// Create the token engines for a successful test and then the control test.
private async Task <(KV2SecretEngine engKV2OK, KV2SecretEngine engKV2FAIL)> SetupTokenEngines(string policyWithPermission)
{
// Get connection to Token Engine so we can create tokens.
TokenAuthEngine tokenEng = (TokenAuthEngine)_vaultAgentAPI.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);
// AA - The token that will have the policy.
TokenNewSettings tokenASettings = new TokenNewSettings();
tokenASettings.Policies.Add(policyWithPermission);
Token tokenOK = await tokenEng.CreateToken(tokenASettings);
// AB - The token that will not have the policy.
TokenNewSettings tokenBSettings = new TokenNewSettings();
tokenBSettings.Policies.Add("default");
Token tokenFAIL = await tokenEng.CreateToken(tokenBSettings);
// AC - Create 2 Vault Instances that will use each Token.
VaultAgentAPI vaultOK = await VaultServerRef.ConnectVault("OKVault", tokenOK.ID);
VaultAgentAPI vaultFail = await VaultServerRef.ConnectVault("FailVault", tokenFAIL.ID);
//VaultAgentAPI vaultOK = new VaultAgentAPI("OKToken", _vaultAgentAPI.IP, _vaultAgentAPI.Port, tokenOK.ID);
//VaultAgentAPI vaultFail = new VaultAgentAPI("FAILToken", _vaultAgentAPI.IP, _vaultAgentAPI.Port, tokenFAIL.ID);
_vaultAgents.Add(vaultOK);
_vaultAgents.Add(vaultFail);
// AD - Create the KeyValue Engines for each Token
KV2SecretEngine engKV2OK = (KV2SecretEngine)vaultOK.ConnectToSecretBackend(EnumSecretBackendTypes.KeyValueV2, _beName, _beName);
KV2SecretEngine engKV2FAIL = (KV2SecretEngine)vaultFail.ConnectToSecretBackend(EnumSecretBackendTypes.KeyValueV2, _beName, _beName);
return(engKV2OK, engKV2FAIL);
}
public async Task RevokeTokenWithChildren_ChildrenOrphaned()
{
// Create a new token.
string tokenName = UK.GetKey("ParentOrp");
TokenNewSettings tokenNewSettings = new TokenNewSettings()
{
Name = tokenName,
};
Token parent = await _tokenAuthEngine.CreateToken(tokenNewSettings);
Assert.NotNull(parent, "A1: Error creating the parent token - expected to receive the new token back, instead we received a null value.");
VaultAgentAPI v1 = await VaultServerRef.ConnectVault("TokenAuth2", parent.ID);
TokenAuthEngine TAE = (TokenAuthEngine)v1.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);
// Now create 3 child tokens.
Token token1 = await TAE.CreateToken(tokenNewSettings);
Assert.NotNull(token1, "A2: Error creating a new token - expected to receive the new token back, instead we received a null value.");
// Token 2.
tokenNewSettings.Name = "Token2";
Token token2 = await TAE.CreateToken(tokenNewSettings);
Assert.NotNull(token2, "A3: Error creating a new token - expected to receive the new token back, instead we received a null value.");
// Token 3.
tokenNewSettings.Name = "Token3";
Token token3 = await TAE.CreateToken(tokenNewSettings);
Assert.NotNull(token3, "A4: Error creating a new token - expected to receive the new token back, instead we received a null value.");
// Now revoke the Parent token.
Assert.IsTrue(await _tokenAuthEngine.RevokeToken(parent.ID, false), "A5: Revocation of parent token was not successful.");
Token parent2 = await _tokenAuthEngine.GetTokenWithID(parent.ID);
Assert.IsNull(parent2, "A6: The parent token should have been revoked. But it still exists.");
// Validate that each of the child tokens is revoked as well.
Token a1 = await _tokenAuthEngine.GetTokenWithID(token1.ID);
Token a2 = await _tokenAuthEngine.GetTokenWithID(token2.ID);
Token a3 = await _tokenAuthEngine.GetTokenWithID(token3.ID);
Assert.IsNotNull(a1, "A7: Expected the child token to still exist. But it is null");
Assert.IsNotNull(a2, "A8: Expected the child token to still exist. But it is null");
Assert.IsNotNull(a3, "A9: Expected the child token to still exist. But it is null");
Assert.IsTrue(a1.IsOrphan, "A10: Expected token to be marked as an orphan.");
Assert.IsTrue(a2.IsOrphan, "A11: Expected token to be marked as an orphan.");
Assert.IsTrue(a3.IsOrphan, "A12: Expected token to be marked as an orphan.");
}
public async Task CreateToken()
{
// SETUP
// We need our own vault since we will be manipulating the token value
VaultAgentAPI ourVault = await VaultServerRef.ConnectVault("TokenTest");
TokenAuthEngine ourTokenAuthEngine = (TokenAuthEngine)ourVault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);
// Need a Token Role so we can autogenerate a token
TokenRole tokenRole = new TokenRole();
tokenRole.Name = UK.GetKey();
await ourTokenAuthEngine.SaveTokenRole(tokenRole);
string tokenName = "Name" + tokenRole.Name;
TokenNewSettings tokenNewSettings = new TokenNewSettings()
{
Name = tokenName,
NumberOfUses = 6,
NoParentToken = true,
RoleName = tokenRole.Name
};
Token token = await ourTokenAuthEngine.CreateToken(tokenNewSettings);
Assert.NotNull(token, "A10: Expected to receive the new token back, instead we received a null value.");
// Read the token we just created.
