/// <summary>
/// Execute the step for a given <paramref name="messagingContext" />.
/// </summary>
/// <param name="messagingContext">Message used during the step execution.</param>
/// <returns></returns>
public Task <StepResult> ExecuteAsync(MessagingContext messagingContext)
{
if (messagingContext == null)
{
throw new ArgumentNullException(nameof(messagingContext));
}
if (messagingContext.AS4Message == null)
{
throw new InvalidOperationException(
$"{nameof(VerifyPullRequestAuthorizationStep)} requires a MessagingContext with a AS4Message to verify the PullRequest");
}
AS4Message as4Message = messagingContext.AS4Message;
var authorizationMap = new PullAuthorizationMapService(_pullAuthorizationMapProvider);
if (authorizationMap.IsPullRequestAuthorized(as4Message))
{
return(StepResult.SuccessAsync(messagingContext));
}
string mpc = (as4Message.FirstSignalMessage as PullRequest)?.Mpc ?? string.Empty;
throw new SecurityException(
$"{messagingContext.LogTag} PullRequest for MPC {mpc} is not authorized. " +
"Either change the PullRequest MPC or add the MPC value to the authorization map");
}
public void IfPullRequestIsNotSignedAndEntriesExistInAuthorizationMap()
{
var provider = new StubAuthorizationMapProvider(new[]
{
new PullRequestAuthorizationEntry("mpc1", "ABCDEFGHIJKLM", true), new PullRequestAuthorizationEntry("mpc2", "ABCDEFGHIJKLM", true)
});
var pullRequest = CreatePullRequest("mpc1");
var service = new PullAuthorizationMapService(provider);
Assert.False(service.IsPullRequestAuthorized(pullRequest), "PullRequest should not be allowed since PullRequest is not signed");
}
public void IfPullRequestIsNotSignedAndNoEntriesExistForMpcInAuthorizationMap()
{
var certificate = GetSigningCertificate();
var provider = new StubAuthorizationMapProvider(new[]
{
new PullRequestAuthorizationEntry("mpc1", certificate.Thumbprint, false), new PullRequestAuthorizationEntry("mpc2", certificate.Thumbprint, false)
});
var pullRequest = CreatePullRequest("mpc3");
var service = new PullAuthorizationMapService(provider);
Assert.True(service.IsPullRequestAuthorized(pullRequest));
}
public void IfCertificateIsNotPresentInAuthorizationMap()
{
var certificate = GetSigningCertificate();
var provider = new StubAuthorizationMapProvider(new[]
{
new PullRequestAuthorizationEntry("mpc1", "ABCDEFGHIJKLM", true), new PullRequestAuthorizationEntry("mpc2", certificate.Thumbprint, true)
});
var as4Message = CreatePullRequest("mpc1");
var signedPullRequest = SignAS4MessageWithCertificate(as4Message, certificate);
var service = new PullAuthorizationMapService(provider);
Assert.False(service.IsPullRequestAuthorized(signedPullRequest), "PullRequest should not be allowed since certificate is not present in PullAuthorizationMap");
}
public void IfNoEntriesExistForMpcInAuthorizationMap()
{
var certificate = GetSigningCertificate();
var provider = new StubAuthorizationMapProvider(new[]
{
new PullRequestAuthorizationEntry("mpc1", certificate.Thumbprint, false), new PullRequestAuthorizationEntry("mpc2", certificate.Thumbprint, false)
});
var as4Message = CreatePullRequest("mpc3");
var signedPullRequest = SignAS4MessageWithCertificate(as4Message, certificate);
var service = new PullAuthorizationMapService(provider);
Assert.True(service.IsPullRequestAuthorized(signedPullRequest), "PullRequest should be allowed since no entries are present for MPC3 in Authorization Map");
}
public void IfMpcMatchesCertificate()
{
var certificate = GetSigningCertificate();
var provider = new StubAuthorizationMapProvider(new[]
{
new PullRequestAuthorizationEntry("mpc1", certificate.Thumbprint, true), new PullRequestAuthorizationEntry("mpc2", certificate.Thumbprint, false)
});
var as4Message = CreatePullRequest("mpc1");
var signedPullRequest = SignAS4MessageWithCertificate(as4Message, certificate);
var service = new PullAuthorizationMapService(provider);
Assert.True(service.IsPullRequestAuthorized(signedPullRequest), "PullRequest should be allowed since entry exists for MPC and cert-thumbprint");
}