public RequestSignatureVerificationResultFailure(
Client client,
Signature signature,
SignatureVerificationFailure failure) : base(client, signature)
{
Failure = failure ?? throw new ArgumentNullException(nameof(failure));
}
public async Task WhenVerificationFails_ReturnsFailureResult()
{
var client = new Client(
_request.Signature.KeyId,
"Unit test app",
new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA256),
TimeSpan.FromMinutes(1),
TimeSpan.FromMinutes(1),
RequestTargetEscaping.RFC3986);
A.CallTo(() => _clientStore.Get(_request.Signature.KeyId))
.Returns(client);
var verificationResultCreator = A.Fake <IVerificationResultCreator>();
A.CallTo(() => _verificationResultCreatorFactory.Create(client, _request))
.Returns(verificationResultCreator);
var failure = SignatureVerificationFailure.SignatureExpired("Invalid signature.");
A.CallTo(() => _signatureVerifier.VerifySignature(A <HttpRequestForVerification> ._, A <Client> ._))
.Returns(failure);
A.CallTo(() => verificationResultCreator.CreateForFailure(failure))
.Returns(new RequestSignatureVerificationResultFailure(client, _request, failure));
var actual = await _sut.VerifySignature(_request);
actual.Should().BeAssignableTo <RequestSignatureVerificationResultFailure>();
actual.As <RequestSignatureVerificationResultFailure>().IsSuccess.Should().BeFalse();
actual.As <RequestSignatureVerificationResultFailure>().Failure.Should().Be(failure);
}
public RequestSignatureVerificationResult CreateForFailure(SignatureVerificationFailure failure)
{
if (failure == null)
{
throw new ArgumentNullException(nameof(failure));
}
return(new RequestSignatureVerificationResultFailure(_client, _requestForVerification, failure));
}
public async Task <RequestSignatureVerificationResult> VerifySignature(HttpRequestForVerification request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (request.Signature == null)
{
var failure = SignatureVerificationFailure.InvalidSignature("The signature is missing from the request.");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client: null, request, failure));
}
var firstValidationError = request.Signature.GetValidationErrors().FirstOrDefault();
if (firstValidationError != default)
{
var failure = SignatureVerificationFailure.InvalidSignature($"The signature is invalid: {firstValidationError.Message}");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client: null, request, failure));
}
var client = await _clientStore.Get(request.Signature.KeyId).ConfigureAwait(continueOnCapturedContext: false);
if (client == null)
{
var failure = SignatureVerificationFailure.InvalidClient($"No {nameof(Client)}s with id '{request.Signature.KeyId}' are registered in the server store.");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client: null, request, failure));
}
var verificationFailure = await _signatureVerifier.VerifySignature(request, client).ConfigureAwait(continueOnCapturedContext: false);
var verificationResultCreator = _verificationResultCreatorFactory.Create(client, request);
var result = verificationFailure == null
? verificationResultCreator.CreateForSuccess()
: verificationResultCreator.CreateForFailure(verificationFailure);
if (result is RequestSignatureVerificationResultSuccess success)
{
_logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
}
else if (result is RequestSignatureVerificationResultFailure failure)
{
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
}
return(result);
}
public async Task WhenAVerificationTaskFails_ReturnsFirstFailure_DoesNotRunSubsequentTasks()
{
var firstFailure = SignatureVerificationFailure.HeaderMissing("Invalid");
A.CallTo(() => _matchingAlgorithmVerificationTask.Verify(_signedRequest, _sanitizedSignature, _client))
.Returns(firstFailure);
var secondFailure = SignatureVerificationFailure.SignatureExpired("Invalid");
A.CallTo(() => _createdHeaderGuardVerificationTask.Verify(_signedRequest, _sanitizedSignature, _client))
.Returns(secondFailure);
var actual = await _sut.VerifySignature(_signedRequest, _signature, _client);
actual.Should().Be(firstFailure);
}
public RequestSignatureVerificationResultFailureTests()
{
_request = new HttpRequestForVerification {
Method = HttpMethod.Post,
RequestUri = "https://unittest.com:9000".ToUri(),
Signature = (Signature)TestModels.Signature.Clone()
};
_client = new Client(
_request.Signature.KeyId,
"Unit test app",
new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA256),
TimeSpan.FromMinutes(1),
TimeSpan.FromMinutes(1),
RequestTargetEscaping.RFC3986);
_failure = new InvalidSignatureStringSignatureVerificationFailure(
"The verification failed",
new InvalidOperationException("Epic fail"));
_sut = new RequestSignatureVerificationResultFailure(_client, _request, _failure);
}
public CreateForFailure()
{
_failure = SignatureVerificationFailure.HeaderMissing("You didn't say the magic word.");
}