public async Task AuthenticateRequestTestX509ApiProxyIgnoresAuthorizationHeader_Success()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
var httpContext = new DefaultHttpContext();
var certContentBytes = CertificateHelper.GenerateSelfSignedCert($"test_cert").Export(X509ContentType.Cert);
string certContentBase64 = Convert.ToBase64String(certContentBytes);
string clientCertString = $"-----BEGIN CERTIFICATE-----\n{certContentBase64}\n-----END CERTIFICATE-----\n";
clientCertString = WebUtility.UrlEncode(clientCertString);
httpContext.Request.Headers.Add(Constants.ClientCertificateHeaderKey, new StringValues(clientCertString));
httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues("blah"));
httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20");
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true);
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName);
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext);
Assert.True(result.Authenticated);
Assert.Equal(string.Empty, result.ErrorMessage);
}
public async Task AuthenticateRequestTest_Success()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
var httpContext = new DefaultHttpContext();
httpContext.Connection.LocalPort = Constants.ApiProxyPort;
string sasToken = TokenHelper.CreateSasToken($"{iothubHostName}/devices/{deviceId}/modules/{moduleId}");
httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues(sasToken));
httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20");
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true);
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName);
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext);
Assert.True(result.Authenticated);
Assert.Equal(string.Empty, result.ErrorMessage);
}
public async Task AuthenticateRequestTestX509ApiProxyForward_NoProxyAuthorization_AuthFailed()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
string apiProxyId = "iotedgeApiProxy";
var httpContext = new DefaultHttpContext();
httpContext.Connection.RemoteIpAddress = new IPAddress(0);
var certContentBytes = CertificateHelper.GenerateSelfSignedCert($"test_cert").Export(X509ContentType.Cert);
string certContentBase64 = Convert.ToBase64String(certContentBytes);
string clientCertString = $"-----BEGIN CERTIFICATE-----\n{certContentBase64}\n-----END CERTIFICATE-----\n";
clientCertString = WebUtility.UrlEncode(clientCertString);
httpContext.Request.Headers.Add(Constants.ClientCertificateHeaderKey, new StringValues(clientCertString));
httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20");
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true);
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpProxiedCertificateExtractor = new Mock <IHttpProxiedCertificateExtractor>();
httpProxiedCertificateExtractor.Setup(p => p.GetClientCertificate(httpContext)).ThrowsAsync(new AuthenticationException($"Unable to authorize proxy {apiProxyId} to forward device certificate - Authorization header missing"));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName, httpProxiedCertificateExtractor.Object);
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext);
Assert.False(result.Authenticated);
Assert.Equal($"Unable to authenticate device with Id device_2/module_1 - Unable to authorize proxy {apiProxyId} to forward device certificate - Authorization header missing", result.ErrorMessage);
}
protected override void Load(ContainerBuilder builder)
{
// IValidator
builder.Register(c => new MethodRequestValidator())
.As <IValidator <MethodRequest> >()
.SingleInstance();
// IWebSocketListenerRegistry
builder.Register(c => new WebSocketListenerRegistry())
.As <IWebSocketListenerRegistry>()
.SingleInstance();
// IHttpAuthenticator
builder.Register(
async c =>
{
var authenticator = await c.Resolve <Task <IAuthenticator> >();
var credFactory = c.Resolve <IClientCredentialsFactory>();
IHttpRequestAuthenticator httpAuthenticator = new HttpRequestAuthenticator(authenticator, credFactory, this.iothubHostName);
return(httpAuthenticator);
})
.As <Task <IHttpRequestAuthenticator> >()
.SingleInstance();
base.Load(builder);
}
public async Task AuthenticateRequestX509Test_NoApiVersion_Success()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
var httpContext = new DefaultHttpContext();
var clientCert = CertificateHelper.GenerateSelfSignedCert($"test_cert");
httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues("blah"));
httpContext.Connection.ClientCertificate = clientCert;
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true);
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName, Mock.Of <IHttpProxiedCertificateExtractor>());
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext);
Assert.True(result.Authenticated);
Assert.Equal(string.Empty, result.ErrorMessage);
}
public async Task InvalidCredentialsRequestX509Test_AuthFailed()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
var httpContext = new DefaultHttpContext();
var clientCert = CertificateHelper.GenerateSelfSignedCert($"test_cert");
httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20");
httpContext.Connection.ClientCertificate = clientCert;
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(false);
