public void GivenUnsupportedAlgorithmType_ThrowsNotSupportedException() { var unsupported = new CustomSignatureAlgorithm("CUSTOM"); Action act = () => SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(unsupported, _encryptionKey); act.Should().Throw <NotSupportedException>(); }
public async Task Register(Client client) { if (client == null) { throw new ArgumentNullException(nameof(client)); } await _migrator.Migrate(); if (IsProhibitedId(client.Id)) { throw new ArgumentException($"The id value of the specified {nameof(Client)} is prohibited ({client.Id}).", nameof(client)); } var record = new ClientDataRecordV2 { Id = client.Id, Name = client.Name, NonceLifetime = client.NonceLifetime.TotalSeconds, ClockSkew = client.ClockSkew.TotalSeconds, Claims = client.Claims?.Select(ClaimDataRecordV2.FromClaim)?.ToArray(), SignatureAlgorithm = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(client.SignatureAlgorithm, _encryptionKey), RequestTargetEscaping = client.RequestTargetEscaping.ToString() }; record.V = record.GetV(); var collection = _lazyCollection.Value; await collection.ReplaceOneAsync(r => r.Id == record.Id, record, new ReplaceOptions { IsUpsert = true }); }
public void GivenNullOrEmptyEncryptionKey_DoesNotThrow(string nullOrEmpty) { using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) { Action act = () => SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(hmac, nullOrEmpty); act.Should().NotThrow(); } }
public void GivenNullOrEmptyEncryptionKey_DoesNotEncryptParameter(string nullOrEmpty) { using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) { var actual = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(hmac, nullOrEmpty); actual.Parameter.Should().Be(_unencryptedKey); actual.IsParameterEncrypted.Should().BeFalse(); } }
public ToSignatureAlgorithm() { _encryptedKey = "VbB9IMM3ID9bc4l3gJnzlsZuYFWNqI6WUfRufiP1JHiwNcGRZWSn5Q82Imkn5luw"; _recordVersion = 2; _sut = new SignatureAlgorithmDataRecordV2 { Type = "HMAC", Parameter = _encryptedKey, HashAlgorithm = HashAlgorithmName.MD5.Name, IsParameterEncrypted = true }; }
public ToSignatureAlgorithm() { _encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret"); _unencryptedKey = "s3cr3t"; _recordVersion = 2; _dataRecord = new SignatureAlgorithmDataRecordV2 { Type = "HMAC", Parameter = new FakeStringProtector().Protect(_unencryptedKey), HashAlgorithm = HashAlgorithmName.MD5.Name, IsParameterEncrypted = true }; }
public void GivenHMACAlgorithm_ReturnsExpectedDataRecord() { using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) { var actual = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(hmac, _encryptionKey); var expected = new SignatureAlgorithmDataRecordV2 { Type = "HMAC", HashAlgorithm = HashAlgorithmName.SHA384.Name, IsParameterEncrypted = true }; actual.Should().BeEquivalentTo(expected, opts => opts.Excluding(_ => _.Parameter)); actual.Parameter.Should().NotBe(_unencryptedKey); } }
public void GivenHMACAlgorithm_ReturnsExpectedDataRecord() { using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) { var actual = _sut.FromSignatureAlgorithm(hmac, _encryptionKey); var encryptedKey = new FakeStringProtector().Protect(_unencryptedKey); var expected = new SignatureAlgorithmDataRecordV2 { Type = "HMAC", HashAlgorithm = HashAlgorithmName.SHA384.Name, IsParameterEncrypted = true, Parameter = encryptedKey }; actual.Should().BeEquivalentTo(expected); } }
public void GivenRSAAlgorithm_ReturnsExpectedDataRecord() { using (var rsa = new RSACryptoServiceProvider()) { using (var rsaAlg = SignatureAlgorithm.CreateForVerification(rsa, HashAlgorithmName.SHA384)) { var actual = _sut.FromSignatureAlgorithm(rsaAlg, _encryptionKey); var expected = new SignatureAlgorithmDataRecordV2 { Type = "RSA", Parameter = rsa.ExportParameters(false).ToXml(), HashAlgorithm = HashAlgorithmName.SHA384.Name, IsParameterEncrypted = false }; actual.Should().BeEquivalentTo(expected); } } }
