private List <JwtSecurityTokenTestVariation> JwtEncodedStringVariations()
{
string[] tokenParts = EncodedJwts.Asymmetric_LocalSts.Split('.');
List <JwtSecurityTokenTestVariation> variationsencodedStringParams = new List <JwtSecurityTokenTestVariation>()
{
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: InvalidPayloadFormat",
EncodedString = EncodedJwts.InvalidPayload,
ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: null",
EncodedString = null,
ExpectedException = ExpectedException.ArgNull,
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: string.Empty",
EncodedString = string.Empty,
ExpectedException = ExpectedException.ArgEx(id: "WIF10002"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: single character: '1'",
EncodedString = "1",
ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: two parts each a single character: '1.2'",
EncodedString = "1.2",
ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: header is not encoded properly: '123'",
EncodedString = string.Format("{0}.{1}.{2}", "123", tokenParts[1], tokenParts[2]),
ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: header is not encoded properly: '123=='",
EncodedString = string.Format("{0}.{1}.{2}", "123==", tokenParts[1], tokenParts[2]),
ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: payload is not encoded correctly: '123'",
EncodedString = string.Format("{1}.{0}.{2}", "123", tokenParts[0], tokenParts[2]),
ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: payload is not encoded properly: '123=='",
EncodedString = string.Format("{1}.{0}.{2}", "123==", tokenParts[0], tokenParts[2]),
ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: valid encoding, NO signature (JWT_AsymmetricSigned_AcsV2)",
EncodedString = string.Format("{0}.{1}.", tokenParts[0], tokenParts[1]),
ExpectedException = ExpectedException.Null,
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: valid encoding, NO signature (JWT_AsymmetricSigned_AcsV2)",
EncodedString = string.Format("{0}.{1}.", tokenParts[0], tokenParts[1]),
ExpectedException = ExpectedException.Null,
},
};
return(variationsencodedStringParams);
}
public ExpectedJwtSecurityTokenRequirement
(
uint?tokenSize = null, Int32?clock = null, uint?life = null, X509CertificateValidator cert = null, string name = JwtConstants.ReservedClaims.Sub, string role = null, X509RevocationMode?revMode = null, X509CertificateValidationMode?certMode = null, StoreLocation?storeLoc = null, ExpectedException expectedException = null,
string handler = JwtSecurityTokenHandlerType, string requirement = Elements.JwtSecurityTokenRequirement,
string attributeEx1 = "", string attributeEx2 = "", string attributeEx3 = "", string attributeEx4 = "",
string elementEx1 = comment, string elementEx2 = comment, string elementEx3 = comment, string elementEx4 = comment, string elementEx5 = comment, string elementEx6 = comment,
string elementClose = closeRequirement
)
{
MaxTokenSizeInBytes = tokenSize;
NameClaimType = name;
RoleClaimType = role;
CertValidator = cert;
ClockSkewInSeconds = clock;
DefaultTokenLifetimeInMinutes = life;
CertRevocationMode = revMode;
CertValidationMode = certMode;
CertStoreLocation = storeLoc;
ExpectedException = expectedException ?? ExpectedException.NoExceptionExpected;
string[] sParams =
{
handler,
requirement,
CertRevocationMode == null ? string.Empty : Attribute(Attributes.RevocationMode, CertRevocationMode.Value.ToString()),
attributeEx1,
CertValidationMode == null ? string.Empty : Attribute(Attributes.ValidationMode, CertValidationMode.Value.ToString()),
attributeEx2,
CertValidator == null ? string.Empty : Attribute(Attributes.Validator, CertValidator.GetType().ToString() + ", System.IdentityModel.Tokens.Jwt.Tests"),
attributeEx3,
CertStoreLocation == null ? string.Empty : Attribute(Attributes.TrustedStoreLocation, CertStoreLocation.ToString()),
attributeEx4,
elementEx1,
ClockSkewInSeconds == null ? string.Empty : ElementValue(Elements.MaxClockSkewInMinutes, ClockSkewInSeconds.Value.ToString()),
elementEx2,
MaxTokenSizeInBytes == null ? string.Empty : ElementValue(Elements.MaxTokenSizeInBytes, MaxTokenSizeInBytes.Value.ToString()),
elementEx3,
DefaultTokenLifetimeInMinutes == null ? string.Empty : ElementValue(Elements.DefaultTokenLifetimeInMinutes,DefaultTokenLifetimeInMinutes.Value.ToString()),
elementEx4,
NameClaimType == null ? string.Empty : ElementValue(Elements.NameClaimType, NameClaimType),
elementEx5,
RoleClaimType == null ? string.Empty : ElementValue(Elements.RoleClaimType, RoleClaimType),
elementEx6,
elementClose,
};
Config = string.Format(ElementTemplate, sParams);
}
public void JwtSecurityTokenRequirement_Constructor()
{
// This class is a bit thin, most of the tests are in JwtConfigTests, just added a couple of missed cases that are easy to code directly.
