diff --git a/src/WebEid.Security.Tests/Validator/AuthTokenValidatonOcspTest.cs b/src/WebEid.Security.Tests/Validator/AuthTokenValidatonOcspTest.cs new file mode 100644 index 0000000..a85937f --- /dev/null +++ b/src/WebEid.Security.Tests/Validator/AuthTokenValidatonOcspTest.cs @@ -0,0 +1,62 @@ +/* + * Copyright © 2020-2025 Estonian Information System Authority + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +namespace WebEid.Security.Tests.Validator +{ + using System; + using System.Threading.Tasks; + using NUnit.Framework; + using WebEid.Security.Exceptions; + using WebEid.Security.Tests.TestUtils; + using WebEid.Security.Util; + + public class AuthTokenValidatonOcspTest : AbstractTestWithValidator + { + + [Test] + public void WhenOcspRequestTimeoutIsReachedThenValidationFails() + { + using var _ = DateTimeProvider.OverrideUtcNow(new DateTime(2023, 10, 21)); + var authTokenValidator = AuthTokenValidators + .GetDefaultAuthTokenValidatorBuilder() + .WithOcspRequestTimeout(TimeSpan.FromMilliseconds(1)) + .Build(); + + var exception = Assert.ThrowsAsync(() => authTokenValidator.Validate(authTokenValidator.Parse(ValidAuthTokenStr), ValidChallengeNonce)); + Assert.That(exception.InnerException, Is.TypeOf()); + Assert.That(exception.InnerException.Message, Does.Contain("The request was canceled due to the configured HttpClient.Timeout of")); + + } + + [Test] + public async Task WhenCertificateIsNotRevokedThenOcspCheckIsSuccessful() + { + using var _ = DateTimeProvider.OverrideUtcNow(new DateTime(2023, 10, 21)); + var authTokenValidator = AuthTokenValidators + .GetDefaultAuthTokenValidatorBuilder() + .WithAllowedOcspResponseTimeSkew(TimeSpan.FromDays(365 * 20)) + .Build(); + + var certificate = await authTokenValidator.Validate(authTokenValidator.Parse(ValidAuthTokenStr), ValidChallengeNonce); + Assert.That(certificate, Is.Not.Null); + } + } +} diff --git a/src/WebEid.Security/Validator/AuthTokenValidator.cs b/src/WebEid.Security/Validator/AuthTokenValidator.cs index ca7aa80..d88828f 100644 --- a/src/WebEid.Security/Validator/AuthTokenValidator.cs +++ b/src/WebEid.Security/Validator/AuthTokenValidator.cs @@ -71,7 +71,7 @@ public AuthTokenValidator(AuthTokenValidationConfiguration configuration, ILogge if (configuration.IsUserCertificateRevocationCheckWithOcspEnabled) { - this.ocspClient = new OcspClient(TimeSpan.FromSeconds(5), this.logger); + this.ocspClient = new OcspClient(configuration.OcspRequestTimeout, this.logger); this.ocspServiceProvider = new OcspServiceProvider(configuration.DesignatedOcspServiceConfiguration, new AiaOcspServiceConfiguration(configuration.NonceDisabledOcspUrls,