private List <JwtSecurityTokenTestVariation> JwtConstructionParamsVariations() { List <JwtSecurityTokenTestVariation> constructionParams = new List <JwtSecurityTokenTestVariation>() { new JwtSecurityTokenTestVariation { Name = "ClaimsSet with all Reserved claim types, ensures that users can add as they see fit", Claims = ClaimSets.AllReserved, ExpectedException = ExpectedException.Null, }, new JwtSecurityTokenTestVariation { Name = "All null params", Issuer = null, Audience = null, Claims = null, SigningCredentials = null, }, new JwtSecurityTokenTestVariation { Name = "ValidFrom > ValidTo, .Net datetime", ValidFrom = DateTime.UtcNow + TimeSpan.FromHours(1), ValidTo = DateTime.UtcNow, ExpectedException = ExpectedException.ArgEx(id: "ID2000"), }, new JwtSecurityTokenTestVariation { Name = "ValidFrom > ValidTo, UnixEpoch - 1 ms", ValidTo = EpochTime.UnixEpoch - TimeSpan.FromMilliseconds(1), ValidFrom = DateTime.UtcNow, ExpectedException = ExpectedException.ArgEx(id: "ID2000"), }, new JwtSecurityTokenTestVariation { Name = "ValidFrom > ValidTo, UnixEpoch - 1 s", ValidTo = EpochTime.UnixEpoch - TimeSpan.FromSeconds(1), ValidFrom = DateTime.UtcNow, ExpectedException = ExpectedException.ArgEx(id: "ID2000"), }, new JwtSecurityTokenTestVariation { Name = "ValidFrom == DateItime.MinValue", ValidFrom = DateTime.MinValue, ValidTo = DateTime.UtcNow, }, }; return(constructionParams); }
public void SignatureProviderFactoryTests() { SignatureProviderFactory factory = new SignatureProviderFactory(); // Asymmetric / Symmetric both need signature alg specified FactoryCreateFor("Siging: - algorithm string.Empty", KeyingMaterial.AsymmetricKey_1024, string.Empty, factory, ExpectedException.ArgEx()); FactoryCreateFor("Verifying: - algorithm string.Empty", KeyingMaterial.AsymmetricKey_1024, string.Empty, factory, ExpectedException.ArgEx()); // Keytype not supported FactoryCreateFor("Siging: - SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgEx("Jwt10500")); FactoryCreateFor("Verifying: - SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgEx("Jwt10500")); // Private keys missing FactoryCreateFor("Siging: - SecurityKey without private key", KeyingMaterial.AsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.InvalidOp()); FactoryCreateFor("Verifying: - SecurityKey without private key", KeyingMaterial.AsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.Null); // Key size checks FactoryCreateFor("Siging: - AsymmetricKeySize Key to small", KeyingMaterial.AsymmetricKey_1024, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgRange("Jwt10530")); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = 2048; FactoryCreateFor("Verifying: - AsymmetricKeySize Key to small", KeyingMaterial.AsymmetricKey_1024, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgRange("Jwt10531")); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying; SignatureProviderFactory.MinimumSymmetricKeySizeInBits = 512; FactoryCreateFor("Siging: - SymmetricKeySize Key to small", KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgRange("Jwt10503")); FactoryCreateFor("Verifying: - SymmetricKeySize Key to small", KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgRange("Jwt10503")); SignatureProviderFactory.MinimumSymmetricKeySizeInBits = SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits; // setting keys too small try { Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning < AbsoluteMinimumAsymmetricKeySizeInBitsForSigning")); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning - 10; Assert.Fail(string.Format("Expected exception: '{0}'", typeof(ArgumentOutOfRangeException))); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning; } catch (Exception ex) { ExpectedException.ProcessException(ExpectedException.ArgRange("Jwt10513"), ex); } try { Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying < AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying")); SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying = SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying - 10; Assert.Fail(string.Format("Expected exception: '{0}'", typeof(ArgumentOutOfRangeException))); } catch (Exception ex) { ExpectedException.ProcessException(ExpectedException.ArgRange("Jwt10527"), ex); } try { Console.WriteLine(string.Format("Testcase: '{0}'", "SignatureProviderFactory.MinimumSymmetricKeySizeInBits < AbsoluteMinimumSymmetricKeySizeInBits")); SignatureProviderFactory.MinimumSymmetricKeySizeInBits = SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits - 10; Assert.Fail(string.Format("Expected exception: '{0}'", typeof(ArgumentOutOfRangeException))); } catch (Exception ex) { ExpectedException.ProcessException(ExpectedException.ArgRange("Jwt10528"), ex); } }