// *** null param
JwtSecurityTokenRequirement JwtSecurityTokenRequirement;
ExpectedException expectedException = new ExpectedException(typeExpected: typeof(ArgumentNullException), substringExpected: "element");
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(null);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** wrong namespace
XmlDocument xmlDocument = new XmlDocument();
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10601");
XmlElement xmlElement = new CustomXmlElement("prefix", "localName", "http://www.gotJwt.com", xmlDocument);
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unknown X509RevocationMode
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606");
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateRevocationMode", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateRevocationMode",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unknown ValidationMode
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606");
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidationMode", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateValidationMode",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unknown TrustedStoreLocation
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606");
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateTrustedStoreLocation", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateTrustedStoreLocation",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unbale to create type
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10613", inner: typeof(TypeLoadException));
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidator", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateValidatorType",
});
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidationMode", "http://www.gotJwt.com", xmlDocument)
{
Value = "Custom",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
}
public void SignatureProviderFactory_Tests()
{
SignatureProviderFactory factory = new SignatureProviderFactory();
// Asymmetric / Symmetric both need signature alg specified
FactoryCreateFor("Siging: - algorithm string.Empty", KeyingMaterial.AsymmetricKey_1024, string.Empty, factory, ExpectedException.ArgumentException());
FactoryCreateFor("Verifying: - algorithm string.Empty", KeyingMaterial.AsymmetricKey_1024, string.Empty, factory, ExpectedException.ArgumentException());
// Keytype not supported
FactoryCreateFor("Siging: - SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgumentException("IDX10600:"));
FactoryCreateFor("Verifying: - SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgumentException("IDX10600:"));
// Private keys missing
FactoryCreateFor("Siging: - SecurityKey without private key", KeyingMaterial.DefaultAsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.InvalidOperationException(substringExpected: "IDX10614:", inner: typeof(NotSupportedException)));
FactoryCreateFor("Verifying: - SecurityKey without private key", KeyingMaterial.DefaultAsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.NoExceptionExpected);
// Key size checks
FactoryCreateFor("Siging: - AsymmetricKeySize Key to small", KeyingMaterial.AsymmetricKey_1024, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10630:"));
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = 2048;
FactoryCreateFor("Verifying: - AsymmetricKeySize Key to small", KeyingMaterial.AsymmetricKey_1024, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10631:"));
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying;
SignatureProviderFactory.MinimumSymmetricKeySizeInBits = 512;
FactoryCreateFor("Siging: - SymmetricKeySize Key to small", KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10603:"));
FactoryCreateFor("Verifying: - SymmetricKeySize Key to small", KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10603"));
SignatureProviderFactory.MinimumSymmetricKeySizeInBits = SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits;
ExpectedException expectedException = ExpectedException.ArgumentOutOfRangeException("IDX10613:");
// setting keys too small
try
{
Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning < AbsoluteMinimumAsymmetricKeySizeInBitsForSigning"));
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning - 10;
expectedException.ProcessNoException();
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning;
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
expectedException = ExpectedException.ArgumentOutOfRangeException("IDX10627:");
try
{
Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying < AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying"));
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying - 10;
expectedException.ProcessNoException();
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
expectedException = ExpectedException.ArgumentOutOfRangeException("IDX10628:");
try
{
Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumSymmetricKeySizeInBits < AbsoluteMinimumSymmetricKeySizeInBits"));
SignatureProviderFactory.MinimumSymmetricKeySizeInBits = SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits - 10;
expectedException.ProcessNoException();
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
public static void BuildExpectedRequirements()
{
RequirementVariations = new List <ExpectedJwtSecurityTokenRequirement>();
// Empty Element
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: "<>", expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
// unknown element
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue("UnknownElement", "@http://AllItemsSet/nameClaim"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10611")));
// element.Localname empty
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue("", "@http://AllItemsSet/nameClaim"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
// Element attribute name is not 'value'
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "6000", attributeValue: "NOTvalue"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10610:")));
// Attribute name empty
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(attributeEx1: Attribute("", AttributeValues.X509CertificateValidationModeChainTrust), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
// Attribute value empty
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(attributeEx1: Attribute(Attributes.ValidationMode, ""), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10600", inner: typeof(InvalidOperationException))));
// Multiple Attributes
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.NameClaimType, "Bob", count: 2), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10609")));
// No Attributes
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.NameClaimType, "Bob", count: 0), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10607")));
// for each variation, make sure a validator is created.
