public async Task GetRecursoQuery_Handle()
{
// Arrange
IUnitOfWork unitOfWork = DbContextHelper.GetContext();
IMapper mapper = AutoMapperHelper.GetMappings();
ICryptographyManager manager = CryptographyHelper.GetInstance();
Guid recursoId = Guid.NewGuid();
await unitOfWork.RecursoRepository.AddAsync(MockEntityHelper.GetNewRecurso(recursoId));
await unitOfWork.SaveChangesAsync();
GetRecursoQuery request = new()
{
Id = recursoId
};
// Act
RecursoHandler handler = new(unitOfWork, mapper, manager);
RecursoViewModel response = await handler.Handle(request, CancellationToken.None);
// Assert
Assert.True(response != null);
Assert.True(response.Id != Guid.Empty);
Assert.True(response.DataInclusao.Ticks != 0);
Assert.True(response.Senha == null);
Assert.True(response.Salt == null);
}
public async Task ListRecursoQuery_Handle()
{
// Arrange
IUnitOfWork unitOfWork = DbContextHelper.GetContext();
IMapper mapper = AutoMapperHelper.GetMappings();
ICryptographyManager manager = CryptographyHelper.GetInstance();
Guid recursoId = Guid.NewGuid();
await unitOfWork.RecursoRepository.AddAsync(MockEntityHelper.GetNewRecurso(recursoId));
await unitOfWork.RecursoRepository.AddAsync(MockEntityHelper.GetNewRecurso());
await unitOfWork.RecursoRepository.AddAsync(MockEntityHelper.GetNewRecurso());
await unitOfWork.SaveChangesAsync();
ListRecursoQuery request = new();
// Act
RecursoHandler handler = new(unitOfWork, mapper, manager);
IEnumerable <RecursoViewModel> response = await handler.Handle(request, CancellationToken.None);
// Assert
Assert.True(response != null);
Assert.True(response.Any());
Assert.True(response.FirstOrDefault(x => x.Id == recursoId) != null);
}
public static Dictionary <string, string> CreateClientCredentialBodyParameters(
ICoreLogger logger,
ICryptographyManager cryptographyManager,
ClientCredentialWrapper clientCredential,
string clientId,
AuthorityEndpoints endpoints,
bool sendX5C)
{
Dictionary <string, string> parameters = new Dictionary <string, string>();
if (clientCredential != null)
{
if (clientCredential.AuthenticationType == ConfidentialClientAuthenticationType.ClientSecret)
{
parameters[OAuth2Parameter.ClientSecret] = clientCredential.Secret;
}
else
{
if ((clientCredential.CachedAssertion == null || clientCredential.ValidTo != 0) && clientCredential.AuthenticationType != ConfidentialClientAuthenticationType.SignedClientAssertion)
{
if (!ValidateClientAssertion(clientCredential, endpoints, sendX5C))
{
logger.Info(LogMessages.ClientAssertionDoesNotExistOrNearExpiry);
JsonWebToken jwtToken;
if (clientCredential.AuthenticationType == ConfidentialClientAuthenticationType.ClientCertificateWithClaims)
{
jwtToken = new JsonWebToken(cryptographyManager, clientId, endpoints?.SelfSignedJwtAudience, clientCredential.ClaimsToSign, clientCredential.AppendDefaultClaims);
}
else
{
jwtToken = new JsonWebToken(cryptographyManager, clientId, endpoints?.SelfSignedJwtAudience);
}
clientCredential.CachedAssertion = jwtToken.Sign(clientCredential, sendX5C);
clientCredential.ValidTo = jwtToken.ValidTo;
clientCredential.ContainsX5C = sendX5C;
clientCredential.Audience = endpoints?.SelfSignedJwtAudience;
}
else
{
logger.Info(LogMessages.ReusingTheUnexpiredClientAssertion);
}
}
parameters[OAuth2Parameter.ClientAssertionType] = OAuth2AssertionType.JwtBearer;
if (clientCredential.AuthenticationType == ConfidentialClientAuthenticationType.SignedClientAssertion)
{
parameters[OAuth2Parameter.ClientAssertion] = clientCredential.SignedAssertion;
}
else
{
parameters[OAuth2Parameter.ClientAssertion] = clientCredential.CachedAssertion;
}
}
}
return(parameters);
}
/// <summary>
/// The strict thumbprint is based on:
/// ClientId
/// Authority (env + tenant)
/// Scopes
/// hash(RT) or UPN for IWA (not supported)
/// </summary>
private static string GetRequestStrictThumbprint(
IReadOnlyDictionary <string, string> bodyParams,
