public void BothCredentialTypesDefined_Throw()
{
// Arrange
CertificateDescription certificateDescription =
CertificateDescription.FromBase64Encoded("encoded");
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
ClientCertificates = new CertificateDescription[] { certificateDescription },
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = "some secret",
};
// Act
Action credentialAction = () =>
MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
// Assert
var exception = Assert.Throws <MsalClientException>(credentialAction);
Assert.Equal(IDWebErrorMessage.BothClientSecretAndCertificateProvided, exception.Message);
Assert.Equal(ErrorCodes.DuplicateClientCredentials, exception.ErrorCode);
}
public void BothCredentialTypesDefined_Throw()
{
// Arrange
CertificateDescription certificateDescription =
CertificateDescription.FromBase64Encoded("encoded");
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
ClientCertificates = new CertificateDescription[] { certificateDescription },
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = "some secret",
};
// Act
MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation();
Action credentialAction = () =>
microsoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
// Assert
var exception = Assert.Throws <MsalClientException>(credentialAction);
Assert.Equal(
string.Format(CultureInfo.InvariantCulture, "Both Client secret & client certificate, " +
"cannot be included in the configuration of the web app when calling a web API. "), exception.Message);
Assert.Equal("duplicate_client_credentials", exception.ErrorCode);
}
public void TestFromBase64Encoded(string base64Encoded)
{
CertificateDescription certificateDescription = CertificateDescription.FromBase64Encoded(base64Encoded);
Assert.Equal(CertificateSource.Base64Encoded, certificateDescription.SourceType);
Assert.Equal(base64Encoded, certificateDescription.ReferenceOrValue);
Assert.Equal(base64Encoded, certificateDescription.Base64EncodedValue);
}
public void TestDefaultCertificateLoader(CertificateSource certificateSource, string container, string referenceOrValue)
{
CertificateDescription certificateDescription;
switch (certificateSource)
{
case CertificateSource.KeyVault:
certificateDescription = CertificateDescription.FromKeyVault(container, referenceOrValue);
break;
case CertificateSource.Base64Encoded:
certificateDescription = CertificateDescription.FromBase64Encoded(referenceOrValue);
break;
case CertificateSource.Path:
certificateDescription = CertificateDescription.FromPath(container, referenceOrValue);
break;
case CertificateSource.StoreWithThumbprint:
certificateDescription = new CertificateDescription()
{
SourceType = CertificateSource.StoreWithThumbprint
};
certificateDescription.CertificateThumbprint = referenceOrValue;
certificateDescription.CertificateStorePath = container;
break;
case CertificateSource.StoreWithDistinguishedName:
certificateDescription = new CertificateDescription()
{
SourceType = CertificateSource.StoreWithDistinguishedName
};
certificateDescription.CertificateDistinguishedName = referenceOrValue;
certificateDescription.CertificateStorePath = container;
break;
default:
certificateDescription = null;
break;
}
ICertificateLoader loader = new DefaultCertificateLoader();
loader.LoadIfNeeded(certificateDescription);
Assert.NotNull(certificateDescription.Certificate);
}
public void ValidateCredentialType_Certificate(string base64Encoded)
{
// Arrange
CertificateDescription certificateDescription =
CertificateDescription.FromBase64Encoded(base64Encoded);
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
ClientCertificates = new CertificateDescription[] { certificateDescription },
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = string.Empty,
};
// Act & Assert
// Should not throw
MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
}