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.NoCheck, storeLoc: StoreLocation.CurrentUser, certMode: X509CertificateValidationMode.ChainTrust, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.Offline, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.Online, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.ChainTrust, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.Custom, expectedException: ExpectedException.ConfigurationErrorsException("Jwt10612")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.None, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerOrChainTrust, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerTrust, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(storeLoc: StoreLocation.CurrentUser, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(storeLoc: StoreLocation.LocalMachine, expectedException: ExpectedException.NoExceptionExpected));
// Error Conditions - lifetime
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(life: 0, expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "-1"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "abc"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(FormatException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "15372286729"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(OverflowException))));
// Error Conditions - tokensSize
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 0, expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "-1"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "abc"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(FormatException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "4294967296"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(OverflowException))));
// Duplicate Elements, we have to catch them.
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, revMode: X509RevocationMode.NoCheck, elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, revMode: X509RevocationMode.NoCheck, elementEx3: ElementValue(Elements.MaxTokenSizeInBytes, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim", revMode: X509RevocationMode.NoCheck, elementEx3: ElementValue(Elements.NameClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim", revMode: X509RevocationMode.NoCheck, elementEx5: ElementValue(Elements.NameClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim", revMode: X509RevocationMode.NoCheck, elementEx3: ElementValue(Elements.RoleClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim", revMode: X509RevocationMode.NoCheck, elementEx6: ElementValue(Elements.RoleClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(clock: 15, certMode: X509CertificateValidationMode.PeerTrust, elementEx1: ElementValue(Elements.MaxClockSkewInMinutes, "5"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(clock: 15, revMode: X509RevocationMode.NoCheck, elementEx2: ElementValue(Elements.MaxClockSkewInMinutes, "5"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(life: 1000, revMode: X509RevocationMode.NoCheck, elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "60"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(life: 1000, revMode: X509RevocationMode.NoCheck, elementEx4: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "60"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
// Duplicate Attributes, System.Configuration will catch them.
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.NoCheck, attributeEx1: Attribute(Attributes.RevocationMode, AttributeValues.X509RevocationModeNoCheck.ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerTrust, attributeEx2: Attribute(Attributes.ValidationMode, AttributeValues.X509CertificateValidationModeNone.ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(storeLoc: StoreLocation.LocalMachine, attributeEx4: Attribute(Attributes.TrustedStoreLocation, StoreLocation.LocalMachine.ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(cert: new AlwaysSucceedCertificateValidator(), attributeEx1: Attribute(Attributes.Validator, typeof(AlwaysSucceedCertificateValidator).ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
// certificate validator *40
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.Custom, cert: new AlwaysSucceedCertificateValidator()));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 2147483647));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim"));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim"));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(cert: new AlwaysSucceedCertificateValidator(), expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(clock: 15));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim"));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(cert: new AlwaysSucceedCertificateValidator(), clock: 15, expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim", clock: 15));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim", clock: 15, cert: new AlwaysSucceedCertificateValidator(), certMode: X509CertificateValidationMode.Custom));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim", clock: 15, cert: new AlwaysSucceedCertificateValidator(), expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim", cert: new AlwaysSucceedCertificateValidator(), clock: 15, certMode: X509CertificateValidationMode.Custom));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerTrust, cert: new AlwaysSucceedCertificateValidator(), expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619")));
}
private void SignatureProvider_SignVariation(SignatureProvider provider, byte[] bytes, byte[] signature, ExpectedException expectedException)
