firebase
diff --git a/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseAuthTest.cs‎
Lines changed: 89 additions & 0 deletions b/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseAuthTest.cs‎
Lines changed: 89 additions & 0 deletions
diff --git a/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseTokenFactoryTest.cs‎
Lines changed: 146 additions & 0 deletions b/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseTokenFactoryTest.cs‎
Lines changed: 146 additions & 0 deletions
diff --git a/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/HttpPublicKeySourceTest.cs‎
Lines changed: 119 additions & 0 deletions b/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/HttpPublicKeySourceTest.cs‎
Lines changed: 119 additions & 0 deletions
@@ -59,6 +59,63 @@ public void GetAuth()
             Assert.Throws<InvalidOperationException>(() => FirebaseAuth.GetAuth(app));
         }
 
+        [Fact]
+        public async Task UseAfterDelete()
+        {
+            var app = FirebaseApp.Create(new AppOptions(){Credential = mockCredential});
+            FirebaseAuth auth = FirebaseAuth.DefaultInstance;
+            app.Delete();
+            await Assert.ThrowsAsync<InvalidOperationException>(
+                async () => await auth.CreateCustomTokenAsync("user"));
+            await Assert.ThrowsAsync<InvalidOperationException>(
+                async () => await auth.VerifyIdTokenAsync("user"));
+        }
+
+        [Fact]
+        public async Task CreateCustomToken()
+        {
+            var cred = GoogleCredential.FromFile("./resources/service_account.json");
+            FirebaseApp.Create(new AppOptions(){Credential = cred});
+            var token = await FirebaseAuth.DefaultInstance.CreateCustomTokenAsync("user1");
+            VerifyCustomToken(token, "user1", null);
+        }
+
+        [Fact]
+        public async Task CreateCustomTokenWithClaims()
+        {
+            var cred = GoogleCredential.FromFile("./resources/service_account.json");
+            FirebaseApp.Create(new AppOptions(){Credential = cred});
+            var developerClaims = new Dictionary<string, object>()
+            {
+                {"admin", true},
+                {"package", "gold"},
+                {"magicNumber", 42L},
+            };
+            var token = await FirebaseAuth.DefaultInstance.CreateCustomTokenAsync(
+                "user2", developerClaims);
+            VerifyCustomToken(token, "user2", developerClaims);
+        }
+
+        [Fact]
+        public async Task CreateCustomTokenCancel()
+        {
+            var cred = GoogleCredential.FromFile("./resources/service_account.json");
+            FirebaseApp.Create(new AppOptions(){Credential = cred});
+            var canceller = new CancellationTokenSource();
+            canceller.Cancel();
+            await Assert.ThrowsAsync<OperationCanceledException>(
+                async () => await FirebaseAuth.DefaultInstance.CreateCustomTokenAsync(
+                    "user1", canceller.Token));
+        }
+
+        [Fact]
+        public async Task CreateCustomTokenInvalidCredential()
+        {
+            FirebaseApp.Create(new AppOptions(){Credential = mockCredential});
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await FirebaseAuth.DefaultInstance.CreateCustomTokenAsync("user1"));
+        }
+
         [Fact]
         public async Task VerifyIdTokenNoProjectId()
         {
@@ -84,6 +141,38 @@ await Assert.ThrowsAsync<OperationCanceledException>(
                     idToken, canceller.Token));
         }
 
+        private static void VerifyCustomToken(string token, string uid, Dictionary<string, object> claims)
+        {
+            String[] segments = token.Split(".");
+            Assert.Equal(3, segments.Length);
+
+            var payload = JwtUtils.Decode<CustomTokenPayload>(segments[1]);
+            Assert.Equal("[email protected]", payload.Issuer);
+            Assert.Equal("[email protected]", payload.Subject);
+            Assert.Equal(uid, payload.Uid);
+            if (claims == null)
+            {
+                Assert.Null(payload.Claims);
+            }
+            else
+            {
+                Assert.Equal(claims.Count, payload.Claims.Count);
+                foreach (var entry in claims)
+                {
+                    object value;
+                    Assert.True(payload.Claims.TryGetValue(entry.Key, out value));
+                    Assert.Equal(entry.Value, value);
+                }
+            }
+
+            var x509cert = new X509Certificate2(File.ReadAllBytes("./resources/public_cert.pem"));
+            var rsa = (RSA) x509cert.PublicKey.Key;