//Token token = await _tokenAuthEngine.GetTokenWithID(tokenID);
Assert.IsNotNull(token, "A20: No Token returned. Was expecting one.");
ourVault.TokenID = token.ID;
Assert.AreEqual(ourVault.TokenID, token.ID, "A30: Vault did not store token correctly");
}
public async Task ChangingToken_ChangesHTTPHeaders()
{
// Get current token:
Token currentToken = await vault.RefreshActiveToken();
// We will need to create a new token.
TokenAuthEngine _tokenAuthEngine = (TokenAuthEngine)vault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);
TokenNewSettings tokenNewSettings = new TokenNewSettings();
tokenNewSettings.Name = "NewToken";
tokenNewSettings.MaxTTL = "60s";
tokenNewSettings.NumberOfUses = 14;
Token newToken = await _tokenAuthEngine.CreateToken(tokenNewSettings);
Assert.NotNull(newToken, "A1: Created a token, expected it to not be null.");
Assert.AreNotEqual(currentToken.ID, newToken.ID);
// Now set token.
vault.Token = newToken;
// Now retrieve the current token. This will force it to go back to the Vault instance with the new token. should be the same as newToken.
Token newCurrentToken = await vault.RefreshActiveToken();
Assert.AreEqual(newToken.ID, newCurrentToken.ID);
Assert.AreNotEqual(currentToken.ID, newCurrentToken.ID);
}
public async Task NormalLogin()
{
// SETUP
// We need our own vault since we will be manipulating the token value
VaultAgentAPI ourVault = await VaultServerRef.ConnectVault("TokenTest");
TokenAuthEngine ourTokenAuthEngine = (TokenAuthEngine)ourVault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);
// Need a Token Role so we can autogenerate a token
TokenRole tokenRole = new TokenRole();
UniqueKeys UK = new UniqueKeys("", ""); // Unique Key generator
tokenRole.Name = UK.GetKey();
await ourTokenAuthEngine.SaveTokenRole(tokenRole);
string tokenName = "Name" + tokenRole.Name;
TokenNewSettings tokenNewSettings = new TokenNewSettings()
{
Name = tokenName,
NumberOfUses = 6,
NoParentToken = true,
RoleName = tokenRole.Name
};
Token token = await ourTokenAuthEngine.CreateToken(tokenNewSettings);
Assert.NotNull(token, "A10: Expected to receive the new token back, instead we received a null value.");
// Read the token we just created.
//Token token = await _tokenAuthEngine.GetTokenWithID(tokenID);
Assert.IsNotNull(token, "A20: No Token returned. Was expecting one.");
VaultAgentAPI vault2 = await VaultServerRef.ConnectVault("TokenLoginTest");
TokenLoginConnector loginConnector = new TokenLoginConnector(vault2, "test");
loginConnector.TokenId = token.ID;
Assert.IsTrue(await loginConnector.Connect(), "A30: Login Failed");
}
public async Task CreateTokenWithSettingsObject()
{
string tokenID = UK.GetKey("token");
int numUses = 19;
string tokenName = "Name" + tokenID.ToString();
bool parent = true;
TokenNewSettings tokenNewSettings = new TokenNewSettings()
{
ID = tokenID,
Name = tokenName,
NumberOfUses = numUses,
NoParentToken = parent
};
Token token = await _tokenAuthEngine.CreateToken(tokenNewSettings);
Assert.NotNull(token, "A1: Expected to receive the new token back, instead we received a null value.");
//Assert.True(await _tokenAuthEngine.CreateToken(tokenNewSettings));
// Read the token we just created.
//Token token = await _tokenAuthEngine.GetTokenWithID(tokenID);
Assert.IsNotNull(token, "M1: No Token returned. Was expecting one.");
// Vault seems to prepend the auth backends name to the display name.
Assert.AreEqual("token-" + tokenName, token.DisplayName, "M2: Token names are not equal");
Assert.AreEqual(tokenID, token.ID, "M3: Token ID's are not equal");
Assert.AreEqual(numUses, token.NumberOfUses, "M4: Token number of uses are not equal");
Assert.AreEqual(parent, token.IsOrphan, "M5: Token parent setting is not the same as IsOrphan");
}