public void HttpClient_HasAtLeast_Default100secondsTimeout() { var resolver = new CloudFoundryTokenKeyResolver("https://foo.bar", null, false); var client = resolver.GetHttpClient(); Assert.True(client.Timeout >= TimeSpan.FromSeconds(100)); }
public async void FetchKeySet_Throws_OnHttpClientException() { // arrange var tkr = new CloudFoundryTokenKeyResolver(networkFailOptions, GetMockHttpClient()); // act var exception = await Assert.ThrowsAsync <HttpRequestException>(() => tkr.FetchKeySet()); }
public void GetHttpClient_AddsHandler() { var handler = new TestMessageHandler(); var resolver = new CloudFoundryTokenKeyResolver("https://foo.bar", handler, false); var client = resolver.GetHttpClient(); client.GetAsync("http://localhost/"); Assert.NotNull(handler.LastRequest); }
public void GetJsonWebKey_DecodesValidJson() { var webKey = @"{'keys':[{'kid':'legacy-token-key','alg':'SHA256withRSA','value':'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+7xH35bYBppsn54cBW+\nFlrveTe+3L4xl7ix13XK8eBcCmNOyBhNzhks6toDiRjrgw5QW76cFirVRFIVQkiZ\nsUwDyGOax3q8NOJyBFXiplIUScrx8aI0jkY/Yd6ixAc5yBSBfXThy4EF9T0xCyt4\nxWLYNXMRwe88Y+i+MEoLNXWRbhjJm76LN7rsdIxALbS0vJNWUDALWjtE6FeYX6uU\nL9msAzlCQkdnSvwMmr8Ij2O3IVMxHDJXOZinFqt9zVfXwO11o7ZmiskZnRz1/V0f\nvbUQAadkcDEUt1gk9cbrAhiipg8VWDMsC7VUXuekJZjme5f8oWTwpsgP6cTUzwSS\n6wIDAQAB\n-----END PUBLIC KEY-----','kty':'RSA','use':'sig','n':'AJPu8R9+W2AaabJ+eHAVvhZa73k3vty+MZe4sdd1yvHgXApjTsgYTc4ZLOraA4kY64MOUFu+nBYq1URSFUJImbFMA8hjmsd6vDTicgRV4qZSFEnK8fGiNI5GP2HeosQHOcgUgX104cuBBfU9MQsreMVi2DVzEcHvPGPovjBKCzV1kW4YyZu+ize67HSMQC20tLyTVlAwC1o7ROhXmF+rlC/ZrAM5QkJHZ0r8DJq/CI9jtyFTMRwyVzmYpxarfc1X18DtdaO2ZorJGZ0c9f1dH721EAGnZHAxFLdYJPXG6wIYoqYPFVgzLAu1VF7npCWY5nuX/KFk8KbID+nE1M8Ekus=','e':'AQAB'}]}"; CloudFoundryTokenKeyResolver resolver = new CloudFoundryTokenKeyResolver(new CloudFoundryOptions()); var webKeySet = resolver.GetJsonWebKeySet(webKey); Assert.NotNull(webKeySet); Assert.NotNull(webKeySet.Keys); Assert.Equal(1, webKeySet.Keys.Count); }
public void ResolveSigningKey_ReturnsNull_WhenNoKeyFound() { // arrange var tkr = new CloudFoundryTokenKeyResolver(serviceUnavailableOptions, GetMockHttpClient()); // act var expected = tkr.ResolveSigningKey(string.Empty, null, "key-1", serviceUnavailableOptions.TokenValidationParameters); // assert Assert.Null(expected); }
public async void FetchKeySet_ReturnsNull_OnFailure() { // arrange var tkr = new CloudFoundryTokenKeyResolver(serviceUnavailableOptions, GetMockHttpClient()); // act var expected = await tkr.FetchKeySet(); // assert Assert.Null(expected); }
public void GetHttpClient_AddsHandler() { TestMessageHandler handler = new TestMessageHandler(); CloudFoundryOptions options = new CloudFoundryOptions() { BackchannelHttpHandler = handler }; var resolver = new CloudFoundryTokenKeyResolver(options); var client = resolver.GetHttpClient(); client.GetAsync("http://localhost/"); Assert.NotNull(handler.LastRequest); }
