public async Task EncryptsHMACSecretInDatabase() { using (var sut = new SqlServerClientStore( new SqlServerClientStoreSettings { ConnectionString = _connectionString, SharedSecretEncryptionKey = new SharedSecretEncryptionKey("The_Big_Secret") }, new SignatureAlgorithmConverter(new FakeStringProtectorFactory()))) { var hmac = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA384); var client = new Client( "c1", "app one", hmac, TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(2), RequestTargetEscaping.RFC2396, new Claim("company", "Dalion"), new Claim("scope", "HttpMessageSigning")); await sut.Register(client); var loaded = await LoadFromDb(client.Id); loaded.SigParameter.Should().NotBeNullOrEmpty(); var unencryptedKey = Encoding.UTF8.GetString(hmac.Key); var encryptedKey = new FakeStringProtector().Protect(unencryptedKey); loaded.SigParameter.Should().Be(encryptedKey); loaded.IsSigParameterEncrypted.Should().BeTrue(); } }
public SignatureAlgorithmConverterTests() { FakeFactory.Create(out _stringProtectorFactory); _sut = new SignatureAlgorithmConverter(_stringProtectorFactory); _stringProtector = new FakeStringProtector(); A.CallTo(() => _stringProtectorFactory.CreateSymmetric(A <string> ._)) .Returns(_stringProtector); }
public void GivenHMACAlgorithm_ReturnsExpectedDataRecord() { using (var hmac = SignatureAlgorithm.CreateForVerification(_unencryptedKey, HashAlgorithmName.SHA384)) { _sut.SetSignatureAlgorithm(_dataRecord, hmac, _encryptionKey); _dataRecord.SigType.Should().Be("HMAC"); _dataRecord.SigHashAlgorithm.Should().Be(HashAlgorithmName.SHA384.Name); _dataRecord.IsSigParameterEncrypted.Should().BeTrue(); var encryptedKey = new FakeStringProtector().Protect(_unencryptedKey); _dataRecord.SigParameter.Should().Be(encryptedKey); } }