public async Task WhenNonceIsEnabled_BlocksReplayedRequest()
{
_nonceEnabled = true;
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = _requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
var receivedRequest = await request.ToServerSideHttpRequest();
var verificationResult1 = await _verifier.VerifySignature(receivedRequest, _authenticationOptions);
verificationResult1.Should().BeAssignableTo <RequestSignatureVerificationResultSuccess>();
var verificationResult2 = await _verifier.VerifySignature(receivedRequest, _authenticationOptions);
verificationResult2.Should().BeAssignableTo <RequestSignatureVerificationResultFailure>();
verificationResult2.As <RequestSignatureVerificationResultFailure>().Failure.Code.Should().Be("REPLAYED_REQUEST");
}
public async Task CreatesSignatureThatCanBeValidated()
{
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = _requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
var receivedRequest = await request.ToServerSideHttpRequest();
var verificationResult = await _verifier.VerifySignature(receivedRequest, _options);
if (verificationResult is RequestSignatureVerificationResultSuccess successResult)
{
var simpleClaims = successResult.Principal.Claims.Select(c => new { c.Type, c.Value }).ToList();
var claimsString = string.Join(", ", simpleClaims.Select(c => $"{{type:{c.Type},value:{c.Value}}}"));
_output.WriteLine("Request signature verification succeeded: {0}", claimsString);
}
else if (verificationResult is RequestSignatureVerificationResultFailure failureResult)
{
_output.WriteLine("Request signature verification failed: {0}", failureResult.Failure);
throw new SignatureVerificationException(failureResult.Failure.ToString());
}
}
public async Task CanVerifyRequestContainingQueryString()
{
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post?hasQueryString=true"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = _requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
var receivedRequest = await request.ToServerSideHttpRequest();
var verificationResult = await _verifier.VerifySignature(receivedRequest, _authenticationOptions);
if (verificationResult is RequestSignatureVerificationResultFailure failureResult)
{
_output.WriteLine("Request signature verification failed: {0}", failureResult.Failure);
throw new SignatureVerificationException(failureResult.Failure.ToString());
}
}
private static async Task SendPostRequest(IRequestSignerFactory requestSignerFactory, ILogger <WebApplicationClient> logger)
{
var request = new HttpRequestMessage {
Method = HttpMethod.Post,
RequestUri = new Uri("http://localhost:" + Port + "/userinfo"),
Content = new StringContent("{\"id\": 42 }", Encoding.UTF8, MediaTypeNames.Application.Json)
};
var requestSigner = requestSignerFactory.CreateFor(KeyId);
await requestSigner.Sign(request);
using (var httpClient = new HttpClient()) {
var response = await httpClient.SendAsync(request);
if (response.IsSuccessStatusCode)
{
logger?.LogInformation("{0} - POST request response: {1}", response.StatusCode, response.StatusCode);
}
else
{
logger?.LogError("{0} - POST request response: {1}", response.StatusCode, response.ReasonPhrase);
}
var responseContentTask = response.Content?.ReadAsStringAsync();
var responseContent = responseContentTask == null ? null : await responseContentTask;
if (responseContent != null)
{
logger?.LogInformation(responseContent);
}
}
}
private static async Task SendUnescapedRequest(IRequestSignerFactory requestSignerFactory, ILogger <WebApplicationClient> logger)
{
var request = new HttpRequestMessage {
Method = HttpMethod.Get,
RequestUri = new Uri("http://localhost:" + Port + "/userinfo/api/{Brooks} was here/api/David & Partners + Siebe at 100% * co.?query+string={brooks}")
};
var requestSigner = requestSignerFactory.CreateFor(KeyId);
await requestSigner.Sign(request);
using (var httpClient = new HttpClient()) {
var response = await httpClient.SendAsync(request);
if (response.IsSuccessStatusCode)
{
logger?.LogInformation("{0} - Escaped GET request response: {1}", response.StatusCode, response.StatusCode);
}
else
{
logger?.LogError("{0} - Escaped GET request response: {1}", response.StatusCode, response.ReasonPhrase);
}
var responseContentTask = response.Content?.ReadAsStringAsync();
var responseContent = responseContentTask == null ? null : await responseContentTask;
if (responseContent != null)
{
logger?.LogInformation(responseContent);
}
}
}
private static async Task SendEncodedRequest(IRequestSignerFactory requestSignerFactory, ILogger <WebApplicationClient> logger)
{
var request = new HttpRequestMessage {
Method = HttpMethod.Get,
RequestUri = new Uri("http://localhost:" + Port + "/userinfo/api/%7BBrooks%7D%20was%20here/api/David%20%26%20Partners%20%2B%20Siebe%20at%20100%25%20%2A%20co.")