public void ResolveSigningKey_ReturnsKey_FromServer() { // arrange a resolver that succeeds var tkr = new CloudFoundryTokenKeyResolver(happyPathOptions, GetMockHttpClient()); // act var expected = tkr.ResolveSigningKey(string.Empty, null, "key-1", happyPathOptions.TokenValidationParameters); // assert Assert.NotNull(expected); var tokenKey = expected.First(); Assert.IsType <JsonWebKey>(tokenKey); Assert.Equal("key-1", tokenKey.KeyId); }
public void ResolveSigningKey_FindsExistingKey() { string token = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiI0YjM2NmY4MDdlMjU0MzlmYmRkOTEwZDc4ZjcwYzlhMSIsInN1YiI6ImZlNmExYmUyLWM5MTEtNDM3OC05Y2MxLTVhY2Y1NjA1Y2ZjMiIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsImNsb3VkX2NvbnRyb2xsZXJfc2VydmljZV9wZXJtaXNzaW9ucy5yZWFkIiwidGVzdGdyb3VwIiwib3BlbmlkIl0sImNsaWVudF9pZCI6Im15VGVzdEFwcCIsImNpZCI6Im15VGVzdEFwcCIsImF6cCI6Im15VGVzdEFwcCIsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJ1c2VyX2lkIjoiZmU2YTFiZTItYzkxMS00Mzc4LTljYzEtNWFjZjU2MDVjZmMyIiwib3JpZ2luIjoidWFhIiwidXNlcl9uYW1lIjoiZGF2ZSIsImVtYWlsIjoiZGF2ZSIsImF1dGhfdGltZSI6MTQ3MzYxNTU0MSwicmV2X3NpZyI6IjEwZDM1NzEyIiwiaWF0IjoxNDczNjI0MjU1LCJleHAiOjE0NzM2Njc0NTUsImlzcyI6Imh0dHBzOi8vdWFhLnN5c3RlbS50ZXN0Y2xvdWQuY29tL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJteVRlc3RBcHAiLCJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyX3NlcnZpY2VfcGVybWlzc2lvbnMiXX0.Hth_SXpMAyiTf--U75r40qODlSUr60U730IW28K2VidEltW3lN3_CE7HkSjolRGr-DYuWHRvy3i_EwBfj1WTkBaXL373UzPVvNBnat9Gi-vjz07LwmBohk3baG1mmlL8IoGbQwtsmfUPhmO5C6_M4s9wKmTf9XIZPVo_w7zPJadrXfHLfx6iQob7CYpTTix2VBWya29iL7kmD1J1UDT5YRg2J9XT30iFuL6BvPQTkuGnX3ivDuUOSdxM8Z451i0VJmc0LYFBCLJ-Tz6bJ2d0wrtfsbCfuNtxjmGJevcL2jKQbEoiliYj60qNtZdT-ijGUdZjE9caxQ2nOkDkowacpw"; string keyset = "{ 'keys':[{'kid':'legacy-token-key','alg':'SHA256withRSA','value':'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+7xH35bYBppsn54cBW+\nFlrveTe+3L4xl7ix13XK8eBcCmNOyBhNzhks6toDiRjrgw5QW76cFirVRFIVQkiZ\nsUwDyGOax3q8NOJyBFXiplIUScrx8aI0jkY/Yd6ixAc5yBSBfXThy4EF9T0xCyt4\nxWLYNXMRwe88Y+i+MEoLNXWRbhjJm76LN7rsdIxALbS0vJNWUDALWjtE6FeYX6uU\nL9msAzlCQkdnSvwMmr8Ij2O3IVMxHDJXOZinFqt9zVfXwO11o7ZmiskZnRz1/V0f\nvbUQAadkcDEUt1gk9cbrAhiipg8VWDMsC7VUXuekJZjme5f8oWTwpsgP6cTUzwSS\n6wIDAQAB\n-----END PUBLIC KEY-----','kty':'RSA','use':'sig','n':'AJPu8R9+W2AaabJ+eHAVvhZa73k3vty+MZe4sdd1yvHgXApjTsgYTc4ZLOraA4kY64MOUFu+nBYq1URSFUJImbFMA8hjmsd6vDTicgRV4qZSFEnK8fGiNI5GP2HeosQHOcgUgX104cuBBfU9MQsreMVi2DVzEcHvPGPovjBKCzV1kW4YyZu+ize67HSMQC20tLyTVlAwC1o7ROhXmF+rlC/ZrAM5QkJHZ0r8DJq/CI9jtyFTMRwyVzmYpxarfc1X18DtdaO2ZorJGZ0c9f1dH721EAGnZHAxFLdYJPXG6wIYoqYPFVgzLAu1VF7npCWY5nuX/KFk8KbID+nE1M8Ekus=','e':'AQAB'}]}"; var keys = JsonWebKeySet.Create(keyset); var webKey = keys.Keys[0]; var resolver = new CloudFoundryTokenKeyResolver(new CloudFoundryOptions()); resolver.Resolved["legacy-token-key"] = webKey; var result = resolver.ResolveSigningKey(token, null, "legacy-token-key", null); Assert.True(result.First() == webKey); }
