public void JwtSecurityTokenRequirement_Constructor()
{
// This class is a bit thin, most of the tests are in JwtConfigTests, just added a couple of missed cases that are easy to code directly.
// *** null param
JwtSecurityTokenRequirement JwtSecurityTokenRequirement;
ExpectedException expectedException = new ExpectedException(typeExpected: typeof(ArgumentNullException), substringExpected: "element");
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(null);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** wrong namespace
XmlDocument xmlDocument = new XmlDocument();
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10601");
XmlElement xmlElement = new CustomXmlElement("prefix", "localName", "http://www.gotJwt.com", xmlDocument);
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unknown X509RevocationMode
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606");
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateRevocationMode", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateRevocationMode",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unknown ValidationMode
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606");
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidationMode", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateValidationMode",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unknown TrustedStoreLocation
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10606");
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateTrustedStoreLocation", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateTrustedStoreLocation",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
// *** unbale to create type
expectedException = ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10613", inner: typeof(TypeLoadException));
xmlElement = new CustomXmlElement("prefix", "jwtSecurityTokenRequirement", "http://www.gotJwt.com", xmlDocument);
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidator", "http://www.gotJwt.com", xmlDocument)
{
Value = "UnKnown:issuerCertificateValidatorType",
});
xmlElement.Attributes.Append(new CustomXmlAttribute("prefix", "issuerCertificateValidationMode", "http://www.gotJwt.com", xmlDocument)
{
Value = "Custom",
});
try
{
JwtSecurityTokenRequirement = new JwtSecurityTokenRequirement(xmlElement);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
}
public static void BuildExpectedRequirements()
{
RequirementVariations = new List <ExpectedJwtSecurityTokenRequirement>();
// Empty Element
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: "<>", expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
// unknown element
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue("UnknownElement", "@http://AllItemsSet/nameClaim"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10611")));
// element.Localname empty
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue("", "@http://AllItemsSet/nameClaim"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
// Element attribute name is not 'value'
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "6000", attributeValue: "NOTvalue"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10610:")));
// Attribute name empty
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(attributeEx1: Attribute("", AttributeValues.X509CertificateValidationModeChainTrust), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
// Attribute value empty
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(attributeEx1: Attribute(Attributes.ValidationMode, ""), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10600", inner: typeof(InvalidOperationException))));
// Multiple Attributes
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.NameClaimType, "Bob", count: 2), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10609")));
// No Attributes
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.NameClaimType, "Bob", count: 0), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10607")));
// for each variation, make sure a validator is created.
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.NoCheck, storeLoc: StoreLocation.CurrentUser, certMode: X509CertificateValidationMode.ChainTrust, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.Offline, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.Online, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.ChainTrust, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.Custom, expectedException: ExpectedException.ConfigurationErrorsException("Jwt10612")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.None, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerOrChainTrust, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerTrust, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(storeLoc: StoreLocation.CurrentUser, expectedException: ExpectedException.NoExceptionExpected));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(storeLoc: StoreLocation.LocalMachine, expectedException: ExpectedException.NoExceptionExpected));
// Error Conditions - lifetime
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(life: 0, expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "-1"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "abc"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(FormatException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "15372286729"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(OverflowException))));
// Error Conditions - tokensSize
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 0, expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "-1"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(ArgumentOutOfRangeException), substringExpected: "Jwt10603")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "abc"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(FormatException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "4294967296"), expectedException: ExpectedException.ConfigurationErrorsException(inner: typeof(OverflowException))));
// Duplicate Elements, we have to catch them.
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, revMode: X509RevocationMode.NoCheck, elementEx1: ElementValue(Elements.MaxTokenSizeInBytes, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, revMode: X509RevocationMode.NoCheck, elementEx3: ElementValue(Elements.MaxTokenSizeInBytes, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim", revMode: X509RevocationMode.NoCheck, elementEx3: ElementValue(Elements.NameClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim", revMode: X509RevocationMode.NoCheck, elementEx5: ElementValue(Elements.NameClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim", revMode: X509RevocationMode.NoCheck, elementEx3: ElementValue(Elements.RoleClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim", revMode: X509RevocationMode.NoCheck, elementEx6: ElementValue(Elements.RoleClaimType, "1024"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(clock: 15, certMode: X509CertificateValidationMode.PeerTrust, elementEx1: ElementValue(Elements.MaxClockSkewInMinutes, "5"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(clock: 15, revMode: X509RevocationMode.NoCheck, elementEx2: ElementValue(Elements.MaxClockSkewInMinutes, "5"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(life: 1000, revMode: X509RevocationMode.NoCheck, elementEx1: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "60"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(life: 1000, revMode: X509RevocationMode.NoCheck, elementEx4: ElementValue(Elements.DefaultTokenLifetimeInMinutes, "60"), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "Jwt10616")));
// Duplicate Attributes, System.Configuration will catch them.
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(revMode: X509RevocationMode.NoCheck, attributeEx1: Attribute(Attributes.RevocationMode, AttributeValues.X509RevocationModeNoCheck.ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerTrust, attributeEx2: Attribute(Attributes.ValidationMode, AttributeValues.X509CertificateValidationModeNone.ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(storeLoc: StoreLocation.LocalMachine, attributeEx4: Attribute(Attributes.TrustedStoreLocation, StoreLocation.LocalMachine.ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(cert: new AlwaysSucceedCertificateValidator(), attributeEx1: Attribute(Attributes.Validator, typeof(AlwaysSucceedCertificateValidator).ToString()), expectedException: ExpectedException.ConfigurationErrorsException(substringExpected: "initialize", inner: typeof(ConfigurationErrorsException))));
// certificate validator *40
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.Custom, cert: new AlwaysSucceedCertificateValidator()));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 2147483647));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim"));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim"));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(cert: new AlwaysSucceedCertificateValidator(), expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(clock: 15));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim"));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(cert: new AlwaysSucceedCertificateValidator(), clock: 15, expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim", clock: 15));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim", clock: 15, cert: new AlwaysSucceedCertificateValidator(), certMode: X509CertificateValidationMode.Custom));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(tokenSize: 1000, name: @"http://AllItemsSet/nameClaim", role: @"http://AllItemsSet/roleClaim", clock: 15, cert: new AlwaysSucceedCertificateValidator(), expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619")));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(role: @"http://AllItemsSet/roleClaim", cert: new AlwaysSucceedCertificateValidator(), clock: 15, certMode: X509CertificateValidationMode.Custom));
RequirementVariations.Add(new ExpectedJwtSecurityTokenRequirement(certMode: X509CertificateValidationMode.PeerTrust, cert: new AlwaysSucceedCertificateValidator(), expectedException: ExpectedException.ConfigurationErrorsException("Jwt10619")));
}
