public void AuthorizationBaselineTests() { string key = "VGhpcyBpcyBhIHNhbXBsZSBzdHJpbmc="; for (int i = 0; i < this.AuthorizationBaseline.Length; i++) { string[] baseline = this.AuthorizationBaseline[i]; string[] baselineResults = this.AuthorizationBaselineResults[i]; RequestNameValueCollection nvc = new(); nvc.Add(HttpConstants.HttpHeaders.XDate, baseline[4]); Uri uri = new Uri(baseline[0]); string authorization = AuthorizationHelper.GenerateKeyAuthorizationSignature( verb: baseline[2], uri: uri, headers: nvc, stringHMACSHA256Helper: new StringHMACSHA256Hash(key)); string authorization2 = AuthorizationHelper.GenerateKeyAuthorizationSignature( verb: baseline[2], resourceId: baseline[1], resourceType: baseline[3], headers: nvc, new StringHMACSHA256Hash(key), out string payload2); string authorization3 = AuthorizationHelper.GenerateKeyAuthorizationSignature( verb: baseline[2], resourceId: baseline[1], resourceType: baseline[3], headers: nvc, key); Assert.AreEqual(authorization, baselineResults[0]); Assert.AreEqual(authorization2, baselineResults[0]); Assert.AreEqual(authorization3, baselineResults[0]); Assert.AreEqual(payload2.Replace("\n", "[n]"), baselineResults[1]); AuthorizationHelper.ParseAuthorizationToken(authorization, out ReadOnlyMemory <char> typeOutput1, out ReadOnlyMemory <char> versionoutput1, out ReadOnlyMemory <char> tokenOutput1); Assert.AreEqual("master", typeOutput1.ToString()); AuthorizationHelper.ParseAuthorizationToken(authorization2, out ReadOnlyMemory <char> typeOutput2, out ReadOnlyMemory <char> versionoutput2, out ReadOnlyMemory <char> tokenOutput2); Assert.AreEqual("master", typeOutput2.ToString()); AuthorizationHelper.ParseAuthorizationToken(authorization3, out ReadOnlyMemory <char> typeOutput3, out ReadOnlyMemory <char> versionoutput3, out ReadOnlyMemory <char> tokenOutput3); Assert.AreEqual("master", typeOutput3.ToString()); Assert.IsTrue(AuthorizationHelper.CheckPayloadUsingKey(tokenOutput1, baseline[2], baseline[1], baseline[3], nvc, key)); Assert.IsTrue(AuthorizationHelper.CheckPayloadUsingKey(tokenOutput2, baseline[2], baseline[1], baseline[3], nvc, key)); Assert.IsTrue(AuthorizationHelper.CheckPayloadUsingKey(tokenOutput3, baseline[2], baseline[1], baseline[3], nvc, key)); } }
public void AuthorizationGenerateAndCheckKeyAuthSignature() { Random r = new Random(); byte[] hashKey = new byte[16]; r.NextBytes(hashKey); string key = Convert.ToBase64String(hashKey); foreach (string method in this.HttpMethods) { foreach (string resourceType in this.ResourceTypesArray) { foreach (string resourceName in this.ResourceNameValues) { RequestNameValueCollection nvc = new(); nvc.Add(HttpConstants.HttpHeaders.XDate, new DateTime(2020, 02, 01, 10, 00, 00).ToString("r")); string authorizationKey = AuthorizationHelper.GenerateKeyAuthorizationSignature( method, resourceName, resourceType, nvc, new StringHMACSHA256Hash(key), out string payload); AuthorizationHelper.ParseAuthorizationToken(authorizationKey, out ReadOnlyMemory <char> typeOutput, out ReadOnlyMemory <char> versionOutput, out ReadOnlyMemory <char> tokenOutput); Assert.AreEqual("master", typeOutput.ToString()); Assert.IsTrue(AuthorizationHelper.CheckPayloadUsingKey( tokenOutput, method, resourceName, resourceType, nvc, key)); } } } }