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName, Mock.Of <IHttpProxiedCertificateExtractor>());
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext);
Assert.False(result.Authenticated);
Assert.Equal("Unable to authenticate device with Id device_2/module_1", result.ErrorMessage);
}
public async Task InvalidAuthenticateRequestTest_InvalidToken()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
var httpContext = new DefaultHttpContext();
httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues("invalidSasToken"));
httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20");
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true);
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName);
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), httpContext);
Assert.False(result.Authenticated);
Assert.Equal("Invalid Authorization header. Only SharedAccessSignature is supported.", result.ErrorMessage);
}
public async Task AuthenticateRequestTestX509_Success()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
var httpContext = new DefaultHttpContext();
var clientCert = CertificateHelper.GenerateSelfSignedCert($"test_cert");
httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20");
httpContext.Connection.ClientCertificate = clientCert;
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true);
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName);
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), httpContext);
Assert.True(result.Authenticated);
Assert.Equal(string.Empty, result.ErrorMessage);
}
public async Task InvalidAuthenticateRequestTest_MultipleAuthHeaders()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
var httpContext = new DefaultHttpContext();
httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues(new[] { "sasToken1", "sasToken2" }));
httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20");
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true);
var httpProxiedCertificateExtractor = Mock.Of <IHttpProxiedCertificateExtractor>();
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName, httpProxiedCertificateExtractor);
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), Option.None <string>(), httpContext);
Assert.False(result.Authenticated);
Assert.Equal("Invalid authorization header count", result.ErrorMessage);
}
public async Task InvalidCredentialsRequestTest_AuthFailed()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
var httpContext = new DefaultHttpContext();
string sasToken = TokenHelper.CreateSasToken($"{iothubHostName}/devices/{deviceId}/modules/{moduleId}");
httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues(sasToken));
httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20");
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(false);
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName);
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), httpContext);
Assert.False(result.Authenticated);
Assert.Equal("Unable to authenticate device with Id device_2/module_1", result.ErrorMessage);
}
public async Task InvalidAuthenticateRequestTest_TokenExpired()
{
string iothubHostName = "TestHub.azure-devices.net";
string deviceId = "device_2";
string moduleId = "module_1";
var httpContext = new DefaultHttpContext();
string sasToken = TokenHelper.CreateSasToken($"{iothubHostName}/devices/{deviceId}/modules/{moduleId}", expired: true);
httpContext.Request.Headers.Add(HeaderNames.Authorization, new StringValues(sasToken));
httpContext.Request.QueryString = new QueryString("?api-version=2017-10-20");
var authenticator = new Mock <IAuthenticator>();
authenticator.Setup(a => a.AuthenticateAsync(It.IsAny <IClientCredentials>())).ReturnsAsync(true);
var identityFactory = new ClientCredentialsFactory(new IdentityProvider(iothubHostName));
var httpRequestAuthenticator = new HttpRequestAuthenticator(authenticator.Object, identityFactory, iothubHostName);
HttpAuthResult result = await httpRequestAuthenticator.AuthenticateAsync(deviceId, Option.Some(moduleId), httpContext);
Assert.False(result.Authenticated);
Assert.Equal("Cannot parse SharedAccessSignature because of the following error - The specified SAS token is expired", result.ErrorMessage);
}
public GatewayController()
{
_restSharpComponent = new HttpRequestAuthenticator();
}
public PublishArticle(HttpRequestAuthenticator authenticator, CosmosArticleDb cmsDb)
{
Authenticator = authenticator;
CmsDb = cmsDb;
}
public GetImageUploadSasToken(HttpRequestAuthenticator authenticator, CosmosArticleDb cmsDb)
{
Authenticator = authenticator;
CmsDb = cmsDb;
}
public UpdateArticle(HttpRequestAuthenticator authenticator, CosmosArticleDb db)
{
Authenticator = authenticator;
CmsDb = db;
}
public DeleteArticle(HttpRequestAuthenticator authenticator, CosmosArticleDb db)
{
CmsDb = db;
Authenticator = authenticator;
}
public GetArticles(HttpRequestAuthenticator authenticator, CosmosArticleDb db)
{
Authenticator = authenticator;
CmsDb = db;
}
public LoanFeaturesSteps()
{
_restSharpComponent = new HttpRequestAuthenticator();
_loans = new List <Loan>();
}
public GatewayController()
{
_restSharpComponent = new HttpRequestAuthenticator();
}
