public void RequestSignature_Time() { // Verify that time checks work ArgCollection args = new ArgCollection(); SymmetricKey key = Crypto.GenerateSymmetricKey(); string signature; args.Clear(); args["arg1"] = "hello"; args["arg2"] = "world"; args["arg3"] = "test"; // Verify a request with no arguments. signature = RequestSignature.Generate(key, args); Thread.Sleep(2000); Assert.IsTrue(RequestSignature.TryVerify(key, signature, args, null, TimeSpan.FromSeconds(4))); args.Clear(); signature = RequestSignature.Generate(key, args); Thread.Sleep(6000); Assert.IsFalse(RequestSignature.TryVerify(key, signature, args, null, TimeSpan.FromSeconds(4))); }
public void RequestSignature_Args() { ArgCollection args = new ArgCollection(); SymmetricKey key = Crypto.GenerateSymmetricKey(); string signature; // Verify a request with no arguments. args.Clear(); signature = RequestSignature.Generate(key, args); RequestSignature.Verify(key, signature, args, null, graceInterval); // Verify a request with a few arguments args.Clear(); args["arg1"] = "hello"; args["arg2"] = "world"; args["arg3"] = "test"; signature = RequestSignature.Generate(key, args); Assert.IsTrue(RequestSignature.TryVerify(key, signature, args, null, graceInterval)); // Verify that argument normaization works by reversing the // orher of the arguments added. args.Clear(); args["arg3"] = "test"; args["arg2"] = "world"; args["arg1"] = "hello"; Assert.IsTrue(RequestSignature.TryVerify(key, signature, args, null, graceInterval)); // Test with the signature as part of the arguments. args["signature"] = signature; Assert.IsTrue(RequestSignature.TryVerify(key, signature, args, "signature", graceInterval)); // Tamper with one of the argument values and verify failure args["arg2"] = "xxx"; Assert.IsFalse(RequestSignature.TryVerify(key, signature, args, null, graceInterval)); // Do it again args["arg2"] = "WORLD"; ExtendedAssert.Throws <SecurityException>( () => { RequestSignature.Verify(key, signature, args, null, graceInterval); Assert.Fail("SecurityException expected"); }); // Change the shared key and verify failure args.Clear(); args["arg1"] = "hello"; args["arg2"] = "world"; args["arg3"] = "test"; signature = RequestSignature.Generate(key, args); Assert.IsFalse(RequestSignature.TryVerify(Crypto.GenerateSymmetricKey(), signature, args, null, graceInterval)); }