Added new test cases for invalid signature and for inaccessiable JWKS.

angusmillar · angusmillar · commit 735a90dfdfe6 · 2021-09-25T13:59:27.000+10:00
diff --git a/SmartHealthCard.Test/SmartHealthCardDecoderTest.cs b/SmartHealthCard.Test/SmartHealthCardDecoderTest.cs
@@ -3,11 +3,13 @@
 using SmartHealthCard.Test.Serializers;
 using SmartHealthCard.Test.Support;
 using SmartHealthCard.Token;
+using SmartHealthCard.Token.Exceptions;
 using SmartHealthCard.Token.Model.Shc;
 using SmartHealthCard.Token.Providers;
 using System;
 using System.Collections.Generic;
 using System.Security.Cryptography.X509Certificates;
+using System.Threading.Tasks;
 using Xunit;
 
 namespace SmartHealthCard.Test
@@ -26,7 +28,7 @@ public async void Decode_Token_Verify_with_JWKS()
 
       //The base of the URL where a validator will retrieve the public keys from (e.g : [Issuer]/.well-known/jwks.json) 
       Uri Issuer = new Uri("https://sonichealthcare.com/something");
-      string SmartHealthCardJwsToken = await SmartHealthCardJwsSupport.GetJWSCovidExampleOneAsync(Certificate, Issuer);
+      string SmartHealthCardJwsToken = await SmartHealthCardJwsSupport.GetJWSCovidDetectedExampleOneAsync(Certificate, Issuer);
       
       //This testing JwksSupport class provides us with a mocked IJwksProvider that will inject the JWKS file
       //rather than make the HTTP call to go get it from a public endpoint.
@@ -53,7 +55,7 @@ public async void Decode_Token_Verify_with_Certificate()
 
       //The base of the URL where a validator will retrieve the public keys from (e.g : [Issuer]/.well-known/jwks.json) 
       Uri Issuer = new Uri("https://sonichealthcare.com/something");
-      string SmartHealthCardJwsToken = await SmartHealthCardJwsSupport.GetJWSCovidExampleOneAsync(Certificate, Issuer);
+      string SmartHealthCardJwsToken = await SmartHealthCardJwsSupport.GetJWSCovidDetectedExampleOneAsync(Certificate, Issuer);
 
       //This testing JwksSupport class provides us with a mocked IJwksProvider that will inject the JWKS file
       //rather than make the HTTP call to go get it from a public endpoint.
@@ -82,7 +84,15 @@ public async void Decode_Token_Verify_InvalidTokenSignature_Certificate()
 
       //The base of the URL where a validator will retrieve the public keys from (e.g : [Issuer]/.well-known/jwks.json) 
       Uri Issuer = new Uri("https://sonichealthcare.com/something");
-      string SmartHealthCardJwsToken = await SmartHealthCardJwsSupport.GetJWSCovidExampleOneAsync(Certificate, Issuer);
+
+      string SmartHealthCardJwsTokenCovidDetected = await SmartHealthCardJwsSupport.GetJWSCovidDetectedExampleOneAsync(Certificate, Issuer);
+      string SmartHealthCardJwsTokenCovidNotDetected = await SmartHealthCardJwsSupport.GetJWSCovidNotDetectedExampleOneAsync(Certificate, Issuer);
+
+      //Here we have taken the Payload of a NotDetected Covid test result and substituted it into
+      //a token build with a Detected Covid Test result, so the signature is now be invalid for it's payload.
+      string[] JWSSplitCovidNotDetected = SmartHealthCardJwsTokenCovidNotDetected.Split('.');
+      string[] JWSSplitCovidDetected = SmartHealthCardJwsTokenCovidDetected.Split('.');
+      string FraudulentSmartHealthCardJwsToken = string.Join('.', JWSSplitCovidDetected[0], JWSSplitCovidNotDetected[1], JWSSplitCovidDetected[2]);
 
       //This testing JwksSupport class provides us with a mocked IJwksProvider that will inject the JWKS file
       //rather than make the HTTP call to go get it from a public endpoint.
@@ -94,12 +104,47 @@ public async void Decode_Token_Verify_InvalidTokenSignature_Certificate()
       //### Act #######################################################
 
