public void IsValidKey_WhenSecurityKeyIsNotSymmetricSecurityKey_ExpectFalse()
{
var key = new RsaSecurityKey(RSA.Create());
var isValidKey = new TestBrancaTokenHandler().IsValidKey(key);
isValidKey.Should().BeFalse();
}
public void IsValidKey_WhenKeyIsValid_ExpectTrue()
{
var key = new byte[32];
new Random().NextBytes(key);
var isValidKey = new TestBrancaTokenHandler().IsValidKey(key);
isValidKey.Should().BeTrue();
}
public void IsValidKey_WhenKeyIsNot32Bytes_ExpectFalse()
{
var key = new byte[16];
new Random().NextBytes(key);
var isValidKey = new TestBrancaTokenHandler().IsValidKey(key);
isValidKey.Should().BeFalse();
}
public void IsValidKey_WhenEcryptingCredentialsIsValid_ExpectTrue()
{
var keyBytes = new byte[32];
new Random().NextBytes(keyBytes);
var key = new SymmetricSecurityKey(keyBytes);
var credentials = new EncryptingCredentials(key, ExtendedSecurityAlgorithms.XChaCha20Poly1305);
var isValidKey = new TestBrancaTokenHandler().IsValidKey(credentials);
isValidKey.Should().BeTrue();
}
public void IsValidKey_WhenEcryptingCredentialsHasIncorrectEncryptionAlgorithm_ExpectFalse()
{
var keyBytes = new byte[32];
new Random().NextBytes(keyBytes);
var key = new SymmetricSecurityKey(keyBytes);
var credentials = new EncryptingCredentials(key, Microsoft.IdentityModel.Tokens.SecurityAlgorithms.Aes128Encryption);
var isValidKey = new TestBrancaTokenHandler().IsValidKey(credentials);
isValidKey.Should().BeFalse();
}
public void IsValidKey_WhenEcryptingCredentialsHasKeyWrappingSet_ExpectFalse()
{
var keyBytes = new byte[32];
new Random().NextBytes(keyBytes);
var key = new SymmetricSecurityKey(keyBytes);
var credentials = new EncryptingCredentials(
key,
Microsoft.IdentityModel.Tokens.SecurityAlgorithms.Aes256KeyWrap,
ExtendedSecurityAlgorithms.XChaCha20Poly1305);
var isValidKey = new TestBrancaTokenHandler().IsValidKey(credentials);
isValidKey.Should().BeFalse();
}
public void GetBrancaDecryptionKeys_WheInvalidKeysInParameters_ExpectInvalidKeysRemoved()
{
var expectedKey = new byte[32];
new Random().NextBytes(expectedKey);
var handler = new TestBrancaTokenHandler();
var keys = handler.GetBrancaDecryptionKeys("test", new TokenValidationParameters
{
TokenDecryptionKeyResolver = (token, securityToken, kid, parameters) => new List <SecurityKey>(),
TokenDecryptionKey = new SymmetricSecurityKey(expectedKey),
TokenDecryptionKeys = new[] { new RsaSecurityKey(RSA.Create()) }
}).ToList();
keys.Count.Should().Be(1);
keys.Should().Contain(x => x.Key.SequenceEqual(expectedKey));
}