public async Task When_Passing_Jws_To_DecryptAsync_With_Password_And_Cannot_Extract_Json_Web_Key_Then_Empty_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string clientId = "client_id"; const string password = "******"; var jwsProtectedHeader = new JweProtectedHeader { Alg = Jwt.Constants.JwsAlgNames.PS256 }; var client = new Core.Common.Models.Client { ClientId = clientId, JsonWebKeys = new List <JsonWebKey>() }; _jweParserMock.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); // ACT var result = await _jwtParser.DecryptWithPasswordAsync("jws", clientId, password); // ASSERT Assert.Empty(result); }
public async Task <AuthenticationResult> AuthenticateClientWithClientSecretJwtAsync(AuthenticateInstruction instruction, string clientSecret, string expectedIssuer) { if (instruction == null) { throw new ArgumentNullException(nameof(instruction)); } var clientAssertion = instruction.ClientAssertion; var isJweToken = _jwtParser.IsJweToken(clientAssertion); if (!isJweToken) { return(new AuthenticationResult(null, ErrorDescriptions.TheClientAssertionIsNotAJweToken)); } var jwe = instruction.ClientAssertion; var clientId = instruction.ClientIdFromHttpRequestBody; var jws = await _jwtParser.DecryptWithPasswordAsync(jwe, clientId, clientSecret); if (string.IsNullOrWhiteSpace(jws)) { return(new AuthenticationResult(null, ErrorDescriptions.TheJweTokenCannotBeDecrypted)); } var isJwsToken = _jwtParser.IsJwsToken(jws); if (!isJwsToken) { return(new AuthenticationResult(null, ErrorDescriptions.TheClientAssertionIsNotAJwsToken)); } var jwsPayload = await _jwtParser.UnSignAsync(jws, clientId); if (jwsPayload == null) { return(new AuthenticationResult(null, ErrorDescriptions.TheJwsPayloadCannotBeExtracted)); } return(await ValidateJwsPayLoad(jwsPayload, expectedIssuer)); }