public async Task ItShouldNotAllowSameNonceTwiceIfConfigured()
{
var client = new System.Net.Http.HttpClient();
var signatureBodySourceBuilder = new SignatureBodySourceBuilder();
var signatureBodySigner = new HashAlgorithmSignatureBodySigner();
var request = new HttpRequestMessage(HttpMethod.Get, new Uri(_fixture.ServerUri, ApiController.GetSignatureValidationResultGetUri));
var nonce = Guid.NewGuid().ToString();
var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
var signatureBodySourceParameters = new SignatureBodySourceParameters(
request.Method.ToString(),
request.RequestUri,
new Dictionary <string, string>(),
nonce,
timestamp,
StartupWithMiddleware.DefaultClientId,
DefaultConstants.SignatureBodySourceComponents);
var signatureBodySource = await signatureBodySourceBuilder.Build(signatureBodySourceParameters);
var signatureBody = await signatureBodySigner.Sign(new SignatureBodyParameters(signatureBodySource, StartupWithMiddleware.DefaultClientSecret));
var signature = $"{StartupWithMiddleware.DefaultClientId}:{nonce}:{timestamp}:{signatureBody}";
request.Headers.TryAddWithoutValidation(DefaultConstants.HeaderName, signature);
var response = await client.SendAsync(request);
var result = await response.Content.ReadAsAsync <SignatureValidationResult>();
result.Status.Should().Be(SignatureValidationResultStatus.OK);
result.ClientId.Should().Be(StartupWithMiddleware.DefaultClientId);
timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
request = new HttpRequestMessage(HttpMethod.Get, new Uri(_fixture.ServerUri, ApiController.GetSignatureValidationResultGetUri));
signatureBodySourceParameters = new SignatureBodySourceParameters(
request.Method.ToString(),
request.RequestUri,
new Dictionary <string, string>(),
nonce,
timestamp,
StartupWithMiddleware.DefaultClientId,
DefaultConstants.SignatureBodySourceComponents);
signatureBodySource = await signatureBodySourceBuilder.Build(signatureBodySourceParameters);
signatureBody = await signatureBodySigner.Sign(new SignatureBodyParameters(signatureBodySource, StartupWithMiddleware.DefaultClientSecret));
signature = $"{StartupWithMiddleware.DefaultClientId}:{nonce}:{timestamp}:{signatureBody}";
request.Headers.TryAddWithoutValidation(DefaultConstants.HeaderName, signature);
response = await client.SendAsync(request);
result = await response.Content.ReadAsAsync <SignatureValidationResult>();
result.Status.Should().Be(SignatureValidationResultStatus.NonceHasBeenUsedBefore);
}
public async Task ItShouldSign()
{
var parameters = new SignatureBodyParameters(Array.Empty <byte>(), "clientSecret");
var signer = new HashAlgorithmSignatureBodySigner();
var result = await signer.Sign(parameters);
result.Should().NotBeEmpty();
var bytes = Convert.FromBase64String(result);
bytes.Should().HaveCount(32);
}