public async Task ItShouldValidateSignatureWhenMatch() { var expectedSignature = "expectedSignature"; var optionsMonitor = CreateOptionsMonitor(); var signatureBodySourceBuilderMock = new Mock <ISignatureBodySourceBuilder>(); var signatureBodySignerMock = new Mock <ISignatureBodySigner>(); signatureBodySignerMock.Setup(x => x.Sign(It.IsAny <SignatureBodyParameters>())) .ReturnsAsync(expectedSignature); var service = new RequestsSignatureValidationService( optionsMonitor, signatureBodySourceBuilderMock.Object, signatureBodySignerMock.Object); var timestamp = new SystemClock().UtcNow.ToUnixTimeSeconds(); var httpRequest = new DefaultHttpRequest(new DefaultHttpContext()) { Scheme = "https", Host = new HostString("example.org"), Path = "/", }; httpRequest.Headers[optionsMonitor.CurrentValue.HeaderName] = $"{ClientId}:{Guid.NewGuid()}:{timestamp}:{expectedSignature}"; var result = await service.Validate(httpRequest); result.Status.Should().Be(SignatureValidationResultStatus.OK); result.SignatureValue.Should().Be(httpRequest.Headers[optionsMonitor.CurrentValue.HeaderName]); result.ClientId.Should().Be(ClientId); result.ComputedSignature.Should().Be(expectedSignature); }
public async Task ItShouldValidateNonce() { var nonce = Guid.NewGuid().ToString(); var optionsMonitor = CreateOptionsMonitor(); var signatureBodySourceBuilderMock = new Mock <ISignatureBodySourceBuilder>(); var signatureBodySignerMock = new Mock <ISignatureBodySigner>(); var nonceRepository = new Mock <INonceRepository>(); nonceRepository.Setup(x => x.Exists(nonce)) .ReturnsAsync(true); var service = new RequestsSignatureValidationService( optionsMonitor, signatureBodySourceBuilderMock.Object, signatureBodySignerMock.Object, nonceRepository: nonceRepository.Object); var httpRequest = new DefaultHttpRequest(new DefaultHttpContext()); httpRequest.Headers[optionsMonitor.CurrentValue.HeaderName] = $"{ClientId}:{nonce}:0:asdf"; var result = await service.Validate(httpRequest); result.Status.Should().Be(SignatureValidationResultStatus.NonceHasBeenUsedBefore); result.SignatureValue.Should().Be(httpRequest.Headers[optionsMonitor.CurrentValue.HeaderName]); result.ClientId.Should().Be(ClientId); }
public async Task ItShouldValidateHeaderPresence() { var optionsMonitor = CreateOptionsMonitor(); var signatureBodySourceBuilderMock = new Mock <ISignatureBodySourceBuilder>(); var signatureBodySignerMock = new Mock <ISignatureBodySigner>(); var service = new RequestsSignatureValidationService( optionsMonitor, signatureBodySourceBuilderMock.Object, signatureBodySignerMock.Object); var httpRequest = new DefaultHttpRequest(new DefaultHttpContext()); var result = await service.Validate(httpRequest); result.Status.Should().Be(SignatureValidationResultStatus.HeaderNotFound); }
public async Task ItShouldValidateHeaderFormat() { var optionsMonitor = CreateOptionsMonitor(); var signatureBodySourceBuilderMock = new Mock <ISignatureBodySourceBuilder>(); var signatureBodySignerMock = new Mock <ISignatureBodySigner>(); var service = new RequestsSignatureValidationService( optionsMonitor, signatureBodySourceBuilderMock.Object, signatureBodySignerMock.Object); var httpRequest = new DefaultHttpRequest(new DefaultHttpContext()); httpRequest.Headers[optionsMonitor.CurrentValue.HeaderName] = "foo"; var result = await service.Validate(httpRequest); result.Status.Should().Be(SignatureValidationResultStatus.HeaderParseError); result.SignatureValue.Should().Be("foo"); }
public async Task ItShouldHonorDisabledOptions() { var optionsMonitor = CreateOptionsMonitor(options => { options.Disabled = true; }); var signatureBodySourceBuilderMock = new Mock <ISignatureBodySourceBuilder>(); var signatureBodySignerMock = new Mock <ISignatureBodySigner>(); var service = new RequestsSignatureValidationService( optionsMonitor, signatureBodySourceBuilderMock.Object, signatureBodySignerMock.Object); var httpRequest = new DefaultHttpRequest(new DefaultHttpContext()); var result = await service.Validate(httpRequest); result.Status.Should().Be(SignatureValidationResultStatus.Disabled); }
public async Task ItShouldValidateClientId() { var optionsMonitor = CreateOptionsMonitor(); var signatureBodySourceBuilderMock = new Mock <ISignatureBodySourceBuilder>(); var signatureBodySignerMock = new Mock <ISignatureBodySigner>(); var service = new RequestsSignatureValidationService( optionsMonitor, signatureBodySourceBuilderMock.Object, signatureBodySignerMock.Object); var httpRequest = new DefaultHttpRequest(new DefaultHttpContext()); httpRequest.Headers[optionsMonitor.CurrentValue.HeaderName] = "WrongClientId:asdf:0:asdf"; var result = await service.Validate(httpRequest); result.Status.Should().Be(SignatureValidationResultStatus.ClientIdNotFound); result.SignatureValue.Should().Be(httpRequest.Headers[optionsMonitor.CurrentValue.HeaderName]); result.ClientId.Should().Be("WrongClientId"); }
public async Task ItShouldValidateTimestamp() { var optionsMonitor = CreateOptionsMonitor(); var signatureBodySourceBuilderMock = new Mock <ISignatureBodySourceBuilder>(); var signatureBodySignerMock = new Mock <ISignatureBodySigner>(); var service = new RequestsSignatureValidationService( optionsMonitor, signatureBodySourceBuilderMock.Object, signatureBodySignerMock.Object); var now = new SystemClock().UtcNow; var timestamp = now.Add(optionsMonitor.CurrentValue.ClockSkew).AddMinutes(1); var httpRequest = new DefaultHttpRequest(new DefaultHttpContext()); httpRequest.Headers[optionsMonitor.CurrentValue.HeaderName] = $"{ClientId}:{Guid.NewGuid()}:{timestamp.ToUnixTimeSeconds()}:asdf"; var result = await service.Validate(httpRequest); result.Status.Should().Be(SignatureValidationResultStatus.TimestampIsOff); result.SignatureValue.Should().Be(httpRequest.Headers[optionsMonitor.CurrentValue.HeaderName]); result.ClientId.Should().Be(ClientId); }