protected override void ValidateTestCase(string testVariation) { IdentityConfiguration identityConfig = new IdentityConfiguration(IdentityConfiguration.DefaultServiceName); Assert.IsNotNull(identityConfig.IssuerTokenResolver); Assert.IsFalse(identityConfig.IssuerTokenResolver.GetType() != typeof(NamedKeyIssuerTokenResolver), string.Format("Expected identityConfiguration.IsuerTokenResolver.GetType() == typeof( NamedKeyIssuerTokenResolver ), was: '{0}'", identityConfig.IssuerTokenResolver.GetType())); NamedKeyIssuerTokenResolver resolver = identityConfig.IssuerTokenResolver as NamedKeyIssuerTokenResolver; Assert.IsTrue(resolver.SecurityKeys.Count == 0); Assert.IsTrue(IssuerTokenResolver.DefaultStoreName == StoreName.TrustedPeople); Assert.IsTrue(IssuerTokenResolver.DefaultStoreLocation == StoreLocation.LocalMachine); // Should not find key SecurityKey key = null; NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause("keyName", "KeyingMaterial.SymmetricKeyBytes_256"); Assert.IsFalse(resolver.TryResolveSecurityKey(clause, out key)); Assert.IsNull(key); // Should not find token SecurityToken token = null; Assert.IsFalse(resolver.TryResolveToken(clause, out token)); Assert.IsNull(token); }
public void NamedKeySecurityKeyIdentifierClause_Publics() { // new NameKeyParametersVariation //{ // TestCase = "MatchesName", // TestAction = // () => (new NamedKeySecurityKeyIdentifierClause("bob", null)).Matches(null) //}, NamedKeySecurityKeyIdentifierClause namedKeySecurityKeyIdentifierClause = new NamedKeySecurityKeyIdentifierClause("name", "keyidentifier"); Assert.IsTrue("name" == namedKeySecurityKeyIdentifierClause.Name); Assert.IsTrue("keyidentifier" == namedKeySecurityKeyIdentifierClause.Id); // *** Matches (null) ExpectedException expectedException = new ExpectedException(typeExpected: typeof(ArgumentNullException), substringExpected: "keyIdentifierClause"); try { namedKeySecurityKeyIdentifierClause.Matches(null); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } }
public SigningCredentials GetSigningCredentials() { string signatureAlgorithm; string digestAlgorithm; var key = GetKey(); if (key is RsaSecurityKey) { signatureAlgorithm = SecurityAlgorithms.RsaSha256Signature; digestAlgorithm = SecurityAlgorithms.Sha256Digest; } else if (key is EcDsaSecurityKey) { var ecdsaKey = key as EcDsaSecurityKey; signatureAlgorithm = ecdsaKey.SignatureAlgorithm; digestAlgorithm = ecdsaKey.DigestAlgorithm; } else { throw new NotImplementedException(); } var keyIdentifierClause = new NamedKeySecurityKeyIdentifierClause(name: "kid", id: Id); var securityKeyIdentifier = new SecurityKeyIdentifier(keyIdentifierClause); var signingCredentials = new SigningCredentials( GetKey(), signatureAlgorithm, digestAlgorithm, securityKeyIdentifier); return(signingCredentials); }
public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token) { SimpleWebToken swt = token as SimpleWebToken; if (swt == null) { throw new SecurityTokenValidationException("The received token is of incorrect token type.Expected SimpleWebToken"); } // check issuer name registry for allowed issuers string issuerName = swt.Issuer; // check expiration if (DateTime.Compare(swt.ValidTo, DateTime.UtcNow) <= 0) { throw new SecurityTokenExpiredException("The incoming token has expired. Get a new access token from the Authorization Server."); } // check audience if (base.Configuration.AudienceRestriction.AudienceMode != AudienceUriMode.Never) { var allowedAudiences = base.Configuration.AudienceRestriction.AllowedAudienceUris; if (!allowedAudiences.Any(uri => uri == swt.AudienceUri)) { throw new AudienceUriValidationFailedException(); } } // retrieve signing key var clause = new NamedKeySecurityKeyIdentifierClause(swt.Issuer, swt.Issuer); var securityKey = Configuration.IssuerTokenResolver.ResolveSecurityKey(clause) as InMemorySymmetricSecurityKey; if (securityKey == null) { throw new SecurityTokenValidationException("No signing key found"); } // check signature if (!swt.VerifySignature(securityKey.GetSymmetricKey())) { throw new SecurityTokenValidationException("Signature verification of the incoming token failed."); } var id = new ClaimsIdentity("SWT"); foreach (var claim in swt.Claims) { var value = claim.Value; value.Split(',').ToList().ForEach(v => id.AddClaim(new Claim(claim.Type, HttpUtility.UrlDecode(v), ClaimValueTypes.String, issuerName))); } return(new ReadOnlyCollection <ClaimsIdentity>(new ClaimsIdentity[] { id })); }
