private List <JwtSecurityTokenTestVariation> JwtConstructionParamsVariations()
{
List <JwtSecurityTokenTestVariation> constructionParams = new List <JwtSecurityTokenTestVariation>()
{
new JwtSecurityTokenTestVariation
{
Name = "ClaimsSet with all Reserved claim types, ensures that users can add as they see fit",
Claims = ClaimSets.AllReserved,
ExpectedException = ExpectedException.Null,
},
new JwtSecurityTokenTestVariation
{
Name = "All null params",
Issuer = null,
Audience = null,
Claims = null,
SigningCredentials = null,
},
new JwtSecurityTokenTestVariation
{
Name = "ValidFrom > ValidTo, .Net datetime",
ValidFrom = DateTime.UtcNow + TimeSpan.FromHours(1),
ValidTo = DateTime.UtcNow,
ExpectedException = ExpectedException.ArgEx(id: "ID2000"),
},
new JwtSecurityTokenTestVariation
{
Name = "ValidFrom > ValidTo, UnixEpoch - 1 ms",
ValidTo = EpochTime.UnixEpoch - TimeSpan.FromMilliseconds(1),
ValidFrom = DateTime.UtcNow,
ExpectedException = ExpectedException.ArgEx(id: "ID2000"),
},
new JwtSecurityTokenTestVariation
{
Name = "ValidFrom > ValidTo, UnixEpoch - 1 s",
ValidTo = EpochTime.UnixEpoch - TimeSpan.FromSeconds(1),
ValidFrom = DateTime.UtcNow,
ExpectedException = ExpectedException.ArgEx(id: "ID2000"),
},
new JwtSecurityTokenTestVariation
{
Name = "ValidFrom == DateItime.MinValue",
ValidFrom = DateTime.MinValue,
ValidTo = DateTime.UtcNow,
},
};
return(constructionParams);
}
public void SignatureProviderFactoryTests()
{
SignatureProviderFactory factory = new SignatureProviderFactory();
// Asymmetric / Symmetric both need signature alg specified
FactoryCreateFor("Siging: - algorithm string.Empty", KeyingMaterial.AsymmetricKey_1024, string.Empty, factory, ExpectedException.ArgEx());
FactoryCreateFor("Verifying: - algorithm string.Empty", KeyingMaterial.AsymmetricKey_1024, string.Empty, factory, ExpectedException.ArgEx());
// Keytype not supported
FactoryCreateFor("Siging: - SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgEx("Jwt10500"));
FactoryCreateFor("Verifying: - SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgEx("Jwt10500"));
// Private keys missing
FactoryCreateFor("Siging: - SecurityKey without private key", KeyingMaterial.AsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.InvalidOp());
FactoryCreateFor("Verifying: - SecurityKey without private key", KeyingMaterial.AsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.Null);
// Key size checks
FactoryCreateFor("Siging: - AsymmetricKeySize Key to small", KeyingMaterial.AsymmetricKey_1024, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgRange("Jwt10530"));
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = 2048;
FactoryCreateFor("Verifying: - AsymmetricKeySize Key to small", KeyingMaterial.AsymmetricKey_1024, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgRange("Jwt10531"));
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying;
SignatureProviderFactory.MinimumSymmetricKeySizeInBits = 512;
FactoryCreateFor("Siging: - SymmetricKeySize Key to small", KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgRange("Jwt10503"));
FactoryCreateFor("Verifying: - SymmetricKeySize Key to small", KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgRange("Jwt10503"));
SignatureProviderFactory.MinimumSymmetricKeySizeInBits = SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits;
// setting keys too small
try
{
Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning < AbsoluteMinimumAsymmetricKeySizeInBitsForSigning"));
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning - 10;
Assert.Fail(string.Format("Expected exception: '{0}'", typeof(ArgumentOutOfRangeException)));
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning;
}
catch (Exception ex)
{
ExpectedException.ProcessException(ExpectedException.ArgRange("Jwt10513"), ex);
}
try
{
Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying < AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying"));
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying - 10;
Assert.Fail(string.Format("Expected exception: '{0}'", typeof(ArgumentOutOfRangeException)));
}
catch (Exception ex)
{
ExpectedException.ProcessException(ExpectedException.ArgRange("Jwt10527"), ex);
}
try
{
Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumSymmetricKeySizeInBits < AbsoluteMinimumSymmetricKeySizeInBits"));
SignatureProviderFactory.MinimumSymmetricKeySizeInBits = SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits - 10;
