public async Task GivenDirectoryEntry_WhenRoundTrip_Success()
{
const string issuer = "*****@*****.**";
IdentityClient client = TestApplication.GetIdentityClient();
var documentId = new DocumentId("test/unit-tests-identity/identity1");
var query = new QueryParameter()
{
Filter = "test/unit-tests-identity",
Recursive = false,
};
await client.Delete(documentId);
var request = new IdentityEntryRequest
{
DirectoryId = (string)documentId,
Issuer = issuer
};
bool success = await client.Create(request);
success.Should().BeTrue();
IdentityEntry?entry = await client.Get(documentId);
entry.Should().NotBeNull();
await client.Delete(documentId);
}
public async Task <bool> Create(IdentityEntryRequest identityEntryRequest, CancellationToken token)
{
identityEntryRequest.Verify();
DocumentId documentId = new DocumentId(identityEntryRequest.DirectoryId);
IdentityEntry?exist = await Get(documentId, token : token, bypassCache : true);
if (exist != null)
{
return(false);
}
RSA rsa = RSA.Create();
var document = new IdentityEntry
{
DirectoryId = identityEntryRequest.DirectoryId,
Subject = identityEntryRequest.Issuer,
PublicKey = rsa.ExportRSAPublicKey(),
PrivateKey = rsa.ExportRSAPrivateKey(),
};
await _documentStorage.Set(documentId, document, token : token);
return(true);
}
public static void Verify(this IdentityEntryRequest subject)
{
subject.VerifyNotNull(nameof(subject));
subject.DirectoryId.VerifyDocumentId();
subject.Issuer.VerifyNotEmpty(nameof(subject.Issuer));
subject.ClassType.VerifyNotEmpty(nameof(subject.ClassType));
subject.Properties.VerifyNotNull(nameof(subject.Properties));
}
public async Task <IActionResult> Create([FromBody] IdentityEntryRequest identityEntryRequest, CancellationToken token)
{
bool success = await _identityService.Create(identityEntryRequest, token);
if (!success)
{
return(Conflict());
}
return(Ok());
}
public async Task <bool> Create(IdentityEntryRequest identityEntryRequest, CancellationToken token = default)
{
_logger.LogTrace($"Create directoryId={identityEntryRequest.DirectoryId}");
HttpResponseMessage response = await _httpClient.PostAsJsonAsync($"api/identity/create", value : identityEntryRequest, cancellationToken : token);
if (response.StatusCode == HttpStatusCode.Conflict)
{
return(false);
}
response.EnsureSuccessStatusCode();
return(true);
}
public async Task Create(string directoryId, string issuer, CancellationToken token)
{
var request = new IdentityEntryRequest
{
DirectoryId = directoryId,
Issuer = issuer,
};
bool success = await _identityClient.Create(request, token);
if (!success)
{
_logger.LogError($"Failed to create identity entry for directoryId={directoryId}");
return;
}
_logger.LogInformation($"Created identity entry for directoryId={directoryId}");
}
private async Task CreateIdentity(DirectoryEntry entry, CancellationToken token)
{
string?email = entry.GetEmail();
string?identityId = entry.GetSigningCredentials();
if (email == null && identityId == null)
{
return;
}
if (!(email != null && identityId != null))
{
_logger.LogError($"Directory Id {entry.DirectoryId} must specify both {PropertyName.Email} and {PropertyName.SigningCredentials} properties");
return;
}
var identityEntryRequest = new IdentityEntryRequest
{
DirectoryId = identityId,
Issuer = email,
};
await _identityClient.Create(identityEntryRequest, token);
}
public async Task GivenIdentityEntry_WhenSigned_WillVerify()
{
const string issuer = "*****@*****.**";
IdentityClient client = TestApplication.GetIdentityClient();
SigningClient signClient = TestApplication.GetSigningClient();
var documentId = new DocumentId("identity:test/unit-tests-identity/identity1");
var query = new QueryParameter()
{
Filter = "test/unit-tests-identity",
Recursive = false,
};
IReadOnlyList <DatalakePathItem> search = (await client.Search(query).ReadNext()).Records;
bool isInsearch = search.Any(x => x.Name == documentId.Path);
bool deleted = await client.Delete(documentId);
(isInsearch == deleted).Should().BeTrue();
var request = new IdentityEntryRequest
{
DirectoryId = (string)documentId,
Issuer = issuer
};
bool success = await client.Create(request);
success.Should().BeTrue();
var signRequest = new SignRequest
{
PrincipleDigests = new[]
{
new PrincipleDigest
{
PrincipleId = (string)documentId,
Digest = Guid.NewGuid().ToString()
}
}
};
SignRequestResponse signedJwt = await signClient.Sign(signRequest);
signedJwt.Should().NotBeNull();
(signedJwt.Errors == null || signedJwt.Errors.Count == 0).Should().BeTrue();
signedJwt.PrincipleDigests.Count.Should().Be(1);
var validateRequest = new ValidateRequest
{
PrincipleDigests = new[]
{
new PrincipleDigest
{
PrincipleId = (string)documentId,
Digest = signRequest.PrincipleDigests[0].Digest,
JwtSignature = signedJwt.PrincipleDigests.First().JwtSignature,
}
}
};
bool jwtValidated = await signClient.Validate(validateRequest);
jwtValidated.Should().BeTrue();
await client.Delete(documentId);
search = (await client.Search(query).ReadNext()).Records;
search.Any(x => x.Name == (string)documentId).Should().BeFalse();
}