};
var requestSigner = requestSignerFactory.CreateFor(KeyId);
await requestSigner.Sign(request);
using (var httpClient = new HttpClient()) {
var response = await httpClient.SendAsync(request);
if (response.IsSuccessStatusCode)
{
logger?.LogInformation("{0} - Encoded GET request response: {1}", response.StatusCode, response.StatusCode);
}
else
{
logger?.LogError("{0} - Encoded GET request response: {1}", response.StatusCode, response.ReasonPhrase);
}
var responseContentTask = response.Content?.ReadAsStringAsync();
var responseContent = responseContentTask == null ? null : await responseContentTask;
if (responseContent != null)
{
logger?.LogInformation(responseContent);
}
}
}
public async Task WhenRequestTargetEscapingSettingIsAMismatch_VerificationFails()
{
_serviceProvider = new ServiceCollection()
.Configure(services => ConfigureServices(services, RequestTargetEscaping.RFC3986, RequestTargetEscaping.Unescaped))
.BuildServiceProvider();
_requestSignerFactory = _serviceProvider.GetRequiredService <IRequestSignerFactory>();
_verifier = _serviceProvider.GetRequiredService <IRequestSignatureVerifier>();
var request = new HttpRequestMessage {
RequestUri = new Uri("https://dalion.eu/api/%7BBrooks%7D%20was%20here/api/David%20%26%20Partners%20%2B%20Siebe%20at%20100%25%20%2A%20co.?query%2Bstring=%7BBrooks%7D"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = _requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
var receivedRequest = await request.ToServerSideHttpRequest();
var verificationResult = await _verifier.VerifySignature(receivedRequest, _authenticationOptions);
verificationResult.IsSuccess.Should().BeFalse();
if (verificationResult is RequestSignatureVerificationResultFailure failureResult)
{
_output.WriteLine("Request signature verification failed: {0}", failureResult.Failure);
}
}
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var requestSigner = _requestSignerFactory.CreateFor(_signingKey.KeyId);
await requestSigner.Sign(request);
return(await base.SendAsync(request, cancellationToken));
}
public async Task CanUpdateSigningSettingsBeforeSigning()
{
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post"),
Method = HttpMethod.Get,
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = _requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
request.Headers.Authorization.Parameter.Should().NotContain("nonce");
}
private static async Task <HttpRequestMessage> SampleSignRSA(IRequestSignerFactory requestSignerFactory)
{
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = requestSignerFactory.CreateFor("4d8f14b6c4184dc1b677c88a2b60bfd2");
await requestSigner.Sign(request);
return(request);
}
private static async Task <HttpRequestMessage> SampleSignHMAC(IRequestSignerFactory requestSignerFactory)
{
var request = new HttpRequestMessage {
RequestUri = new Uri("https://httpbin.org/post"),
Method = HttpMethod.Post,
Content = new StringContent("{'id':42}", Encoding.UTF8, MediaTypeNames.Application.Json),
Headers =
{
{ "Dalion-App-Id", "ringor" }
}
};
var requestSigner = requestSignerFactory.CreateFor("e0e8dcd638334c409e1b88daf821d135");
await requestSigner.Sign(request);
return(request);
}
private static async Task SendGetRequest(IRequestSignerFactory requestSignerFactory, ILogger <AspNetCoreWebApplicationClient> logger)
{
var request = new HttpRequestMessage {
Method = HttpMethod.Get,
RequestUri = new Uri("http://localhost:" + Port + "/userinfo")
};
var requestSigner = requestSignerFactory.CreateFor(KeyId);
await requestSigner.Sign(request);
using (var httpClient = new HttpClient()) {
var response = await httpClient.SendAsync(request);
logger?.LogInformation("GET request response: " + response.StatusCode);
var responseContentTask = response.Content?.ReadAsStringAsync();
var responseContent = responseContentTask == null ? null : await responseContentTask;
if (responseContent != null)
{
logger?.LogInformation(responseContent);
}
}
}