public async Task Roundtrips(RoundtripSignedHttpRequestTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.Roundtrips", theoryData);
try
{
var handler = new SignedHttpRequestHandler();
var signedHttpRequestDescriptor = new SignedHttpRequestDescriptor(theoryData.AccessToken, theoryData.HttpRequestData, theoryData.SigningCredentials, theoryData.SignedHttpRequestCreationParameters);
signedHttpRequestDescriptor.CnfClaimValue = theoryData.CnfClaimValue;
var signedHttpRequest = handler.CreateSignedHttpRequest(signedHttpRequestDescriptor);
var cryptoProviderFactory = signedHttpRequestDescriptor.SigningCredentials.CryptoProviderFactory ?? signedHttpRequestDescriptor.SigningCredentials.Key.CryptoProviderFactory;
if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider(
signedHttpRequestDescriptor.SigningCredentials.Key,
signedHttpRequestDescriptor.SigningCredentials.Algorithm,
signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(),
true,
out _))
{
context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Signing), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm));
}
var signedHttpRequestValidationContext = new SignedHttpRequestValidationContext(signedHttpRequest, theoryData.HttpRequestData, theoryData.TokenValidationParameters, theoryData.SignedHttpRequestValidationParameters);
var result = await handler.ValidateSignedHttpRequestAsync(signedHttpRequestValidationContext, CancellationToken.None).ConfigureAwait(false);
if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider(
signedHttpRequestDescriptor.SigningCredentials.Key,
signedHttpRequestDescriptor.SigningCredentials.Algorithm,
signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(),
false,
out _))
{
context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Validate), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm));
}
IdentityComparer.AreBoolsEqual(result.IsValid, theoryData.IsValid, context);
if (result.Exception != null)
{
throw result.Exception;
}
Assert.NotNull(result);
Assert.NotNull(result.SignedHttpRequest);
Assert.NotNull(result.ValidatedSignedHttpRequest);
Assert.NotNull(result.AccessTokenValidationResult);
theoryData.ExpectedException.ProcessNoException(context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
public void GetIssuerValidator_V1Authority()
{
var context = new CompareContext();
var authorityInAliases = ValidatorConstants.AuthorityV1;
var validator = CreateIssuerValidator(authorityInAliases);
IdentityComparer.AreEqual(ValidatorConstants.AuthorityV1, validator.AadAuthorityV1, context);
IdentityComparer.AreEqual(ValidatorConstants.AuthorityCommonTenantWithV2, validator.AadAuthorityV2, context);
IdentityComparer.AreBoolsEqual(false, validator.IsV2Authority, context);
TestUtilities.AssertFailIfErrors(context);
}
public void GetIssuerValidator_B2cAuthorityNotInAliases()
{
var context = new CompareContext();
var authorityNotInAliases = ValidatorConstants.B2CAuthorityWithV2;
var validator = CreateIssuerValidator(authorityNotInAliases);
IdentityComparer.AreEqual(ValidatorConstants.B2CAuthority, validator.AadAuthorityV1, context);
IdentityComparer.AreEqual(ValidatorConstants.B2CAuthorityWithV2, validator.AadAuthorityV2, context);
IdentityComparer.AreBoolsEqual(true, validator.IsV2Authority, context);
TestUtilities.AssertFailIfErrors(context);
}
public void GetIssuerValidator_TwoTenants()
{
var context = new CompareContext();
var validator = CreateIssuerValidator(ValidatorConstants.AuthorityV1);
IdentityComparer.AreEqual(ValidatorConstants.AuthorityV1, validator.AadAuthorityV1, context);
IdentityComparer.AreEqual(ValidatorConstants.AuthorityCommonTenantWithV2, validator.AadAuthorityV2, context);
IdentityComparer.AreBoolsEqual(false, validator.IsV2Authority, context);
validator = CreateIssuerValidator(ValidatorConstants.AuthorityWithTenantSpecified);
IdentityComparer.AreEqual(ValidatorConstants.AuthorityWithTenantSpecified, validator.AadAuthorityV1, context);
IdentityComparer.AreEqual(ValidatorConstants.AuthorityWithTenantSpecifiedWithV2, validator.AadAuthorityV2, context);
IdentityComparer.AreBoolsEqual(false, validator.IsV2Authority, context);
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_FromB2CAuthority_WithNoTidClaim_ValidateSuccessfully()
{
var context = new CompareContext();
Claim issClaim = new Claim(ValidatorConstants.ClaimNameIss, ValidatorConstants.B2CIssuer);
Claim tfpClaim = new Claim(ValidatorConstants.ClaimNameTfp, ValidatorConstants.B2CSignUpSignInUserFlow);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: ValidatorConstants.B2CIssuer, claims: new[] { issClaim, tfpClaim });
AadIssuerValidator validator = CreateIssuerValidator(ValidatorConstants.B2CAuthorityWithV2);
validator.Validate(
ValidatorConstants.B2CIssuer,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { ValidatorConstants.B2CIssuer },
});
IdentityComparer.AreEqual(ValidatorConstants.B2CAuthority, validator.AadAuthorityV1, context);
IdentityComparer.AreEqual(ValidatorConstants.B2CAuthorityWithV2, validator.AadAuthorityV2, context);
IdentityComparer.AreBoolsEqual(true, validator.IsV2Authority, context);
TestUtilities.AssertFailIfErrors(context);
}