public void ValidateAsync_GarbageJwt_Throws() {
var publicKeyProvider = new Mock<IPublicKeyProvider>( MockBehavior.Strict ).Object;
IAccessTokenValidator accessTokenValidator = new AccessTokenValidator( publicKeyProvider );
Assert.Throws<ValidationException>( () =>
accessTokenValidator.ValidateAsync( "garbage" ).SafeAsync().GetAwaiter().GetResult()
);
}
/// <summary>
/// Creates an <see cref="IAccessTokenValidator"/> instance backed by local public keys.
/// </summary>
/// <param name="publicKeyDataProvider">The <see cref="IPublicKeyDataProvider"/> for the local service</param>
/// <returns>A new <see cref="IAccessTokenValidator"/></returns>
public static IAccessTokenValidator CreateLocalValidator(
IPublicKeyDataProvider publicKeyDataProvider
) {
var publicKeyProvider = new LocalPublicKeyProvider(
PublicKeyDataProviderFactory.CreateInternal( publicKeyDataProvider ),
new InMemoryPublicKeyCache()
);
var result = new AccessTokenValidator( publicKeyProvider );
return result;
}
/// <summary>
/// Creates an <see cref="IAccessTokenValidator"/> instance backed by local public keys.
/// </summary>
/// <param name="publicKeyDataProvider">The <see cref="IPublicKeyDataProvider"/> for the local service</param>
/// <returns>A new <see cref="IAccessTokenValidator"/></returns>
public static IAccessTokenValidator CreateLocalValidator(
IPublicKeyDataProvider publicKeyDataProvider
)
{
var publicKeyProvider = new LocalPublicKeyProvider(
PublicKeyDataProviderFactory.CreateInternal(publicKeyDataProvider),
new InMemoryPublicKeyCache()
);
var result = new AccessTokenValidator(publicKeyProvider);
return(result);
}
/// <summary>
/// Creates an <see cref="IAccessTokenValidator"/> instance backed by a remote token signer.
/// </summary>
/// <param name="httpClient"><see cref="HttpClient"/> instance with which requests will be made. The lifecycle of the <see cref="HttpClient"/> is not managed. It will not be disposed by the validator.</param>
/// <param name="authEndpoint">The base URI of the remote service</param>
/// <returns>A new <see cref="IAccessTokenValidator"/></returns>
public static IAccessTokenValidator CreateRemoteValidator(
HttpClient httpClient,
Uri authEndpoint
) {
var jwksProvider = new JwksProvider(
httpClient,
authEndpoint
);
var publicKeyProvider = new RemotePublicKeyProvider(
jwksProvider,
new InMemoryPublicKeyCache()
);
var result = new AccessTokenValidator( publicKeyProvider );
return result;
}
/// <summary>
/// Creates an <see cref="IAccessTokenValidator"/> instance backed by a remote token signer.
/// </summary>
/// <param name="httpClient"><see cref="HttpClient"/> instance with which requests will be made. The lifecycle of the <see cref="HttpClient"/> is not managed. It will not be disposed by the validator.</param>
/// <param name="authEndpoint">The base URI of the remote service</param>
/// <returns>A new <see cref="IAccessTokenValidator"/></returns>
public static IAccessTokenValidator CreateRemoteValidator(
HttpClient httpClient,
Uri authEndpoint
)
{
var jwksProvider = new JwksProvider(
httpClient,
authEndpoint
);
var publicKeyProvider = new RemotePublicKeyProvider(
jwksProvider,
new InMemoryPublicKeyCache()
);
var result = new AccessTokenValidator(publicKeyProvider);
return(result);
}
private async Task RunTest(
bool signJwt,
DateTime jwtExpiry,
Type expectedExceptionType = null
) {
Guid keyId = Guid.NewGuid();
D2LSecurityToken signingToken = D2LSecurityTokenUtility.CreateActiveToken( id: keyId );
SigningCredentials signingCredentials = null;
if( signJwt ) {
signingCredentials = signingToken.GetSigningCredentials();
}
var jwtToken = new JwtSecurityToken(
issuer: "someissuer",
signingCredentials: signingCredentials,
expires: jwtExpiry
);
var tokenHandler = new JwtSecurityTokenHandler();
string serializedJwt = tokenHandler.WriteToken( jwtToken );
IPublicKeyProvider publicKeyProvider = PublicKeyProviderMock.Create(
m_jwksEndpoint,
keyId,
signingToken
).Object;
IAccessTokenValidator tokenValidator = new AccessTokenValidator(
publicKeyProvider
);
IAccessToken accessToken = null;
Exception exception = null;
try {
accessToken = await tokenValidator.ValidateAsync(
accessToken: serializedJwt
).SafeAsync();
} catch( Exception e ) {
exception = e;
}
if( expectedExceptionType != null ) {
Assert.IsNull( accessToken, "Unexpected access token returned from validation" );
Assert.IsNotNull( exception, "Expected an exception but got null" );
Assert.AreEqual( expectedExceptionType, exception.GetType(), "Wrong exception type" );
} else {
Assert.IsNotNull( accessToken, "Expected an access token but got none" );
}
}