public async Task When_JsonWebKey_Cannot_Be_Extracted_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var jweProtectedHeader = new JweProtectedHeader
{
Kid = "kid"
};
var getJweParameter = new GetJweParameter
{
Jwe = "jwe",
Url = "http://google.be/"
};
_jweParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jweProtectedHeader);
_jsonWebKeyHelperStub.Setup(j => j.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>()))
.Returns(Task.FromResult <JsonWebKey>(null));
// ACT & ASSERTS
var exception = await Assert.ThrowsAsync <IdentityServerManagerException>(async() => await _getJweInformationAction.ExecuteAsync(getJweParameter)).ConfigureAwait(false);
Assert.True(exception.Code == ErrorCodes.InvalidRequestCode);
Assert.True(exception.Message == string.Format(ErrorDescriptions.TheJsonWebKeyCannotBeFound, jweProtectedHeader.Kid, getJweParameter.Url));
}
public async Task When_Passing_Jws_To_DecryptAsync_With_Password_And_Cannot_Extract_Json_Web_Key_Then_Empty_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string clientId = "client_id";
const string password = "******";
var jwsProtectedHeader = new JweProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256
};
var client = new Core.Common.Models.Client
{
ClientId = clientId,
JsonWebKeys = new List <JsonWebKey>()
};
_jweParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
// ACT
var result = await _jwtParser.DecryptWithPasswordAsync("jws", clientId, password);
// ASSERT
Assert.Empty(result);
}
public async Task When_Decrypting_Jwe_With_Symmetric_Key_Then_Result_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string content = "jws";
var jweProtectedHeader = new JweProtectedHeader
{
Kid = "kid"
};
var jwsProtectedHeader = new JwsProtectedHeader();
var jsonWebKey = new JsonWebKey();
var getJweParameter = new GetJweParameter
{
Jwe = "jwe",
Url = "http://google.be/",
Password = "******"
};
_jweParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jweProtectedHeader);
_jsonWebKeyHelperStub.Setup(j => j.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>()))
.Returns(Task.FromResult <JsonWebKey>(jsonWebKey));
_jweParserStub.Setup(j => j.ParseByUsingSymmetricPassword(It.IsAny <string>(), It.IsAny <JsonWebKey>(), It.IsAny <string>()))
.Returns(content);
_jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
// ACT & ASSERTS
var result = await _getJweInformationAction.ExecuteAsync(getJweParameter);
Assert.True(result.IsContentJws);
Assert.True(result.Content == content);
}
public AesEncryptionResult Encrypt(
string toEncrypt,
JweAlg alg,
JweProtectedHeader protectedHeader,
JsonWebKey jsonWebKey)
{
return(PerformEncryption(toEncrypt, alg, protectedHeader, jsonWebKey, bytes => bytes[0]));
}
public AesEncryptionResult Encrypt(
string toEncrypt,
JweAlg alg,
JweProtectedHeader protectedHeader,
JsonWebKey jsonWebKey)
{
return(null);
}
public AesEncryptionResult EncryptWithSymmetricPassword(
string toEncrypt,
JweAlg alg,
JweProtectedHeader protectedHeader,
JsonWebKey jsonWebKey,
string password)
{
return(null);
}
public AesEncryptionResult EncryptWithSymmetricPassword(
string toEncrypt,
JweAlg alg,
JweProtectedHeader protectedHeader,
JsonWebKey jsonWebKey,
string password)
{
var callback = new Func <byte[][], byte[]>(bytes =>
{
var result = Encoding.UTF8.GetBytes(password);
return(result);
});
return(PerformEncryption(toEncrypt, alg, protectedHeader, jsonWebKey, callback));
}
private AesEncryptionResult PerformEncryption(
string toEncrypt,
JweAlg alg,
JweProtectedHeader protectedHeader,
JsonWebKey jsonWebKey,
Func <byte[][], byte[]> callback)
{
// Get the content encryption key
var contentEncryptionKey = _aesEncryptionHelper.GenerateContentEncryptionKey(_keySize);
// Encrypt the content encryption key
var encryptedContentEncryptionKey = _aesEncryptionHelper.EncryptContentEncryptionKey(
contentEncryptionKey,
alg,
jsonWebKey);
var contentEncryptionKeySplitted = GetKeysFromContentEncryptionKey(contentEncryptionKey);
var hmacKey = callback(contentEncryptionKeySplitted);
var aesCbcKey = contentEncryptionKeySplitted[1];
var iv = ByteManipulator.GenerateRandomBytes(_keySize / 2);
// Encrypt the plain text & create cipher text.
