Home Explore Help
Sign In
dotnet
/
aspnetcore
mirror of https://github.com/dotnet/aspnetcore.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: b706a75e03
Branches Tags
aspnetcore
/
test
/
Microsoft.AspNetCore.DataProtection.Extensions.Test
/
TimeLimitedDataProtectorTests.cs

TimeLimitedDataProtectorTests.cs 8.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179 
  1. // Copyright (c) .NET Foundation. All rights reserved.
    2. 

  2. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
    3. 

  3. 

  4. using System;
    5. 

  5. using System.Globalization;
    6. 

  6. using System.Security.Cryptography;
    7. 

  7. using Microsoft.AspNetCore.DataProtection.Extensions;
    8. 

  8. using Microsoft.Extensions.Logging.Abstractions;
    9. 

  9. using Moq;
    10. 

  10. using Xunit;
    11. 

  11. 

  12. namespace Microsoft.AspNetCore.DataProtection
    13. 

  13. {
    14. 

  14.     public class TimeLimitedDataProtectorTests
    15. 

  15.     {
    16. 

  16.         private const string TimeLimitedPurposeString = "Microsoft.AspNetCore.DataProtection.TimeLimitedDataProtector.v1";
    17. 

  17. 

  18.         [Fact]
    19. 

  19.         public void Protect_LifetimeSpecified()
    20. 

  20.         {
    21. 

  21.             // Arrange
    22. 

  22.             // 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
    23. 

  23.             DateTimeOffset expiration = StringToDateTime("2000-01-01 00:00:00Z");
    24. 

  24.             var mockInnerProtector = new Mock<IDataProtector>();
    25. 

  25.             mockInnerProtector.Setup(o => o.CreateProtector("new purpose").CreateProtector(TimeLimitedPurposeString).Protect(
    26. 

  26.                 new byte[] {
    27. 

  27.                     0x08, 0xc1, 0x22, 0x02, 0x47, 0xe4, 0x40, 0x00, /* header */
    28. 

  28.                     0x01, 0x02, 0x03, 0x04, 0x05 /* payload */
    29. 

  29.                 })).Returns(new byte[] { 0x10, 0x11 });
    30. 

  30. 

  31.             var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
    32. 

  32. 

  33.             // Act
    34. 

  34.             var subProtector = timeLimitedProtector.CreateProtector("new purpose");
    35. 

  35.             var protectedPayload = subProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 }, expiration);
    36. 

  36. 

  37.             // Assert
    38. 

  38.             Assert.Equal(new byte[] { 0x10, 0x11 }, protectedPayload);
    39. 

  39.         }
    40. 

  40. 

  41.         [Fact]
    42. 

  42.         public void Protect_LifetimeNotSpecified_UsesInfiniteLifetime()
    43. 

  43.         {
    44. 

  44.             // Arrange
    45. 

  45.             // 0x2bca2875f4373fff is the representation of DateTimeOffset.MaxValue.
    46. 

  46.             DateTimeOffset expiration = StringToDateTime("2000-01-01 00:00:00Z");
    47. 

  47.             var mockInnerProtector = new Mock<IDataProtector>();
    48. 

  48.             mockInnerProtector.Setup(o => o.CreateProtector("new purpose").CreateProtector(TimeLimitedPurposeString).Protect(
    49. 

  49.                 new byte[] {
    50. 

  50.                     0x2b, 0xca, 0x28, 0x75, 0xf4, 0x37, 0x3f, 0xff, /* header */
    51. 

  51.                     0x01, 0x02, 0x03, 0x04, 0x05 /* payload */
    52. 

  52.                 })).Returns(new byte[] { 0x10, 0x11 });
    53. 

  53. 

  54.             var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
    55. 

  55. 

  56.             // Act
    57. 

  57.             var subProtector = timeLimitedProtector.CreateProtector("new purpose");
    58. 