{
try
{
provider.Sign(bytes);
expectedException.ProcessNoException();
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
private void SymmetricSignatureProvider_ConstructorVariation(string testcase, SymmetricSecurityKey key, string algorithm, ExpectedException expectedException)
{
Console.WriteLine(string.Format("Testcase: '{0}'", testcase));
SymmetricSignatureProvider provider = null;
try
{
if (testcase.StartsWith("Signing"))
{
provider = new SymmetricSignatureProvider(key, algorithm);
}
else
{
provider = new SymmetricSignatureProvider(key, algorithm);
}
expectedException.ProcessNoException();
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
public void SymmetricSignatureProvider_ConstructorTests()
{
// no errors
SymmetricSignatureProvider_ConstructorVariation("Creates with no errors", KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, ExpectedException.NoExceptionExpected);
// null, empty algorithm digest
SymmetricSignatureProvider_ConstructorVariation("Constructor: - NUll key", null, SecurityAlgorithms.HmacSha256Signature, ExpectedException.ArgumentNullException());
SymmetricSignatureProvider_ConstructorVariation("Constructor: - algorithm == string.Empty", KeyingMaterial.DefaultSymmetricSecurityKey_256, string.Empty, ExpectedException.ArgumentException());
// GetKeyedHashAlgorithm throws
SymmetricSecurityKey key = new FaultingSymmetricSecurityKey(KeyingMaterial.DefaultSymmetricSecurityKey_256, new CryptographicException("hi from inner"));
SymmetricSignatureProvider_ConstructorVariation("Constructor: - SecurityKey.GetKeyedHashAlgorithm throws", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOperationException("IDX10632:", typeof(CryptographicException)));
// Key returns null KeyedHash
key = new FaultingSymmetricSecurityKey(KeyingMaterial.DefaultSymmetricSecurityKey_256, null);
SymmetricSignatureProvider_ConstructorVariation("Constructor: - SecurityKey returns null KeyedHashAlgorithm", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOperationException("IDX10633:"));
//_keyedHash.Key = _key.GetSymmetricKey() is null;
KeyedHashAlgorithm keyedHashAlgorithm = KeyingMaterial.DefaultSymmetricSecurityKey_256.GetKeyedHashAlgorithm(SecurityAlgorithms.HmacSha256Signature);
key = new FaultingSymmetricSecurityKey(KeyingMaterial.DefaultSymmetricSecurityKey_256, null, null, keyedHashAlgorithm, null);
SymmetricSignatureProvider_ConstructorVariation("Constructor: - key returns null bytes to pass to _keyedHashKey", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOperationException("IDX10634:", typeof(NullReferenceException)));
}
public void AsymmetricSignatureProvider_Constructor()
{
AsymmetricSecurityKey privateKey = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey;
AsymmetricSecurityKey publicKey = KeyingMaterial.DefaultX509SigningCreds_Public_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey;
string sha2SignatureAlgorithm = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm;
// no errors
AsymmetricConstructorVariation("Signing: - Creates with no errors", privateKey, sha2SignatureAlgorithm, expectedException: ExpectedException.NoExceptionExpected);
AsymmetricConstructorVariation("Verifying: - Creates with no errors (Private Key)", privateKey, sha2SignatureAlgorithm, expectedException: ExpectedException.NoExceptionExpected);
AsymmetricConstructorVariation("Verifying: - Creates with no errors (Public Key)", publicKey, sha2SignatureAlgorithm, expectedException: ExpectedException.NoExceptionExpected);
// null, empty algorithm digest
AsymmetricConstructorVariation("Signing: - NUll key", null, sha2SignatureAlgorithm, expectedException: ExpectedException.ArgumentNullException());
AsymmetricConstructorVariation("Signing: - SignatureAlorithm == null", privateKey, null, expectedException: ExpectedException.ArgumentNullException());
AsymmetricConstructorVariation("Signing: - SignatureAlorithm == whitespace", privateKey, " ", expectedException: ExpectedException.ArgumentException("IDX10002"));
// Private keys missing
AsymmetricConstructorVariation("Signing: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, expectedException: ExpectedException.InvalidOperationException(inner: typeof(NotSupportedException)));
AsymmetricConstructorVariation("Verifying: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, expectedException: ExpectedException.NoExceptionExpected);
// _formatter not created
AsymmetricConstructorVariation("Signing: - key cannot create _formatter", KeyingMaterial.DefaultAsymmetricKey_2048, "SecurityAlgorithms.RsaSha256Signature", expectedException: ExpectedException.InvalidOperationException(substringExpected: "IDX10618", inner: typeof(NotSupportedException)));
// _deformatter not created
AsymmetricConstructorVariation("Verifying: - key cannot create _deformatter", KeyingMaterial.DefaultAsymmetricKey_Public_2048, "SecurityAlgorithms.RsaSha256Signature", expectedException: ExpectedException.InvalidOperationException(substringExpected: "IDX10618", inner: typeof(NotSupportedException)));
Console.WriteLine("Test missing: key.GetHashAlgorithmForSignature( signingCredentials.SignatureAlgorithm );"); //TODO: Should this be fixed?
}
private void FactoryCreateFor(string testcase, SecurityKey key, string algorithm, SignatureProviderFactory factory, ExpectedException expectedException)
{
Console.WriteLine(string.Format("Testcase: '{0}'", testcase));
try
{
if (testcase.StartsWith("Siging"))
{
factory.CreateForSigning(key, algorithm);
}
else
{
factory.CreateForVerifying(key, algorithm);
}
expectedException.ProcessNoException();
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
