public void CreateAndValidateTokens_RoundTripTokens()
{
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
CreateAndValidateParams createAndValidateParams;
string issuer = "issuer";
string originalIssuer = "originalIssuer";
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.DuplicateTypes",
Claims = ClaimSets.DuplicateTypes(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.DuplicateTypes(issuer, originalIssuer), null),
ExceptionType = null,
TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false,
}
};
RunRoundTrip(createAndValidateParams, handler);
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.Simple_simpleSigned_Asymmetric",
Claims = ClaimSets.Simple(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2),
ExceptionType = null,
SigningCredentials = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2,
SigningToken = KeyingMaterial.DefaultX509Token_2048,
TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerSigningKey = new X509SecurityKey(KeyingMaterial.DefaultCert_2048),
ValidIssuer = issuer,
}
};
RunRoundTrip(createAndValidateParams, handler);
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.Simple_simpleSigned_Symmetric",
Claims = ClaimSets.Simple(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2),
ExceptionType = null,
SigningCredentials = KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2,
SigningToken = KeyingMaterial.DefaultSymmetricSecurityToken_256,
TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerSigningKey = KeyingMaterial.DefaultSymmetricSecurityKey_256,
ValidIssuer = issuer,
}
};
RunRoundTrip(createAndValidateParams, handler);
}
private void RunRoundTrip(CreateAndValidateParams jwtParams, JwtSecurityTokenHandler handler)
{
SecurityToken validatedToken;
string jwt = handler.WriteToken(jwtParams.CompareTo);
ClaimsPrincipal principal = handler.ValidateToken(jwt, jwtParams.TokenValidationParameters, out validatedToken);
// create from security descriptor
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor();
tokenDescriptor.SigningCredentials = jwtParams.SigningCredentials;
tokenDescriptor.Lifetime = new Lifetime(jwtParams.CompareTo.ValidFrom, jwtParams.CompareTo.ValidTo);
tokenDescriptor.Subject = new ClaimsIdentity(jwtParams.Claims);
tokenDescriptor.TokenIssuerName = jwtParams.CompareTo.Issuer;
foreach (string str in jwtParams.CompareTo.Audiences)
{
if (!string.IsNullOrWhiteSpace(str))
{
tokenDescriptor.AppliesToAddress = str;
}
}
JwtSecurityToken token = handler.CreateToken(tokenDescriptor) as JwtSecurityToken;
Assert.IsTrue(IdentityComparer.AreEqual(token, jwtParams.CompareTo), "!IdentityComparer.AreEqual( token, jwtParams.CompareTo )");
// write as xml
MemoryStream ms = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter(XmlTextWriter.Create(ms));
handler.WriteToken(writer, jwtParams.CompareTo);
writer.Flush();
ms.Flush();
ms.Seek(0, SeekOrigin.Begin);
XmlDictionaryReader reader = XmlDictionaryReader.CreateTextReader(ms, XmlDictionaryReaderQuotas.Max);
reader.Read();
token = handler.ReadToken(reader) as JwtSecurityToken;
ms.Close();
IdentityComparer.AreEqual(token, jwtParams.CompareTo);
}
private void RunRoundTrip(CreateAndValidateParams jwtParams, JwtSecurityTokenHandler handler)
{
SecurityToken validatedToken;
string jwt = handler.WriteToken(jwtParams.CompareTo);
ClaimsPrincipal principal = handler.ValidateToken(jwt, jwtParams.TokenValidationParameters, out validatedToken);
// create from security descriptor
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor();
tokenDescriptor.SigningCredentials = jwtParams.SigningCredentials;
tokenDescriptor.Lifetime = new Lifetime(jwtParams.CompareTo.ValidFrom, jwtParams.CompareTo.ValidTo);
tokenDescriptor.Subject = new ClaimsIdentity(jwtParams.Claims);
tokenDescriptor.TokenIssuerName = jwtParams.CompareTo.Issuer;
foreach (string str in jwtParams.CompareTo.Audiences)
{
if (!string.IsNullOrWhiteSpace(str))
{
tokenDescriptor.AppliesToAddress = str;
}
}
JwtSecurityToken token = handler.CreateToken(tokenDescriptor) as JwtSecurityToken;
Assert.IsTrue(IdentityComparer.AreEqual(token, jwtParams.CompareTo), "!IdentityComparer.AreEqual( token, jwtParams.CompareTo )");
// write as xml
MemoryStream ms = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter(XmlTextWriter.Create(ms));
handler.WriteToken(writer, jwtParams.CompareTo);
writer.Flush();
ms.Flush();
ms.Seek(0, SeekOrigin.Begin);
XmlDictionaryReader reader = XmlDictionaryReader.CreateTextReader(ms, XmlDictionaryReaderQuotas.Max);
reader.Read();
token = handler.ReadToken(reader) as JwtSecurityToken;
ms.Close();
IdentityComparer.AreEqual(token, jwtParams.CompareTo);
}
public void CreateAndValidateTokens_RoundTripTokens()
{
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
CreateAndValidateParams createAndValidateParams;
string issuer = "issuer";
string originalIssuer = "originalIssuer";
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.DuplicateTypes",
Claims = ClaimSets.DuplicateTypes(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.DuplicateTypes(issuer, originalIssuer), null),
ExceptionType = null,
TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false,
}
};
RunRoundTrip(createAndValidateParams, handler);
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.Simple_simpleSigned_Asymmetric",
Claims = ClaimSets.Simple(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2),
ExceptionType = null,
SigningCredentials = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2,
SigningToken = KeyingMaterial.DefaultX509Token_2048,
TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerSigningKey = new X509SecurityKey(KeyingMaterial.DefaultCert_2048),
ValidIssuer = issuer,
}
};
RunRoundTrip(createAndValidateParams, handler);
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.Simple_simpleSigned_Symmetric",
Claims = ClaimSets.Simple(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2),
ExceptionType = null,
SigningCredentials = KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2,
SigningToken = KeyingMaterial.DefaultSymmetricSecurityToken_256,
TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerSigningKey = KeyingMaterial.DefaultSymmetricSecurityKey_256,
ValidIssuer = issuer,
}
};
RunRoundTrip(createAndValidateParams, handler);
}