+            var tokenData = Encoding.UTF8.GetBytes(segments[0] + "." + segments[1]);
+            var signature = JwtUtils.Base64DecodeToBytes(segments[2]);
+            var verified = rsa.VerifyData(tokenData, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            Assert.True(verified);
+        }
+
         public void Dispose()
         {
             FirebaseApp.DeleteAll();
 
@@ -0,0 +1,146 @@
+// Copyright 2018, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Xunit;
+using FirebaseAdmin.Tests;
+using FirebaseAdmin.Auth;
+using Google.Apis.Auth;
+using Google.Apis.Util;
+
+namespace FirebaseAdmin.Auth.Tests
+{
+    public class FirebaseTokenFactoryTest
+    {
+        [Fact]
+        public async Task CreateCustomToken()
+        {
+            var clock = new MockClock();
+            var factory = new FirebaseTokenFactory(new MockSigner(), clock);
+            var token = await factory.CreateCustomTokenAsync("user1");
+            VerifyCustomToken(token, "user1", null);
+        }
+
+        [Fact]
+        public async Task CreateCustomTokenWithEmptyClaims()
+        {
+            var clock = new MockClock();
+            var factory = new FirebaseTokenFactory(new MockSigner(), clock);
+            var token = await factory.CreateCustomTokenAsync(
+                "user1", new Dictionary<string, object>());
+            VerifyCustomToken(token, "user1", null);
+        }
+
+        [Fact]
+        public async Task CreateCustomTokenWithClaims()
+        {
+            var clock = new MockClock();
+            var factory = new FirebaseTokenFactory(new MockSigner(), clock);
+            var developerClaims = new Dictionary<string, object>()
+            {
+                {"admin", true},
+                {"package", "gold"},
+                {"magicNumber", 42L},
+            };
+            var token = await factory.CreateCustomTokenAsync("user2", developerClaims);
+            VerifyCustomToken(token, "user2", developerClaims);
+        }
+
+        [Fact]
+        public async Task InvalidUid()
+        {
+            var factory = new FirebaseTokenFactory(new MockSigner(), new MockClock());
+            await Assert.ThrowsAsync<ArgumentException>(
+                async () => await factory.CreateCustomTokenAsync(null));
+            await Assert.ThrowsAsync<ArgumentException>(
+                async () => await factory.CreateCustomTokenAsync(""));
+            await Assert.ThrowsAsync<ArgumentException>(
+                async () => await factory.CreateCustomTokenAsync(new String('a', 129)));
+        }
+
+        [Fact]
+        public async Task ReservedClaims()
+        {
+            var factory = new FirebaseTokenFactory(new MockSigner(), new MockClock());
+            foreach(var key in FirebaseTokenFactory.ReservedClaims)
+            {
+                var developerClaims = new Dictionary<string, object>(){
+                    {key, "value"},
+                };
+                await Assert.ThrowsAsync<ArgumentException>(
+                    async () => await factory.CreateCustomTokenAsync("user", developerClaims));    
+            }    
+        }
+
+        private static void VerifyCustomToken(
+            string token, string uid, Dictionary<string, object> claims)
+        {
+            String[] segments = token.Split(".");
+            Assert.Equal(3, segments.Length);
+            // verify header
+            var header = JwtUtils.Decode<GoogleJsonWebSignature.Header>(segments[0]);
+            Assert.Equal("JWT", header.Type);
+            Assert.Equal("RS256", header.Algorithm);
+
+            // verify payload
+            var payload = JwtUtils.Decode<CustomTokenPayload>(segments[1]);
+            Assert.Equal(MockSigner.KeyIdString, payload.Issuer);
+            Assert.Equal(MockSigner.KeyIdString, payload.Subject);
+            Assert.Equal(uid, payload.Uid);
+            Assert.Equal(FirebaseTokenFactory.FirebaseAudience, payload.Audience);
+            if (claims == null)
+            {
+                Assert.Null(payload.Claims);
+            }
+            else
+            {
+                Assert.Equal(claims.Count, payload.Claims.Count);
+                foreach (var entry in claims)
+                {
+                    object value;
+                    Assert.True(payload.Claims.TryGetValue(entry.Key, out value));
+                    Assert.Equal(entry.Value, value);
+                }
+            }
+
+            // verify mock signature
+            Assert.Equal(MockSigner.Signature, JwtUtils.Base64Decode(segments[2]));
+        }
+    }
+