public void GivenECDsaAlgorithm_ReturnsExpectedDataRecord() { using (var ecdsa = ECDsa.Create()) { using (var ecdsaAlg = SignatureAlgorithm.CreateForVerification(ecdsa, HashAlgorithmName.SHA384)) { var actual = SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(ecdsaAlg, _encryptionKey); var expected = new SignatureAlgorithmDataRecordV2 { Type = "ECDsa", Parameter = ecdsa.ExportParameters(false).ToXml(), HashAlgorithm = HashAlgorithmName.SHA384.Name, IsParameterEncrypted = false }; actual.Should().BeEquivalentTo(expected); } } }
public void GivenHMACDataRecord_ReturnsHMACDataRecord() { var sut = new SignatureAlgorithmDataRecordV2 { Type = "HMAC", Parameter = _encryptedKey, HashAlgorithm = HashAlgorithmName.MD5.Name, IsParameterEncrypted = true }; using (var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion)) { var expected = new HMACSignatureAlgorithm(_unencryptedKey, HashAlgorithmName.MD5); actual.Should().BeAssignableTo <HMACSignatureAlgorithm>(); actual.As <HMACSignatureAlgorithm>().Should().BeEquivalentTo(expected); } }
public void GivenLegacyRecordVersion_DoesNotDecryptParameter(int?legacyVersion) { var sut = new SignatureAlgorithmDataRecordV2 { Type = "HMAC", Parameter = _unencryptedKey, HashAlgorithm = HashAlgorithmName.MD5.Name }; var actual = sut.ToSignatureAlgorithm(_encryptionKey, legacyVersion); actual.Should().BeAssignableTo <HMACSignatureAlgorithm>(); var actualKeyBytes = actual.As <HMACSignatureAlgorithm>().Key; var actualKey = Encoding.UTF8.GetString(actualKeyBytes); actualKey.Should().Be(_unencryptedKey); }
public void WhenParameterIsNotEncrypted_DoesNotDecryptParameter() { var sut = new SignatureAlgorithmDataRecordV2 { Type = "HMAC", Parameter = _unencryptedKey, HashAlgorithm = HashAlgorithmName.MD5.Name, IsParameterEncrypted = false }; var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion); actual.Should().BeAssignableTo <HMACSignatureAlgorithm>(); var actualKeyBytes = actual.As <HMACSignatureAlgorithm>().Key; var actualKey = Encoding.UTF8.GetString(actualKeyBytes); actualKey.Should().Be(_unencryptedKey); }
public void GivenECDsaDataRecord_ReturnsECDsaAlgorithm() { using (var ecdsa = ECDsa.Create()) { var publicParameters = ecdsa.ExportParameters(false); var sut = new SignatureAlgorithmDataRecordV2 { Type = "ECDsa", Parameter = publicParameters.ToXml(), HashAlgorithm = HashAlgorithmName.MD5.Name, IsParameterEncrypted = false }; using (var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion)) { var expected = ECDsaSignatureAlgorithm.CreateForVerification(HashAlgorithmName.MD5, publicParameters); actual.Should().BeAssignableTo <ECDsaSignatureAlgorithm>(); actual.As <ECDsaSignatureAlgorithm>().Should().BeEquivalentTo(expected); actual.As <ECDsaSignatureAlgorithm>().GetPublicKey().ToXml().Should().Be(publicParameters.ToXml()); } } }
public void GivenRSADataRecord_ReturnsRSAAlgorithm() { using (var rsa = new RSACryptoServiceProvider()) { var publicParameters = rsa.ExportParameters(false); var sut = new SignatureAlgorithmDataRecordV2 { Type = "RSA", Parameter = publicParameters.ToXml(), HashAlgorithm = HashAlgorithmName.MD5.Name, IsParameterEncrypted = false }; using (var actual = sut.ToSignatureAlgorithm(_encryptionKey, _recordVersion)) { var expected = RSASignatureAlgorithm.CreateForVerification(HashAlgorithmName.MD5, publicParameters); actual.Should().BeAssignableTo <RSASignatureAlgorithm>(); actual.As <RSASignatureAlgorithm>().Should().BeEquivalentTo(expected); actual.As <RSASignatureAlgorithm>().GetPublicKey().ToXml().Should().Be(publicParameters.ToXml()); } } }
public void GivenNullSignatureAlgorithm_ThrowsArgumentNullException() { Action act = () => SignatureAlgorithmDataRecordV2.FromSignatureAlgorithm(null, _encryptionKey); act.Should().Throw <ArgumentNullException>(); }