public void ShouldFailValidationDueToMissingKey() { // Arrange Mock <IHmacKeyRepository> mockKeyRepo = new Mock <IHmacKeyRepository>(); mockKeyRepo.Setup(r => r.GetHmacKeyForUsername(It.IsAny <string>())).Returns((string)null); IHmacConfiguration configuration = CreateConfiguration(); IHmacSigner signer = new HmacSigner(configuration, mockKeyRepo.Object); HmacValidator validator = new HmacValidator(configuration, signer); DateTimeOffset dateTimeOffset = DateTimeOffset.UtcNow.AddMinutes(-3); string dateString = dateTimeOffset.ToString(HmacConstants.DateHeaderFormat, _dateHeaderCulture); HttpRequestBase request = CreateRequest(dateString); HmacSignatureData signatureData = signer.GetSignatureDataFromHttpRequest(request); signatureData.Key = "TestKey"; string signature = signer.CreateSignature(signatureData); request.Headers[HmacConstants.AuthorizationHeaderName] = string.Format( HmacConstants.AuthorizationHeaderFormat, configuration.AuthorizationScheme, signature); // Act HmacValidationResult result = validator.ValidateHttpRequest(request); // Assert Assert.IsNotNull(result); Assert.IsNotNull(result.ErrorMessage); Assert.AreEqual(result.ResultCode, HmacValidationResultCode.KeyMissing); }
public void ShouldFailValidationDueToMissingDate() { // Arrange IHmacConfiguration configuration = CreateConfiguration(); IHmacSigner signer = new HmacSigner(configuration, _keyRepository); HmacValidator validator = new HmacValidator(configuration, signer); DateTimeOffset dateTimeOffset = DateTimeOffset.UtcNow.AddMinutes(-3); string dateString = dateTimeOffset.ToString(HmacConstants.DateHeaderFormat, _dateHeaderCulture); HttpRequestBase request = CreateRequest(dateString); HmacSignatureData signatureData = signer.GetSignatureDataFromHttpRequest(request); string signature = signer.CreateSignature(signatureData); request.Headers[HmacConstants.AuthorizationHeaderName] = string.Format( HmacConstants.AuthorizationHeaderFormat, configuration.AuthorizationScheme, signature); request.Headers.Remove(HmacConstants.DateHeaderName); // Act HmacValidationResult result = validator.ValidateHttpRequest(request); // Assert Assert.IsNotNull(result); Assert.IsNotNull(result.ErrorMessage); Assert.AreEqual(result.ResultCode, HmacValidationResultCode.DateMissing); }
/// <summary> /// Validates an entire HTTP request message. /// </summary> /// <param name="request">The HTTP request to validate.</param> /// <returns>The result of the validation as a <see cref="HmacValidationResult"/> object.</returns> /// <remarks> /// The following validation logic is used: /// - The Date header must be present if a maximum request age is configured, but cannot be older than the configured value; /// - The username header must be present when the user header name has been configured; /// - The key must be found for the request; /// - The Authorization header must be present, must have the correct authorization scheme and must contain a signature; /// - The signature created from the extracted signature data must match the one on the Authorization header. /// /// In case the request contains a body: /// - The Content-MD5 header value must match an MD5 hash of the body, if Content-MD5 validation was enabled in the configuration. /// </remarks> /// <exception cref="ArgumentNullException">The request is null.</exception> /// <exception cref="HmacConfigurationException">One or more of the configuration parameters are invalid.</exception> public virtual HmacValidationResult ValidateHttpRequest(HttpRequestMessage request) { if (request == null) { throw new ArgumentNullException(nameof(request), "The request cannot be null."); } HmacRequestWrapper requestWrapper = new HmacRequestWrapper(request); HmacSignatureData signatureData = HmacSigner.GetSignatureDataFromHttpRequest(request); return(ValidateHttpRequest(requestWrapper, signatureData)); }
public void ShouldGetSignatureDataFromHttpRequest() { // Arrange IHmacConfiguration configuration = CreateConfiguration(); string dateString = CreateHttpDateString(); HttpRequestBase request = CreateRequest(dateString); HmacSigner signer = new HmacSigner(configuration, _keyRepository); // Act HmacSignatureData signatureData = signer.GetSignatureDataFromHttpRequest(request); // Assert Assert.IsNotNull(signatureData); Assert.AreEqual(_keyRepository.Key, signatureData.Key); Assert.AreEqual(request.HttpMethod, signatureData.HttpMethod); Assert.AreEqual(_base64Md5Hash, signatureData.ContentMd5); Assert.AreEqual(ContentType, signatureData.ContentType); Assert.AreEqual(dateString, signatureData.Date); Assert.AreEqual(_keyRepository.Username, signatureData.Username); Assert.AreEqual(Url, signatureData.RequestUri); Assert.IsNotNull(signatureData.Headers); Assert.IsTrue(signatureData.Headers.Count > 0); }