public void GivenUnsupportedAlgorithmType_ThrowsNotSupportedException()
{
var unsupported = new CustomSignatureAlgorithm("CUSTOM");
Action act = () => SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(unsupported, _encryptionKey);
act.Should().Throw <NotSupportedException>();
}
public async Task Register(Client client)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
await _migrator.Migrate();
if (IsProhibitedId(client.Id))
{
throw new ArgumentException($"The id value of the specified {nameof(Client)} is prohibited ({client.Id}).", nameof(client));
}
var record = new ClientDataRecordV2 {
Id = client.Id,
Name = client.Name,
NonceLifetime = client.NonceLifetime.TotalSeconds,
ClockSkew = client.ClockSkew.TotalSeconds,
Claims = client.Claims?.Select(ClaimDataRecordV2.FromClaim)?.ToArray(),
SignatureAlgorithm = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(client.SignatureAlgorithm, _encryptionKey),
RequestTargetEscaping = client.RequestTargetEscaping.ToString()
};
record.V = record.GetV();
var collection = _lazyCollection.Value;
await collection.ReplaceOneAsync(r => r.Id == record.Id, record, new ReplaceOptions { IsUpsert = true });
}
public void GivenNullOrEmptyEncryptionKey_DoesNotThrow(string nullOrEmpty)
{
using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
Action act = () => SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(hmac, nullOrEmpty);
act.Should().NotThrow();
}
}
public void GivenNullOrEmptyEncryptionKey_DoesNotEncryptParameter(string nullOrEmpty)
{
using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
var actual = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(hmac, nullOrEmpty);
actual.Parameter.Should().Be(_unencryptedKey);
actual.IsParameterEncrypted.Should().BeFalse();
}
}
public ToSignatureAlgorithm()
{
_encryptedKey = "VbB9IMM3ID9bc4l3gJnzlsZuYFWNqI6WUfRufiP1JHiwNcGRZWSn5Q82Imkn5luw";
_recordVersion = 2;
_sut = new SignatureAlgorithmDataRecordV2 {
Type = "HMAC",
Parameter = _encryptedKey,
HashAlgorithm = HashAlgorithmName.MD5.Name,
IsParameterEncrypted = true
};
}
public ToSignatureAlgorithm()
{
_encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret");
_unencryptedKey = "s3cr3t";
_recordVersion = 2;
_dataRecord = new SignatureAlgorithmDataRecordV2 {
Type = "HMAC",
Parameter = new FakeStringProtector().Protect(_unencryptedKey),
HashAlgorithm = HashAlgorithmName.MD5.Name,
IsParameterEncrypted = true
};
}
public void GivenHMACAlgorithm_ReturnsExpectedDataRecord()
{
using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
var actual = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(hmac, _encryptionKey);
var expected = new SignatureAlgorithmDataRecordV2 {
Type = "HMAC",
HashAlgorithm = HashAlgorithmName.SHA384.Name,
IsParameterEncrypted = true
};
actual.Should().BeEquivalentTo(expected, opts => opts.Excluding(_ => _.Parameter));
actual.Parameter.Should().NotBe(_unencryptedKey);
}
}
public void GivenHMACAlgorithm_ReturnsExpectedDataRecord()
{
using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) {
var actual = _sut.FromSignatureAlgorithm(hmac, _encryptionKey);
var encryptedKey = new FakeStringProtector().Protect(_unencryptedKey);
var expected = new SignatureAlgorithmDataRecordV2 {
Type = "HMAC",
HashAlgorithm = HashAlgorithmName.SHA384.Name,
IsParameterEncrypted = true,
Parameter = encryptedKey
};
actual.Should().BeEquivalentTo(expected);
}
}
public void GivenRSAAlgorithm_ReturnsExpectedDataRecord()
{
using (var rsa = new RSACryptoServiceProvider()) {
using (var rsaAlg = SignatureAlgorithm.CreateForVerification(rsa, HashAlgorithmName.SHA384)) {
var actual = _sut.FromSignatureAlgorithm(rsaAlg, _encryptionKey);
var expected = new SignatureAlgorithmDataRecordV2 {
Type = "RSA",
Parameter = rsa.ExportParameters(false).ToXml(),
HashAlgorithm = HashAlgorithmName.SHA384.Name,
IsParameterEncrypted = false
