public async Task WhenVerificationFails_ReturnsFailureResult()
{
A.CallTo(() => _signatureParser.Parse(_httpRequest, _options))
.Returns(_signature);
var client = new Client(_signature.KeyId, "Unit test app", new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA256), TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(1));
A.CallTo(() => _clientStore.Get(_signature.KeyId))
.Returns(client);
var verificationResultCreator = A.Fake <IVerificationResultCreator>();
A.CallTo(() => _verificationResultCreatorFactory.Create(client, _signature))
.Returns(verificationResultCreator);
var failure = SignatureVerificationFailure.SignatureExpired("Invalid signature.");
A.CallTo(() => _signatureVerifier.VerifySignature(A <HttpRequestForSigning> ._, A <Signature> ._, A <Client> ._))
.Returns(failure);
A.CallTo(() => verificationResultCreator.CreateForFailure(failure))
.Returns(new RequestSignatureVerificationResultFailure(client, _signature, failure));
var actual = await _sut.VerifySignature(_httpRequest, _options);
actual.Should().BeAssignableTo <RequestSignatureVerificationResultFailure>();
actual.As <RequestSignatureVerificationResultFailure>().IsSuccess.Should().BeFalse();
actual.As <RequestSignatureVerificationResultFailure>().Failure.Should().Be(failure);
}
public override SignatureVerificationFailure VerifySync(HttpRequestForVerification signedRequest, Signature signature, Client client)
{
if (signature.Headers.Contains(HeaderName.PredefinedHeaderNames.Expires) && !signature.Expires.HasValue)
{
return(SignatureVerificationFailure.HeaderMissing($"The signature does not contain a value for the {nameof(signature.Expires)} property, but it is required."));
}
if (signature.Expires.HasValue && signature.Expires.Value < _systemClock.UtcNow.Add(-client.ClockSkew))
{
return(SignatureVerificationFailure.SignatureExpired("The signature is expired."));
}
return(null);
}
public override SignatureVerificationFailure VerifySync(HttpRequestForSigning signedRequest, Signature signature, Client client)
{
if (!signature.Expires.HasValue)
{
return(SignatureVerificationFailure.HeaderMissing($"The signature does not contain a value for the {nameof(signature.Expires)} property, but it is required."));
}
if (signature.Expires.Value < _systemClock.UtcNow)
{
return(SignatureVerificationFailure.SignatureExpired("The signature is expired."));
}
return(null);
}