+    internal sealed class MockSigner : ISigner
+    {
+        public const string KeyIdString = "mock-key-id";
+        public const string Signature = "signature";
+
+        public Task<string> GetKeyIdAsync(CancellationToken cancellationToken)
+        {
+            return Task.FromResult(KeyIdString);
+        }
+
+        public Task<byte[]> SignDataAsync(byte[] data, CancellationToken cancellationToken)
+        {
+            return Task.FromResult(Encoding.UTF8.GetBytes(Signature));
+        }
+
+        public void Dispose() {}
+    }
+}
@@ -0,0 +1,119 @@
+// Copyright 2018, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using System.IO;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Threading.Tasks;
+using Xunit;
+using FirebaseAdmin.Tests;
+using FirebaseAdmin.Auth;
+
+namespace FirebaseAdmin.Auth.Tests
+{
+    public class HttpPublicKeySourceTest
+    {
+        [Fact]
+        public async Task GetPublicKeysWithoutCaching()
+        {
+            var clock = new MockClock();
+            var handler = new MockMessageHandler()
+            {
+                Response = File.ReadAllBytes("./resources/public_keys.json"),
+            };
+            var clientFactory = new MockHttpClientFactory(handler);
+            var keyManager = new HttpPublicKeySource(
+                "https://example.com/certs", clock, clientFactory);
+            var keys = await keyManager.GetPublicKeysAsync();
+            Assert.Equal(2, keys.Count);
+            Assert.Equal(1, handler.Calls);
+
+            var keys2 = await keyManager.GetPublicKeysAsync();
+            Assert.Equal(2, keys.Count);
+            Assert.Equal(2, handler.Calls);
+            Assert.NotSame(keys, keys2);
+        }
+
+        [Fact]
+        public async Task GetPublicKeysWithCaching()
+        {
+            var clock = new MockClock();
+            var cacheControl = new CacheControlHeaderValue()
+            {
+                MaxAge = new TimeSpan(hours: 1, minutes: 0, seconds: 0),
+            };
+            var handler = new MockMessageHandler()
+            {
+                Response = File.ReadAllBytes("./resources/public_keys.json"),
+                ApplyHeaders = (header) => header.CacheControl = cacheControl,
+            };
+            var clientFactory = new MockHttpClientFactory(handler);
+            var keyManager = new HttpPublicKeySource(
+                "https://example.com/certs", clock, clientFactory);
+            var keys = await keyManager.GetPublicKeysAsync();
+            Assert.Equal(2, keys.Count);
+            Assert.Equal(1, handler.Calls);
+
+            clock.UtcNow = clock.UtcNow.AddMinutes(50);
+            var keys2 = await keyManager.GetPublicKeysAsync();
+            Assert.Equal(2, keys.Count);
+            Assert.Equal(1, handler.Calls);
+            Assert.Same(keys, keys2);
+
+            clock.UtcNow = clock.UtcNow.AddMinutes(10);
+            var keys3 = await keyManager.GetPublicKeysAsync();
+            Assert.Equal(2, keys.Count);
+            Assert.Equal(2, handler.Calls);
+            Assert.NotSame(keys, keys3);
+        }
+
+        [Fact]
+        public void InvalidArguments()
+        {
+            var clock = new MockClock();
+            var handler = new MockMessageHandler()
+            {
+                Response = File.ReadAllBytes("./resources/public_keys.json"),
+            };
+            var clientFactory = new MockHttpClientFactory(handler);
+            Assert.Throws<ArgumentException>(
+                () => new HttpPublicKeySource(null, clock, clientFactory));
+            Assert.Throws<ArgumentException>(
+                () => new HttpPublicKeySource("", clock, clientFactory));
+            Assert.Throws<ArgumentNullException>(
+                () => new HttpPublicKeySource("https://example.com/certs", null, clientFactory));
+            Assert.Throws<ArgumentNullException>(
+                () => new HttpPublicKeySource("https://example.com/certs", clock, null));
+        }
+
+        [Fact]
+        public async Task HttpError()
+        {
+            var clock = new MockClock();
+            var handler = new MockMessageHandler()
+            {
+                StatusCode = HttpStatusCode.InternalServerError,
+                Response = "test error",
+            };
+            var clientFactory = new MockHttpClientFactory(handler);
+            var keyManager = new HttpPublicKeySource(
+                "https://example.com/certs", clock, clientFactory);
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await keyManager.GetPublicKeysAsync());
+            Assert.Equal(1, handler.Calls);
+        }
+    }
+}