public async Task ValidateAzureKeyCredentialGatewayModeUpdateAsync() { const int defaultStatusCode = 401; const int defaultSubStatusCode = 50000; const int authMisMatchStatusCode = 70000; string originalKey = CosmosClientTests.NewRamdonMasterKey(); string newKey = CosmosClientTests.NewRamdonResourceToken(); string currentKey = originalKey; Mock <IHttpHandler> mockHttpHandler = new Mock <IHttpHandler>(); mockHttpHandler.Setup(x => x.SendAsync( It.IsAny <HttpRequestMessage>(), It.IsAny <CancellationToken>())) .Returns((HttpRequestMessage request, CancellationToken cancellationToken) => { HttpResponseMessage responseMessage = new HttpResponseMessage((HttpStatusCode)defaultStatusCode); if (request.RequestUri != VmMetadataApiHandler.vmMetadataEndpointUrl) { bool authHeaderPresent = request.Headers.TryGetValues(Documents.HttpConstants.HttpHeaders.Authorization, out IEnumerable <string> authValues); Assert.IsTrue(authHeaderPresent); Assert.AreNotEqual(0, authValues.Count()); AuthorizationHelper.GetResourceTypeAndIdOrFullName(request.RequestUri, out _, out string resourceType, out string resourceIdValue); AuthorizationHelper.ParseAuthorizationToken(authValues.First(), out ReadOnlyMemory <char> authType, out ReadOnlyMemory <char> _, out ReadOnlyMemory <char> tokenFromAuthHeader); bool authValidated = false; if (MemoryExtensions.Equals(authType.Span, Documents.Constants.Properties.ResourceToken.AsSpan(), StringComparison.OrdinalIgnoreCase)) { authValidated = HttpUtility.UrlDecode(authValues.First()) == currentKey; } else { authValidated = AuthorizationHelper.CheckPayloadUsingKey( tokenFromAuthHeader, request.Method.Method, resourceIdValue, resourceType, request.Headers.Aggregate(new NameValueCollectionWrapper(), (c, kvp) => { c.Add(kvp.Key, kvp.Value); return(c); }), currentKey); } int subStatusCode = authValidated ? defaultSubStatusCode : authMisMatchStatusCode; responseMessage.Headers.Add(Documents.WFConstants.BackendHeaders.SubStatus, subStatusCode.ToString()); } return(Task.FromResult(responseMessage)); }); AzureKeyCredential masterKeyCredential = new AzureKeyCredential(originalKey); using (CosmosClient client = new CosmosClient( CosmosClientTests.AccountEndpoint, masterKeyCredential, new CosmosClientOptions() { HttpClientFactory = () => new HttpClient(new HttpHandlerHelper(mockHttpHandler.Object)), EnableClientTelemetry = false, })) { Container container = client.GetContainer(Guid.NewGuid().ToString(), Guid.NewGuid().ToString()); Func <int, int, Task> authValidation = async(int statusCode, int subStatusCode) => { try { await container.ReadItemAsync <ToDoActivity>(Guid.NewGuid().ToString(), new Cosmos.PartitionKey(Guid.NewGuid().ToString())); Assert.Fail("Expected client to throw a authentication exception"); } catch (CosmosException ex) { Assert.AreEqual(statusCode, (int)ex.StatusCode, ex.ToString()); Assert.AreEqual(subStatusCode, ex.SubStatusCode, ex.ToString()); } }; // Key(V1) await authValidation(defaultStatusCode, defaultSubStatusCode); // Update key(V2) and let the auth validation fail masterKeyCredential.Update(newKey); await authValidation(defaultStatusCode, authMisMatchStatusCode); // Updated Key(V2) and now lets succeed auth validation Interlocked.Exchange(ref currentKey, newKey); await authValidation(defaultStatusCode, defaultSubStatusCode); } }