Esempio n. 1
0
        public void AuthenticatedPrincipalContainsMappedClaims()
        {
            var callerCertificate = new X509Certificate2(Convert.FromBase64String(ClientCertificateAuthenticationHandlerTests.Base64Certificate), ClientCertificateAuthenticationHandlerTests.CertificatePassword);
            var storeCertificate  = new X509Certificate2(Convert.FromBase64String(ClientCertificateAuthenticationHandlerTests.Base64Certificate), ClientCertificateAuthenticationHandlerTests.CertificatePassword);
            var mapping           = new ClientCertificateClaimsMap();

            mapping.AddCertificate(storeCertificate.Thumbprint, new Dictionary <string, string>
            {
                { CustomClaimTypes.MayAccessPriviledgedOperations, "true" },
                { CustomClaimTypes.Partner, "SQUIRE" }
            });

            var config = new ClientCertificateAuthenticationConfiguration
            {
                Enabled = true,
                EnforceLocalCertificateValidation  = false,
                SerializedCertificateClaimsMapping = mapping.Serialize()
            };

            var mockClock            = new Mock <IClock>();
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var mockDependencyScope  = new Mock <IDependencyScope>();
            var mockHandler          = new Mock <ClientCertificateAuthenticationHandler>(config, mockClock.Object)
            {
                CallBase = true
            };
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request              = new HttpRequestMessage();
            var requestContext       = new HttpRequestContext();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var authcontext   = new HttpAuthenticationContext(actionContext, null);

            requestContext.ClientCertificate = callerCertificate;
            controllerContext.RequestContext = requestContext;
            controllerContext.Request        = request;

            request.Properties.Add(HttpPropertyKeys.DependencyScope, mockDependencyScope.Object);
            request.Properties.Add(HttpPropertyKeys.RequestContextKey, requestContext);
            request.Properties.Add(HttpPropertyKeys.ClientCertificateKey, requestContext.ClientCertificate);

            mockClock.Setup(clock => clock.GetCurrentInstant()).Returns(Instant.FromDateTimeUtc(storeCertificate.NotBefore.AddDays(1).ToUniversalTime()));

            mockHandler.Protected()
            .Setup <X509Certificate2>("SearchForCertificate", ItExpr.Is <string>(thumb => String.Equals(thumb, storeCertificate.Thumbprint, StringComparison.OrdinalIgnoreCase)), ItExpr.IsAny <bool>())
            .Returns(storeCertificate);

            var principal = mockHandler.Object.Authenticate(new Dictionary <string, string>(), authcontext) as ClaimsPrincipal;

            principal.Should().NotBeNull("because the certificate was valid and a claims principal should have been returned");

            var identity = principal.Identity as ClaimsIdentity;

            identity.Should().NotBeNull("becaue the principal should contain a valid indentity");


            foreach (var mappedClaim in mapping[callerCertificate.Thumbprint])
            {
                var identityClaim = identity.FindFirst(claim => claim.Type == mappedClaim.Key);
                identityClaim.Should().NotBeNull($"because the { mappedClaim.Key } claim should exist");
                identityClaim.Value.Should().Be(mappedClaim.Value, $"because the claim value for { mappedClaim.Key } should match the mapping");
            }
        }
Esempio n. 2
0
        public void AuthenticateSucceedsForValidCertificates()
        {
            var callerCertificate = new X509Certificate2(Convert.FromBase64String(ClientCertificateAuthenticationHandlerTests.Base64Certificate), ClientCertificateAuthenticationHandlerTests.CertificatePassword);
            var storeCertificate  = new X509Certificate2(Convert.FromBase64String(ClientCertificateAuthenticationHandlerTests.Base64Certificate), ClientCertificateAuthenticationHandlerTests.CertificatePassword);
            var mapping           = new ClientCertificateClaimsMap();

            mapping.AddCertificate(storeCertificate.Thumbprint, new Dictionary <string, string>
            {
                { CustomClaimTypes.MayAccessPriviledgedOperations, "true" },
                { CustomClaimTypes.Partner, "SQUIRE" }
            });

            var config = new ClientCertificateAuthenticationConfiguration
            {
                Enabled = true,
                EnforceLocalCertificateValidation  = false,
                SerializedCertificateClaimsMapping = mapping.Serialize()
            };

            var mockClock            = new Mock <IClock>();
            var mockActionDescriptor = new Mock <HttpActionDescriptor>();
            var mockDependencyScope  = new Mock <IDependencyScope>();
            var mockHandler          = new Mock <ClientCertificateAuthenticationHandler>(config, mockClock.Object)
            {
                CallBase = true
            };
            var httpConfiguration    = new HttpConfiguration();
            var routeData            = new HttpRouteData(new HttpRoute());
            var request              = new HttpRequestMessage();
            var requestContext       = new HttpRequestContext();
            var controllerDescriptor = new HttpControllerDescriptor {
                Configuration = httpConfiguration, ControllerName = "generic"
            };
            var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
            {
                ControllerDescriptor = controllerDescriptor
            };
            var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
            var authcontext   = new HttpAuthenticationContext(actionContext, null);

            requestContext.ClientCertificate = callerCertificate;
            controllerContext.RequestContext = requestContext;
            controllerContext.Request        = request;

            request.Properties.Add(HttpPropertyKeys.DependencyScope, mockDependencyScope.Object);
            request.Properties.Add(HttpPropertyKeys.RequestContextKey, requestContext);
            request.Properties.Add(HttpPropertyKeys.ClientCertificateKey, requestContext.ClientCertificate);

            mockClock.Setup(clock => clock.GetCurrentInstant()).Returns(Instant.FromDateTimeUtc(storeCertificate.NotBefore.AddDays(1).ToUniversalTime()));

            mockHandler.Protected()
            .Setup <X509Certificate2>("SearchForCertificate", ItExpr.Is <string>(thumb => String.Equals(thumb, storeCertificate.Thumbprint, StringComparison.OrdinalIgnoreCase)), ItExpr.IsAny <bool>())
            .Returns(storeCertificate)
            .Verifiable();

            var result = mockHandler.Object.Authenticate(new Dictionary <string, string>(), authcontext);

            result.Should().NotBeNull("because the certificate was valid");

            mockHandler.VerifyAll();
        }