public void CanReadToken_WhenTokenIsNullOrWhitespace_ExpectFalse(string token) { var handler = new BrancaTokenHandler(); var canReadToken = handler.CanReadToken(token); canReadToken.Should().BeFalse(); }
public void ValidateToken_WhenTokenCannotBeRead_ExpectFailureWithSecurityTokenException() { var result = new BrancaTokenHandler().ValidateToken("=====", new TokenValidationParameters()); result.IsValid.Should().BeFalse(); result.Exception.Should().BeOfType <SecurityTokenException>(); }
public void ValidateToken_WhenTokenIsNullOrWhitespace_ExpectFailureWithArgumentNullException(string token) { var result = new BrancaTokenHandler().ValidateToken(token, new TokenValidationParameters()); result.IsValid.Should().BeFalse(); result.Exception.Should().BeOfType <ArgumentNullException>(); }
public void ValidateToken_WhenTokenValidationParametersAreNull_ExpectFailureWithArgumentNullException() { var result = new BrancaTokenHandler().ValidateToken(ValidToken, null); result.IsValid.Should().BeFalse(); result.Exception.Should().BeOfType <ArgumentNullException>(); }
public void CanReadToken_WhenJwtToken_ExpectFalse() { const string jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJuYW1lIjoiU2NvdHQgQnJhZHkiLCJpYXQiOjE1ODU3Njc0Mjl9.DcGCOpx19JQzVVeZPHgqB73rbLaCUsx-k6PuFdit6IM"; var canReadToken = new BrancaTokenHandler().CanReadToken(jwt); canReadToken.Should().BeFalse(); }
public void CanReadToken_WhenTokenContainsNonBase64Characters_ExpectFalse() { const string token = "token=="; var canReadToken = new BrancaTokenHandler().CanReadToken(token); canReadToken.Should().BeFalse(); }
public void ValidateToken_TestTokenWithWrongVersion() { const string token = "89mvl3RkwXjpEj5WMxK7GUDEHEeeeZtwjMIOogTthvr44qBfYtQSIZH5MHOTC0GzoutDIeoPVZk3w"; var handler = new BrancaTokenHandler(); var exception = Assert.Throws <SecurityTokenException>(() => handler.DecryptToken(token, key)); exception.Message.Should().Be("Unsupported Branca version"); }
public void ValidateToken_TestTokenWithEightNullBytesAndMaxTimestamp() { const string token = "1jrx6DUq9HmXvYdmhWMhXzx3klRzhlAjsc3tUFxDPCvZZLm16GYOzsBG4KwF1djjW1yTeZ2B"; var handler = new BrancaTokenHandler(); var decryptedToken = handler.DecryptToken(token, key); decryptedToken.Payload.Should().Be(System.Text.Encoding.UTF8.GetString(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0 })); decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(4294967295).UtcDateTime); }
public void ValidateToken_TestTokenWithEightNullBytesAndZeroTimestamp() { const string token = "1jIBheHWEwYIP59Wpm4QkjkIKuhc12NcYdp9Y60B6av7sZc3vJ5wBwmKJyQzGfJCrvuBgGnf"; var handler = new BrancaTokenHandler(); var decryptedToken = handler.DecryptToken(token, key); decryptedToken.Payload.Should().Be(System.Text.Encoding.UTF8.GetString(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0 })); decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(0).UtcDateTime); }
public void ValidateToken_TestTokenWithHelloWorldAndNovember27Timestamp() { const string token = "875GH234UdXU6PkYq8g7tIM80XapDQOH72bU48YJ7SK1iHiLkrqT8Mly7P59TebOxCyQeqpMJ0a7a"; var handler = new BrancaTokenHandler(); var decryptedToken = handler.DecryptToken(token, key); decryptedToken.Payload.Should().Be("Hello world!"); decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(123206400).UtcDateTime); }
public void ValidateToken_TestTokenWithHelloWorldAndMaxTimestamp() { const string token = "89i7YCwtsSiYfXvOKlgkCyElnGCOEYG7zLCjUp4MuDIZGbkKJgt79Sts9RdW2Yo4imonXsILmqtNb"; var handler = new BrancaTokenHandler(); var decryptedToken = handler.DecryptToken(token, key); decryptedToken.Payload.Should().Be("Hello world!"); decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(4294967295).UtcDateTime); }
public void ValidateToken_TestTokenWithHelloWorldAndZeroTimestamp() { const string token = "870S4BYjk7NvyViEjUNsTEmGXbARAX9PamXZg0b3JyeIdGyZkFJhNsOQW6m0K9KnXt3ZUBqDB6hF4"; var handler = new BrancaTokenHandler(); var decryptedToken = handler.DecryptToken(token, key); decryptedToken.Payload.Should().Be("Hello world!"); decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(0).UtcDateTime); }
public void CanReadToken_WhenTokenIsTooLong_ExpectFalse() { var tokenBytes = new byte[TokenValidationParameters.DefaultMaximumTokenSizeInBytes + 1]; new Random().NextBytes(tokenBytes); var canReadToken = new BrancaTokenHandler().CanReadToken(Convert.ToBase64String(tokenBytes)); canReadToken.Should().BeFalse(); }