string authority,
ICryptographyManager crypto)
{
StringBuilder sb = new StringBuilder();
if (bodyParams.TryGetValue(OAuth2Parameter.ClientId, out string clientId))
{
sb.Append((clientId ?? "") + ThrottleCommon.KeyDelimiter);
}
sb.Append(authority + ThrottleCommon.KeyDelimiter);
if (bodyParams.TryGetValue(OAuth2Parameter.Scope, out string scopes))
{
sb.Append((scopes ?? "") + ThrottleCommon.KeyDelimiter);
}
if (bodyParams.TryGetValue(OAuth2Parameter.RefreshToken, out string rt) &&
!string.IsNullOrEmpty(rt))
{
sb.Append(crypto.CreateSha256Hash(rt) + ThrottleCommon.KeyDelimiter);
}
return(sb.ToString());
}
public RecursoController(IUnitOfWork unitOfWork,
ICryptographyManager cryptographyManager,
IConfiguration configuration)
{
_unitOfWork = unitOfWork;
_cryptographyManager = cryptographyManager;
_configuration = configuration;
}
public ApiEvent(
ICoreLogger logger,
ICryptographyManager cryptographyManager,
string correlationId) : base(EventNamePrefix + "api_event", correlationId)
{
_logger = logger;
_cryptographyManager = cryptographyManager;
}
public void Initialize()
{
TestCommon.ResetInternalStaticCaches();
_serviceBundle = TestCommon.CreateServiceBundleWithCustomHttpManager(null, clientId: ClientId);
_logger = _serviceBundle.ApplicationLogger;
_platformProxy = _serviceBundle.PlatformProxy;
_crypto = _platformProxy.CryptographyManager;
}
public void Initialize()
{
TestCommon.ResetInternalStaticCaches();
_myReceiver = new MyReceiver();
_serviceBundle = TestCommon.CreateServiceBundleWithCustomHttpManager(null, clientId: ClientId);
_logger = _serviceBundle.DefaultLogger;
_platformProxy = _serviceBundle.PlatformProxy;
_crypto = _platformProxy.CryptographyManager;
_telemetryManager = new TelemetryManager(_serviceBundle.Config, _platformProxy, _myReceiver.HandleTelemetryEvents);
}
public SecurityManager(IUsers userDataAccess, ICryptographyManager cryptographyManager, IUsers users)
{
if (userDataAccess == null) throw new ArgumentNullException("userDataAccess");
if (cryptographyManager == null) throw new ArgumentNullException("cryptographyManager");
if (users == null) throw new ArgumentNullException("users");
_dataAccess = userDataAccess;
_cryptographyManager = cryptographyManager;
_users = users;
}
public JsonWebToken(ICryptographyManager cryptographyManager, string clientId, string audience)
{
_cryptographyManager = cryptographyManager;
DateTime validFrom = DateTime.UtcNow;
Payload = new JWTPayload
{
Audience = audience,
Issuer = clientId,
ValidFrom = ConvertToTimeT(validFrom),
ValidTo = ConvertToTimeT(validFrom + TimeSpan.FromSeconds(JsonWebTokenConstants.JwtToAadLifetimeInSeconds)),
Subject = clientId,
JwtIdentifier = Guid.NewGuid().ToString()
};
}
public UapTokenCacheAccessor(ICryptographyManager cryptographyManager)
{
_cryptographyManager = cryptographyManager;
var localSettings = ApplicationData.Current.LocalSettings;
_accessTokenContainer =
localSettings.CreateContainer(LocalSettingsTokenContainerName, ApplicationDataCreateDisposition.Always);
_refreshTokenContainer =
localSettings.CreateContainer(LocalSettingsRefreshTokenContainerName,
ApplicationDataCreateDisposition.Always);
_idTokenContainer =
localSettings.CreateContainer(LocalSettingsIdTokenContainerName,
ApplicationDataCreateDisposition.Always);
_accountContainer =
localSettings.CreateContainer(LocalSettingsAccountContainerName,
ApplicationDataCreateDisposition.Always);
}
public async Task CreateRecursoCommand_Handle()
{
// Arrange
IUnitOfWork unitOfWork = DbContextHelper.GetContext();
IMapper mapper = AutoMapperHelper.GetMappings();
ICryptographyManager manager = CryptographyHelper.GetInstance();
CreateRecursoCommand request = new()
{
Recurso = MockViewModelHelper.GetNewRecurso()
};
// Act
RecursoHandler handler = new(unitOfWork, mapper, manager);
OperationResult response = await handler.Handle(request, CancellationToken.None);
