientAssertion;
credential.ValidTo = ConvertToTimeT(DateTime.UtcNow + TimeSpan.FromSeconds(JwtToAadLifetimeInSeconds));
// Validate cached client assertion with expiration time
// Cached assertion should be valid
Assert.IsTrue(ClientCredentialHelper.ValidateClientAssertion(credential, _audience1, false));
// Setting expiration time to now
credential.ValidTo = ConvertToTimeT(DateTime.UtcNow);
// cached assertion should have expired
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, _audience1, false));
}
public void ClientAssertionRequestValidatorExpirationTimeTest()
{
var credential = new ClientCredentialWrapper(MsalTestConstants.ClientSecret)
{
Audience = "Audience1",
ContainsX5C = false,
Assertion = MsalTestConstants.DefaultClientAssertion,
ValidTo = ConvertToTimeT(DateTime.UtcNow + TimeSpan.FromSeconds(JwtToAadLifetimeInSeconds))
};
// Validate cached client assertion with expiration time
// Cached assertion should be valid
Assert.IsTrue(ClientCredentialHelper.ValidateClientAssertion(credential, new AuthorityEndpoints(null, null, "Audience1"), false));
// Setting expiration time to now
credential.ValidTo = ConvertToTimeT(DateTime.UtcNow);
// cached assertion should have expired
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, new AuthorityEndpoints(null, null, "Audience1"), false));
}
public void ClientAssertionRequestValidatorMismatchParameterTest()
{
string Audience1 = "Audience1";
string Audience2 = "Audience2";
var credential = new ClientCredentialWrapper(MsalTestConstants.ClientSecret)
{
Audience = Audience1,
ContainsX5C = false,
Assertion = MsalTestConstants.DefaultClientAssertion,
ValidTo = ConvertToTimeT(DateTime.UtcNow + TimeSpan.FromSeconds(JwtToAadLifetimeInSeconds))
};
// Validate cached client assertion with parameters
Assert.IsTrue(ClientCredentialHelper.ValidateClientAssertion(credential, new AuthorityEndpoints(null, null, Audience1), false));
// Different audience
credential.Audience = Audience2;
// cached assertion should be invalid
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, new AuthorityEndpoints(null, null, Audience1), false));
// Different x5c, same audience
credential.Audience = Audience1;
credential.ContainsX5C = true;
// cached assertion should be invalid
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, new AuthorityEndpoints(null, null, Audience1), false));
// Different audience and x5c
credential.Audience = Audience2;
// cached assertion should be invalid
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, new AuthorityEndpoints(null, null, Audience1), false));
// No cached Assertion
credential.Assertion = "";
// should return false
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, new AuthorityEndpoints(null, null, Audience1), false));
}
public void ClientAssertionRequestValidatorMismatchParameterTest()
{
var credential = ClientCredentialWrapper.CreateWithSecret(TestConstants.ClientSecret);
credential.Audience = _audience1;
credential.ContainsX5C = false;
credential.CachedAssertion = TestConstants.DefaultClientAssertion;
credential.ValidTo = ConvertToTimeT(DateTime.UtcNow + TimeSpan.FromSeconds(JwtToAadLifetimeInSeconds));
// Validate cached client assertion with parameters
Assert.IsTrue(ClientCredentialHelper.ValidateClientAssertion(credential, _audience1, false));
// Different audience
credential.Audience = _audience2;
// cached assertion should be invalid
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, _audience1, false));
// Different x5c, same audience
credential.Audience = _audience1;
credential.ContainsX5C = true;
// cached assertion should be invalid
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, _audience1, false));
// Different audience and x5c
credential.Audience = _audience2;
// cached assertion should be invalid
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, _audience1, false));
// No cached Assertion
credential.CachedAssertion = "";
// should return false
Assert.IsFalse(ClientCredentialHelper.ValidateClientAssertion(credential, _audience1, false));
}
