File size: 3,639 Bytes
7b715bc | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 | /*
Copyright 2020 Google Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
using Google.Apis.Auth.OAuth2;
using Google.Apis.Tests.Mocks;
using System;
using System.Security.Cryptography;
using System.Threading.Tasks;
using Xunit;
namespace Google.Apis.Auth.Tests
{
public class SignedTokenVerificationTests
{
[Fact]
public async Task CertificateCache_Caches()
{
MockClock clock = new MockClock(DateTime.UtcNow);
// The fake only fakes the fetching of the certificates from the web.
// The rest of the code can't be mocked and that's what we are testing here.
var certCache = new FakeCertificateCache(clock);
var firstCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);
// Move the clock a little, but not enough to invalidate the cache, which lasts for 1 hour.
clock.UtcNow = clock.UtcNow.AddMinutes(30);
var secondCallCached = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);
Assert.NotNull(firstCall);
Assert.Same(firstCall, secondCallCached);
}
[Fact]
public async Task CertificateCache_Refreshes()
{
MockClock clock = new MockClock(DateTime.UtcNow);
// The fake only fakes the fetching of the certificates from the web.
// The rest of the code can't be mocked and that's what we are testing here.
var certCache = new FakeCertificateCache(clock);
var firstCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);
// Move the clock so the cache expires
clock.UtcNow = clock.UtcNow.AddMinutes(61);
var secondCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);
Assert.NotNull(firstCall);
Assert.NotNull(secondCall);
Assert.NotSame(firstCall, secondCall);
}
[Fact]
public async Task CertificateCache_ForceRefresh()
{
MockClock clock = new MockClock(DateTime.UtcNow);
// The fake only fakes the fetching of the certificates from the web.
// The rest of the code can't be mocked and that's what we are testing here.
var certCache = new FakeCertificateCache(clock);
var firstCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);
// Move the clock some so that the cache doesn't expire.
clock.UtcNow = clock.UtcNow.AddMinutes(30);
var secondCall = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), true, default);
Assert.NotNull(firstCall);
Assert.NotNull(secondCall);
// Still they are different because we forced refreshed the cache.
Assert.NotSame(firstCall, secondCall);
}
}
}
|