public void WhenSecretOrCanonicalIsNullOrEmptyThenEmpty()
{
var hmacBuilder = new ABServiciosHmacBuilder();
hmacBuilder.GetSignature(null, "something").Should().Be.Empty();
hmacBuilder.GetSignature("something", null).Should().Be.Empty();
}
public HmacSigningHandler()
{
hmacb = new ABServiciosHmacBuilder();
// a los clientes tendremos que darles appkey y secret en este formato
appKey = new Guid("76d82836-b81a-49d0-ab07-b00e202ee001").ToString("N");
appSecret = new Guid("9fd8b6fa-2a68-4a68-b9c7-5a3174daeddc").ToString("N");
}
public void CanonicalMessageMustContainsRequestUrlPathAndQuery()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something/ToDo?p=izza");
var hmacBuilder = new ABServiciosHmacBuilder();
IEnumerable <string> canonicalizedString = hmacBuilder.GetCanonicalParts(request);
canonicalizedString.Should().Contain("/something/ToDo?p=izza");
}
public void WhenDateIsNotAvailableThenNoValid()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
var hmacBuilder = new ABServiciosHmacBuilder();
bool isValid = hmacBuilder.IsDateValid(request.Headers);
isValid.Should().Be(false);
}
public void CanonicalMessageMustContainsRestVerbPost()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
var hmacBuilder = new ABServiciosHmacBuilder();
IEnumerable <string> canonicalizedString = hmacBuilder.GetCanonicalParts(request);
canonicalizedString.Should().Contain(request.Method.Method);
}
public void WhenSecretIsNullThenEmpty()
{
var hmacBuilder = new ABServiciosHmacBuilder();
string secret = null;
string canonicalizedMessage = null;
string signature = hmacBuilder.GetSignature(secret, canonicalizedMessage);
signature.Should().Be.Empty();
}
public void CanonicalMessageMustContainsEmptyWhenContentMd5NotAvailable()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
request.Content = new StringContent("Hello world!");
var hmacBuilder = new ABServiciosHmacBuilder();
IEnumerable <string> canonicalizedString = hmacBuilder.GetCanonicalParts(request);
canonicalizedString.Should().Contain(string.Empty);
}
public void WhenCustomDateMoreThan15MinutesAwayThenNoValid()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
DateTime now = DateTime.UtcNow.AddMinutes(20);
request.Headers.Add("X-ABS-Date", now.ToString("r", CultureInfo.InvariantCulture));
var hmacBuilder = new ABServiciosHmacBuilder();
bool isValid = hmacBuilder.IsDateValid(request.Headers);
isValid.Should().Be(false);
}
public void WhenDateNoMoreThan15MinutesAwayThenValid()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
DateTime now = DateTime.UtcNow;
request.Headers.Date = now;
var hmacBuilder = new ABServiciosHmacBuilder();
bool isValid = hmacBuilder.IsDateValid(request.Headers);
isValid.Should().Be(true);
}
public void WhenCredentialsHasTwoSeparetorsThenRecognize()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
request.Headers.Authorization = new AuthenticationHeaderValue("ABS-H", "APP-KEY:Signature:pepe");
var hmacBuilder = new ABServiciosHmacBuilder();
KeyValuePair <string, string> appSignature = hmacBuilder.GetCredentials(request.Headers.Authorization);
appSignature.Key.Should().Be("APP-KEY");
appSignature.Value.Should().Be("Signature:pepe");
}
public void CanonicalMessageMustContainsContentType()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
request.Content = new StringContent("Hello world!");
request.Content.Headers.ContentType = new MediaTypeHeaderValue("text/plain");
var hmacBuilder = new ABServiciosHmacBuilder();
IEnumerable <string> canonicalizedString = hmacBuilder.GetCanonicalParts(request);
canonicalizedString.Should().Contain("text/plain");
}
public void WhenCredentialHasOnePartsThenNotRecognize()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
request.Headers.Authorization = new AuthenticationHeaderValue("ABS-H", "pizza");
var hmacBuilder = new ABServiciosHmacBuilder();
KeyValuePair <string, string> appSignature = hmacBuilder.GetCredentials(request.Headers.Authorization);
appSignature.Key.Should().Be.NullOrEmpty();
appSignature.Value.Should().Be.NullOrEmpty();
}
public void CanonicalMessageMustContainsCustomDateValueFormattedRFC1123WhenAvailable()
{
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.18
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
DateTime now = DateTime.UtcNow;
request.Headers.Add("X-ABS-Date", now.ToString("r", CultureInfo.InvariantCulture));
var hmacBuilder = new ABServiciosHmacBuilder();