       //Verify and Decode
-      SmartHealthCardModel SmartHealthCardModel = await Decoder.DecodeAsync(SmartHealthCardJwsToken, Verify: true);
+      SmartHealthCardSignatureInvalidException Exec = await Assert.ThrowsAsync<SmartHealthCardSignatureInvalidException>(() => Decoder.DecodeAsync(FraudulentSmartHealthCardJwsToken, Verify: true));
 
       //### Assert #######################################################
+      Assert.Equal("The JWS signing signature is invalid.", Exec.Message);
+
+    }
+
+    [Fact]
+    public async void Decode_Token_Verify_JWKS_Is_Inaccessible()
+    {
+      //### Prepare ######################################################
+      //Get the ECC certificate from the Cert and Private key PEM files
+      X509Certificate2 Certificate = CertificateSupport.GetCertificateFromPemFiles();
+
+      //The base of the URL where a validator will retrieve the public keys from (e.g : [Issuer]/.well-known/jwks.json) 
+      Uri Issuer = new Uri("https://sonichealthcare.com/something");
+
+      string SmartHealthCardJwsTokenCovidDetected = await SmartHealthCardJwsSupport.GetJWSCovidDetectedExampleOneAsync(Certificate, Issuer);
+      string SmartHealthCardJwsTokenCovidNotDetected = await SmartHealthCardJwsSupport.GetJWSCovidNotDetectedExampleOneAsync(Certificate, Issuer);
+
+      //Here we have taken the Payload of a NotDetected Covid test result and substituted it into
+      //a token build with a Detected Covid Test result, so the signature is now be invalid for it's payload.
+      string[] JWSSplitCovidNotDetected = SmartHealthCardJwsTokenCovidNotDetected.Split('.');
+      string[] JWSSplitCovidDetected = SmartHealthCardJwsTokenCovidDetected.Split('.');
+      string FraudulentSmartHealthCardJwsToken = string.Join('.', JWSSplitCovidDetected[0], JWSSplitCovidNotDetected[1], JWSSplitCovidDetected[2]);
+
+      //This testing JwksSupport class provides us with a mocked IJwksProvider that will inject the JWKS file
+      //rather than make the HTTP call to go get it from a public endpoint.
+      IJwksProvider MockedIJwksProvider = JwksSupport.GetMockedIJwksProvider(Certificate, Issuer);
+
+      //Instantiate the SmartHealthCard Decoder
+      SmartHealthCardDecoder Decoder = new SmartHealthCardDecoder(MockedIJwksProvider);
+
+      //### Act #######################################################
+
+      //Verify and Decode
+      SmartHealthCardSignatureInvalidException Exec = await Assert.ThrowsAsync<SmartHealthCardSignatureInvalidException>(() => Decoder.DecodeAsync(FraudulentSmartHealthCardJwsToken, Verify: true));
+
+      //### Assert #######################################################
+      Assert.Equal("The JWS signing signature is invalid.", Exec.Message);
 
-      Assert.True(!string.IsNullOrWhiteSpace(SmartHealthCardJwsToken));
-      Assert.NotNull(SmartHealthCardModel);
     }
 
