private List <JwtSecurityTokenTestVariation> JwtEncodedStringVariations() { string[] tokenParts = EncodedJwts.Asymmetric_LocalSts.Split('.'); List <JwtSecurityTokenTestVariation> variationsencodedStringParams = new List <JwtSecurityTokenTestVariation>() { new JwtSecurityTokenTestVariation { Name = "EncodedString: InvalidPayloadFormat", EncodedString = EncodedJwts.InvalidPayload, ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: null", EncodedString = null, ExpectedException = ExpectedException.ArgNull, }, new JwtSecurityTokenTestVariation { Name = "EncodedString: string.Empty", EncodedString = string.Empty, ExpectedException = ExpectedException.ArgEx(id: "WIF10002"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: single character: '1'", EncodedString = "1", ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: two parts each a single character: '1.2'", EncodedString = "1.2", ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: header is not encoded properly: '123'", EncodedString = string.Format("{0}.{1}.{2}", "123", tokenParts[1], tokenParts[2]), ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: header is not encoded properly: '123=='", EncodedString = string.Format("{0}.{1}.{2}", "123==", tokenParts[1], tokenParts[2]), ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: payload is not encoded correctly: '123'", EncodedString = string.Format("{1}.{0}.{2}", "123", tokenParts[0], tokenParts[2]), ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: payload is not encoded properly: '123=='", EncodedString = string.Format("{1}.{0}.{2}", "123==", tokenParts[0], tokenParts[2]), ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: valid encoding, NO signature (JWT_AsymmetricSigned_AcsV2)", EncodedString = string.Format("{0}.{1}.", tokenParts[0], tokenParts[1]), ExpectedException = ExpectedException.Null, }, new JwtSecurityTokenTestVariation { Name = "EncodedString: valid encoding, NO signature (JWT_AsymmetricSigned_AcsV2)", EncodedString = string.Format("{0}.{1}.", tokenParts[0], tokenParts[1]), ExpectedException = ExpectedException.Null, }, }; return(variationsencodedStringParams); }
public ExpectedJwtSecurityTokenRequirement ( uint?tokenSize = null, Int32?clock = null, uint?life = null, X509CertificateValidator cert = null, string name = JwtConstants.ReservedClaims.Sub, string role = null, X509RevocationMode?revMode = null, X509CertificateValidationMode?certMode = null, StoreLocation?storeLoc = null, ExpectedException expectedException = null, string handler = JwtSecurityTokenHandlerType, string requirement = Elements.JwtSecurityTokenRequirement, string attributeEx1 = "", string attributeEx2 = "", string attributeEx3 = "", string attributeEx4 = "", string elementEx1 = comment, string elementEx2 = comment, string elementEx3 = comment, string elementEx4 = comment, string elementEx5 = comment, string elementEx6 = comment, string elementClose = closeRequirement ) { MaxTokenSizeInBytes = tokenSize; NameClaimType = name; RoleClaimType = role; CertValidator = cert; ClockSkewInSeconds = clock; DefaultTokenLifetimeInMinutes = life; CertRevocationMode = revMode; CertValidationMode = certMode; CertStoreLocation = storeLoc; ExpectedException = expectedException ?? ExpectedException.NoExceptionExpected; string[] sParams = { handler, requirement, CertRevocationMode == null ? string.Empty : Attribute(Attributes.RevocationMode, CertRevocationMode.Value.ToString()), attributeEx1, CertValidationMode == null ? string.Empty : Attribute(Attributes.ValidationMode, CertValidationMode.Value.ToString()), attributeEx2, CertValidator == null ? string.Empty : Attribute(Attributes.Validator, CertValidator.GetType().ToString() + ", System.IdentityModel.Tokens.Jwt.Tests"), attributeEx3, CertStoreLocation == null ? string.Empty : Attribute(Attributes.TrustedStoreLocation, CertStoreLocation.ToString()), attributeEx4, elementEx1, ClockSkewInSeconds == null ? string.Empty : ElementValue(Elements.MaxClockSkewInMinutes, ClockSkewInSeconds.Value.ToString()), elementEx2, MaxTokenSizeInBytes == null ? string.Empty : ElementValue(Elements.MaxTokenSizeInBytes, MaxTokenSizeInBytes.Value.ToString()), elementEx3, DefaultTokenLifetimeInMinutes == null ? string.Empty : ElementValue(Elements.DefaultTokenLifetimeInMinutes,DefaultTokenLifetimeInMinutes.Value.ToString()), elementEx4, NameClaimType == null ? string.Empty : ElementValue(Elements.NameClaimType, NameClaimType), elementEx5, RoleClaimType == null ? string.Empty : ElementValue(Elements.RoleClaimType, RoleClaimType), elementEx6, elementClose, }; Config = string.Format(ElementTemplate, sParams); }
public void JwtSecurityTokenRequirement_Constructor() { // This class is a bit thin, most of the tests are in JwtConfigTests, just added a couple of missed cases that are easy to code directly. // *** null param JwtSecurityTokenRequirement JwtSecurityTokenRequirement; ExpectedException expectedException = new ExpectedException(typeExpected: typeof(ArgumentNullException), substringExpected: "element"); try { JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(null); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } // *** wrong namespace XmlDocument xmlDocument = new XmlDocument(); expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10601"); XmlElement xmlElement = new CustomXmlElement("prefix", "localName", "http://www.gotJwt.com", xmlDocument); try { JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } // *** unknown X509RevocationMode expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606"); xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument); xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateRevocationMode", "http://www.gotJwt.com", xmlDocument) { Value = "UnKnown:issuerCertificateRevocationMode", }); try { JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } // *** unknown ValidationMode expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606"); xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument); xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidationMode", "http://www.gotJwt.com", xmlDocument) { Value = "UnKnown:issuerCertificateValidationMode", }); try { JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } // *** unknown TrustedStoreLocation expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606"); xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument); xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateTrustedStoreLocation", "http://www.gotJwt.com", xmlDocument) { Value = "UnKnown:issuerCertificateTrustedStoreLocation", }); try { JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } // *** unbale to create type expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10613", inner: typeof(TypeLoadException)); xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument); xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidator", "http://www.gotJwt.com", xmlDocument) { Value = "UnKnown:issuerCertificateValidatorType", }); xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidationMode", "http://www.gotJwt.com", xmlDocument) { Value = "Custom", }); try { JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } }
public void SignatureProviderFactory_Tests() { SignatureProviderFactory factory = new SignatureProviderFactory(); // Asymmetric / Symmetric both need signature alg specified FactoryCreateFor("Siging: - algorithm string.Empty", KeyingMaterial.AsymmetricKey_1024, string.Empty, factory, ExpectedException.ArgumentException()); FactoryCreateFor("Verifying: - algorithm string.Empty", KeyingMaterial.AsymmetricKey_1024, string.Empty, factory, ExpectedException.ArgumentException()); // Keytype not supported FactoryCreateFor("Siging: - SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgumentException("IDX10600:")); FactoryCreateFor("Verifying: - SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgumentException("IDX10600:")); // Private keys missing FactoryCreateFor("Siging: - SecurityKey without private key", KeyingMaterial.DefaultAsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.InvalidOperationException(substringExpected: "IDX10614:", inner: typeof(NotSupportedException))); FactoryCreateFor("Verifying: - SecurityKey without private key", KeyingMaterial.DefaultAsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.NoExceptionExpected); // Key size checks FactoryCreateFor("Siging: - AsymmetricKeySize Key to small", KeyingMaterial.AsymmetricKey_1024, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10630:")); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = 2048; FactoryCreateFor("Verifying: - AsymmetricKeySize Key to small", KeyingMaterial.AsymmetricKey_1024, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10631:")); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying; SignatureProviderFactory.MinimumSymmetricKeySizeInBits = 512; FactoryCreateFor("Siging: - SymmetricKeySize Key to small", KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10603:")); FactoryCreateFor("Verifying: - SymmetricKeySize Key to small", KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10603")); SignatureProviderFactory.MinimumSymmetricKeySizeInBits = SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits; ExpectedException expectedException = ExpectedException.ArgumentOutOfRangeException("IDX10613:"); // setting keys too small try { Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning < AbsoluteMinimumAsymmetricKeySizeInBitsForSigning")); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning - 10; expectedException.ProcessNoException(); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning; } catch (Exception ex) { expectedException.ProcessException(ex); } expectedException = ExpectedException.ArgumentOutOfRangeException("IDX10627:"); try { Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying < AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying")); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying - 10; expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } expectedException = ExpectedException.ArgumentOutOfRangeException("IDX10628:"); try { Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumSymmetricKeySizeInBits < AbsoluteMinimumSymmetricKeySizeInBits")); SignatureProviderFactory.MinimumSymmetricKeySizeInBits = SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits - 10; expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } }
public static void BuildExpectedRequirements() { RequirementVariations = new List <ExpectedJwtSecurityTokenRequirement>(); // Empty Element RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: "<>", expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException)))); // unknown element RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue("UnknownElement", "@http://AllItemsSet/nameClaim"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10611"))); // element.Localname empty RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue("", "@http://AllItemsSet/nameClaim"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException)))); // Element attribute name is not 'value' RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "6000", attributeValue: "NOTvalue"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10610:"))); // Attribute name empty RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(attributeEx1: Attribute("", AttributeValues.X509CertificateValidationModeChainTrust), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException)))); // Attribute value empty RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(attributeEx1: Attribute(Attributes.ValidationMode, ""), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10600", inner: typeof(InvalidOperationException)))); // Multiple Attributes RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.NameClaimType, "Bob", count: 2), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10609"))); // No Attributes RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.NameClaimType, "Bob", count: 0), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10607"))); // for each variation, make sure a validator is created. RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.NoCheck, storeLoc: StoreLocation.CurrentUser, certMode: X509CertificateValidationMode.ChainTrust, expectedException: ExpectedException.NoExceptionExpected)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.Offline, expectedException: ExpectedException.NoExceptionExpected)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.Online, expectedException: ExpectedException.NoExceptionExpected)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.ChainTrust, expectedException: ExpectedException.NoExceptionExpected)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.Custom, expectedException: ExpectedException.ConfigurationErrorsException("Jwt10612"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.None, expectedException: ExpectedException.NoExceptionExpected)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerOrChainTrust, expectedException: ExpectedException.NoExceptionExpected)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerTrust, expectedException: ExpectedException.NoExceptionExpected)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(storeLoc: StoreLocation.CurrentUser, expectedException: ExpectedException.NoExceptionExpected)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(storeLoc: StoreLocation.LocalMachine, expectedException: ExpectedException.NoExceptionExpected)); // Error Conditions - lifetime RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(life: 0, expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "-1"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "abc"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(FormatException)))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "15372286729"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(OverflowException)))); // Error Conditions - tokensSize RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 0, expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "-1"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "abc"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(FormatException)))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "4294967296"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(OverflowException)))); // Duplicate Elements, we have to catch them. RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, revMode: X509RevocationMode.NoCheck, elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, revMode: X509RevocationMode.NoCheck, elementEx3: ElementValue(Elements.MaxTokenSizeInBytes, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim", revMode: X509RevocationMode.NoCheck, elementEx3: ElementValue(Elements.NameClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim", revMode: X509RevocationMode.NoCheck, elementEx5: ElementValue(Elements.NameClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim", revMode: X509RevocationMode.NoCheck, elementEx3: ElementValue(Elements.RoleClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim", revMode: X509RevocationMode.NoCheck, elementEx6: ElementValue(Elements.RoleClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(clock: 15, certMode: X509CertificateValidationMode.PeerTrust, elementEx1: ElementValue(Elements.MaxClockSkewInMinutes, "5"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(clock: 15, revMode: X509RevocationMode.NoCheck, elementEx2: ElementValue(Elements.MaxClockSkewInMinutes, "5"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(life: 1000, revMode: X509RevocationMode.NoCheck, elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "60"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(life: 1000, revMode: X509RevocationMode.NoCheck, elementEx4: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "60"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616"))); // Duplicate Attributes, System.Configuration will catch them. RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.NoCheck, attributeEx1: Attribute(Attributes.RevocationMode, AttributeValues.X509RevocationModeNoCheck.ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException)))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerTrust, attributeEx2: Attribute(Attributes.ValidationMode, AttributeValues.X509CertificateValidationModeNone.ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException)))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(storeLoc: StoreLocation.LocalMachine, attributeEx4: Attribute(Attributes.TrustedStoreLocation, StoreLocation.LocalMachine.ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException)))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(cert: new AlwaysSucceedCertificateValidator(), attributeEx1: Attribute(Attributes.Validator, typeof(AlwaysSucceedCertificateValidator).ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException)))); // certificate validator *40 RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.Custom, cert: new AlwaysSucceedCertificateValidator())); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 2147483647)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim")); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim")); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(cert: new AlwaysSucceedCertificateValidator(), expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(clock: 15)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim")); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(cert: new AlwaysSucceedCertificateValidator(), clock: 15, expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim", clock: 15)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim", clock: 15, cert: new AlwaysSucceedCertificateValidator(), certMode: X509CertificateValidationMode.Custom)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim", clock: 15, cert: new AlwaysSucceedCertificateValidator(), expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619"))); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim", cert: new AlwaysSucceedCertificateValidator(), clock: 15, certMode: X509CertificateValidationMode.Custom)); RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerTrust, cert: new AlwaysSucceedCertificateValidator(), expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619"))); }
