public ProfileService(IMediator mediator, ILogger <ProfileService> logger, IOptions <AnonymousTokensConfig> anonymousTokensConfig, IOptions <VerificationLimitConfig> verificationLimitConfig)
{
_mediator = mediator;
_logger = logger;
_verificationLimitConfig = verificationLimitConfig.Value;
_anonymousTokensConfig = anonymousTokensConfig.Value;
}
public void LoadMasterKeyBytes_MasterKeyCertNotFound_ThrowsException()
{
var options = new AnonymousTokensConfig
{
MasterKeyCertId = "key-id"
};
var automocker = new AutoMocker();
automocker.SetupOptions(options);
automocker
.Setup <ICertificateLocator, Task <Option <X509Certificate2> > >(x => x.GetCertificateAsync("key-id"))
.ReturnsAsync(Option.None <X509Certificate2>());
var target = automocker.CreateInstance <AnonymousTokenMasterKeyLoader>();
Assert.ThrowsAsync <AnonymousTokenMasterKeyLoaderException>(() => target.LoadMasterKeyBytes());
}
public async Task GetMasterKeyCertificate_GivenRsaCertificate_ReturnsPrivateKeyBytes()
{
var options = new AnonymousTokensConfig
{
MasterKeyCertId = "key-id"
};
var eccCert = CertUtils.GenerateTestRsaCert();
var automocker = new AutoMocker();
automocker.SetupOptions(options);
automocker
.Setup <ICertificateLocator, Task <Option <X509Certificate2> > >(x => x.GetCertificateAsync("key-id"))
.ReturnsAsync(eccCert.Some);
var target = automocker.CreateInstance <AnonymousTokenMasterKeyLoader>();
var result = await target.LoadMasterKeyBytes();
result.Should().NotBeNullOrEmpty();
}
public async Task Handle_GivenValidRequest_ShouldCreateResponseClientCanRandomizeAndUseForAuthorization()
{
//Arrange
var config = new AnonymousTokensConfig
{
Enabled = true,
CurveName = "P-256",
KeyRotationEnabled = true,
//MasterKeyCertId = "<your cert thumprint>", // uncomment to switch to use local certificate
KeyRotationInterval = TimeSpan.FromDays(3),
KeyRotationRollover = TimeSpan.FromHours(1)
};
var masterKey = new byte[256];
var automocker = new AutoMocker();
automocker
.SetupOptions(config);
automocker
.Use <IMemoryCache>(new MemoryCache(new MemoryCacheOptions()));
// comment to switch to use local certificate
automocker
.Setup <IAnonymousTokenMasterKeyLoader, Task <byte[]> >(x => x.LoadMasterKeyBytes())
.ReturnsAsync(masterKey);
// uncomment to switch to use local certificate
//automocker.Use<ICertificateLocator>(new LocalCertificateLocator());
//automocker.Use<IAnonymousTokenMasterKeyLoader>(automocker.CreateInstance<AnonymousTokenMasterKeyLoader>());
automocker
.Use <IAnonymousTokensKeyStore>(automocker.CreateInstance <AnonymousTokenKeyStore>());
automocker
.Use <ITokenGenerator>(new TokenGenerator());
automocker
.Setup <IAnonymousTokenIssueRecordRepository, Task <IEnumerable <AnonymousTokenIssueRecord> > >(x => x.RetrieveRecordsJwtToken(It.IsAny <string>()))
.Returns <string>(x => Task.FromResult(Enumerable.Empty <AnonymousTokenIssueRecord>()));
var targetA = automocker.CreateInstance <IssueAnonymousToken.Handler>();
//Act: Part 1 - Issue token
var ecParameters = CustomNamedCurves.GetByName("P-256");
var initiator = new Initiator();
var init = initiator.Initiate(ecParameters.Curve);
var tokenRequest = new IssueAnonymousToken.Command
{
JwtTokenId = "token-a",
JwtTokenExpiry = DateTime.Now.AddMinutes(10),
RequestData = new AnonymousTokenRequest
{
MaskedPoint = Convert.ToBase64String(init.P.GetEncoded())
}
};
var tokenResponse = (await targetA.Handle(tokenRequest, new CancellationToken())).ValueOrFailure();
tokenResponse.Should().NotBeNull();
//Act: Part 2 - Validate, randomize and create auth header
var targetB = automocker.CreateInstance <GetAnonymousTokenKeySet.Handler>();
var keysetResponse = await targetB.Handle(new GetAnonymousTokenKeySet.Query(), new CancellationToken());
var rawPublicKey = keysetResponse.Keys.First(x => x.Kid == tokenResponse.Kid);
var curve = CustomNamedCurves.GetByName(rawPublicKey.Crv);
var publicKey = curve.Curve.CreatePoint(
new BigInteger(Convert.FromBase64String(rawPublicKey.X)),
new BigInteger(Convert.FromBase64String(rawPublicKey.Y))
);
var signedPoint = ecParameters.Curve.DecodePoint(Convert.FromBase64String(tokenResponse.SignedPoint));
var proofChallenge = new BigInteger(Convert.FromBase64String(tokenResponse.ProofChallenge));
var proofResponse = new BigInteger(Convert.FromBase64String(tokenResponse.ProofResponse));
var randomizedToken = initiator.RandomiseToken(ecParameters, publicKey, init.P, signedPoint, proofChallenge, proofResponse, init.r);
var encodedToken = Convert.ToBase64String(randomizedToken.GetEncoded()) + "." + Convert.ToBase64String(init.t) + "." +
tokenResponse.Kid;
encodedToken.Should().NotBeNullOrEmpty();
}
