protected override void ValidateTestCase(string testVariation) { IdentityConfiguration identityConfig = new IdentityConfiguration(IdentityConfiguration.DefaultServiceName); Assert.IsNotNull(identityConfig.IssuerTokenResolver); Assert.IsFalse(identityConfig.IssuerTokenResolver.GetType() != typeof(NamedKeyIssuerTokenResolver), string.Format("Expected identityConfiguration.IsuerTokenResolver.GetType() == typeof( NamedKeyIssuerTokenResolver ), was: '{0}'", identityConfig.IssuerTokenResolver.GetType())); NamedKeyIssuerTokenResolver resolver = identityConfig.IssuerTokenResolver as NamedKeyIssuerTokenResolver; Assert.IsTrue(resolver.SecurityKeys.Count == 0); Assert.IsTrue(IssuerTokenResolver.DefaultStoreName == StoreName.TrustedPeople); Assert.IsTrue(IssuerTokenResolver.DefaultStoreLocation == StoreLocation.LocalMachine); // Should not find key SecurityKey key = null; NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause("keyName", "KeyingMaterial.SymmetricKeyBytes_256"); Assert.IsFalse(resolver.TryResolveSecurityKey(clause, out key)); Assert.IsNull(key); // Should not find token SecurityToken token = null; Assert.IsFalse(resolver.TryResolveToken(clause, out token)); Assert.IsNull(token); }
public void JwtSecurityKeyIdentifyier_Extensibility() { string clauseName = "kid"; string keyId = Issuers.GotJwt; NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause(clauseName, keyId); SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(clause); SigningCredentials signingCredentials = new SigningCredentials(KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest, keyIdentifier); JwtHeader jwtHeader = new JwtHeader(signingCredentials); SecurityKeyIdentifier ski = jwtHeader.SigningKeyIdentifier; Assert.IsFalse(ski.Count != 1, "ski.Count != 1 "); NamedKeySecurityKeyIdentifierClause clauseOut = ski.Find <NamedKeySecurityKeyIdentifierClause>(); Assert.IsFalse(clauseOut == null, "NamedKeySecurityKeyIdentifierClause not found"); Assert.IsFalse(clauseOut.Name != clauseName, "clauseOut.Id != clauseId"); Assert.IsFalse(clauseOut.KeyIdentifier != keyId, "clauseOut.KeyIdentifier != keyId"); NamedKeySecurityToken NamedKeySecurityToken = new NamedKeySecurityToken(clauseName, new SecurityKey[] { KeyingMaterial.SymmetricSecurityKey_256 }); Assert.IsFalse(!NamedKeySecurityToken.MatchesKeyIdentifierClause(clause), "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed"); List <SecurityKey> list = new List <SecurityKey>() { KeyingMaterial.SymmetricSecurityKey_256 }; Dictionary <string, IList <SecurityKey> > keys = new Dictionary <string, IList <SecurityKey> >() { { "kid", list }, }; NamedKeyIssuerTokenResolver nkitr = new NamedKeyIssuerTokenResolver(keys: keys); SecurityKey sk = nkitr.ResolveSecurityKey(clause); Assert.IsFalse(sk == null, "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed"); JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); JwtSecurityToken jwt = handler.CreateToken(issuer: Issuers.GotJwt, signingCredentials: signingCredentials) as JwtSecurityToken; handler.Configuration = new SecurityTokenHandlerConfiguration() { IssuerTokenResolver = new NamedKeyIssuerTokenResolver(keys: keys), AudienceRestriction = new AudienceRestriction(AudienceUriMode.Never), IssuerNameRegistry = new SetNameIssuerNameRegistry("http://GotJwt.com"), }; handler.ValidateToken(jwt); }
public void NamedKeySecurityKeyIdentifierClause_Extensibility() { string clauseName = "kid"; string keyId = Issuers.GotJwt; NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause(clauseName, keyId); SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(clause); SigningCredentials signingCredentials = new SigningCredentials(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest, keyIdentifier); JwtHeader jwtHeader = new JwtHeader(signingCredentials); SecurityKeyIdentifier ski = jwtHeader.SigningKeyIdentifier; Assert.AreEqual(ski.Count, 1, "ski.Count != 1 "); NamedKeySecurityKeyIdentifierClause clauseOut = ski.Find <NamedKeySecurityKeyIdentifierClause>(); Assert.IsNotNull(clauseOut, "NamedKeySecurityKeyIdentifierClause not found"); Assert.AreEqual(clauseOut.Name, clauseName, "clauseOut.Id != clauseId"); Assert.AreEqual(clauseOut.Id, keyId, "clauseOut.KeyIdentifier != keyId"); NamedKeySecurityToken NamedKeySecurityToken = new NamedKeySecurityToken(clauseName, keyId, new SecurityKey[] { KeyingMaterial.DefaultSymmetricSecurityKey_256 }); Assert.IsTrue(NamedKeySecurityToken.MatchesKeyIdentifierClause(clause), "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed"); List <SecurityKey> list = new List <SecurityKey>() { KeyingMaterial.DefaultSymmetricSecurityKey_256 }; Dictionary <string, IList <SecurityKey> > keys = new Dictionary <string, IList <SecurityKey> >() { { "kid", list }, }; NamedKeyIssuerTokenResolver nkitr = new NamedKeyIssuerTokenResolver(keys: keys); SecurityKey sk = nkitr.ResolveSecurityKey(clause); Assert.IsNotNull(sk, "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed"); }