public void SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking() { SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.SymmetricSigningCreds_256_Sha2.SigningKey as SymmetricSecurityKey, KeyingMaterial.SymmetricSigningCreds_256_Sha2.SignatureAlgorithm); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - null input", provider, null, null, ExpectedException.ArgNull); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - 0 bytes", provider, new byte[0], null, ExpectedException.ArgEx("Jwt10524")); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - 1 byte", provider, new byte[1], null, ExpectedException.Null); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - null input", provider, null, null, ExpectedException.ArgNull); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - null signature", provider, new byte[0], null, ExpectedException.ArgNull); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - 0 bytes input", provider, new byte[0], new byte[0], ExpectedException.ArgEx("Jwt10525")); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - 0 bytes signature", provider, new byte[1], new byte[0], ExpectedException.ArgEx("Jwt10526")); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - 1 byte", provider, new byte[1], new byte[1], ExpectedException.Null); provider.Dispose(); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - dispose", provider, new byte[1], new byte[1], ExpectedException.ObjDisp); SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - dispose", provider, new byte[1], new byte[1], ExpectedException.ObjDisp); }
public void SymmetricSignatureProviderTests_Constructor() { // no errors SymmetricSignatureProviderTests_Constructor("Creates with no errors", KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature); // null, empty algorithm digest SymmetricSignatureProviderTests_Constructor("Constructor: - NUll key", null, SecurityAlgorithms.HmacSha256Signature, ExpectedException.ArgNull); SymmetricSignatureProviderTests_Constructor("Constructor: - algorithm == string.Empty", KeyingMaterial.SymmetricSecurityKey_256, string.Empty, ExpectedException.ArgEx()); // GetKeyedHashAlgorithm throws Exception innerException = new CryptographicException("hi from inner"); SymmetricSecurityKey key = new FaultingSymmetricSecurityKey(KeyingMaterial.SymmetricSecurityKey_256, innerException); SymmetricSignatureProviderTests_Constructor("Constructor: - SecurityKey.GetKeyedHashAlgorithm throws", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOp("Jwt10532", innerException)); // Key returns null KeyedHash key = new FaultingSymmetricSecurityKey(KeyingMaterial.SymmetricSecurityKey_256, null); SymmetricSignatureProviderTests_Constructor("Constructor: - SecurityKey returns null KeyedHashAlgorithm", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOp("Jwt10533")); //_keyedHash.Key = _key.GetSymmetricKey() is null; KeyedHashAlgorithm keyedHashAlgorithm = KeyingMaterial.SymmetricSecurityKey_256.GetKeyedHashAlgorithm(SecurityAlgorithms.HmacSha256Signature); key = new FaultingSymmetricSecurityKey(KeyingMaterial.SymmetricSecurityKey_256, null, null, keyedHashAlgorithm, null); SymmetricSignatureProviderTests_Constructor("Constructor: - key returns null bytes to pass to _keyedHashKey", key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOp("Jwt10534", new NullReferenceException())); }
public void AsymmetricSignatureProvider_Sign_Verify_ParameterChecking() { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm); Provider_Sign_Verify_ParameterChecking("Sign - null 'input'", provider, null, null, ExpectedException.ArgNull); Provider_Sign_Verify_ParameterChecking("Sign - zero bytes 'input'", provider, new byte[0], null, ExpectedException.ArgEx("Jwt10524")); Provider_Sign_Verify_ParameterChecking("Sign - _formatter will be null since provider wasn't created with willBeUsedForSigning == true", provider, new byte[1], null, ExpectedException.InvalidOp("Jwt10520")); Provider_Sign_Verify_ParameterChecking("Verify - null 'input'", provider, null, null, ExpectedException.ArgNull); Provider_Sign_Verify_ParameterChecking("Verify - null 'signature'", provider, new byte[1], null, ExpectedException.ArgNull); Provider_Sign_Verify_ParameterChecking("Verify - 'input' zero bytes", provider, new byte[0], new byte[1], ExpectedException.ArgEx("Jwt10525")); Provider_Sign_Verify_ParameterChecking("Verify - 'signature' zero bytes", provider, new byte[1], new byte[0], ExpectedException.ArgEx("Jwt10526")); }