};
actual.Should().BeEquivalentTo(expected);
}
}
}
public void GivenECDsaAlgorithm_ReturnsExpectedDataRecord()
{
using (var ecdsa = ECDsa.Create()) {
using (var ecdsaAlg = SignatureAlgorithm.CreateForVerification(ecdsa, HashAlgorithmName.SHA384)) {
var actual = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(ecdsaAlg, _encryptionKey);
var expected = new SignatureAlgorithmDataRecordV2 {
Type = "ECDsa",
Parameter = ecdsa.ExportParameters(false).ToXml(),
HashAlgorithm = HashAlgorithmName.SHA384.Name,
IsParameterEncrypted = false
};
actual.Should().BeEquivalentTo(expected);
}
}
}
public void GivenHMACDataRecord_ReturnsHMACDataRecord()
{
var sut = new SignatureAlgorithmDataRecordV2 {
Type = "HMAC",
Parameter = _encryptedKey,
HashAlgorithm = HashAlgorithmName.MD5.Name,
IsParameterEncrypted = true
};
using (var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion)) {
var expected = new HMACSignatureAlgorithm(_unencryptedKey, HashAlgorithmName.MD5);
actual.Should().BeAssignableTo <HMACSignatureAlgorithm>();
actual.As <HMACSignatureAlgorithm>().Should().BeEquivalentTo(expected);
}
}
public void GivenLegacyRecordVersion_DoesNotDecryptParameter(int?legacyVersion)
{
var sut = new SignatureAlgorithmDataRecordV2 {
Type = "HMAC",
Parameter = _unencryptedKey,
HashAlgorithm = HashAlgorithmName.MD5.Name
};
var actual = sut.ToSignatureAlgorithm(_encryptionKey, legacyVersion);
actual.Should().BeAssignableTo <HMACSignatureAlgorithm>();
var actualKeyBytes = actual.As <HMACSignatureAlgorithm>().Key;
var actualKey = Encoding.UTF8.GetString(actualKeyBytes);
actualKey.Should().Be(_unencryptedKey);
}
public void WhenParameterIsNotEncrypted_DoesNotDecryptParameter()
{
var sut = new SignatureAlgorithmDataRecordV2 {
Type = "HMAC",
Parameter = _unencryptedKey,
HashAlgorithm = HashAlgorithmName.MD5.Name,
IsParameterEncrypted = false
};
var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion);
actual.Should().BeAssignableTo <HMACSignatureAlgorithm>();
var actualKeyBytes = actual.As <HMACSignatureAlgorithm>().Key;
var actualKey = Encoding.UTF8.GetString(actualKeyBytes);
actualKey.Should().Be(_unencryptedKey);
}
public void GivenECDsaDataRecord_ReturnsECDsaAlgorithm()
{
using (var ecdsa = ECDsa.Create()) {
var publicParameters = ecdsa.ExportParameters(false);
var sut = new SignatureAlgorithmDataRecordV2 {
Type = "ECDsa",
Parameter = publicParameters.ToXml(),
HashAlgorithm = HashAlgorithmName.MD5.Name,
IsParameterEncrypted = false
};
using (var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion)) {
var expected = ECDsaSignatureAlgorithm.CreateForVerification(HashAlgorithmName.MD5, publicParameters);
actual.Should().BeAssignableTo <ECDsaSignatureAlgorithm>();
actual.As <ECDsaSignatureAlgorithm>().Should().BeEquivalentTo(expected);
actual.As <ECDsaSignatureAlgorithm>().GetPublicKey().ToXml().Should().Be(publicParameters.ToXml());
}
}
}
public void GivenRSADataRecord_ReturnsRSAAlgorithm()
{
using (var rsa = new RSACryptoServiceProvider()) {
var publicParameters = rsa.ExportParameters(false);
var sut = new SignatureAlgorithmDataRecordV2 {
Type = "RSA",
Parameter = publicParameters.ToXml(),
HashAlgorithm = HashAlgorithmName.MD5.Name,
IsParameterEncrypted = false
};
using (var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion)) {
var expected = RSASignatureAlgorithm.CreateForVerification(HashAlgorithmName.MD5, publicParameters);
actual.Should().BeAssignableTo <RSASignatureAlgorithm>();
actual.As <RSASignatureAlgorithm>().Should().BeEquivalentTo(expected);
actual.As <RSASignatureAlgorithm>().GetPublicKey().ToXml().Should().Be(publicParameters.ToXml());
}
}
}
public void GivenNullSignatureAlgorithm_ThrowsArgumentNullException()
{
Action act = () => SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(null, _encryptionKey);
act.Should().Throw <ArgumentNullException>();
}
