diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2008-11-03 16:02:57 -0800 |
|---|---|---|
| committer | Andrew <andrewarnott@gmail.com> | 2008-11-03 16:02:57 -0800 |
| commit | aa1f55f58a561ff64dc268977d0d7c9decb92bbe (patch) | |
| tree | fd685f00353d26493b40df7eaeac78745e27d1b8 /src/DotNetOAuth.Test/OAuth/ChannelElements/PlaintextSigningBindingElementTest.cs | |
| parent | f1794fc8779ae39ac3d5bc6e8b811523e62ca482 (diff) | |
| download | DotNetOpenAuth-aa1f55f58a561ff64dc268977d0d7c9decb92bbe.zip DotNetOpenAuth-aa1f55f58a561ff64dc268977d0d7c9decb92bbe.tar.gz DotNetOpenAuth-aa1f55f58a561ff64dc268977d0d7c9decb92bbe.tar.bz2 | |
Moved all the OAuth classes into its own namespace in preparation to receiving DotNetOpenId merge.
Diffstat (limited to 'src/DotNetOAuth.Test/OAuth/ChannelElements/PlaintextSigningBindingElementTest.cs')
| -rw-r--r-- | src/DotNetOAuth.Test/OAuth/ChannelElements/PlaintextSigningBindingElementTest.cs | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/src/DotNetOAuth.Test/OAuth/ChannelElements/PlaintextSigningBindingElementTest.cs b/src/DotNetOAuth.Test/OAuth/ChannelElements/PlaintextSigningBindingElementTest.cs new file mode 100644 index 0000000..151f00d --- /dev/null +++ b/src/DotNetOAuth.Test/OAuth/ChannelElements/PlaintextSigningBindingElementTest.cs @@ -0,0 +1,78 @@ +//-----------------------------------------------------------------------
+// <copyright file="PlaintextSigningBindingElementTest.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOAuth.Test.OAuth.ChannelElements
+{
+ using DotNetOAuth.Messaging;
+ using DotNetOAuth.OAuth.ChannelElements;
+ using DotNetOAuth.OAuth.Messages;
+ using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+ [TestClass]
+ public class PlaintextSigningBindingElementTest {
+ [TestMethod]
+ public void HttpsSignatureGeneration() {
+ SigningBindingElementBase target = new PlaintextSigningBindingElement();
+ MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("https://localtest", HttpDeliveryMethods.GetRequest);
+ ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint);
+ message.ConsumerSecret = "cs";
+ message.TokenSecret = "ts";
+ Assert.IsTrue(target.PrepareMessageForSending(message));
+ Assert.AreEqual("PLAINTEXT", message.SignatureMethod);
+ Assert.AreEqual("cs&ts", message.Signature);
+ }
+
+ [TestMethod]
+ public void HttpsSignatureVerification() {
+ MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("https://localtest", HttpDeliveryMethods.GetRequest);
+ ITamperProtectionChannelBindingElement target = new PlaintextSigningBindingElement();
+ ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint);
+ message.ConsumerSecret = "cs";
+ message.TokenSecret = "ts";
+ message.SignatureMethod = "PLAINTEXT";
+ message.Signature = "cs&ts";
+ Assert.IsTrue(target.PrepareMessageForReceiving(message));
+ }
+
+ [TestMethod]
+ public void HttpsSignatureVerificationNotApplicable() {
+ SigningBindingElementBase target = new PlaintextSigningBindingElement();
+ MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("https://localtest", HttpDeliveryMethods.GetRequest);
+ ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint);
+ message.ConsumerSecret = "cs";
+ message.TokenSecret = "ts";
+ message.SignatureMethod = "ANOTHERALGORITHM";
+ message.Signature = "somethingelse";
+ Assert.IsFalse(target.PrepareMessageForReceiving(message), "PLAINTEXT binding element should opt-out where it doesn't understand.");
+ }
+
+ [TestMethod]
+ public void HttpSignatureGeneration() {
+ SigningBindingElementBase target = new PlaintextSigningBindingElement();
+ MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("http://localtest", HttpDeliveryMethods.GetRequest);
+ ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint);
+ message.ConsumerSecret = "cs";
+ message.TokenSecret = "ts";
+
+ // Since this is (non-encrypted) HTTP, so the plain text signer should not be used
+ Assert.IsFalse(target.PrepareMessageForSending(message));
+ Assert.IsNull(message.SignatureMethod);
+ Assert.IsNull(message.Signature);
+ }
+
+ [TestMethod]
+ public void HttpSignatureVerification() {
+ SigningBindingElementBase target = new PlaintextSigningBindingElement();
+ MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("http://localtest", HttpDeliveryMethods.GetRequest);
+ ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint);
+ message.ConsumerSecret = "cs";
+ message.TokenSecret = "ts";
+ message.SignatureMethod = "PLAINTEXT";
+ message.Signature = "cs%26ts";
+ Assert.IsFalse(target.PrepareMessageForReceiving(message), "PLAINTEXT signature binding element should refuse to participate in non-encrypted messages.");
+ }
+ }
+}
|