async public void ItShouldReturnFromCacheWhenKeyIsInCache()
{
var cachedKey = new D2LSecurityToken(
KEY_ID,
DateTime.UtcNow,
DateTime.UtcNow + TimeSpan.FromHours(1),
() => null as Tuple <AsymmetricSecurityKey, IDisposable>
);
m_keyCache
.Setup(x => x.Get(SRC_NAMESPACE, KEY_ID))
.Returns(cachedKey);
D2LSecurityToken result = await m_publicKeyProvider
.GetByIdAsync(KEY_ID)
.SafeAsync();
m_keyCache
.Verify(x => x.Get(SRC_NAMESPACE, KEY_ID));
Assert.AreEqual(cachedKey, result);
}
public async Task ItShouldReturnFromCacheWhenKeyIsInCache(string keyId)
{
var cachedKey = new D2LSecurityToken(
keyId,
DateTime.UtcNow,
DateTime.UtcNow + TimeSpan.FromHours(1),
() => null as Tuple <AsymmetricSecurityKey, IDisposable>
);
m_keyCache
.Setup(x => x.Get(SRC_NAMESPACE, keyId))
.Returns(cachedKey);
D2LSecurityToken result = await m_publicKeyProvider
.GetByIdAsync(keyId)
.ConfigureAwait(false);
m_keyCache
.Verify(x => x.Get(SRC_NAMESPACE, keyId));
Assert.AreEqual(cachedKey, result);
}
async Task <IAccessToken> IAccessTokenValidator.ValidateAsync(
string token
)
{
var tokenHandler = m_tokenHandler.Value;
if (!tokenHandler.CanReadToken(token))
{
throw new ValidationException("Couldn't parse token");
}
var unvalidatedToken = (JwtSecurityToken)tokenHandler.ReadToken(
token
);
if (!ALLOWED_SIGNATURE_ALGORITHMS.Contains(unvalidatedToken.SignatureAlgorithm))
{
string message = string.Format(
"Signature algorithm '{0}' is not supported. Permitted algorithms are '{1}'",
unvalidatedToken.SignatureAlgorithm,
string.Join(",", ALLOWED_SIGNATURE_ALGORITHMS)
);
throw new InvalidTokenException(message);
}
if (!unvalidatedToken.Header.ContainsKey("kid"))
{
throw new InvalidTokenException("KeyId not found in token");
}
string keyId = unvalidatedToken.Header["kid"].ToString();
Guid id;
if (!Guid.TryParse(keyId, out id))
{
throw new InvalidTokenException(string.Format("Non-guid kid claim: {0}", keyId));
}
D2LSecurityToken signingToken = await m_publicKeyProvider
.GetByIdAsync(id)
.SafeAsync();
var validationParameters = new TokenValidationParameters()
{
ValidateAudience = false,
ValidateIssuer = false,
RequireSignedTokens = true,
IssuerSigningToken = signingToken
};
IAccessToken accessToken;
try {
SecurityToken securityToken;
tokenHandler.ValidateToken(
token,
validationParameters,
out securityToken
);
accessToken = new AccessToken(( JwtSecurityToken )securityToken);
} catch (SecurityTokenExpiredException e) {
throw new ExpiredTokenException(e);
} catch (Exception e) {
throw new ValidationException("Unknown validation exception", e);
}
return(accessToken);
}
async Task <IAccessToken> IAccessTokenValidator.ValidateAsync(
string token
)
{
var tokenHandler = m_tokenHandler.Value;
if (!tokenHandler.CanReadToken(token))
{
throw new ValidationException("Couldn't parse token");
}
var unvalidatedToken = ( JwtSecurityToken )tokenHandler.ReadToken(
token
);
if (!ALLOWED_SIGNATURE_ALGORITHMS.Contains(unvalidatedToken.SignatureAlgorithm))
{
string message = string.Format(
"Signature algorithm '{0}' is not supported. Permitted algorithms are '{1}'",
unvalidatedToken.SignatureAlgorithm,
string.Join(",", ALLOWED_SIGNATURE_ALGORITHMS)
);
throw new InvalidTokenException(message);
}
if (!unvalidatedToken.Header.ContainsKey("kid"))
{
throw new InvalidTokenException("KeyId not found in token");
}
string keyId = unvalidatedToken.Header["kid"].ToString();
D2LSecurityToken signingKey = await m_publicKeyProvider
.GetByIdAsync(keyId)
.ConfigureAwait(false);
var validationParameters = new TokenValidationParameters()
{
ValidateAudience = false,
ValidateIssuer = false,
RequireSignedTokens = true,
IssuerSigningKey = signingKey,
CryptoProviderFactory = new D2LCryptoProviderFactory()
};
IAccessToken accessToken;
try {
tokenHandler.ValidateToken(
token,
validationParameters,
out SecurityToken securityToken
);
accessToken = new AccessToken(( JwtSecurityToken )securityToken);
} catch (SecurityTokenExpiredException e) {
throw new ExpiredTokenException(e);
} catch (SecurityTokenNotYetValidException e) {
throw new ValidationException("Token is from the future (nbf)", e);
} catch (Exception e) {
throw new ValidationException("Unknown validation exception", e);
}
return(accessToken);
}
