Problems with Mocking WebRequest due to internal contructor

052616fe · Klaus Fischer · 4c7553da · 052616fe · 052616fe
Commit 052616fe authored 2 years ago by Klaus Fischer
--- a/FitConnect/Subscriber.cs
+++ b/FitConnect/Subscriber.cs
 using System.Net;
 using System.Reflection;
+using System.Security.Cryptography;
+using System.Text;
 using Autofac;
+using Autofac.Core.Activators.Reflection;
 using FitConnect.Encryption;
 using FitConnect.Interfaces.Subscriber;
 using FitConnect.Models;
@@ -202,11 +205,22 @@ public class Subscriber : FitConnectClient,
        Logger?.LogInformation("Submission completed {status}", result);
    }

-    public static void VerifyCallback(WebRequest request) {
+    public static bool VerifyCallback(WebRequest request) {
        var timestamp = long.Parse(request.Headers["callback-timestamp"] ?? "0");
-        
+
        if (timestamp < DateTime.Now.AddMinutes(-5).ToEpochTime())
            throw new ArgumentException("Request is too old");
+
+        var secret = request.Headers["callback-authentication"] ?? "";
+        using var requestStream = request.GetRequestStream();
+        var content = new StreamReader(requestStream).ReadToEnd();
+        var hmac = new HMACSHA512(Encoding.UTF8.GetBytes(secret)).ComputeHash(
+            Encoding.UTF8.GetBytes(request.Headers["callback-timestamp"] + "." + content));
+        var hmacString = Convert.ToHexString(hmac);
+
+        if (hmacString != secret)
+            throw new ArgumentException("Request is not authentic");
+        return true;
    }
 }


--- a/IntegrationTests/CallbackTest.cs
+++ b/IntegrationTests/CallbackTest.cs
 using System;
+using System.IO;
 using System.Net;
 using System.Text;
 using FluentAssertions;
+using IdentityModel;
+using Moq;
 using NUnit.Framework;

 namespace IntegrationTests;
@@ -18,25 +21,62 @@ public class CallbackTest {
        //
        // {"type":"https://schema.fitko.de/fit-connect/submission-api/callbacks/new-submissions","submissionIds":["f39ab143-d91a-474a-b69f-b00f1a1873c2"]}

-        Request = HttpWebRequest.Create(
+        var request = HttpWebRequest.Create(
            "https://fachverfahren.beispielstadt.example.org/callbacks/fit-connect");
-        Request.Headers.Add("callback-authentication",
+        request.Headers.Add("callback-authentication",
            "798cd0edb70c08e5b32aa8a18cbbc8ff6b3078c51af6d011ff4e32e470c746234fc4314821fe5185264b029e962bd37de33f3b9fc5f1a93c40ce6672845e90df");
-        Request.Headers.Add("callback-timestamp", "1641066653");
-        Request.Method = "POST";
-        Request.GetRequestStream().Write(Encoding.UTF8.GetBytes(
-            "{\"type\":\"https://schema.fitko.de/fit-connect/submission-api/callbacks/new-submissions\",\"submissionIds\":[\"f39ab143-d91a-474a-b69f-b00f1a1873c2\"]}"));
+        request.Headers.Add("callback-timestamp", DateTime.Now.ToEpochTime().ToString());
+        request.Method = "POST";
+        request.ContentType = "application/json";
+
+        var memoryStream = new MemoryStream();
+        var streamWriter = new StreamWriter(memoryStream);
+
+        streamWriter.WriteLine(
+            "{\"type\":\"https://schema.fitko.de/fit-connect/submission-api/callbacks/new-submissions\",\"submissionIds\":[\"f39ab143-d91a-474a-b69f-b00f1a1873c2\"]}");
+        streamWriter.Flush();
+        memoryStream.Position = 0;
+
+        var mock =
+            new Mock<HttpWebRequest>(
+                "https://fachverfahren.beispielstadt.example.org/callbacks/fit-connect");
+        mock.Setup(w => w.ContentType).Returns("application/json");
+        mock.Setup(w => w.Headers).Returns(request.Headers);
+        mock.Setup(w => w.Method).Returns("POST");
+        mock.Setup(w => w.GetRequestStream()).Returns(memoryStream);
+        mock.Setup(w => w.RequestUri)
+            .Returns(new Uri(
+                "https://fachverfahren.beispielstadt.example.org/callbacks/fit-connect"));
+
+        Request = mock.Object;
    }

    [Test]
    public void ValidRequest() {
-        Request.Should().NotBeNull();
+        // Assert
+        FitConnect.Subscriber.VerifyCallback(Request).Should().Be(true);
    }

    [Test]
-    public void CheckRequestAge_Fails() {
-        Assert.Throws<ArgumentException>(() => {
-            FitConnect.Subscriber.VerifyCallback(Request);
-        }).Message.Should().Be("Request is too old");
+    public void RequestAge_Fails() {
+        // Arrange
+        Request.Headers["callback-timestamp"] = "1641066653";
+
+        // Atc
+        // Assert
+        Assert.Throws<ArgumentException>(() => { FitConnect.Subscriber.VerifyCallback(Request); })
+            .Message.Should().Be("Request is too old");
+    }
+
+    [Test]
+    public void RequestAuthentication_Fails() {
+        // Arrange
+        Request.Headers["callback-authentication"] =
+            "898cd0edb70c08e5b32aa8a18cbbc8ff6b3078c51af6d011ff4e32e470c746234fc4314821fe5185264b029e962bd37de33f3b9fc5f1a93c40ce6672845e90df";
+
+        // Atc
+        // Assert
+        Assert.Throws<ArgumentException>(() => { FitConnect.Subscriber.VerifyCallback(Request); })
+            .Message.Should().Be("Request is not authentic");
    }
 }