public void GetJsonWebKeySet_Parses_JsonString() { // arrange var tkr = new CloudFoundryTokenKeyResolver(happyPathOptions); // act var expected = tkr.GetJsonWebKeySet(tokenKeysJsonString); // assert Assert.Contains(expected.Keys, key => key.Kid == "key-1"); var tokenKey = expected.Keys.First(); Assert.Equal("RS256", tokenKey.Alg); Assert.Equal("sig", tokenKey.Use); Assert.Equal("AQAB", tokenKey.E); }
public async void FetchKeySet_ReturnsKeySet_OnSuccess() { // arrange var tkr = new CloudFoundryTokenKeyResolver(happyPathOptions, GetMockHttpClient()); // act var expected = await tkr.FetchKeySet(); // assert Assert.Contains(expected.Keys, key => key.Kid == "key-1"); var tokenKey = expected.Keys.First(); Assert.Equal("RS256", tokenKey.Alg); Assert.Equal("sig", tokenKey.Use); Assert.Equal("AQAB", tokenKey.E); }
public async Task FetchKeySet_IssuesHttpRequest_ReturnsKeyset() { var keyset = "{ 'keys':[{'kid':'legacy-token-key','alg':'SHA256withRSA','value':'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+7xH35bYBppsn54cBW+\nFlrveTe+3L4xl7ix13XK8eBcCmNOyBhNzhks6toDiRjrgw5QW76cFirVRFIVQkiZ\nsUwDyGOax3q8NOJyBFXiplIUScrx8aI0jkY/Yd6ixAc5yBSBfXThy4EF9T0xCyt4\nxWLYNXMRwe88Y+i+MEoLNXWRbhjJm76LN7rsdIxALbS0vJNWUDALWjtE6FeYX6uU\nL9msAzlCQkdnSvwMmr8Ij2O3IVMxHDJXOZinFqt9zVfXwO11o7ZmiskZnRz1/V0f\nvbUQAadkcDEUt1gk9cbrAhiipg8VWDMsC7VUXuekJZjme5f8oWTwpsgP6cTUzwSS\n6wIDAQAB\n-----END PUBLIC KEY-----','kty':'RSA','use':'sig','n':'AJPu8R9+W2AaabJ+eHAVvhZa73k3vty+MZe4sdd1yvHgXApjTsgYTc4ZLOraA4kY64MOUFu+nBYq1URSFUJImbFMA8hjmsd6vDTicgRV4qZSFEnK8fGiNI5GP2HeosQHOcgUgX104cuBBfU9MQsreMVi2DVzEcHvPGPovjBKCzV1kW4YyZu+ize67HSMQC20tLyTVlAwC1o7ROhXmF+rlC/ZrAM5QkJHZ0r8DJq/CI9jtyFTMRwyVzmYpxarfc1X18DtdaO2ZorJGZ0c9f1dH721EAGnZHAxFLdYJPXG6wIYoqYPFVgzLAu1VF7npCWY5nuX/KFk8KbID+nE1M8Ekus=','e':'AQAB'}]}"; var handler = new TestMessageHandler(); var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK) { Content = new StringContent(keyset) }; handler.Response = response; CloudFoundryTokenKeyResolver.Resolved.Clear(); var resolver = new CloudFoundryTokenKeyResolver("https://foo.bar", handler, true); var result = await resolver.FetchKeySet(); Assert.NotNull(result); }
public void ResolveSigningKey_ReturnsKeyPreviouslyResolved() { // arrange a resolver that has previously retrieved keys, but will fail going forward var tkr = new CloudFoundryTokenKeyResolver(happyPathOptions, GetMockHttpClient()); tkr.ResolveSigningKey(string.Empty, null, "key-1", happyPathOptions.TokenValidationParameters); tkr.Options = networkFailOptions; Assert.Equal(networkFailOptions.AuthorizationUrl, tkr.Options.AuthorizationUrl); // act var expected = tkr.ResolveSigningKey(string.Empty, null, "key-1", happyPathOptions.TokenValidationParameters); // assert Assert.NotNull(expected); var tokenKey = expected.First(); Assert.IsType <JsonWebKey>(tokenKey); Assert.Equal("key-1", tokenKey.KeyId); }