public async Task Roundtrips(RoundtripSignedHttpRequestTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.Roundtrips", theoryData); try { var handler = new SignedHttpRequestHandler(); var signedHttpRequestDescriptor = new SignedHttpRequestDescriptor(theoryData.AccessToken, theoryData.HttpRequestData, theoryData.SigningCredentials, theoryData.SignedHttpRequestCreationParameters); signedHttpRequestDescriptor.CnfClaimValue = theoryData.CnfClaimValue; var signedHttpRequest = handler.CreateSignedHttpRequest(signedHttpRequestDescriptor); var cryptoProviderFactory = signedHttpRequestDescriptor.SigningCredentials.CryptoProviderFactory ?? signedHttpRequestDescriptor.SigningCredentials.Key.CryptoProviderFactory; if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider( signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm, signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(), true, out _)) { context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Signing), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm)); } var signedHttpRequestValidationContext = new SignedHttpRequestValidationContext(signedHttpRequest, theoryData.HttpRequestData, theoryData.TokenValidationParameters, theoryData.SignedHttpRequestValidationParameters); var result = await handler.ValidateSignedHttpRequestAsync(signedHttpRequestValidationContext, CancellationToken.None).ConfigureAwait(false); if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider( signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm, signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(), false, out _)) { context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Validate), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm)); } IdentityComparer.AreBoolsEqual(result.IsValid, theoryData.IsValid, context); if (result.Exception != null) { throw result.Exception; } Assert.NotNull(result); Assert.NotNull(result.SignedHttpRequest); Assert.NotNull(result.ValidatedSignedHttpRequest); Assert.NotNull(result.AccessTokenValidationResult); theoryData.ExpectedException.ProcessNoException(context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public void GetIssuerValidator_V1Authority() { var context = new CompareContext(); var authorityInAliases = ValidatorConstants.AuthorityV1; var validator = CreateIssuerValidator(authorityInAliases); IdentityComparer.AreEqual(ValidatorConstants.AuthorityV1, validator.AadAuthorityV1, context); IdentityComparer.AreEqual(ValidatorConstants.AuthorityCommonTenantWithV2, validator.AadAuthorityV2, context); IdentityComparer.AreBoolsEqual(false, validator.IsV2Authority, context); TestUtilities.AssertFailIfErrors(context); }
public void GetIssuerValidator_B2cAuthorityNotInAliases() { var context = new CompareContext(); var authorityNotInAliases = ValidatorConstants.B2CAuthorityWithV2; var validator = CreateIssuerValidator(authorityNotInAliases); IdentityComparer.AreEqual(ValidatorConstants.B2CAuthority, validator.AadAuthorityV1, context); IdentityComparer.AreEqual(ValidatorConstants.B2CAuthorityWithV2, validator.AadAuthorityV2, context); IdentityComparer.AreBoolsEqual(true, validator.IsV2Authority, context); TestUtilities.AssertFailIfErrors(context); }
public void GetIssuerValidator_TwoTenants() { var context = new CompareContext(); var validator = CreateIssuerValidator(ValidatorConstants.AuthorityV1); IdentityComparer.AreEqual(ValidatorConstants.AuthorityV1, validator.AadAuthorityV1, context); IdentityComparer.AreEqual(ValidatorConstants.AuthorityCommonTenantWithV2, validator.AadAuthorityV2, context); IdentityComparer.AreBoolsEqual(false, validator.IsV2Authority, context); validator = CreateIssuerValidator(ValidatorConstants.AuthorityWithTenantSpecified); IdentityComparer.AreEqual(ValidatorConstants.AuthorityWithTenantSpecified, validator.AadAuthorityV1, context); IdentityComparer.AreEqual(ValidatorConstants.AuthorityWithTenantSpecifiedWithV2, validator.AadAuthorityV2, context); IdentityComparer.AreBoolsEqual(false, validator.IsV2Authority, context); TestUtilities.AssertFailIfErrors(context); }
public void Validate_FromB2CAuthority_WithNoTidClaim_ValidateSuccessfully() { var context = new CompareContext(); Claim issClaim = new Claim(ValidatorConstants.ClaimNameIss, ValidatorConstants.B2CIssuer); Claim tfpClaim = new Claim(ValidatorConstants.ClaimNameTfp, ValidatorConstants.B2CSignUpSignInUserFlow); JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: ValidatorConstants.B2CIssuer, claims: new[] { issClaim, tfpClaim }); AadIssuerValidator validator = CreateIssuerValidator(ValidatorConstants.B2CAuthorityWithV2); validator.Validate( ValidatorConstants.B2CIssuer, jwtSecurityToken, new TokenValidationParameters() { ValidIssuers = new[] { ValidatorConstants.B2CIssuer }, }); IdentityComparer.AreEqual(ValidatorConstants.B2CAuthority, validator.AadAuthorityV1, context); IdentityComparer.AreEqual(ValidatorConstants.B2CAuthorityWithV2, validator.AadAuthorityV2, context); IdentityComparer.AreBoolsEqual(true, validator.IsV2Authority, context); TestUtilities.AssertFailIfErrors(context); }