Assert.Fail(string.Format("Expected exception: '{0}'", typeof(ArgumentOutOfRangeException)));
}
catch (Exception ex)
{
ExpectedException.ProcessException(ExpectedException.ArgRange("Jwt10528"), ex);
}
}
public void SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking()
{
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.SymmetricSigningCreds_256_Sha2.SigningKey as SymmetricSecurityKey, KeyingMaterial.SymmetricSigningCreds_256_Sha2.SignatureAlgorithm);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - null input", provider, null, null, ExpectedException.ArgNull);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - 0 bytes", provider, new byte[0], null, ExpectedException.ArgEx("Jwt10524"));
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - 1 byte", provider, new byte[1], null, ExpectedException.Null);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - null input", provider, null, null, ExpectedException.ArgNull);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - null signature", provider, new byte[0], null, ExpectedException.ArgNull);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - 0 bytes input", provider, new byte[0], new byte[0], ExpectedException.ArgEx("Jwt10525"));
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - 0 bytes signature", provider, new byte[1], new byte[0], ExpectedException.ArgEx("Jwt10526"));
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - 1 byte", provider, new byte[1], new byte[1], ExpectedException.Null);
provider.Dispose();
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - dispose", provider, new byte[1], new byte[1], ExpectedException.ObjDisp);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - dispose", provider, new byte[1], new byte[1], ExpectedException.ObjDisp);
}
public void SymmetricSignatureProviderTests_Constructor()
{
// no errors
SymmetricSignatureProviderTests_Constructor("Creates with no errors", KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature);
// null, empty algorithm digest
SymmetricSignatureProviderTests_Constructor("Constructor: - NUll key", null, SecurityAlgorithms.HmacSha256Signature, ExpectedException.ArgNull);
SymmetricSignatureProviderTests_Constructor("Constructor: - algorithm == string.Empty", KeyingMaterial.SymmetricSecurityKey_256, string.Empty, ExpectedException.ArgEx());
// GetKeyedHashAlgorithm throws
Exception innerException = new CryptographicException("hi from inner");
SymmetricSecurityKey key = new FaultingSymmetricSecurityKey(KeyingMaterial.SymmetricSecurityKey_256, innerException);
SymmetricSignatureProviderTests_Constructor("Constructor: - SecurityKey.GetKeyedHashAlgorithm throws", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOp("Jwt10532", innerException));
// Key returns null KeyedHash
key = new FaultingSymmetricSecurityKey(KeyingMaterial.SymmetricSecurityKey_256, null);
SymmetricSignatureProviderTests_Constructor("Constructor: - SecurityKey returns null KeyedHashAlgorithm", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOp("Jwt10533"));
//_keyedHash.Key = _key.GetSymmetricKey() is null;
KeyedHashAlgorithm keyedHashAlgorithm = KeyingMaterial.SymmetricSecurityKey_256.GetKeyedHashAlgorithm(SecurityAlgorithms.HmacSha256Signature);
key = new FaultingSymmetricSecurityKey(KeyingMaterial.SymmetricSecurityKey_256, null, null, keyedHashAlgorithm, null);
SymmetricSignatureProviderTests_Constructor("Constructor: - key returns null bytes to pass to _keyedHashKey", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOp("Jwt10534", new NullReferenceException()));
}
public void AsymmetricSignatureProvider_Sign_Verify_ParameterChecking()
{
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm);
Provider_Sign_Verify_ParameterChecking("Sign - null 'input'", provider, null, null, ExpectedException.ArgNull);
Provider_Sign_Verify_ParameterChecking("Sign - zero bytes 'input'", provider, new byte[0], null, ExpectedException.ArgEx("Jwt10524"));
Provider_Sign_Verify_ParameterChecking("Sign - _formatter will be null since provider wasn't created with willBeUsedForSigning == true", provider, new byte[1], null, ExpectedException.InvalidOp("Jwt10520"));
Provider_Sign_Verify_ParameterChecking("Verify - null 'input'", provider, null, null, ExpectedException.ArgNull);
Provider_Sign_Verify_ParameterChecking("Verify - null 'signature'", provider, new byte[1], null, ExpectedException.ArgNull);