public void NamedKeySecurityKeyIdentifierClause_Constructor() { NamedKeySecurityKeyIdentifierClause namedKeySecurityKeyIdentifierClause; ExpectedException expectedException = new ExpectedException(typeExpected: typeof(ArgumentNullException), substringExpected: "name"); try { namedKeySecurityKeyIdentifierClause = new NamedKeySecurityKeyIdentifierClause(null, null); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } expectedException = new ExpectedException(typeExpected: typeof(ArgumentNullException), substringExpected: "id"); try { namedKeySecurityKeyIdentifierClause = new NamedKeySecurityKeyIdentifierClause("name", null); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } expectedException = ExpectedException.ArgumentNullException(substringExpected: "name"); try { namedKeySecurityKeyIdentifierClause = new NamedKeySecurityKeyIdentifierClause(name: " ", id: "id"); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } expectedException = ExpectedException.ArgumentNullException(substringExpected: "id"); try { namedKeySecurityKeyIdentifierClause = new NamedKeySecurityKeyIdentifierClause("name", " "); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } }
public void JwtSecurityKeyIdentifyier_Extensibility() { string clauseName = "kid"; string keyId = Issuers.GotJwt; NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause(clauseName, keyId); SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(clause); SigningCredentials signingCredentials = new SigningCredentials(KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest, keyIdentifier); JwtHeader jwtHeader = new JwtHeader(signingCredentials); SecurityKeyIdentifier ski = jwtHeader.SigningKeyIdentifier; Assert.IsFalse(ski.Count != 1, "ski.Count != 1 "); NamedKeySecurityKeyIdentifierClause clauseOut = ski.Find <NamedKeySecurityKeyIdentifierClause>(); Assert.IsFalse(clauseOut == null, "NamedKeySecurityKeyIdentifierClause not found"); Assert.IsFalse(clauseOut.Name != clauseName, "clauseOut.Id != clauseId"); Assert.IsFalse(clauseOut.KeyIdentifier != keyId, "clauseOut.KeyIdentifier != keyId"); NamedKeySecurityToken NamedKeySecurityToken = new NamedKeySecurityToken(clauseName, new SecurityKey[] { KeyingMaterial.SymmetricSecurityKey_256 }); Assert.IsFalse(!NamedKeySecurityToken.MatchesKeyIdentifierClause(clause), "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed"); List <SecurityKey> list = new List <SecurityKey>() { KeyingMaterial.SymmetricSecurityKey_256 }; Dictionary <string, IList <SecurityKey> > keys = new Dictionary <string, IList <SecurityKey> >() { { "kid", list }, }; NamedKeyIssuerTokenResolver nkitr = new NamedKeyIssuerTokenResolver(keys: keys); SecurityKey sk = nkitr.ResolveSecurityKey(clause); Assert.IsFalse(sk == null, "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed"); JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); JwtSecurityToken jwt = handler.CreateToken(issuer: Issuers.GotJwt, signingCredentials: signingCredentials) as JwtSecurityToken; handler.Configuration = new SecurityTokenHandlerConfiguration() { IssuerTokenResolver = new NamedKeyIssuerTokenResolver(keys: keys), AudienceRestriction = new AudienceRestriction(AudienceUriMode.Never), IssuerNameRegistry = new SetNameIssuerNameRegistry("http://GotJwt.com"), }; handler.ValidateToken(jwt); }
public void NamedKeySecurityKeyIdentifierClause_Extensibility() { string clauseName = "kid"; string keyId = Issuers.GotJwt; NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause(clauseName, keyId); SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(clause); SigningCredentials signingCredentials = new SigningCredentials(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest, keyIdentifier); JwtHeader jwtHeader = new JwtHeader(signingCredentials); SecurityKeyIdentifier ski = jwtHeader.SigningKeyIdentifier; Assert.AreEqual(ski.Count, 1, "ski.Count != 1 "); NamedKeySecurityKeyIdentifierClause clauseOut = ski.Find <NamedKeySecurityKeyIdentifierClause>(); Assert.IsNotNull(clauseOut, "NamedKeySecurityKeyIdentifierClause not found"); Assert.AreEqual(clauseOut.Name, clauseName, "clauseOut.Id != clauseId"); Assert.AreEqual(clauseOut.Id, keyId, "clauseOut.KeyIdentifier != keyId"); NamedKeySecurityToken NamedKeySecurityToken = new NamedKeySecurityToken(clauseName, keyId, new SecurityKey[] { KeyingMaterial.DefaultSymmetricSecurityKey_256 }); Assert.IsTrue(NamedKeySecurityToken.MatchesKeyIdentifierClause(clause), "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed"); List <SecurityKey> list = new List <SecurityKey>() { KeyingMaterial.DefaultSymmetricSecurityKey_256 }; Dictionary <string, IList <SecurityKey> > keys = new Dictionary <string, IList <SecurityKey> >() { { "kid", list }, }; NamedKeyIssuerTokenResolver nkitr = new NamedKeyIssuerTokenResolver(keys: keys); SecurityKey sk = nkitr.ResolveSecurityKey(clause); Assert.IsNotNull(sk, "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed"); }
public void NamedKeySecurityKeyIdentifierClause_Defaults() { NamedKeySecurityKeyIdentifierClause namedKeySecurityKeyIdentifierClause = new NamedKeySecurityKeyIdentifierClause("name", "keyidentifier"); Assert.IsTrue("NamedKeySecurityKeyIdentifierClause" == namedKeySecurityKeyIdentifierClause.ClauseType); }