public async Task EncryptsHMACSecretInDatabase() { var hmac = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA384); var client = new Client( "c1", "app one", hmac, TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(2), RequestTargetEscaping.RFC2396, new Claim("company", "Dalion"), new Claim("scope", "HttpMessageSigning")); await _sut.Register(client); var collection = Database.GetCollection <ClientDataRecordV2>(_collectionName); var findResult = await collection.FindAsync <ClientDataRecordV2>(new ExpressionFilterDefinition <ClientDataRecordV2>(r => r.Id == client.Id)); var loaded = await findResult.SingleAsync(); loaded.SignatureAlgorithm.Parameter.Should().NotBeNullOrEmpty(); var unencryptedKey = Encoding.UTF8.GetString(hmac.Key); var encryptedKey = new FakeStringProtector().Protect(unencryptedKey); loaded.SignatureAlgorithm.Parameter.Should().Be(encryptedKey); loaded.SignatureAlgorithm.IsParameterEncrypted.Should().BeTrue(); }
public SignatureAlgorithmDataRecordConverterTests() { FakeFactory.Create(out _stringProtectorFactory); _sut = new SignatureAlgorithmDataRecordConverter(_stringProtectorFactory); _stringProtector = new FakeStringProtector(); A.CallTo(() => _stringProtectorFactory.CreateSymmetric(A <string> ._)) .Returns(_stringProtector); }
public void GivenHMACAlgorithm_ReturnsExpectedDataRecord() { using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) { var actual = _sut.FromSignatureAlgorithm(hmac, _encryptionKey); var encryptedKey = new FakeStringProtector().Protect(_unencryptedKey); var expected = new SignatureAlgorithmDataRecordV2 { Type = "HMAC", HashAlgorithm = HashAlgorithmName.SHA384.Name, IsParameterEncrypted = true, Parameter = encryptedKey }; actual.Should().BeEquivalentTo(expected); } }