  58.             var protectedPayload = subProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 });
    59. 

  59. 

  60.             // Assert
    61. 

  61.             Assert.Equal(new byte[] { 0x10, 0x11 }, protectedPayload);
    62. 

  62.         }
    63. 

  63. 

  64.         [Fact]
    65. 

  65.         public void Unprotect_WithinPayloadValidityPeriod_Success()
    66. 

  66.         {
    67. 

  67.             // Arrange
    68. 

  68.             // 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
    69. 

  69.             DateTimeOffset expectedExpiration = StringToDateTime("2000-01-01 00:00:00Z");
    70. 

  70.             DateTimeOffset now = StringToDateTime("1999-01-01 00:00:00Z");
    71. 

  71.             var mockInnerProtector = new Mock<IDataProtector>();
    72. 

  72.             mockInnerProtector.Setup(o => o.CreateProtector(TimeLimitedPurposeString).Unprotect(new byte[] { 0x10, 0x11 })).Returns(
    73. 

  73.                 new byte[] {
    74. 

  74.                     0x08, 0xc1, 0x22, 0x02, 0x47, 0xe4, 0x40, 0x00, /* header */
    75. 

  75.                     0x01, 0x02, 0x03, 0x04, 0x05 /* payload */
    76. 

  76.                 });
    77. 

  77. 

  78.             var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
    79. 

  79. 

  80.             // Act
    81. 

  81.             DateTimeOffset actualExpiration;
    82. 

  82.             var retVal = timeLimitedProtector.UnprotectCore(new byte[] { 0x10, 0x11 }, now, out actualExpiration);
    83. 

  83. 

  84.             // Assert
    85. 

  85.             Assert.Equal(expectedExpiration, actualExpiration);
    86. 

  86.             Assert.Equal(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 }, retVal);
    87. 

  87.         }
    88. 

  88. 

  89.         [Fact]
    90. 

  90.         public void Unprotect_PayloadHasExpired_Fails()
    91. 

  91.         {
    92. 

  92.             // Arrange
    93. 

  93.             // 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
    94. 

  94.             DateTimeOffset expectedExpiration = StringToDateTime("2000-01-01 00:00:00Z");
    95. 

  95.             DateTimeOffset now = StringToDateTime("2001-01-01 00:00:00Z");
    96. 

  96.             var mockInnerProtector = new Mock<IDataProtector>();
    97. 

  97.             mockInnerProtector.Setup(o => o.CreateProtector(TimeLimitedPurposeString).Unprotect(new byte[] { 0x10, 0x11 })).Returns(
    98. 

  98.                 new byte[] {
    99. 

  99.                     0x08, 0xc1, 0x22, 0x02, 0x47, 0xe4, 0x40, 0x00, /* header */
    100. 

  100.                     0x01, 0x02, 0x03, 0x04, 0x05 /* payload */
    101. 

  101.                 });
    102. 

  102. 

  103.             var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
    104. 

  104. 

  105.             // Act & assert
    106. 

  106.             DateTimeOffset unused;
    107. 

  107.             var ex = Assert.Throws<CryptographicException>(() => timeLimitedProtector.UnprotectCore(new byte[] { 0x10, 0x11 }, now, out unused));
    108. 

  108. 

  109.             // Assert
    110. 

  110.             Assert.Equal(Resources.FormatTimeLimitedDataProtector_PayloadExpired(expectedExpiration), ex.Message);
    111. 

  111.         }
    112. 

  112. 

  113.         [Fact]
    114. 

  114.         public void Unprotect_ProtectedDataMalformed_Fails()
    115. 

  115.         {
    116. 

  116.             // Arrange
    117. 

  117.             // 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
    118. 

  118.             var mockInnerProtector = new Mock<IDataProtector>();
    119. 

  119.             mockInnerProtector.Setup(o => o.CreateProtector(TimeLimitedPurposeString).Unprotect(new byte[] { 0x10, 0x11 })).Returns(
    120. 

