public ProfileService(IMediator mediator, ILogger <ProfileService> logger, IOptions <AnonymousTokensConfig> anonymousTokensConfig, IOptions <VerificationLimitConfig> verificationLimitConfig) { _mediator = mediator; _logger = logger; _verificationLimitConfig = verificationLimitConfig.Value; _anonymousTokensConfig = anonymousTokensConfig.Value; }
public void LoadMasterKeyBytes_MasterKeyCertNotFound_ThrowsException() { var options = new AnonymousTokensConfig { MasterKeyCertId = "key-id" }; var automocker = new AutoMocker(); automocker.SetupOptions(options); automocker .Setup <ICertificateLocator, Task <Option <X509Certificate2> > >(x => x.GetCertificateAsync("key-id")) .ReturnsAsync(Option.None <X509Certificate2>()); var target = automocker.CreateInstance <AnonymousTokenMasterKeyLoader>(); Assert.ThrowsAsync <AnonymousTokenMasterKeyLoaderException>(() => target.LoadMasterKeyBytes()); }
public async Task GetMasterKeyCertificate_GivenRsaCertificate_ReturnsPrivateKeyBytes() { var options = new AnonymousTokensConfig { MasterKeyCertId = "key-id" }; var eccCert = CertUtils.GenerateTestRsaCert(); var automocker = new AutoMocker(); automocker.SetupOptions(options); automocker .Setup <ICertificateLocator, Task <Option <X509Certificate2> > >(x => x.GetCertificateAsync("key-id")) .ReturnsAsync(eccCert.Some); var target = automocker.CreateInstance <AnonymousTokenMasterKeyLoader>(); var result = await target.LoadMasterKeyBytes(); result.Should().NotBeNullOrEmpty(); }
public async Task Handle_GivenValidRequest_ShouldCreateResponseClientCanRandomizeAndUseForAuthorization() { //Arrange var config = new AnonymousTokensConfig { Enabled = true, CurveName = "P-256", KeyRotationEnabled = true, //MasterKeyCertId = "<your cert thumprint>", // uncomment to switch to use local certificate KeyRotationInterval = TimeSpan.FromDays(3), KeyRotationRollover = TimeSpan.FromHours(1) }; var masterKey = new byte[256]; var automocker = new AutoMocker(); automocker .SetupOptions(config); automocker .Use <IMemoryCache>(new MemoryCache(new MemoryCacheOptions())); // comment to switch to use local certificate automocker .Setup <IAnonymousTokenMasterKeyLoader, Task <byte[]> >(x => x.LoadMasterKeyBytes()) .ReturnsAsync(masterKey); // uncomment to switch to use local certificate //automocker.Use<ICertificateLocator>(new LocalCertificateLocator()); //automocker.Use<IAnonymousTokenMasterKeyLoader>(automocker.CreateInstance<AnonymousTokenMasterKeyLoader>()); automocker .Use <IAnonymousTokensKeyStore>(automocker.CreateInstance <AnonymousTokenKeyStore>()); automocker .Use <ITokenGenerator>(new TokenGenerator()); automocker .Setup <IAnonymousTokenIssueRecordRepository, Task <IEnumerable <AnonymousTokenIssueRecord> > >(x => x.RetrieveRecordsJwtToken(It.IsAny <string>())) .Returns <string>(x => Task.FromResult(Enumerable.Empty <AnonymousTokenIssueRecord>())); var targetA = automocker.CreateInstance <IssueAnonymousToken.Handler>(); //Act: Part 1 - Issue token var ecParameters = CustomNamedCurves.GetByName("P-256"); var initiator = new Initiator(); var init = initiator.Initiate(ecParameters.Curve); var tokenRequest = new IssueAnonymousToken.Command { JwtTokenId = "token-a", JwtTokenExpiry = DateTime.Now.AddMinutes(10), RequestData = new AnonymousTokenRequest { MaskedPoint = Convert.ToBase64String(init.P.GetEncoded()) } }; var tokenResponse = (await targetA.Handle(tokenRequest, new CancellationToken())).ValueOrFailure(); tokenResponse.Should().NotBeNull(); //Act: Part 2 - Validate, randomize and create auth header var targetB = automocker.CreateInstance <GetAnonymousTokenKeySet.Handler>(); var keysetResponse = await targetB.Handle(new GetAnonymousTokenKeySet.Query(), new CancellationToken()); var rawPublicKey = keysetResponse.Keys.First(x => x.Kid == tokenResponse.Kid); var curve = CustomNamedCurves.GetByName(rawPublicKey.Crv); var publicKey = curve.Curve.CreatePoint( new BigInteger(Convert.FromBase64String(rawPublicKey.X)), new BigInteger(Convert.FromBase64String(rawPublicKey.Y)) ); var signedPoint = ecParameters.Curve.DecodePoint(Convert.FromBase64String(tokenResponse.SignedPoint)); var proofChallenge = new BigInteger(Convert.FromBase64String(tokenResponse.ProofChallenge)); var proofResponse = new BigInteger(Convert.FromBase64String(tokenResponse.ProofResponse)); var randomizedToken = initiator.RandomiseToken(ecParameters, publicKey, init.P, signedPoint, proofChallenge, proofResponse, init.r); var encodedToken = Convert.ToBase64String(randomizedToken.GetEncoded()) + "." + Convert.ToBase64String(init.t) + "." + tokenResponse.Kid; encodedToken.Should().NotBeNullOrEmpty(); }