public async Task When_Decrypting_Jwe_With_Symmetric_Key_Then_Result_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string content = "jws"; var jweProtectedHeader = new JweProtectedHeader { Kid = "kid" }; var jwsProtectedHeader = new JwsProtectedHeader(); var jsonWebKey = new JsonWebKey(); var getJweParameter = new GetJweParameter { Jwe = "jwe", Url = "http://google.be/", Password = "******" }; _jweParserStub.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jweProtectedHeader); _jsonWebKeyHelperStub.Setup(j => j.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>())) .Returns(Task.FromResult <JsonWebKey>(jsonWebKey)); _jweParserStub.Setup(j => j.ParseByUsingSymmetricPassword(It.IsAny <string>(), It.IsAny <JsonWebKey>(), It.IsAny <string>())) .Returns(content); _jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); // ACT & ASSERTS var result = await _getJweInformationAction.ExecuteAsync(getJweParameter); Assert.True(result.IsContentJws); Assert.True(result.Content == content); }
public void When_No_JsonWebKeys_Can_Be_Extracted_Then_Null_Is_Returned() { // ARRANGE var header = new JwsProtectedHeader { Kid = "invalid" }; InitializeFakeObjects(); _jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(header); _parametersProviderStub.Setup(p => p.GetOpenIdConfigurationUrl()) .Returns("configuration"); var jwksClientStub = new Mock <IJwksClient>(); jwksClientStub.Setup(j => j.ResolveAsync(It.IsAny <string>())) .Returns(Task.FromResult <JsonWebKeySet>(null)); _identityServerClientFactoryStub.Setup(i => i.CreateJwksClient()).Returns(jwksClientStub.Object); _jsonWebKeyConverterStub.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>())) .Returns(() => null); // ACT var result = _jwtTokenParser.UnSign("token").Result; // ASSERT Assert.Null(result); }
public async Task When_Passing_Valid_Request_To_Unsign_Without_ClientId_Then_No_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); const string jws = "jws"; const string clientId = "client_id"; const string kid = "1"; var jsonWebKey = new JsonWebKey { Kid = kid, SerializedKey = "serialized_key" }; var payLoad = new JwsPayload(); var jwsProtectedHeader = new JwsProtectedHeader { Alg = Jwt.Constants.JwsAlgNames.PS256, Kid = kid }; _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _jsonWebKeyRepositoryMock.Setup(j => j.GetByKidAsync(It.IsAny <string>())) .Returns(Task.FromResult(jsonWebKey)); _jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>())) .Returns(payLoad); // ACT var result = await _jwtParser.UnSignAsync(jws); // ASSERT Assert.NotNull(result); _jwsParserMock.Verify(j => j.ValidateSignature(jws, jsonWebKey)); }
public async Task When_Json_Web_Key_Uri_Is_Not_Valid_And_Algorithm_Is_PS256_And_Unsign_Then_Null_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string clientId = "client_id"; var jwsProtectedHeader = new JwsProtectedHeader { Alg = Jwt.Constants.JwsAlgNames.PS256 }; var client = new Core.Common.Models.Client { JwksUri = "invalid_url", ClientId = clientId }; var jsonWebKeys = new List <JsonWebKey>(); _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); _jsonWebKeyConverterMock.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>())) .Returns(jsonWebKeys); // ACT var result = await _jwtParser.UnSignAsync("jws", clientId); // ASSERT Assert.Null(result); }
public async Task When_There_Is_No_Algorithm_Then_JwsPayload_Is_Returned() { // ARRANGE var header = new JwsProtectedHeader { Kid = "kid", Alg = SimpleIdentityServer.Core.Jwt.Constants.JwsAlgNames.NONE }; var jsonWebKeys = new List <JsonWebKey> { new JsonWebKey { Kid = "kid" } }; InitializeFakeObjects(); _jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(header); _parametersProviderStub.Setup(p => p.GetOpenIdConfigurationUrl()) .Returns("configuration"); var jwksClientStub = new Mock <IJwksClient>(); jwksClientStub.Setup(j => j.ResolveAsync(It.IsAny <string>())) .Returns(Task.FromResult <JsonWebKeySet>(null)); _identityServerClientFactoryStub.Setup(i => i.CreateJwksClient()).Returns(jwksClientStub.Object); _jsonWebKeyConverterStub.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>())) .Returns(jsonWebKeys); // ACT await _jwtTokenParser.UnSign("token"); // ASSERT _jwsParserStub.Verify(j => j.GetPayload(It.IsAny <string>())); }
