public void SignedHttpRequestDescriptor() { var httpRequestData = new HttpRequestData(); var accessToken = SignedHttpRequestTestUtils.DefaultEncodedAccessToken; var signingCredentials = SignedHttpRequestTestUtils.DefaultSigningCredentials; var creationParameters = new SignedHttpRequestCreationParameters(); var callContext = new CallContext(); Assert.Throws <ArgumentNullException>("accessToken", () => new SignedHttpRequestDescriptor(null, httpRequestData, null)); Assert.Throws <ArgumentNullException>("accessToken", () => new SignedHttpRequestDescriptor(null, httpRequestData, null, null)); Assert.Throws <ArgumentNullException>("accessToken", () => new SignedHttpRequestDescriptor(string.Empty, httpRequestData, null)); Assert.Throws <ArgumentNullException>("accessToken", () => new SignedHttpRequestDescriptor(string.Empty, httpRequestData, null, null)); Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestDescriptor(accessToken, null, null)); Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestDescriptor(accessToken, null, null, null)); Assert.Throws <ArgumentNullException>("signingCredentials", () => new SignedHttpRequestDescriptor(accessToken, httpRequestData, null)); Assert.Throws <ArgumentNullException>("signingCredentials", () => new SignedHttpRequestDescriptor(accessToken, httpRequestData, null, null)); Assert.Throws <ArgumentNullException>("signedHttpRequestCreationParameters", () => new SignedHttpRequestDescriptor(accessToken, httpRequestData, signingCredentials, null)); // no exceptions var signedHttpRequestDescriptor = new SignedHttpRequestDescriptor(accessToken, httpRequestData, signingCredentials); Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData); Assert.Equal(accessToken, signedHttpRequestDescriptor.AccessToken); Assert.Equal(signingCredentials, signedHttpRequestDescriptor.SigningCredentials); Assert.NotNull(signedHttpRequestDescriptor.SignedHttpRequestCreationParameters); signedHttpRequestDescriptor = new SignedHttpRequestDescriptor(accessToken, httpRequestData, signingCredentials, creationParameters); Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData); Assert.Equal(accessToken, signedHttpRequestDescriptor.AccessToken); Assert.Equal(signingCredentials, signedHttpRequestDescriptor.SigningCredentials); Assert.Equal(creationParameters, signedHttpRequestDescriptor.SignedHttpRequestCreationParameters); }
public async Task Roundtrips(RoundtripSignedHttpRequestTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.Roundtrips", theoryData); try { var handler = new SignedHttpRequestHandler(); var signedHttpRequestDescriptor = new SignedHttpRequestDescriptor(theoryData.AccessToken, theoryData.HttpRequestData, theoryData.SigningCredentials, theoryData.SignedHttpRequestCreationParameters); signedHttpRequestDescriptor.CnfClaimValue = theoryData.CnfClaimValue; var signedHttpRequest = handler.CreateSignedHttpRequest(signedHttpRequestDescriptor); var cryptoProviderFactory = signedHttpRequestDescriptor.SigningCredentials.CryptoProviderFactory ?? signedHttpRequestDescriptor.SigningCredentials.Key.CryptoProviderFactory; if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider( signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm, signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(), true, out _)) { context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Signing), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm)); } var signedHttpRequestValidationContext = new SignedHttpRequestValidationContext(signedHttpRequest, theoryData.HttpRequestData, theoryData.TokenValidationParameters, theoryData.SignedHttpRequestValidationParameters); var result = await handler.ValidateSignedHttpRequestAsync(signedHttpRequestValidationContext, CancellationToken.None).ConfigureAwait(false); if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider( signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm, signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(), false, out _)) { context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Validate), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm)); } IdentityComparer.AreBoolsEqual(result.IsValid, theoryData.IsValid, context); if (result.Exception != null) { throw result.Exception; } Assert.NotNull(result); Assert.NotNull(result.SignedHttpRequest); Assert.NotNull(result.ValidatedSignedHttpRequest); Assert.NotNull(result.AccessTokenValidationResult); theoryData.ExpectedException.ProcessNoException(context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
public async Task PopTest_ExternalWilsonSigning_Async() { var confidentialApp = ConfidentialClientApplicationBuilder .Create(PublicCloudConfidentialClientID) .WithExperimentalFeatures() .WithAuthority(PublicCloudTestAuthority) .WithClientSecret(s_publicCloudCcaSecret) .Build(); // Create an RSA key Wilson style (SigningCredentials) var key = CreateRsaSecurityKey(); var popCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256); var popConfig = new PoPAuthenticationConfiguration() { PopCryptoProvider = new SigningCredentialsToPopCryptoProviderAdapter(popCredentials, true), SignHttpRequest = false, }; var result = await confidentialApp.AcquireTokenForClient(s_keyvaultScope) .WithProofOfPossession(popConfig) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.AreEqual("pop", result.TokenType); Assert.AreEqual( TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); SignedHttpRequestDescriptor signedHttpRequestDescriptor = new SignedHttpRequestDescriptor( result.AccessToken, new IdentityModel.Protocols.HttpRequestData() { Uri = new Uri(ProtectedUrl), Method = HttpMethod.Post.ToString() }, popCredentials); var signedHttpRequestHandler = new SignedHttpRequestHandler(); string req = signedHttpRequestHandler.CreateSignedHttpRequest(signedHttpRequestDescriptor); await VerifyPoPTokenAsync( PublicCloudConfidentialClientID, ProtectedUrl, HttpMethod.Post, req, "pop").ConfigureAwait(false); var result2 = await confidentialApp.AcquireTokenForClient(s_keyvaultScope) .WithProofOfPossession(popConfig) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.AreEqual( TokenSource.Cache, result2.AuthenticationResultMetadata.TokenSource); }
public void AddCnfClaimPublic(Dictionary <string, object> payload, SignedHttpRequestDescriptor signedHttpRequestDescriptor) { AddCnfClaim(payload, signedHttpRequestDescriptor); }
public string CreateHttpRequestPayloadPublic(SignedHttpRequestDescriptor signedHttpRequestDescriptor, CallContext callContext) { return(CreateHttpRequestPayload(signedHttpRequestDescriptor, callContext)); }