public async Task CertificateCache_Caches() { MockClock clock = new MockClock(DateTime.UtcNow); // The fake only fakes the fetching of the certificates from the web. // The rest of the code can't be mocked and that's what we are testing here. var certCache = new FakeCertificateCache(clock); var firstCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default); // Move the clock a little, but not enough to invalidate the cache, which lasts for 1 hour. clock.UtcNow = clock.UtcNow.AddMinutes(30); var secondCallCached = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default); Assert.NotNull(firstCall); Assert.Same(firstCall, secondCallCached); }
public async Task CertificateCache_Refreshes() { MockClock clock = new MockClock(DateTime.UtcNow); // The fake only fakes the fetching of the certificates from the web. // The rest of the code can't be mocked and that's what we are testing here. var certCache = new FakeCertificateCache(clock); var firstCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default); // Move the clock so the cache expires clock.UtcNow = clock.UtcNow.AddMinutes(61); var secondCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default); Assert.NotNull(firstCall); Assert.NotNull(secondCall); Assert.NotSame(firstCall, secondCall); }
public void ValidationSettingsToSignedTokenVerificationOptions() { MockClock clock = new MockClock(DateTime.UtcNow); FakeCertificateCache cache = new FakeCertificateCache(); var options = new GoogleJsonWebSignature.ValidationSettings { Clock = clock, Audience = new[] { "audience" }, HostedDomain = "hosted_domain", IssuedAtClockTolerance = TimeSpan.FromSeconds(5), ExpirationTimeClockTolerance = TimeSpan.FromSeconds(10), CertificateCache = cache, ForceGoogleCertRefresh = true }.ToVerificationOptions(); Assert.Same(clock, options.Clock); Assert.Single(options.TrustedAudiences, "audience"); Assert.Equal(TimeSpan.FromSeconds(5), options.IssuedAtClockTolerance); Assert.Equal(TimeSpan.FromSeconds(10), options.ExpiryClockTolerance); Assert.Same(cache, options.CertificateCache); Assert.True(options.ForceCertificateRefresh); Assert.Equal(GoogleAuthConsts.JsonWebKeySetUrl, options.CertificatesUrl); Assert.Equal(GoogleJsonWebSignature.ValidJwtIssuers.Count(), options.TrustedIssuers.Count); }