public void PerformSuccessfulPostRequestWithShortPayload() { var data = "AnyData"; var payload = new MemoryStream(Encoding.UTF8.GetBytes(data)); var webClient = new SecureWebClient(SECRET_KEY, SHARED_KEY, BASE_ADDRESS, payload); var dataStream = webClient.UploadString(BASE_ADDRESS.AbsoluteUri, data); }
public void TamperPayloadAndRecieveUnauthorizedResponse() { var data = "AnyData"; var tamperedData = String.Format("{0}{1}", data, data); var payload = new MemoryStream(Encoding.UTF8.GetBytes(data)); try { var webClient = new SecureWebClient(SECRET_KEY, SHARED_KEY, BASE_ADDRESS, payload); var dataStream = webClient.UploadString(BASE_ADDRESS.AbsoluteUri, tamperedData); } catch (WebException ex) { var statusCode = ((HttpWebResponse)ex.Response).StatusCode; Assert.IsTrue(HttpStatusCode.Unauthorized.Equals(statusCode)); } }
public void SendTamperedTimeStampAndRecieveUnauthorizedResponse() { var data = "AnyData"; var payload = new MemoryStream(Encoding.UTF8.GetBytes(data)); try { var webClient = new SecureWebClient(SECRET_KEY, SHARED_KEY, BASE_ADDRESS, payload); var headerValue = webClient.Headers.Get(HttpRequestHeader.Authorization.ToString()).Replace("API ", ""); var decodedHeaderValue = Base64Decode(headerValue); var decodedHeaderSplitValues = decodedHeaderValue.Split(':'); var tamperedTimeStamp = DateTime.Now.AddHours(1).ToString("MM/dd/yyyy hh:mm:ss tt"); var tamperedTimeStampBytes = System.Text.Encoding.UTF8.GetBytes(tamperedTimeStamp); var encodedTimeStamp = Convert.ToBase64String(tamperedTimeStampBytes); var tamperedHeaderValue = String.Format("{0}:{1}:{2}", decodedHeaderSplitValues[0], encodedTimeStamp, decodedHeaderSplitValues[2]); var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(headerValue); webClient.Headers.Clear(); webClient.Headers.Add(HttpRequestHeader.Authorization.ToString(), String.Format("{0} {1}", "API ", Convert.ToBase64String(plainTextBytes))); var dataStream = webClient.UploadString(BASE_ADDRESS.AbsoluteUri, data); } catch (WebException ex) { var statusCode = ((HttpWebResponse)ex.Response).StatusCode; Assert.IsTrue(HttpStatusCode.Unauthorized.Equals(statusCode)); } }