public async Task When_Extracting_Information_Of_Unsigned_Jws_Then_Information_Are_Returned() { // ARRANGE InitializeFakeObjects(); var getJwsParameter = new GetJwsParameter { Jws = "jws" }; var jwsProtectedHeader = new JwsProtectedHeader { Kid = "kid", Alg = Constants.JwsAlgNames.NONE }; var jwsPayload = new JwsPayload(); _jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _jwsParserStub.Setup(j => j.GetPayload(It.IsAny <string>())) .Returns(jwsPayload); // ACT var result = await _getJwsInformationAction.Execute(getJwsParameter); // ASSERTS Assert.NotNull(result); }
public async Task When_Passing_Jws_With_None_Algorithm_To_Unsign_And_No_Uri_And_Jwks_Are_Defined_Then_Payload_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string jws = "jws"; const string clientId = "client_id"; var payLoad = new JwsPayload(); var jwsProtectedHeader = new JwsProtectedHeader { Alg = Jwt.Constants.JwsAlgNames.NONE }; var client = new Core.Common.Models.Client { ClientId = clientId }; _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); _jwsParserMock.Setup(j => j.GetPayload(It.IsAny <string>())) .Returns(payLoad); // ACT var result = await _jwtParser.UnSignAsync(jws, clientId); // ASSERT Assert.NotNull(result); _jwsParserMock.Verify(j => j.GetPayload(jws)); }
public async Task When_JsonWebKey_Doesnt_Exist_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); const string url = "http://google.be/"; const string kid = "kid"; var getJwsParameter = new GetJwsParameter { Url = url, Jws = "jws" }; var jwsProtectedHeader = new JwsProtectedHeader { Kid = kid, Alg = Constants.JwsAlgNames.RS256 }; _jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _jsonWebKeyHelperStub.Setup(h => h.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>())) .Returns(Task.FromResult <JsonWebKey>(null)); // ACT & ASSERTS var innerException = await Assert.ThrowsAsync <IdentityServerManagerException>(async() => await _getJwsInformationAction.Execute(getJwsParameter)).ConfigureAwait(false); Assert.True(innerException.Code == ErrorCodes.InvalidRequestCode); Assert.True(innerException.Message == string.Format(ErrorDescriptions.TheJsonWebKeyCannotBeFound, kid, url)); }
public async Task When_No_Uri_And_JsonWebKeys_Are_Defined_And_Algorithm_Is_PS256_And_Unsign_Then_Null_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string clientId = "client_id"; var jwsProtectedHeader = new JwsProtectedHeader { Alg = Jwt.Constants.JwsAlgNames.PS256 }; var client = new Core.Common.Models.Client { ClientId = clientId }; _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); // ACT var result = await _jwtParser.UnSignAsync("jws", clientId); // ASSERT Assert.Null(result); }
public async Task When_Passing_Jws_With_Algorithm_Other_Than_None_To_Unsign_And_Retrieve_Json_Web_Key_From_Uri_Then_Jwis_Is_Unsigned_And_Payload_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string jws = "jws"; const string clientId = "client_id"; const string kid = "1"; var jsonWebKeySet = new JsonWebKeySet(); var json = jsonWebKeySet.SerializeWithDataContract(); var jsonWebKey = new JsonWebKey { Kid = kid, SerializedKey = "serialized_key" }; var payLoad = new JwsPayload(); var jwsProtectedHeader = new JwsProtectedHeader { Alg = Jwt.Constants.JwsAlgNames.PS256, Kid = kid }; var client = new Core.Common.Models.Client { ClientId = clientId, JwksUri = "http://localhost" }; var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.Accepted) { Content = new StringContent(json) }; var jsonWebKeys = new List <JsonWebKey> { jsonWebKey }; var handler = new FakeHttpMessageHandler(httpResponseMessage); var httpClientFake = new HttpClient(handler); _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); _jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>())) .Returns(payLoad); _httpClientFactoryMock.Setup(h => h.GetHttpClient()) .Returns(httpClientFake); _jsonWebKeyConverterMock.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>())) .Returns(jsonWebKeys); // ACT var result = await _jwtParser.UnSignAsync(jws, clientId); // ASSERT Assert.NotNull(result); _jwsParserMock.Verify(j => j.ValidateSignature(jws, jsonWebKey)); }
private JwsPayload UnSignWithJsonWebKey(JsonWebKey jsonWebKey, JwsProtectedHeader jwsProtectedHeader, string jws) { if (jsonWebKey == null && jwsProtectedHeader.Alg != Jwt.Constants.JwsAlgNames.NONE) { return null; } if (jwsProtectedHeader.Alg == Jwt.Constants.JwsAlgNames.NONE) { return _jwsParser.GetPayload(jws); } return _jwsParser.ValidateSignature(jws, jsonWebKey); }
public async Task When_JsonWebKey_Is_Extracted_And_The_Jws_Is_Unsigned_Then_Information_Are_Returned() { // ARRANGE InitializeFakeObjects(); const string url = "http://google.be/"; const string kid = "kid"; var getJwsParameter = new GetJwsParameter { Url = url, Jws = "jws" }; var jsonWebKeySet = new JsonWebKeySet(); var json = jsonWebKeySet.SerializeWithJavascript(); var jwsProtectedHeader = new JwsProtectedHeader { Kid = kid }; var jsonWebKey = new JsonWebKey { Kid = kid }; var dic = new Dictionary <string, object> { { "kid", kid } }; var jwsPayload = new JwsPayload(); _jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _jsonWebKeyHelperStub.Setup(h => h.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>())) .Returns(Task.FromResult(jsonWebKey)); _jwsParserStub.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>())) .Returns(jwsPayload); _jsonWebKeyEnricherStub.Setup(j => j.GetJsonWebKeyInformation(It.IsAny <JsonWebKey>())) .Returns(dic); _jsonWebKeyEnricherStub.Setup(j => j.GetPublicKeyInformation(It.IsAny <JsonWebKey>())) .Returns(() => new Dictionary <string, object>()); // ACT var result = await _getJwsInformationAction.Execute(getJwsParameter); // ASSERTS Assert.NotNull(result); Assert.True(result.JsonWebKey.ContainsKey("kid")); Assert.True(result.JsonWebKey.First().Value == kid); }
public void When_Sign_Payload_With_Rsa_Alogirthm_Then_Jws_Token_Is_Returned() { // ARRANGE InitializeFakeObjects(); const KeyType keyType = KeyType.RSA; const string kid = "kid"; const JwsAlg jwsAlg = JwsAlg.RS384; const string serializedKey = "serializedKey"; const string signature = "signature"; var jsonWebKey = new JsonWebKey { Kty = keyType, Kid = kid, SerializedKey = serializedKey }; var jwsPayload = new JwsPayload(); var jwsProtectedHeader = new JwsProtectedHeader { Kid = kid, Alg = Enum.GetName(typeof(JwsAlg), jwsAlg), Type = "JWT" }; _createJwsSignatureFake.Setup(c => c.SignWithRsa(It.IsAny <JwsAlg>(), It.IsAny <string>(), It.IsAny <string>())) .Returns(signature); var serializedJwsProtectedHeader = jwsProtectedHeader.SerializeWithDataContract(); var base64SerializedJwsProtectedHeader = serializedJwsProtectedHeader.Base64Encode(); var serializedJwsPayload = jwsPayload.SerializeWithJavascript(); var base64SerializedJwsPayload = serializedJwsPayload.Base64Encode(); var combined = string.Format("{0}.{1}", base64SerializedJwsProtectedHeader, base64SerializedJwsPayload); var expectedResult = string.Format("{0}.{1}", combined, signature); // ACT var result = _jwsGenerator.Generate(jwsPayload, jwsAlg, jsonWebKey); // ASSERT _createJwsSignatureFake.Verify(c => c.SignWithRsa(jwsAlg, serializedKey, combined)); Assert.True(expectedResult == result); }
public void When_Passing_No_JsonWebKey_And_Algorithm_Value_Other_Than_None_Then_Returns_Unsigned_Result() { // ARRANGE InitializeFakeObjects(); const JwsAlg jwsAlg = JwsAlg.none; const KeyType keyType = KeyType.RSA; const string kid = "kid"; const string serializedKey = "serializedKey"; const string signature = "signature"; var jsonWebKey = new JsonWebKey { Kty = keyType, Kid = kid, SerializedKey = serializedKey }; var jwsPayload = new JwsPayload(); var jwsProtectedHeader = new JwsProtectedHeader { Alg = Enum.GetName(typeof(JwsAlg), jwsAlg), Type = "JWT" }; _createJwsSignatureFake.Setup(c => c.SignWithRsa(It.IsAny <JwsAlg>(), It.IsAny <string>(), It.IsAny <string>())) .Returns(signature); var serializedJwsProtectedHeader = jwsProtectedHeader.SerializeWithDataContract(); var base64SerializedJwsProtectedHeader = serializedJwsProtectedHeader.Base64Encode(); var serializedJwsPayload = jwsPayload.SerializeWithJavascript(); var base64SerializedJwsPayload = serializedJwsPayload.Base64Encode(); var combined = string.Format("{0}.{1}", base64SerializedJwsProtectedHeader, base64SerializedJwsPayload); var expectedResult = string.Format("{0}.{1}", combined, string.Empty); // ACT var result = _jwsGenerator.Generate(jwsPayload, jwsAlg, null); // ASSERT _createJwsSignatureFake.Verify(c => c.SignWithRsa(It.IsAny <JwsAlg>(), It.IsAny <string>(), It.IsAny <string>()), Times.Never); Assert.True(expectedResult == result); }
public async Task When_Passing_Jws_With_Algorithm_Other_Than_None_To_Unsign_And_Retrieve_Json_Web_Key_From_Parameter_Then_Jws_Is_Unsigned_And_Payload_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string jws = "jws"; const string clientId = "client_id"; const string kid = "1"; var jsonWebKey = new JsonWebKey { Kid = kid, SerializedKey = "serialized_key" }; var payLoad = new JwsPayload(); var jwsProtectedHeader = new JwsProtectedHeader { Alg = Jwt.Constants.JwsAlgNames.PS256, Kid = kid }; var client = new Core.Common.Models.Client { ClientId = clientId, JsonWebKeys = new List <JsonWebKey> { jsonWebKey } }; _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); _jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>())) .Returns(payLoad); // ACT var result = await _jwtParser.UnSignAsync(jws, clientId); // ASSERT Assert.NotNull(result); _jwsParserMock.Verify(j => j.ValidateSignature(jws, jsonWebKey)); }
public async Task When_No_Json_Web_Key_Can_Be_Extracted_From_Uri_And_Algorithm_Is_PS256_And_Unsign_Then_Null_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string clientId = "client_id"; var jsonWebKeySet = new JsonWebKeySet(); var json = jsonWebKeySet.SerializeWithDataContract(); var jwsProtectedHeader = new JwsProtectedHeader { Alg = Jwt.Constants.JwsAlgNames.PS256 }; var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.Accepted) { Content = new StringContent(json) }; var client = new Core.Common.Models.Client { JwksUri = "http://localhost", ClientId = clientId }; var jsonWebKeys = new List <JsonWebKey>(); _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); var handler = new FakeHttpMessageHandler(httpResponseMessage); var httpClientFake = new HttpClient(handler); _httpClientFactoryMock.Setup(h => h.GetHttpClient()) .Returns(httpClientFake); _jsonWebKeyConverterMock.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>())) .Returns(jsonWebKeys); // ACT var result = await _jwtParser.UnSignAsync("jws", clientId); // ASSERT Assert.Null(result); }
public async Task When_The_Signature_Is_Not_Valid_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); const string url = "http://google.be/"; const string kid = "kid"; var getJwsParameter = new GetJwsParameter { Url = url, Jws = "jws" }; var jsonWebKeySet = new JsonWebKeySet(); var json = jsonWebKeySet.SerializeWithJavascript(); var jwsProtectedHeader = new JwsProtectedHeader { Kid = kid }; var jsonWebKey = new JsonWebKey { Kid = kid }; _jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _jsonWebKeyHelperStub.Setup(h => h.GetJsonWebKey(It.IsAny <string>(), It.IsAny <Uri>())) .Returns(Task.FromResult(jsonWebKey)); _jwsParserStub.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>())) .Returns(() => null); // ACT & ASSERTS var innerException = await Assert.ThrowsAsync <IdentityServerManagerException>(async() => await _getJwsInformationAction.Execute(getJwsParameter)).ConfigureAwait(false); Assert.NotNull(innerException); Assert.True(innerException.Code == ErrorCodes.InvalidRequestCode); Assert.True(innerException.Message == ErrorDescriptions.TheSignatureIsNotCorrect); }
public async Task When_No_Uri_And_Sign_Alg_Are_Specified_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var getJwsParameter = new GetJwsParameter { Jws = "jws" }; var jwsProtectedHeader = new JwsProtectedHeader { Kid = "kid", Alg = Constants.JwsAlgNames.RS256 }; _jwsParserStub.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); // ACT & ASSERTS var innerException = await Assert.ThrowsAsync <IdentityServerManagerException>(async() => await _getJwsInformationAction.Execute(getJwsParameter)).ConfigureAwait(false); Assert.NotNull(innerException); Assert.True(innerException.Code == ErrorCodes.InvalidRequestCode); Assert.True(innerException.Message == ErrorDescriptions.TheSignatureCannotBeChecked); }
public async Task When_Requesting_Uri_Returned_Error_And_Algorithm_Is_PS256_And_Unsign_Then_Null_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string clientId = "client_id"; const string json = "json"; var jwsProtectedHeader = new JwsProtectedHeader { Alg = Jwt.Constants.JwsAlgNames.PS256 }; var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent(json) }; var client = new Core.Common.Models.Client { JwksUri = "http://localhost", ClientId = clientId }; _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>())) .Returns(jwsProtectedHeader); _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); var handler = new FakeHttpMessageHandler(httpResponseMessage); var httpClientFake = new HttpClient(handler); _httpClientFactoryMock.Setup(h => h.GetHttpClient()) .Returns(httpClientFake); // ACT var result = await _jwtParser.UnSignAsync("jws", clientId); // ASSERT Assert.Null(result); }