public async Task When_Passing_Jws_To_DecryptAsync_With_Password_And_Cannot_Extract_Json_Web_Key_Then_Empty_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string clientId = "client_id";
const string password = "******";
var jwsProtectedHeader = new JweProtectedHeader
{
Alg = Jwt.Constants.JwsAlgNames.PS256
};
var client = new Core.Common.Models.Client
{
ClientId = clientId,
JsonWebKeys = new List <JsonWebKey>()
};
_jweParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
.Returns(jwsProtectedHeader);
_clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
// ACT
var result = await _jwtParser.DecryptWithPasswordAsync("jws", clientId, password);
// ASSERT
Assert.Empty(result);
}
public async Task <AuthenticationResult> AuthenticateClientWithClientSecretJwtAsync(AuthenticateInstruction instruction, string clientSecret, string expectedIssuer)
{
if (instruction == null)
{
throw new ArgumentNullException(nameof(instruction));
}
var clientAssertion = instruction.ClientAssertion;
var isJweToken = _jwtParser.IsJweToken(clientAssertion);
if (!isJweToken)
{
return(new AuthenticationResult(null, ErrorDescriptions.TheClientAssertionIsNotAJweToken));
}
var jwe = instruction.ClientAssertion;
var clientId = instruction.ClientIdFromHttpRequestBody;
var jws = await _jwtParser.DecryptWithPasswordAsync(jwe, clientId, clientSecret);
if (string.IsNullOrWhiteSpace(jws))
{
return(new AuthenticationResult(null, ErrorDescriptions.TheJweTokenCannotBeDecrypted));
}
var isJwsToken = _jwtParser.IsJwsToken(jws);
if (!isJwsToken)
{
return(new AuthenticationResult(null, ErrorDescriptions.TheClientAssertionIsNotAJwsToken));
}
var jwsPayload = await _jwtParser.UnSignAsync(jws, clientId);
if (jwsPayload == null)
{
return(new AuthenticationResult(null, ErrorDescriptions.TheJwsPayloadCannotBeExtracted));
}
return(await ValidateJwsPayLoad(jwsPayload, expectedIssuer));
}