var cipherText = _aesEncryptionHelper.EncryptWithAesAlgorithm(
toEncrypt,
aesCbcKey,
iv);
// Calculate the additional authenticated data.
var serializedProtectedHeader = protectedHeader.SerializeWithDataContract();
var aad = Encoding.UTF8.GetBytes(serializedProtectedHeader);
// Calculate the authentication tag.
var al = ByteManipulator.LongToBytes(aad.Length * 8);
var hmacInput = ByteManipulator.Concat(aad, iv, cipherText, al);
var hmacValue = ComputeHmac(_keySize, hmacKey, hmacInput);
var authenticationTag = ByteManipulator.SplitByteArrayInHalf(hmacValue)[0];
return(new AesEncryptionResult
{
Iv = iv,
CipherText = cipherText,
EncryptedContentEncryptionKey = encryptedContentEncryptionKey,
AuthenticationTag = authenticationTag
});
}
public async Task When_Passing_Jwe_With_Not_Existing_JsonWebKey_To_DecryptAsync_Without_ClientId_Method_Then_Empty_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
var jwsProtectedHeader = new JweProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256
};
_jweParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_jsonWebKeyRepositoryMock.Setup(j => j.GetByKidAsync(It.IsAny <string>()))
.Returns(Task.FromResult((JsonWebKey)null));
// ACT
var result = await _jwtParser.DecryptAsync("jws");
// ASSERT
Assert.Empty(result);
}
public async Task When_DecryptAsync_Jwe_With_Password_Then_Function_Is_Called()
{
// ARRANGE
InitializeFakeObjects();
const string jws = "jws";
const string clientId = "client_id";
const string kid = "1";
const string password = "******";
var jsonWebKey = new JsonWebKey
{
Kid = kid,
SerializedKey = "serialized_key"
};
var payLoad = new JwsPayload();
var jwsProtectedHeader = new JweProtectedHeader
{
Alg = Jwt.Constants.JweAlgNames.A128KW,
Kid = kid
};
var client = new Core.Common.Models.Client
{
ClientId = clientId,
JsonWebKeys = new List <JsonWebKey>
{
jsonWebKey
}
};
_jweParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
_jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
.Returns(payLoad);
// ACT
await _jwtParser.DecryptWithPasswordAsync(jws, clientId, password);
// ASSERT
_jweParserMock.Verify(j => j.ParseByUsingSymmetricPassword(jws, jsonWebKey, password));
}
public async Task When_Passing_Valid_Request_To_DecryptAsync_Without_ClientId_Method_Then_Parse_Method_Is_Called()
{
// ARRANGE
InitializeFakeObjects();
var jwsProtectedHeader = new JweProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256
};
var jsonWebKey = new JsonWebKey();
_jweParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_jsonWebKeyRepositoryMock.Setup(j => j.GetByKidAsync(It.IsAny <string>()))
.Returns(Task.FromResult(jsonWebKey));
// ACT
var result = await _jwtParser.DecryptAsync("jws");
// ASSERT
_jweParserMock.Verify(j => j.Parse(It.IsAny <string>(), It.IsAny <JsonWebKey>()));
}
public async Task When_Passing_Jws_With_Valid_Kid_To_DecryptAsync_Then_Parse_Is_Called_And_Payload_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string jws = "jws";
const string clientId = "client_id";
const string kid = "1";
var jsonWebKey = new JsonWebKey
{
Kid = kid,
SerializedKey = "serialized_key"
};
var payLoad = new JwsPayload();
var jwsProtectedHeader = new JweProtectedHeader
{
Alg = Constants.JweAlgNames.A128KW,
Kid = kid
};
var client = new Client
{
ClientId = clientId,
JsonWebKeys = new List <JsonWebKey>
{
jsonWebKey
}
};
_jweParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
_jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
.Returns(payLoad);
// ACT
await _jwtParser.DecryptAsync(jws, clientId);
// ASSERT
_jweParserMock.Verify(j => j.Parse(jws, jsonWebKey));
}