Provider_Sign_Verify_ParameterChecking("Verify - 'input' zero bytes", provider, new byte[0], new byte[1], ExpectedException.ArgEx("Jwt10525"));
Provider_Sign_Verify_ParameterChecking("Verify - 'signature' zero bytes", provider, new byte[1], new byte[0], ExpectedException.ArgEx("Jwt10526"));
}
public void AsymmetricSignatureProvider_ConstructorTests()
{
AsymmetricSecurityKey privateKey = KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey;
AsymmetricSecurityKey publicKey = KeyingMaterial.X509SigningCreds_Public_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey;
string sha2SignatureAlgorithm = KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm;
// no errors
AsymmetricConstructor_Test("Signing: - Creates with no errors", privateKey, sha2SignatureAlgorithm);
AsymmetricConstructor_Test("Verifying: - Creates with no errors (Private Key)", privateKey, sha2SignatureAlgorithm);
AsymmetricConstructor_Test("Verifying: - Creates with no errors (Public Key)", publicKey, sha2SignatureAlgorithm);
// null, empty algorithm digest
AsymmetricConstructor_Test("Signing: - NUll key", null, sha2SignatureAlgorithm, ExpectedException.ArgNull);
AsymmetricConstructor_Test("Signing: - SignatureAlorithm == null", privateKey, null, ExpectedException.ArgNull);
AsymmetricConstructor_Test("Signing: - SignatureAlorithm == whitespace", privateKey, " ", ExpectedException.ArgEx("WIF10002"));
// Private keys missing
AsymmetricConstructor_Test("Signing: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, ExpectedException.InvalidOp());
AsymmetricConstructor_Test("Verifying: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, null);
// _formatter not created
AsymmetricConstructor_Test("Signing: - key cannot create _formatter", KeyingMaterial.AsymmetricKey_2048, "SecurityAlgorithms.RsaSha256Signature", ExpectedException.InvalidOp("Jwt10518"));
// _deformatter not created
AsymmetricConstructor_Test("Verifying: - key cannot create _deformatter", KeyingMaterial.AsymmetricKey_Public_2048, "SecurityAlgorithms.RsaSha256Signature", ExpectedException.InvalidOp("Jwt10518"));
Console.WriteLine("Test missing: key.GetHashAlgorithmForSignature( signingCredentials.SignatureAlgorithm );"); //TODO: Should this be fixed?
}
private List <JwtSecurityTokenTestVariation> JwtEncodedStringVariations()
{
string[] tokenParts = EncodedJwts.Asymmetric_LocalSts.Split('.');
List <JwtSecurityTokenTestVariation> variationsencodedStringParams = new List <JwtSecurityTokenTestVariation>()
{
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: InvalidPayloadFormat",
EncodedString = EncodedJwts.InvalidPayload,
ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: null",
EncodedString = null,
ExpectedException = ExpectedException.ArgNull,
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: string.Empty",
EncodedString = string.Empty,
ExpectedException = ExpectedException.ArgEx(id: "WIF10002"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: single character: '1'",
EncodedString = "1",
ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: two parts each a single character: '1.2'",
EncodedString = "1.2",
ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: header is not encoded properly: '123'",
EncodedString = string.Format("{0}.{1}.{2}", "123", tokenParts[1], tokenParts[2]),
ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: header is not encoded properly: '123=='",
EncodedString = string.Format("{0}.{1}.{2}", "123==", tokenParts[1], tokenParts[2]),
ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: payload is not encoded correctly: '123'",
EncodedString = string.Format("{1}.{0}.{2}", "123", tokenParts[0], tokenParts[2]),
ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: payload is not encoded properly: '123=='",
EncodedString = string.Format("{1}.{0}.{2}", "123==", tokenParts[0], tokenParts[2]),
ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"),
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: valid encoding, NO signature (JWT_AsymmetricSigned_AcsV2)",
EncodedString = string.Format("{0}.{1}.", tokenParts[0], tokenParts[1]),
ExpectedException = ExpectedException.Null,
},
new JwtSecurityTokenTestVariation
{
Name = "EncodedString: valid encoding, NO signature (JWT_AsymmetricSigned_AcsV2)",
EncodedString = string.Format("{0}.{1}.", tokenParts[0], tokenParts[1]),
ExpectedException = ExpectedException.Null,
},
};
return(variationsencodedStringParams);
}