IEnumerable <string> canonicalizedString = hmacBuilder.GetCanonicalParts(request);
canonicalizedString.Should().Contain(string.Format("{0}:{1}", "x-abs-date", now.ToString("r", CultureInfo.InvariantCulture)));
}
public void CanonicalMessageMustContainsContentMd5WhenAvailable()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
string md5 = "c8fdb181845a4ca6b8fec737b3581d76";
request.Content = new StringContent("Hello world!");
request.Content.Headers.Add("Content-MD5", md5);
var hmacBuilder = new ABServiciosHmacBuilder();
IEnumerable <string> canonicalizedString = hmacBuilder.GetCanonicalParts(request);
canonicalizedString.Should().Contain(md5);
}
public void CanonicalMessageMustContainsAllCanonicalizedCustomValuesWhenAvailables()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something");
request.Headers.Add("X-ABS-V1", "Pizza Calda");
request.Headers.Add("X-ABS-UpdAndDown", "al kiosco");
request.Headers.Add("X-ABS-A1", "renzo");
request.Headers.Add("X-ABS-A2", new[] { "valu2", "value1 " });
var hmacBuilder = new ABServiciosHmacBuilder();
IEnumerable <string> canonicalizedString = hmacBuilder.GetCanonicalParts(request).ToList();
canonicalizedString.Should().Contain("x-abs-v1:Pizza Calda");
canonicalizedString.Should().Contain("x-abs-updanddown:al kiosco");
canonicalizedString.Should().Contain("x-abs-a1:renzo");
canonicalizedString.Should().Contain("x-abs-a2:valu2,value1");
}
public void WhenSecretAndCanonicalAreValidThenUseSHA256AndBase64Encoded()
{
// valor de referencia tomado desde acá
//http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
string secret = "key";
string canonicalizedMessage = "The quick brown fox jumps over the lazy dog";
var hmacBuilder = new ABServiciosHmacBuilder();
string signature = hmacBuilder.GetSignature(secret, canonicalizedMessage);
var hex = "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8";
var hexBytes = Enumerable.Range(0, hex.Length)
.Where(x => x % 2 == 0)
.Select(x => Convert.ToByte(hex.Substring(x, 2), 16))
.ToArray();
var base64Encoded = Convert.ToBase64String(hexBytes);
signature.Should().Be(base64Encoded);
}
public void CanonicalMessageMustEmptyInSpecificPositionWhenNotContainsMd5()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something/ToDo?p=izza");
DateTime now = DateTime.UtcNow;
request.Headers.Add("X-ABS-V1", "Pizza Calda");
request.Headers.Add("X-ABS-UpdAndDown", "al kiosco");
request.Headers.Add("X-ABS-A1", "renzo");
request.Headers.Add("X-ABS-A2", new[] { "valu2", "value1 " });
request.Headers.Date = now.AddDays(5);
request.Content = new StringContent("Hello world!");
request.Content.Headers.ContentType = new MediaTypeHeaderValue("text/plain");
var hmacBuilder = new ABServiciosHmacBuilder();
IEnumerable <string> canonicalizedString = hmacBuilder.GetCanonicalParts(request);
canonicalizedString.Should().Have.SameSequenceAs("GET", "", "text/plain", now.AddDays(5).ToString("r", CultureInfo.InvariantCulture), "x-abs-a1:renzo", "x-abs-a2:valu2,value1", "x-abs-updanddown:al kiosco", "x-abs-v1:Pizza Calda", "/something/ToDo?p=izza");
}
public void CanonicalMessageMustContainsNewLineInSpecificOrderWhenContainDateAndCustomDate()
{
//REST verb, content-md5 value when present, content-type value, date value, canonicalized x-abs headers, and the resource (URI)
var request = new HttpRequestMessage(HttpMethod.Get, "http://www.acme.com/something/ToDo?p=izza");
DateTime now = DateTime.UtcNow;
request.Headers.Add("X-ABS-Date", now.ToString("r", CultureInfo.InvariantCulture));
request.Headers.Add("X-ABS-A1", "renzo");
request.Headers.Add("X-ABS-A2", new[] { "valu2", "value1 " });
request.Headers.Date = now.AddDays(5);
string md5 = "c8fdb181845a4ca6b8fec737b3581d76";
request.Content = new StringContent("Hello world!");
request.Content.Headers.Add("Content-MD5", md5);
request.Content.Headers.ContentType = new MediaTypeHeaderValue("text/plain");
var hmacBuilder = new ABServiciosHmacBuilder();
IEnumerable <string> canonicalizedString = hmacBuilder.GetCanonicalParts(request);
canonicalizedString.Should().Have.SameSequenceAs("GET", "c8fdb181845a4ca6b8fec737b3581d76", "text/plain", "", "x-abs-a1:renzo", "x-abs-a2:valu2,value1", "x-abs-date:" + now.ToString("r", CultureInfo.InvariantCulture), "/something/ToDo?p=izza");
}
public void WhenSecretAndCanonicalAreNotEmptyThenNoEmpty()
{
var hmacBuilder = new ABServiciosHmacBuilder();
hmacBuilder.GetSignature("something", "something").Should().Not.Be.Empty();
}