1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
//-----------------------------------------------------------------------
// <copyright file="PlaintextSigningBindingElementTest.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.Test.OAuth.ChannelElements {
using System.Threading;
using System.Threading.Tasks;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth;
using DotNetOpenAuth.OAuth.ChannelElements;
using DotNetOpenAuth.OAuth.Messages;
using DotNetOpenAuth.Test.Mocks;
using NUnit.Framework;
[TestFixture]
public class PlaintextSigningBindingElementTest {
[Test]
public async Task HttpsSignatureGeneration() {
SigningBindingElementBase target = new PlaintextSigningBindingElement();
target.Channel = new TestChannel();
MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("https://localtest", HttpDeliveryMethods.GetRequest);
ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
message.ConsumerSecret = "cs";
message.TokenSecret = "ts";
Assert.IsNotNull(await target.ProcessOutgoingMessageAsync(message, CancellationToken.None));
Assert.AreEqual("PLAINTEXT", message.SignatureMethod);
Assert.AreEqual("cs&ts", message.Signature);
}
[Test]
public async Task HttpsSignatureVerification() {
MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("https://localtest", HttpDeliveryMethods.GetRequest);
ITamperProtectionChannelBindingElement target = new PlaintextSigningBindingElement();
target.Channel = new TestChannel();
ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
message.ConsumerSecret = "cs";
message.TokenSecret = "ts";
message.SignatureMethod = "PLAINTEXT";
message.Signature = "cs&ts";
Assert.IsNotNull(target.ProcessIncomingMessageAsync(message, CancellationToken.None));
}
[Test]
public async Task HttpsSignatureVerificationNotApplicable() {
SigningBindingElementBase target = new PlaintextSigningBindingElement();
target.Channel = new TestChannel();
MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("https://localtest", HttpDeliveryMethods.GetRequest);
ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
message.ConsumerSecret = "cs";
message.TokenSecret = "ts";
message.SignatureMethod = "ANOTHERALGORITHM";
message.Signature = "somethingelse";
Assert.AreEqual(MessageProtections.None, await target.ProcessIncomingMessageAsync(message, CancellationToken.None), "PLAINTEXT binding element should opt-out where it doesn't understand.");
}
[Test]
public async Task HttpSignatureGeneration() {
SigningBindingElementBase target = new PlaintextSigningBindingElement();
target.Channel = new TestChannel();
MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("http://localtest", HttpDeliveryMethods.GetRequest);
ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
message.ConsumerSecret = "cs";
message.TokenSecret = "ts";
// Since this is (non-encrypted) HTTP, so the plain text signer should not be used
Assert.IsNull(await target.ProcessOutgoingMessageAsync(message, CancellationToken.None));
Assert.IsNull(message.SignatureMethod);
Assert.IsNull(message.Signature);
}
[Test]
public async Task HttpSignatureVerification() {
SigningBindingElementBase target = new PlaintextSigningBindingElement();
target.Channel = new TestChannel();
MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("http://localtest", HttpDeliveryMethods.GetRequest);
ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
message.ConsumerSecret = "cs";
message.TokenSecret = "ts";
message.SignatureMethod = "PLAINTEXT";
message.Signature = "cs%26ts";
Assert.IsNull(await target.ProcessIncomingMessageAsync(message, CancellationToken.None), "PLAINTEXT signature binding element should refuse to participate in non-encrypted messages.");
}
}
}
|