// Assert
Assert.True(response == OperationResult.Success);
}
public async Task UpdateRecursoCommand_Handle()
{
// Arrange
IUnitOfWork unitOfWork = DbContextHelper.GetContext();
IMapper mapper = AutoMapperHelper.GetMappings();
ICryptographyManager manager = CryptographyHelper.GetInstance();
Guid recursoId = Guid.NewGuid();
DateTime dataInclusao = DateTime.Now;
Recurso recurso = MockEntityHelper.GetNewRecurso(recursoId);
await unitOfWork.RecursoRepository.AddAsync(recurso);
await unitOfWork.SaveChangesAsync();
unitOfWork.RecursoRepository.Detatch(recurso);
UpdateRecursoCommand request = new()
{
Recurso = MockViewModelHelper.GetNewRecurso(recursoId, dataInclusao)
};
GetRecursoQuery request2 = new()
{
Id = recursoId
};
// Act
RecursoHandler handler = new(unitOfWork, mapper, manager);
OperationResult response = await handler.Handle(request, CancellationToken.None);
RecursoViewModel response2 = await handler.Handle(request2, CancellationToken.None);
// Assert
Assert.True(response == OperationResult.Success);
Assert.True(response2 != null);
Assert.True(response2.Id == recursoId);
Assert.True(response2.DataInclusao.Ticks == dataInclusao.Ticks);
Assert.True(response2.Senha == null);
Assert.True(response2.Salt == null);
}
}
public static Dictionary <string, string> CreateClientCredentialBodyParameters(
ICoreLogger logger,
ICryptographyManager cryptographyManager,
ClientCredentialWrapper clientCredential,
string clientId,
AuthorityEndpoints endpoints,
bool sendX5C)
{
Dictionary <string, string> parameters = new Dictionary <string, string>();
if (clientCredential != null)
{
if (!string.IsNullOrEmpty(clientCredential.Secret))
{
parameters[OAuth2Parameter.ClientSecret] = clientCredential.Secret;
}
else
{
if (clientCredential.Assertion == null || clientCredential.ValidTo != 0)
{
if (!ValidateClientAssertion(clientCredential, endpoints, sendX5C))
{
logger.Info("Client Assertion does not exist or near expiry.");
var jwtToken = new JsonWebToken(cryptographyManager, clientId, endpoints?.SelfSignedJwtAudience);
clientCredential.Assertion = jwtToken.Sign(clientCredential.Certificate, sendX5C);
clientCredential.ValidTo = jwtToken.Payload.ValidTo;
clientCredential.ContainsX5C = sendX5C;
clientCredential.Audience = endpoints?.SelfSignedJwtAudience;
}
else
{
logger.Info("Reusing the unexpired Client Assertion...");
}
}
parameters[OAuth2Parameter.ClientAssertionType] = OAuth2AssertionType.JwtBearer;
parameters[OAuth2Parameter.ClientAssertion] = clientCredential.Assertion;
}
}
return(parameters);
}
public Task AddConfidentialClientParametersAsync(
OAuth2Client oAuth2Client,
ICoreLogger logger,
ICryptographyManager cryptographyManager,
string clientId,
string tokenEndpoint,
bool sendX5C,
CancellationToken cancellationToken)
{
var jwtToken = new JsonWebToken(
cryptographyManager,
clientId,
tokenEndpoint,
_claimsToSign,
_appendDefaultClaims);
string assertion = jwtToken.Sign(Certificate, _base64EncodedThumbprint, sendX5C);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, assertion);
return(TaskUtil.CompletedTask);
}
public UapTokenCacheBlobStorage(ICryptographyManager cryptographyManager, ICoreLogger logger)
{
_cryptographyManager = cryptographyManager;
}
public iOSBroker(ICoreLogger logger, ICryptographyManager cryptoManager)
{
_logger = logger;
_cryptoManager = cryptoManager;
}
public void AddConfidentialClientParameters(
OAuth2Client oAuth2Client,
ICoreLogger logger,
ICryptographyManager cryptographyManager,
string clientId,
Authority authority,
bool sendX5C)
{
using (logger.LogMethodDuration())
{
switch (AuthenticationType)
{
case ConfidentialClientAuthenticationType.ClientCertificate:
string tokenEndpoint = authority.GetTokenEndpoint();
var jwtToken2 = new JsonWebToken(
cryptographyManager,
clientId,
tokenEndpoint);
string assertion2 = jwtToken2.Sign(this, sendX5C);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, assertion2);
break;
case ConfidentialClientAuthenticationType.ClientCertificateWithClaims:
tokenEndpoint = authority.GetTokenEndpoint();
var jwtToken = new JsonWebToken(
cryptographyManager,
clientId,
tokenEndpoint,
ClaimsToSign,
AppendDefaultClaims);
string assertion = jwtToken.Sign(this, sendX5C);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, assertion);
break;
case ConfidentialClientAuthenticationType.ClientSecret:
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientSecret, Secret);
break;
case ConfidentialClientAuthenticationType.SignedClientAssertion:
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, SignedAssertion);
break;
case ConfidentialClientAuthenticationType.SignedClientAssertionDelegate:
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, SignedAssertionDelegate.Invoke());
break;
default:
throw new NotImplementedException();
}
}
}
public UapLegacyCachePersistence(ICoreLogger logger, ICryptographyManager cryptographyManager)
{
_logger = logger;
_cryptographyManager = cryptographyManager;
}
public FileSystemCredentialPathManager(ICryptographyManager cryptographyManager)
{
_cryptographyManager = cryptographyManager;
}
public async Task AddConfidentialClientParametersAsync(OAuth2Client oAuth2Client, ICoreLogger logger, ICryptographyManager cryptographyManager, string clientId, string tokenEndpoint, bool sendX5C, CancellationToken cancellationToken)
{
string signedAssertion = await _signedAssertionDelegate(cancellationToken).ConfigureAwait(false);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, signedAssertion);
}
public UapLegacyCachePersistence(ICryptographyManager cryptographyManager)
{
_cryptographyManager = cryptographyManager;
}
public DpApiEncryptedFileProvider(ICryptographyManager cryptographyManager, ICoreLogger logger)
{
_cryptographyManager = cryptographyManager;
_logger = logger;
}
public iOSBroker(ICoreLogger logger, ICryptographyManager cryptoManager, CoreUIParent uIParent)
{
_logger = logger;
_cryptoManager = cryptoManager;
_uIParent = uIParent;
}
public RecursoAppService(IUnitOfWork unitOfWork, IMapper mapper, ICryptographyManager cryptographyManager)
{
_unitOfWork = unitOfWork;
_mapper = mapper;
_cryptographyManager = cryptographyManager;
}
public RecursoService(IRecursoRepository recursoRepository, IUnitOfWork unitOfWork, ICryptographyManager cryptographyManager)
: base(recursoRepository, unitOfWork)
{
_recursoRepository = recursoRepository;
_cryptographyManager = cryptographyManager;
}
public RecursoHandler(IUnitOfWork unitOfWork, IMapper mapper, ICryptographyManager cryptographyManager)
{
_unitOfWork = unitOfWork;
_mapper = mapper;
_cryptographyManager = cryptographyManager;
}
public JsonWebToken(ICryptographyManager cryptographyManager, string clientId, string audience, IDictionary <string, string> claimsToSign, bool appendDefaultClaims = false)
: this(cryptographyManager, clientId, audience)
{
ClaimsToSign = claimsToSign;
_appendDefaultClaims = appendDefaultClaims;
}
internal byte[] Sign(ICryptographyManager cryptographyManager, string message)
{
return(cryptographyManager.SignWithCertificate(message, Certificate));
}
public RecursoAppService(IMapper mapper, IRepository <Recurso> repository, IUnitOfWork unitOfWork, IRecursoRepository recursoRepository, ICryptographyManager cryptographyManager)
: base(mapper, repository, unitOfWork)
{
_recursoRepository = recursoRepository;
_cryptographyManager = cryptographyManager;
}
public Task AddConfidentialClientParametersAsync(OAuth2Client oAuth2Client, ICoreLogger logger, ICryptographyManager cryptographyManager, string clientId, string tokenEndpoint, bool sendX5C, CancellationToken cancellationToken)
{
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientSecret, Secret);
return(TaskUtil.CompletedTask);
}