 
diff --git a/SmartHealthCard.Test/Support/SmartHealthCardJwsSupport.cs b/SmartHealthCard.Test/Support/SmartHealthCardJwsSupport.cs
@@ -14,7 +14,40 @@ namespace SmartHealthCard.Test.Support
 {
   public static class SmartHealthCardJwsSupport
   {
-    public static async Task<string> GetJWSCovidExampleOneAsync(X509Certificate2 Certificate, Uri Issuer)
+    public static async Task<string> GetJWSCovidNotDetectedExampleOneAsync(X509Certificate2 Certificate, Uri Issuer)
+    {
+      //The Version of FHIR in use
+      string FhirVersion = "4.0.1";
+
+      //Get FHIR bundle
+      Bundle FhirBundleResource = FhirDataSupport.GetCovid19NotDetectedFhirBundleExample();
+      string FhirBundleJson = FhirSerializer.SerializeToJson(FhirBundleResource);
+
+      //When the Smart Health Card became valid, the from date.
+      DateTimeOffset IssuanceDateTimeOffset = DateTimeOffset.Now.AddMinutes(-1);
+
+      //The Uri for the type of VerifiableCredentials
+      // Uri VerifiableCredentialType = new Uri("https://smarthealth.cards#covid19");
+      List<VerifiableCredentialType> VerifiableCredentialTypeList = new List<VerifiableCredentialType>()
+      {
+        VerifiableCredentialType.HealthCard,
+        VerifiableCredentialType.Covid19
+      };
+
+      //Create the SmartHealthCardModel
+      SmartHealthCardModel SmartHealthCardToEncode = new SmartHealthCardModel(Issuer, IssuanceDateTimeOffset,
+          new VerifiableCredential(VerifiableCredentialTypeList,
+            new CredentialSubject(FhirVersion, FhirBundleJson)));
+
+      //Instantiate the SmartHealthCard Encoder
+      SmartHealthCardEncoder SmartHealthCardEncoder = new SmartHealthCardEncoder();
+
+      //Get the Smart Health Card JWS Token 
+      return await SmartHealthCardEncoder.GetTokenAsync(Certificate, SmartHealthCardToEncode);
+
+    }
+
+    public static async Task<string> GetJWSCovidDetectedExampleOneAsync(X509Certificate2 Certificate, Uri Issuer)
     {
       //The Version of FHIR in use
       string FhirVersion = "4.0.1";
diff --git a/SmartHealthCard.Test/TestSmartHealthCardJwsDecoder.cs b/SmartHealthCard.Test/TestSmartHealthCardJwsDecoder.cs
@@ -26,7 +26,7 @@ public async void Test_JwksProviderReturningRetries()
 
       //The base of the URL where a validator will retrieve the public keys from (e.g : [Issuer]/.well-known/jwks.json) 
       Uri Issuer = new Uri("https://sonichealthcare.com/something");
-      string SmartHealthCardJwsToken = await SmartHealthCardJwsSupport.GetJWSCovidExampleOneAsync(Certificate, Issuer);
+      string SmartHealthCardJwsToken = await SmartHealthCardJwsSupport.GetJWSCovidDetectedExampleOneAsync(Certificate, Issuer);
 
       //This MockedRetryIJwksProvider only retunes a retry, it does not retuns a JWKS
       //IJwksProvider MockedRetryIJwksProvider = JwksSupport.GetMockedRetryIJwksProvider(Certificate,Issuer);
@@ -42,9 +42,9 @@ public async void Test_JwksProviderReturningRetries()
 
       //### Assert #######################################################
 
-      var exception = await Assert.ThrowsAsync<SmartHealthCardDecoderException>(Act);
+      var exception = await Assert.ThrowsAsync<SmartHealthCardJwksRequestException>(Act);
       Assert.StartsWith("Unable to obtain the JsonWebKeySet (JWKS) from :", exception.Message);
-      Assert.Contains("Atempt 1 after", exception.Message);
+      Assert.Contains("Attempt 1 after", exception.Message);
     }
   }
   public class TestSmartHealthCardJwsDecoderTwo
@@ -58,7 +58,7 @@ public async void Test_JwksProviderReturningRetriesFollowedBySuccess()
 
       //The base of the URL where a validator will retrieve the public keys from (e.g : [Issuer]/.well-known/jwks.json) 
       Uri Issuer = new Uri("https://sonichealthcare.com/something");
-      string SmartHealthCardJwsToken = await SmartHealthCardJwsSupport.GetJWSCovidExampleOneAsync(Certificate, Issuer);
+      string SmartHealthCardJwsToken = await SmartHealthCardJwsSupport.GetJWSCovidDetectedExampleOneAsync(Certificate, Issuer);
 
       //This MockedRetryIJwksProvider only retunes a retry, it does not retuns a JWKS
       //IJwksProvider MockedRetryIJwksProvider = JwksSupport.GetMockedRetryIJwksProvider(Certificate,Issuer);