  120.                 new byte[] {
    121. 

  121.                     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 /* header too short */
    122. 

  122.                 });
    123. 

  123. 

  124.             var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
    125. 

  125. 

  126.             // Act & assert
    127. 

  127.             DateTimeOffset unused;
    128. 

  128.             var ex = Assert.Throws<CryptographicException>(() => timeLimitedProtector.Unprotect(new byte[] { 0x10, 0x11 }, out unused));
    129. 

  129. 

  130.             // Assert
    131. 

  131.             Assert.Equal(Resources.TimeLimitedDataProtector_PayloadInvalid, ex.Message);
    132. 

  132.         }
    133. 

  133. 

  134.         [Fact]
    135. 

  135.         public void Unprotect_UnprotectOperationFails_HomogenizesExceptionToCryptographicException()
    136. 

  136.         {
    137. 

  137.             // Arrange
    138. 

  138.             // 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
    139. 

  139.             var mockInnerProtector = new Mock<IDataProtector>();
    140. 

  140.             mockInnerProtector.Setup(o => o.CreateProtector(TimeLimitedPurposeString).Unprotect(new byte[] { 0x10, 0x11 })).Throws(new Exception("How exceptional!"));
    141. 

  141.             var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
    142. 

  142. 

  143.             // Act & assert
    144. 

  144.             DateTimeOffset unused;
    145. 

  145.             var ex = Assert.Throws<CryptographicException>(() => timeLimitedProtector.Unprotect(new byte[] { 0x10, 0x11 }, out unused));
    146. 

  146. 

  147.             // Assert
    148. 

  148.             Assert.Equal(Resources.CryptCommon_GenericError, ex.Message);
    149. 

  149.             Assert.Equal("How exceptional!", ex.InnerException.Message);
    150. 

  150.         }
    151. 

  151. 

  152.         [Fact]
    153. 

  153.         public void RoundTrip_ProtectedData()
    154. 

  154.         {
    155. 

  155.             // Arrange
    156. 

  156.             var ephemeralProtector = new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("my purpose");
    157. 

  157.             var timeLimitedProtector = new TimeLimitedDataProtector(ephemeralProtector);
    158. 

  158.             var expectedExpiration = StringToDateTime("2020-01-01 00:00:00Z");
    159. 

  159. 

  160.             // Act
    161. 

  161.             byte[] ephemeralProtectedPayload = ephemeralProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04 });
    162. 

  162.             byte[] timeLimitedProtectedPayload = timeLimitedProtector.Protect(new byte[] { 0x11, 0x22, 0x33, 0x44 }, expectedExpiration);
    163. 

  163. 

  164.             // Assert
    165. 

  165.             DateTimeOffset actualExpiration;
    166. 

  166.             Assert.Equal(new byte[] { 0x11, 0x22, 0x33, 0x44 }, timeLimitedProtector.UnprotectCore(timeLimitedProtectedPayload, StringToDateTime("2010-01-01 00:00:00Z"), out actualExpiration));
    167. 

  167.             Assert.Equal(expectedExpiration, actualExpiration);
    168. 

  168. 

  169.             // the two providers shouldn't be able to talk to one another (due to the purpose chaining)
    170. 

  170.             Assert.Throws<CryptographicException>(() => ephemeralProtector.Unprotect(timeLimitedProtectedPayload));
    171. 

  171.             Assert.Throws<CryptographicException>(() => timeLimitedProtector.Unprotect(ephemeralProtectedPayload, out actualExpiration));
    172. 

  172.         }
    173. 

  173. 

  174.         private static DateTime StringToDateTime(string input)
    175. 

  175.         {
    176. 

  176.             return DateTimeOffset.ParseExact(input, "u", CultureInfo.InvariantCulture).UtcDateTime;
    177. 

  177.         }
    178. 

  178.     }
    179. 

  179. }
    180.