public void AsymmetricSignatureProvider_ConstructorTests() { AsymmetricSecurityKey privateKey = KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey; AsymmetricSecurityKey publicKey = KeyingMaterial.X509SigningCreds_Public_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey; string sha2SignatureAlgorithm = KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm; // no errors AsymmetricConstructor_Test("Signing: - Creates with no errors", privateKey, sha2SignatureAlgorithm); AsymmetricConstructor_Test("Verifying: - Creates with no errors (Private Key)", privateKey, sha2SignatureAlgorithm); AsymmetricConstructor_Test("Verifying: - Creates with no errors (Public Key)", publicKey, sha2SignatureAlgorithm); // null, empty algorithm digest AsymmetricConstructor_Test("Signing: - NUll key", null, sha2SignatureAlgorithm, ExpectedException.ArgNull); AsymmetricConstructor_Test("Signing: - SignatureAlorithm == null", privateKey, null, ExpectedException.ArgNull); AsymmetricConstructor_Test("Signing: - SignatureAlorithm == whitespace", privateKey, " ", ExpectedException.ArgEx("WIF10002")); // Private keys missing AsymmetricConstructor_Test("Signing: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, ExpectedException.InvalidOp()); AsymmetricConstructor_Test("Verifying: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, null); // _formatter not created AsymmetricConstructor_Test("Signing: - key cannot create _formatter", KeyingMaterial.AsymmetricKey_2048, "SecurityAlgorithms.RsaSha256Signature", ExpectedException.InvalidOp("Jwt10518")); // _deformatter not created AsymmetricConstructor_Test("Verifying: - key cannot create _deformatter", KeyingMaterial.AsymmetricKey_Public_2048, "SecurityAlgorithms.RsaSha256Signature", ExpectedException.InvalidOp("Jwt10518")); Console.WriteLine("Test missing: key.GetHashAlgorithmForSignature( signingCredentials.SignatureAlgorithm );"); //TODO: Should this be fixed? }
private List <JwtSecurityTokenTestVariation> JwtEncodedStringVariations() { string[] tokenParts = EncodedJwts.Asymmetric_LocalSts.Split('.'); List <JwtSecurityTokenTestVariation> variationsencodedStringParams = new List <JwtSecurityTokenTestVariation>() { new JwtSecurityTokenTestVariation { Name = "EncodedString: InvalidPayloadFormat", EncodedString = EncodedJwts.InvalidPayload, ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: null", EncodedString = null, ExpectedException = ExpectedException.ArgNull, }, new JwtSecurityTokenTestVariation { Name = "EncodedString: string.Empty", EncodedString = string.Empty, ExpectedException = ExpectedException.ArgEx(id: "WIF10002"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: single character: '1'", EncodedString = "1", ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: two parts each a single character: '1.2'", EncodedString = "1.2", ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: header is not encoded properly: '123'", EncodedString = string.Format("{0}.{1}.{2}", "123", tokenParts[1], tokenParts[2]), ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: header is not encoded properly: '123=='", EncodedString = string.Format("{0}.{1}.{2}", "123==", tokenParts[1], tokenParts[2]), ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: payload is not encoded correctly: '123'", EncodedString = string.Format("{1}.{0}.{2}", "123", tokenParts[0], tokenParts[2]), ExpectedException = ExpectedException.ArgEx(id: "Jwt10113"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: payload is not encoded properly: '123=='", EncodedString = string.Format("{1}.{0}.{2}", "123==", tokenParts[0], tokenParts[2]), ExpectedException = ExpectedException.ArgEx(id: "Jwt10400"), }, new JwtSecurityTokenTestVariation { Name = "EncodedString: valid encoding, NO signature (JWT_AsymmetricSigned_AcsV2)", EncodedString = string.Format("{0}.{1}.", tokenParts[0], tokenParts[1]), ExpectedException = ExpectedException.Null, }, new JwtSecurityTokenTestVariation { Name = "EncodedString: valid encoding, NO signature (JWT_AsymmetricSigned_AcsV2)", EncodedString = string.Format("{0}.{1}.", tokenParts[0], tokenParts[1]), ExpectedException = ExpectedException.Null, }, }; return(variationsencodedStringParams); }