private void SignatureProvider_SignVariation(SignatureProvider provider, byte[] bytes, byte[] signature, ExpectedException expectedException) { try { provider.Sign(bytes); expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } }
private void SymmetricSignatureProvider_ConstructorVariation(string testcase, SymmetricSecurityKey key, string algorithm, ExpectedException expectedException) { Console.WriteLine(string.Format("Testcase: '{0}'", testcase)); SymmetricSignatureProvider provider = null; try { if (testcase.StartsWith("Signing")) { provider = new SymmetricSignatureProvider(key, algorithm); } else { provider = new SymmetricSignatureProvider(key, algorithm); } expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } }
public void SymmetricSignatureProvider_ConstructorTests() { // no errors SymmetricSignatureProvider_ConstructorVariation("Creates with no errors", KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, ExpectedException.NoExceptionExpected); // null, empty algorithm digest SymmetricSignatureProvider_ConstructorVariation("Constructor: - NUll key", null, SecurityAlgorithms.HmacSha256Signature, ExpectedException.ArgumentNullException()); SymmetricSignatureProvider_ConstructorVariation("Constructor: - algorithm == string.Empty", KeyingMaterial.DefaultSymmetricSecurityKey_256, string.Empty, ExpectedException.ArgumentException()); // GetKeyedHashAlgorithm throws SymmetricSecurityKey key = new FaultingSymmetricSecurityKey(KeyingMaterial.DefaultSymmetricSecurityKey_256, new CryptographicException("hi from inner")); SymmetricSignatureProvider_ConstructorVariation("Constructor: - SecurityKey.GetKeyedHashAlgorithm throws", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOperationException("IDX10632:", typeof(CryptographicException))); // Key returns null KeyedHash key = new FaultingSymmetricSecurityKey(KeyingMaterial.DefaultSymmetricSecurityKey_256, null); SymmetricSignatureProvider_ConstructorVariation("Constructor: - SecurityKey returns null KeyedHashAlgorithm", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOperationException("IDX10633:")); //_keyedHash.Key = _key.GetSymmetricKey() is null; KeyedHashAlgorithm keyedHashAlgorithm = KeyingMaterial.DefaultSymmetricSecurityKey_256.GetKeyedHashAlgorithm(SecurityAlgorithms.HmacSha256Signature); key = new FaultingSymmetricSecurityKey(KeyingMaterial.DefaultSymmetricSecurityKey_256, null, null, keyedHashAlgorithm, null); SymmetricSignatureProvider_ConstructorVariation("Constructor: - key returns null bytes to pass to _keyedHashKey", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOperationException("IDX10634:", typeof(NullReferenceException))); }
public void AsymmetricSignatureProvider_Constructor() { AsymmetricSecurityKey privateKey = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey; AsymmetricSecurityKey publicKey = KeyingMaterial.DefaultX509SigningCreds_Public_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey; string sha2SignatureAlgorithm = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm; // no errors AsymmetricConstructorVariation("Signing: - Creates with no errors", privateKey, sha2SignatureAlgorithm, expectedException: ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Verifying: - Creates with no errors (Private Key)", privateKey, sha2SignatureAlgorithm, expectedException: ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Verifying: - Creates with no errors (Public Key)", publicKey, sha2SignatureAlgorithm, expectedException: ExpectedException.NoExceptionExpected); // null, empty algorithm digest AsymmetricConstructorVariation("Signing: - NUll key", null, sha2SignatureAlgorithm, expectedException: ExpectedException.ArgumentNullException()); AsymmetricConstructorVariation("Signing: - SignatureAlorithm == null", privateKey, null, expectedException: ExpectedException.ArgumentNullException()); AsymmetricConstructorVariation("Signing: - SignatureAlorithm == whitespace", privateKey, " ", expectedException: ExpectedException.ArgumentException("IDX10002")); // Private keys missing AsymmetricConstructorVariation("Signing: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, expectedException: ExpectedException.InvalidOperationException(inner: typeof(NotSupportedException))); AsymmetricConstructorVariation("Verifying: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, expectedException: ExpectedException.NoExceptionExpected); // _formatter not created AsymmetricConstructorVariation("Signing: - key cannot create _formatter", KeyingMaterial.DefaultAsymmetricKey_2048, "SecurityAlgorithms.RsaSha256Signature", expectedException: ExpectedException.InvalidOperationException(substringExpected: "IDX10618", inner: typeof(NotSupportedException))); // _deformatter not created AsymmetricConstructorVariation("Verifying: - key cannot create _deformatter", KeyingMaterial.DefaultAsymmetricKey_Public_2048, "SecurityAlgorithms.RsaSha256Signature", expectedException: ExpectedException.InvalidOperationException(substringExpected: "IDX10618", inner: typeof(NotSupportedException))); Console.WriteLine("Test missing: key.GetHashAlgorithmForSignature( signingCredentials.SignatureAlgorithm );"); //TODO: Should this be fixed? }
private void FactoryCreateFor(string testcase, SecurityKey key, string algorithm, SignatureProviderFactory factory, ExpectedException expectedException) { Console.WriteLine(string.Format("Testcase: '{0}'", testcase)); try { if (testcase.StartsWith("Siging")) { factory.CreateForSigning(key, algorithm); } else { factory.CreateForVerifying(key, algorithm); } expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } }