public async Task WhenEncryptionKeyIsNullOrEmpty_DoesNotEncryptHMACSecretInDatabase(string nullOrEmpty) { using (var sut = new MongoDbClientStore( new MongoDatabaseClientProvider(Database), _collectionName, nullOrEmpty, _migrator, _signatureAlgorithmDataRecordConverter)) { var hmac = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA384); var client = new Client( "c1", "app one", hmac, TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(2), RequestTargetEscaping.RFC2396, new Claim("company", "Dalion"), new Claim("scope", "HttpMessageSigning")); await sut.Register(client); var collection = Database.GetCollection <ClientDataRecordV2>(_collectionName); var findResult = await collection.FindAsync <ClientDataRecordV2>(new ExpressionFilterDefinition <ClientDataRecordV2>(r => r.Id == client.Id)); var loaded = await findResult.SingleAsync(); loaded.SignatureAlgorithm.Parameter.Should().NotBeNullOrEmpty(); var unencryptedKey = Encoding.UTF8.GetString(hmac.Key); loaded.SignatureAlgorithm.Parameter.Should().Be(unencryptedKey); loaded.SignatureAlgorithm.IsParameterEncrypted.Should().BeFalse(); } }
public MongoDbClientStoreTests(MongoSetup mongoSetup) : base(mongoSetup) { _migrator = A.Fake <IClientStoreMigrator>(); _collectionName = "clients_" + Guid.NewGuid(); _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _sut = new MongoDbClientStore(new MongoDatabaseClientProvider(Database), _collectionName, _encryptionKey, _migrator); }
public MongoDbClientStoreTests(MongoSetup mongoSetup) : base(mongoSetup) { _migrator = A.Fake <IClientStoreMigrator>(); _collectionName = "clients_" + Guid.NewGuid(); _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _signatureAlgorithmDataRecordConverter = new SignatureAlgorithmDataRecordConverter(new FakeStringProtectorFactory()); _sut = new MongoDbClientStore(new MongoDatabaseClientProvider(Database), _collectionName, _encryptionKey, _migrator, _signatureAlgorithmDataRecordConverter); }
/// <summary>Configures HTTP message signature verification to use a MongoDB <see cref="IClientStore"/>.</summary> /// <param name="builder">The <see cref="IHttpMessageSigningVerificationBuilder" /> that is used to configure verification.</param> /// <param name="clientStoreSettingsFactory">The factory that creates the settings for the Mongo connection.</param> /// <returns>The <see cref="IHttpMessageSigningVerificationBuilder" /> that can be used to continue configuring the verification settings.</returns> public static IHttpMessageSigningVerificationBuilder UseMongoDbClientStore( this IHttpMessageSigningVerificationBuilder builder, Func <IServiceProvider, MongoDbClientStoreSettings> clientStoreSettingsFactory) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (clientStoreSettingsFactory == null) { throw new ArgumentNullException(nameof(clientStoreSettingsFactory)); } builder.Services // Services .AddMemoryCache() .AddSingleton <ISignatureAlgorithmDataRecordConverter, SignatureAlgorithmDataRecordConverter>() .AddSingleton(prov => { var settings = clientStoreSettingsFactory(prov); if (settings == null) { throw new ValidationException($"Invalid {nameof(MongoDbClientStoreSettings)} were specified."); } settings.Validate(); return(settings); }) .AddSingleton <IMongoDatabaseClientProvider>(prov => { var mongoSettings = prov.GetRequiredService <MongoDbClientStoreSettings>(); return(new MongoDatabaseClientProvider(mongoSettings.ConnectionString)); }) // ClientStore Migrations .AddSingleton <IClientStoreBaseliner, ClientStoreBaseliner>() .AddSingleton <ISemaphoreFactory, SemaphoreFactory>() .AddSingleton <IClientStoreMigrator>(prov => new OnlyOnceClientStoreMigrator( new ClientStoreMigrator( prov.GetRequiredService <IEnumerable <IClientStoreMigrationStep> >(), prov.GetRequiredService <IClientStoreBaseliner>()), prov.GetRequiredService <IClientStoreBaseliner>(), prov.GetRequiredService <ISemaphoreFactory>())) .AddSingleton <IClientStoreMigrationStep, AddEncryptionSupportToClientsMigrationStep>(); return(builder // The actual store .UseClientStore(prov => { var mongoSettings = prov.GetRequiredService <MongoDbClientStoreSettings>(); var decorator = prov.GetRequiredService <ICachingClientStoreDecorator>(); var store = new MongoDbClientStore( prov.GetRequiredService <IMongoDatabaseClientProvider>(), mongoSettings.CollectionName, mongoSettings.SharedSecretEncryptionKey, prov.GetRequiredService <IClientStoreMigrator>(), prov.GetRequiredService <ISignatureAlgorithmDataRecordConverter>()); return decorator.DecorateWithCaching(store, mongoSettings.ClientCacheEntryExpiration); })); }
public MongoDbClientStoreTests(MongoSetup mongoSetup) : base(mongoSetup) { _collectionName = "clients"; _sut = new MongoDbClientStore(new MongoDatabaseClientProvider(Database), _collectionName); }