public void GivenUnsupportedAlgorithmType_ThrowsNotSupportedException()
            {
                var    unsupported = new CustomSignatureAlgorithm("CUSTOM");
                Action act         = () => SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(unsupported, _encryptionKey);

                act.Should().Throw <NotSupportedException>();
            }
        public async Task Register(Client client)
        {
            if (client == null)
            {
                throw new ArgumentNullException(nameof(client));
            }

            await _migrator.Migrate();

            if (IsProhibitedId(client.Id))
            {
                throw new ArgumentException($"The id value of the specified {nameof(Client)} is prohibited ({client.Id}).", nameof(client));
            }

            var record = new ClientDataRecordV2 {
                Id                    = client.Id,
                Name                  = client.Name,
                NonceLifetime         = client.NonceLifetime.TotalSeconds,
                ClockSkew             = client.ClockSkew.TotalSeconds,
                Claims                = client.Claims?.Select(ClaimDataRecordV2.FromClaim)?.ToArray(),
                SignatureAlgorithm    = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(client.SignatureAlgorithm, _encryptionKey),
                RequestTargetEscaping = client.RequestTargetEscaping.ToString()
            };

            record.V = record.GetV();

            var collection = _lazyCollection.Value;

            await collection.ReplaceOneAsync(r => r.Id == record.Id, record, new ReplaceOptions { IsUpsert = true });
        }
 public void GivenNullOrEmptyEncryptionKey_DoesNotThrow(string nullOrEmpty)
 {
     using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
         Action act = () => SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(hmac, nullOrEmpty);
         act.Should().NotThrow();
     }
 }
 public void GivenNullOrEmptyEncryptionKey_DoesNotEncryptParameter(string nullOrEmpty)
 {
     using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
         var actual = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(hmac, nullOrEmpty);
         actual.Parameter.Should().Be(_unencryptedKey);
         actual.IsParameterEncrypted.Should().BeFalse();
     }
 }
 public ToSignatureAlgorithm()
 {
     _encryptedKey  = "VbB9IMM3ID9bc4l3gJnzlsZuYFWNqI6WUfRufiP1JHiwNcGRZWSn5Q82Imkn5luw";
     _recordVersion = 2;
     _sut           = new SignatureAlgorithmDataRecordV2 {
         Type                 = "HMAC",
         Parameter            = _encryptedKey,
         HashAlgorithm        = HashAlgorithmName.MD5.Name,
         IsParameterEncrypted = true
     };
 }
Exemplo n.º 6
0
 public ToSignatureAlgorithm()
 {
     _encryptionKey  = new SharedSecretEncryptionKey("The_Big_Secret");
     _unencryptedKey = "s3cr3t";
     _recordVersion  = 2;
     _dataRecord     = new SignatureAlgorithmDataRecordV2 {
         Type                 = "HMAC",
         Parameter            = new FakeStringProtector().Protect(_unencryptedKey),
         HashAlgorithm        = HashAlgorithmName.MD5.Name,
         IsParameterEncrypted = true
     };
 }
 public void GivenHMACAlgorithm_ReturnsExpectedDataRecord()
 {
     using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
         var actual   = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(hmac, _encryptionKey);
         var expected = new SignatureAlgorithmDataRecordV2 {
             Type                 = "HMAC",
             HashAlgorithm        = HashAlgorithmName.SHA384.Name,
             IsParameterEncrypted = true
         };
         actual.Should().BeEquivalentTo(expected, opts => opts.Excluding(_ => _.Parameter));
         actual.Parameter.Should().NotBe(_unencryptedKey);
     }
 }
Exemplo n.º 8
0
 public void GivenHMACAlgorithm_ReturnsExpectedDataRecord()
 {
     using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
         var actual       = _sut.FromSignatureAlgorithm(hmac, _encryptionKey);
         var encryptedKey = new FakeStringProtector().Protect(_unencryptedKey);
         var expected     = new SignatureAlgorithmDataRecordV2 {
             Type                 = "HMAC",
             HashAlgorithm        = HashAlgorithmName.SHA384.Name,
             IsParameterEncrypted = true,
             Parameter            = encryptedKey
         };
         actual.Should().BeEquivalentTo(expected);
     }
 }
Exemplo n.º 9
0
 public void GivenRSAAlgorithm_ReturnsExpectedDataRecord()
 {
     using (var rsa = new RSACryptoServiceProvider()) {
         using (var rsaAlg = SignatureAlgorithm.CreateForVerification(rsa, HashAlgorithmName.SHA384)) {
             var actual   = _sut.FromSignatureAlgorithm(rsaAlg, _encryptionKey);
             var expected = new SignatureAlgorithmDataRecordV2 {
                 Type                 = "RSA",
                 Parameter            = rsa.ExportParameters(false).ToXml(),
                 HashAlgorithm        = HashAlgorithmName.SHA384.Name,
                 IsParameterEncrypted = false
             };
             actual.Should().BeEquivalentTo(expected);
         }
     }
 }
 public void GivenECDsaAlgorithm_ReturnsExpectedDataRecord()
 {
     using (var ecdsa = ECDsa.Create()) {
         using (var ecdsaAlg = SignatureAlgorithm.CreateForVerification(ecdsa, HashAlgorithmName.SHA384)) {
             var actual   = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(ecdsaAlg, _encryptionKey);
             var expected = new SignatureAlgorithmDataRecordV2 {
                 Type                 = "ECDsa",
                 Parameter            = ecdsa.ExportParameters(false).ToXml(),
                 HashAlgorithm        = HashAlgorithmName.SHA384.Name,
                 IsParameterEncrypted = false
             };
             actual.Should().BeEquivalentTo(expected);
         }
     }
 }
            public void GivenHMACDataRecord_ReturnsHMACDataRecord()
            {
                var sut = new SignatureAlgorithmDataRecordV2 {
                    Type                 = "HMAC",
                    Parameter            = _encryptedKey,
                    HashAlgorithm        = HashAlgorithmName.MD5.Name,
                    IsParameterEncrypted = true
                };