public void ValidateToken_TestTokenWithEightNullBytesAndNovember27Timestamp() { const string token = "1jJDJOEfuc4uBJh5ivaadjo6UaBZJDZ1NsWixVCz2mXw3824JRDQZIgflRqCNKz6yC7a0JKC"; var handler = new BrancaTokenHandler(); var decryptedToken = handler.DecryptToken(token, key); decryptedToken.Payload.Should().Be(System.Text.Encoding.UTF8.GetString(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0 })); decryptedToken.Timestamp.Should().Be(DateTimeOffset.FromUnixTimeSeconds(123206400).UtcDateTime); }
public void ValidateToken_CiphertextModification_ExpectSecurityTokenException() { var handler = new BrancaTokenHandler(); var token = handler.CreateToken("test", key); var decoded = Base62.Decode(token); decoded[decoded.Length - 17] ^= 1; // Last byte before the Poly1305 tag Assert.Throws <CryptographicException>(() => handler.DecryptToken(Base62.Encode(decoded), key)); }
public void CreateToken_WhenTokenGenerated_ExpectBas62EncodedTokenWithCorrectLength() { var payload = Guid.NewGuid().ToString(); var handler = new BrancaTokenHandler(); var token = handler.CreateToken(payload, validKey); token.Any(x => !Base62.CharacterSet.Contains(x)).Should().BeFalse(); Base62.Decode(token).Length.Should().Be( System.Text.Encoding.UTF8.GetBytes(payload).Length + 29 + 16); }
public void EnryptAndDecryptToken_ExpectCorrectPayloadAndTimestamp() { var payload = Guid.NewGuid().ToString(); var handler = new BrancaTokenHandler(); var token = handler.CreateToken(payload, validKey); var decryptedPayload = handler.DecryptToken(token, validKey); decryptedPayload.Payload.Should().Be(payload); decryptedPayload.Timestamp.Should().BeCloseTo(DateTime.UtcNow, 1000); }
public void EnryptAndDecryptToken_WithExplicitTimestamp_ExpectCorrectPayloadAndTimestamp() { var payload = Guid.NewGuid().ToString(); var timestamp = new DateTime(2020, 08, 22).ToUniversalTime(); var handler = new BrancaTokenHandler(); var token = handler.CreateToken(payload, timestamp, validKey); var decryptedPayload = handler.DecryptToken(token, validKey); decryptedPayload.Payload.Should().Be(payload); decryptedPayload.Timestamp.Should().Be(timestamp); }
public void EnryptAndDecryptToken_WithExplicitBrancaTimestamp_ExpectCorrectPayloadAndTimestamp() { var payload = Guid.NewGuid().ToString(); var timestamp = uint.MinValue; var handler = new BrancaTokenHandler(); var token = handler.CreateToken(payload, timestamp, validKey); var decryptedPayload = handler.DecryptToken(token, validKey); decryptedPayload.Payload.Should().Be(payload); decryptedPayload.Timestamp.Should().Be(new DateTime(1970, 01, 01, 0, 0, 0, DateTimeKind.Utc)); decryptedPayload.BrancaFormatTimestamp.Should().Be(timestamp); }
public void ValidateToken_WhenTokenPayloadIsNotJson_ExpectFailureWithArgumentException() { const string tokenWithInvalidPayload = "9FvacDjvxjhWG5cqkP3WBrIb6cuCBl9sPjJvkrGX0XI8tbLJQe6Pb2EcbeyOGkbextBqDdHa66pF0HBMg"; var result = new BrancaTokenHandler().ValidateToken( tokenWithInvalidPayload, new TokenValidationParameters { TokenDecryptionKey = new SymmetricSecurityKey(validKey) }); result.IsValid.Should().BeFalse(); result.Exception.Should().BeOfType <ArgumentException>(); }
public void ValidateToken_WhenTokenPayloadIsNotJson_ExpectFailureWithArgumentException() { const string tokenWithInvalidPayload = "Mvm6wbsyZMgClkmtiBf0lW3rEkvnCK5RgytoerJJex40b9yqh6GbSlfkFJHgFX9ocF"; var result = new BrancaTokenHandler().ValidateToken( tokenWithInvalidPayload, new TokenValidationParameters { TokenDecryptionKey = new SymmetricSecurityKey(validKey) }); result.IsValid.Should().BeFalse(); result.Exception.Should().BeOfType <ArgumentException>(); }
public void ValidateToken_WhenIncorrectDecryptionKey_ExpectFailureWithSecurityTokenDecryptionFailedException() { var key = new byte[32]; new Random().NextBytes(key); var result = new BrancaTokenHandler().ValidateToken( ValidToken, new TokenValidationParameters { TokenDecryptionKey = new SymmetricSecurityKey(key) }); result.IsValid.Should().BeFalse(); result.Exception.Should().BeOfType <SecurityTokenDecryptionFailedException>(); }
