summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenId.Test/AssociationTestSuite.cs
blob: 327d17451cb3313f66518e7e824979f1bab50c31 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
using System;
using System.Collections.Generic;
using System.Text;
using NUnit.Framework;

namespace DotNetOpenId.Test
{
	[TestFixture]
	public class AssociationTestSuite {
		static readonly TimeSpan deltaDateTime = TimeSpan.FromSeconds(2);
		byte[] sha1Secret = new byte[CryptUtil.Sha1.HashSize / 8];
		byte[] sha1Secret2 = new byte[CryptUtil.Sha1.HashSize / 8];

		public AssociationTestSuite() {
			// just a little something to make it at all interesting.
			sha1Secret[0] = 0x33;
			sha1Secret[1] = 0x55;

			sha1Secret2[0] = 0x88;
			sha1Secret2[1] = 0xcc;
		}

		[Test]
		public void Properties() {
			string handle = "somehandle";
			TimeSpan lifetime = TimeSpan.FromMinutes(2);
			Association assoc = new HmacSha1Association(handle, sha1Secret, lifetime);
			Assert.IsFalse(assoc.IsExpired);
			Assert.IsTrue(Math.Abs((DateTime.Now - assoc.Issued.ToLocalTime()).TotalSeconds) < deltaDateTime.TotalSeconds);
			Assert.IsTrue(Math.Abs((DateTime.Now.ToLocalTime() + lifetime - assoc.Expires.ToLocalTime()).TotalSeconds) < deltaDateTime.TotalSeconds);
			Assert.AreEqual(handle, assoc.Handle);
			Assert.IsTrue(Math.Abs(lifetime.TotalSeconds - assoc.SecondsTillExpiration) < deltaDateTime.TotalSeconds);
			Assert.IsTrue(Util.ArrayEquals(sha1Secret, assoc.SecretKey));
			Assert.AreEqual(0, assoc.Issued.Millisecond, "No milliseconds because this can be cut off in conversions.");
		}

		[Test]
		public void Sign() {
			Association assoc1 = new HmacSha1Association("h1", sha1Secret, TimeSpan.FromMinutes(2));
			Association assoc2 = new HmacSha1Association("h2", sha1Secret2, TimeSpan.FromMinutes(2));

			var dict = new Dictionary<string, string>();
			dict.Add("a", "b");
			dict.Add("c", "d");
			var keys = new List<string>();
			keys.Add("a");
			keys.Add("c");

			// sign once and verify that it's sane
			byte[] signature1 = assoc1.Sign(dict, keys);
			Assert.IsNotNull(signature1);
			Assert.AreNotEqual(0, signature1.Length);

			// sign again and make sure it's different
			byte[] signature2 = assoc2.Sign(dict, keys);
			Assert.IsNotNull(signature2);
			Assert.AreNotEqual(0, signature2.Length);
			Assert.IsFalse(Util.ArrayEquals(signature1, signature2));

			// sign again with the same secret and make sure it's the same.
			Assert.IsTrue(Util.ArrayEquals(signature1, assoc1.Sign(dict, keys)));

			// now add data and make sure signature changes
			dict.Add("g", "h");
			keys.Add("g");
			Assert.IsFalse(Util.ArrayEquals(signature1, assoc1.Sign(dict, keys)));

			// now change existing data.
			dict.Remove("g");
			keys.Remove("g");
			dict["c"] = "e";
			Assert.IsFalse(Util.ArrayEquals(signature1, assoc1.Sign(dict, keys)));
			dict.Remove("c");
			keys.Remove("c");
			Assert.IsFalse(Util.ArrayEquals(signature1, assoc1.Sign(dict, keys)));
		}

		[Test]
		public void SignSome() {
			Association assoc = new HmacSha1Association("h1", sha1Secret, TimeSpan.FromMinutes(2));
			const string prefix = "q.";

			var dict = new Dictionary<string, string>();
			dict.Add("q.a", "b");
			dict.Add("q.c", "d");
			dict.Add("q.e", "f");

			var signKeys = new List<string> {"a", "c"}; // don't sign e

			byte[] sig1 = assoc.Sign(dict, signKeys, prefix);

			// change the unsigned value and verify that the sig doesn't change
			dict["q.e"] = "g";
			Assert.IsTrue(Util.ArrayEquals(sig1, assoc.Sign(dict, signKeys, prefix)));
			// change a signed value and verify that the sig does change.
			dict["q.c"] = "D";
			Assert.IsFalse(Util.ArrayEquals(sig1, assoc.Sign(dict, signKeys, prefix)));

			// change the ordering of signed fields and verify that the signature changes.
			dict["q.c"] = "d"; // put this back first.
			Assert.IsTrue(Util.ArrayEquals(sig1, assoc.Sign(dict, signKeys, prefix)));
			signKeys.Insert(0, signKeys[1]);
			signKeys.RemoveAt(2);
			Assert.IsFalse(Util.ArrayEquals(sig1, assoc.Sign(dict, signKeys, prefix)));
		}
	}
}