                using (var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion)) {
                    var expected = new HMACSignatureAlgorithm(_unencryptedKey, HashAlgorithmName.MD5);
                    actual.Should().BeAssignableTo <HMACSignatureAlgorithm>();
                    actual.As <HMACSignatureAlgorithm>().Should().BeEquivalentTo(expected);
                }
            }
            public void GivenLegacyRecordVersion_DoesNotDecryptParameter(int?legacyVersion)
            {
                var sut = new SignatureAlgorithmDataRecordV2 {
                    Type          = "HMAC",
                    Parameter     = _unencryptedKey,
                    HashAlgorithm = HashAlgorithmName.MD5.Name
                };

                var actual = sut.ToSignatureAlgorithm(_encryptionKey, legacyVersion);

                actual.Should().BeAssignableTo <HMACSignatureAlgorithm>();
                var actualKeyBytes = actual.As <HMACSignatureAlgorithm>().Key;
                var actualKey      = Encoding.UTF8.GetString(actualKeyBytes);

                actualKey.Should().Be(_unencryptedKey);
            }
            public void WhenParameterIsNotEncrypted_DoesNotDecryptParameter()
            {
                var sut = new SignatureAlgorithmDataRecordV2 {
                    Type                 = "HMAC",
                    Parameter            = _unencryptedKey,
                    HashAlgorithm        = HashAlgorithmName.MD5.Name,
                    IsParameterEncrypted = false
                };

                var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion);

                actual.Should().BeAssignableTo <HMACSignatureAlgorithm>();
                var actualKeyBytes = actual.As <HMACSignatureAlgorithm>().Key;
                var actualKey      = Encoding.UTF8.GetString(actualKeyBytes);

                actualKey.Should().Be(_unencryptedKey);
            }
            public void GivenECDsaDataRecord_ReturnsECDsaAlgorithm()
            {
                using (var ecdsa = ECDsa.Create()) {
                    var publicParameters = ecdsa.ExportParameters(false);
                    var sut = new SignatureAlgorithmDataRecordV2 {
                        Type                 = "ECDsa",
                        Parameter            = publicParameters.ToXml(),
                        HashAlgorithm        = HashAlgorithmName.MD5.Name,
                        IsParameterEncrypted = false
                    };

                    using (var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion)) {
                        var expected = ECDsaSignatureAlgorithm.CreateForVerification(HashAlgorithmName.MD5, publicParameters);
                        actual.Should().BeAssignableTo <ECDsaSignatureAlgorithm>();
                        actual.As <ECDsaSignatureAlgorithm>().Should().BeEquivalentTo(expected);
                        actual.As <ECDsaSignatureAlgorithm>().GetPublicKey().ToXml().Should().Be(publicParameters.ToXml());
                    }
                }
            }
            public void GivenRSADataRecord_ReturnsRSAAlgorithm()
            {
                using (var rsa = new RSACryptoServiceProvider()) {
                    var publicParameters = rsa.ExportParameters(false);
                    var sut = new SignatureAlgorithmDataRecordV2 {
                        Type                 = "RSA",
                        Parameter            = publicParameters.ToXml(),
                        HashAlgorithm        = HashAlgorithmName.MD5.Name,
                        IsParameterEncrypted = false
                    };

                    using (var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion)) {
                        var expected = RSASignatureAlgorithm.CreateForVerification(HashAlgorithmName.MD5, publicParameters);
                        actual.Should().BeAssignableTo <RSASignatureAlgorithm>();
                        actual.As <RSASignatureAlgorithm>().Should().BeEquivalentTo(expected);
                        actual.As <RSASignatureAlgorithm>().GetPublicKey().ToXml().Should().Be(publicParameters.ToXml());
                    }
                }
            }
            public void GivenNullSignatureAlgorithm_ThrowsArgumentNullException()
            {
                Action act = () => SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(null, _encryptionKey);

                act.Should().Throw <ArgumentNullException>();
            }