public void CreateAndDecryptToken_WithSecurityTokenDescriptor_ExpectCorrectBrancaTimestampAndNoIatClaim() { var handler = new BrancaTokenHandler(); var token = handler.CreateToken(new SecurityTokenDescriptor { EncryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(validKey), ExtendedSecurityAlgorithms.XChaCha20Poly1305) }); var parsedToken = handler.DecryptToken(token, validKey); var jObject = JObject.Parse(parsedToken.Payload); jObject["iat"].Should().BeNull(); parsedToken.Timestamp.Should().BeCloseTo(DateTime.UtcNow, 1000); }
public void CreateAndValidateToken_WithSecurityTokenDescriptor_ExpectCorrectBrancaTimestampAndNoIatClaim() { const string issuer = "me"; const string audience = "you"; const string subject = "123"; var expires = DateTime.UtcNow.AddDays(1); var notBefore = DateTime.UtcNow; var handler = new BrancaTokenHandler(); var token = handler.CreateToken(new SecurityTokenDescriptor { Issuer = issuer, Audience = audience, Expires = expires, NotBefore = notBefore, Claims = new Dictionary <string, object> { { "sub", subject } }, EncryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(validKey), ExtendedSecurityAlgorithms.XChaCha20Poly1305) }); var validatedToken = handler.ValidateToken(token, new TokenValidationParameters { ValidIssuer = issuer, ValidAudience = audience, TokenDecryptionKey = new SymmetricSecurityKey(validKey) }); validatedToken.IsValid.Should().BeTrue(); validatedToken.ClaimsIdentity.Claims.Should().Contain( x => x.Type == "sub" && x.Value == subject); var brancaToken = (BrancaSecurityToken)validatedToken.SecurityToken; brancaToken.Issuer.Should().Be(issuer); brancaToken.Audiences.Should().Contain(audience); brancaToken.Subject.Should().Be(subject); brancaToken.IssuedAt.Should().BeWithin(1.Minutes()).After(notBefore); brancaToken.ValidFrom.Should().BeWithin(0.Seconds()).After(notBefore); brancaToken.ValidTo.Should().BeWithin(0.Seconds()).After(expires); }
public IActionResult Branca() { var handler = new BrancaTokenHandler(); var token = handler.CreateToken(new SecurityTokenDescriptor { Issuer = "me", Audience = "you", EncryptingCredentials = options.BrancaEncryptingCredentials }); var parsedToken = handler.DecryptToken(token, ((SymmetricSecurityKey)options.BrancaEncryptingCredentials.Key).Key); return(View("Index", new TokenModel { Type = "Branca", Token = token, Payload = parsedToken.Payload })); }
public Result <BrancaToken> Decrypt(string key, string keyType, string token) { if (string.IsNullOrWhiteSpace(key)) { throw new ArgumentNullException(nameof(key)); } if (string.IsNullOrWhiteSpace(keyType)) { throw new ArgumentNullException(nameof(keyType)); } if (string.IsNullOrWhiteSpace(token)) { throw new ArgumentNullException(nameof(token)); } byte[] keyBytes; try { keyBytes = ParseKey(key, keyType); } catch { return(Result <BrancaToken> .Failure("Unable to parse key")); } if (keyBytes.Length != 32) { return(Result <BrancaToken> .Failure("Invalid key length")); } var handler = new BrancaTokenHandler(); try { return(Result <BrancaToken> .Success(handler.DecryptToken(token, keyBytes))); } catch { return(Result <BrancaToken> .Failure("Unable to decrypt token")); } }
public Result <string> Encrypt(string key, string keyType, uint timestamp, string payload) { if (string.IsNullOrWhiteSpace(key)) { throw new ArgumentNullException(nameof(key)); } if (string.IsNullOrWhiteSpace(keyType)) { throw new ArgumentNullException(nameof(keyType)); } if (string.IsNullOrWhiteSpace(payload)) { throw new ArgumentNullException(nameof(payload)); } byte[] keyBytes; try { keyBytes = ParseKey(key, keyType); } catch { return(Result <string> .Failure("Unable to parse key")); } if (keyBytes.Length != 32) { return(Result <string> .Failure("Invalid key length")); } var handler = new BrancaTokenHandler(); try { return(Result <string> .Success(handler.CreateToken(payload, timestamp, keyBytes))); } catch { return(Result <string> .Failure("Unable to create token")); } }
public void CreateToken_WhenPayloadIsNullOrWhitespace_ExpectArgumentNullException(string payload) { var handler = new BrancaTokenHandler(); Assert.Throws <ArgumentNullException>(() => handler.CreateToken(payload, validKey)); }
public void CanReadToken_WhenBrancaToken_ExpectTrue() { var canReadToken = new BrancaTokenHandler().CanReadToken(ValidToken); canReadToken.Should().BeTrue(); }
public void DecryptToken_WhenValidToken_ExpectCorrectPayload() { var parsedToken = new BrancaTokenHandler().DecryptToken(ValidToken, validKey); parsedToken.Payload.Should().Be(ExpectedPayload); }