private NodeEntitlements CreateEntitlements(EntitlementCreationOptions creationOptions = EntitlementCreationOptions.None)
{
var result = new NodeEntitlements()
.FromInstant(_now)
.UntilInstant(_now + TimeSpan.FromDays(7))
.WithAudience(_audience)
.WithIssuer(_issuer);
if (!creationOptions.HasFlag(EntitlementCreationOptions.OmitIpAddress))
{
result = result.AddIpAddress(_approvedAddress);
}
if (!creationOptions.HasFlag(EntitlementCreationOptions.OmitIdentifier))
{
result = result.WithIdentifier(_entitlementIdentifer);
}
if (!creationOptions.HasFlag(EntitlementCreationOptions.OmitApplication))
{
result = result.AddApplication(_contosoFinanceApp);
}
if (!creationOptions.HasFlag(EntitlementCreationOptions.OmitMachineId))
{
result = result.WithVirtualMachineId("virtual-machine-identifier");
}
return(result);
}
public TokenEnforcementTests()
{
// Hard coded key for unit testing only; actual operation will use a cert
const string plainTextSigningKey = "This is my shared, not so secret, secret that needs to be very long!";
_signingKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(plainTextSigningKey));
_signingCredentials = new SigningCredentials(
_signingKey, SecurityAlgorithms.HmacSha256Signature);
// Hard coded key for unit testing only; actual operation will use a cert
const string plainTextEncryptionKey = "This is another, not so secret, secret that needs to be very long!";
_encryptingKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(plainTextEncryptionKey));
_encryptingCredentials = new EncryptingCredentials(
_encryptingKey, "dir", SecurityAlgorithms.Aes256CbcHmacSha512);
_validEntitlements = CreateEntitlements();
_verifier = new TokenVerifier(_signingKey, _encryptingKey);
_generator = new TokenGenerator(_nullLogger, _signingCredentials, _encryptingCredentials);
}
