Esempio n. 1
0
        // Create the token engines for a successful test and then the control test.
        private async Task <(KV2SecretEngine engKV2OK, KV2SecretEngine engKV2FAIL)> SetupTokenEngines(string policyWithPermission)
        {
            // Get connection to Token Engine so we can create tokens.
            TokenAuthEngine tokenEng = (TokenAuthEngine)_vaultAgentAPI.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);

            // AA - The token that will have the policy.
            TokenNewSettings tokenASettings = new TokenNewSettings();

            tokenASettings.Policies.Add(policyWithPermission);
            Token tokenOK = await tokenEng.CreateToken(tokenASettings);

            // AB - The token that will not have the policy.
            TokenNewSettings tokenBSettings = new TokenNewSettings();

            tokenBSettings.Policies.Add("default");
            Token tokenFAIL = await tokenEng.CreateToken(tokenBSettings);


            // AC - Create 2 Vault Instances that will use each Token.
            VaultAgentAPI vaultOK = await VaultServerRef.ConnectVault("OKVault", tokenOK.ID);

            VaultAgentAPI vaultFail = await VaultServerRef.ConnectVault("FailVault", tokenFAIL.ID);

            //VaultAgentAPI vaultOK = new VaultAgentAPI("OKToken", _vaultAgentAPI.IP, _vaultAgentAPI.Port, tokenOK.ID);
            //VaultAgentAPI vaultFail = new VaultAgentAPI("FAILToken", _vaultAgentAPI.IP, _vaultAgentAPI.Port, tokenFAIL.ID);
            _vaultAgents.Add(vaultOK);
            _vaultAgents.Add(vaultFail);


            // AD - Create the KeyValue Engines for each Token
            KV2SecretEngine engKV2OK   = (KV2SecretEngine)vaultOK.ConnectToSecretBackend(EnumSecretBackendTypes.KeyValueV2, _beName, _beName);
            KV2SecretEngine engKV2FAIL = (KV2SecretEngine)vaultFail.ConnectToSecretBackend(EnumSecretBackendTypes.KeyValueV2, _beName, _beName);

            return(engKV2OK, engKV2FAIL);
        }
Esempio n. 2
0
        public async Task RevokeTokenWithChildren_ChildrenOrphaned()
        {
            // Create a new token.
            string           tokenName        = UK.GetKey("ParentOrp");
            TokenNewSettings tokenNewSettings = new TokenNewSettings()
            {
                Name = tokenName,
            };
            Token parent = await _tokenAuthEngine.CreateToken(tokenNewSettings);

            Assert.NotNull(parent, "A1:  Error creating the parent token - expected to receive the new token back, instead we received a null value.");

            VaultAgentAPI v1 = await VaultServerRef.ConnectVault("TokenAuth2", parent.ID);

            TokenAuthEngine TAE = (TokenAuthEngine)v1.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);


            // Now create 3 child tokens.

            Token token1 = await TAE.CreateToken(tokenNewSettings);

            Assert.NotNull(token1, "A2:  Error creating a new token - expected to receive the new token back, instead we received a null value.");

            // Token 2.
            tokenNewSettings.Name = "Token2";
            Token token2 = await TAE.CreateToken(tokenNewSettings);

            Assert.NotNull(token2, "A3:  Error creating a new token - expected to receive the new token back, instead we received a null value.");

            // Token 3.
            tokenNewSettings.Name = "Token3";
            Token token3 = await TAE.CreateToken(tokenNewSettings);

            Assert.NotNull(token3, "A4:  Error creating a new token - expected to receive the new token back, instead we received a null value.");


            // Now revoke the Parent token.
            Assert.IsTrue(await _tokenAuthEngine.RevokeToken(parent.ID, false), "A5:  Revocation of parent token was not successful.");

            Token parent2 = await _tokenAuthEngine.GetTokenWithID(parent.ID);

            Assert.IsNull(parent2, "A6:  The parent token should have been revoked.  But it still exists.");

            // Validate that each of the child tokens is revoked as well.
            Token a1 = await _tokenAuthEngine.GetTokenWithID(token1.ID);

            Token a2 = await _tokenAuthEngine.GetTokenWithID(token2.ID);

            Token a3 = await _tokenAuthEngine.GetTokenWithID(token3.ID);

            Assert.IsNotNull(a1, "A7:  Expected the child token to still exist.  But it is null");
            Assert.IsNotNull(a2, "A8:  Expected the child token to still exist.  But it is null");
            Assert.IsNotNull(a3, "A9:  Expected the child token to still exist.  But it is null");
            Assert.IsTrue(a1.IsOrphan, "A10: Expected token to be marked as an orphan.");
            Assert.IsTrue(a2.IsOrphan, "A11: Expected token to be marked as an orphan.");
            Assert.IsTrue(a3.IsOrphan, "A12: Expected token to be marked as an orphan.");
        }
Esempio n. 3
0
        public async Task CreateToken()
        {
            // SETUP

            // We need our own vault since we will be manipulating the token value
            VaultAgentAPI ourVault = await VaultServerRef.ConnectVault("TokenTest");

            TokenAuthEngine ourTokenAuthEngine = (TokenAuthEngine)ourVault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);

            // Need a Token Role so we can autogenerate a token
            TokenRole tokenRole = new TokenRole();

            tokenRole.Name = UK.GetKey();
            await ourTokenAuthEngine.SaveTokenRole(tokenRole);

            string           tokenName        = "Name" + tokenRole.Name;
            TokenNewSettings tokenNewSettings = new TokenNewSettings()
            {
                Name          = tokenName,
                NumberOfUses  = 6,
                NoParentToken = true,
                RoleName      = tokenRole.Name
            };

            Token token = await ourTokenAuthEngine.CreateToken(tokenNewSettings);

            Assert.NotNull(token, "A10:  Expected to receive the new token back, instead we received a null value.");

            // Read the token we just created.
            //Token token = await _tokenAuthEngine.GetTokenWithID(tokenID);
            Assert.IsNotNull(token, "A20: No Token returned.  Was expecting one.");

            ourVault.TokenID = token.ID;
            Assert.AreEqual(ourVault.TokenID, token.ID, "A30: Vault did not store token correctly");
        }
Esempio n. 4
0
        public async Task ChangingToken_ChangesHTTPHeaders()
        {
            // Get current token:
            Token currentToken = await vault.RefreshActiveToken();

            // We will need to create a new token.
            TokenAuthEngine  _tokenAuthEngine = (TokenAuthEngine)vault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);
            TokenNewSettings tokenNewSettings = new TokenNewSettings();

            tokenNewSettings.Name         = "NewToken";
            tokenNewSettings.MaxTTL       = "60s";
            tokenNewSettings.NumberOfUses = 14;

            Token newToken = await _tokenAuthEngine.CreateToken(tokenNewSettings);

            Assert.NotNull(newToken, "A1:  Created a token, expected it to not be null.");
            Assert.AreNotEqual(currentToken.ID, newToken.ID);

            // Now set token.
            vault.Token = newToken;

            // Now retrieve the current token.  This will force it to go back to the Vault instance with the new token.  should be the same as newToken.
            Token newCurrentToken = await vault.RefreshActiveToken();

            Assert.AreEqual(newToken.ID, newCurrentToken.ID);
            Assert.AreNotEqual(currentToken.ID, newCurrentToken.ID);
        }
Esempio n. 5
0
        public async Task NormalLogin()
        {
            // SETUP

            // We need our own vault since we will be manipulating the token value
            VaultAgentAPI ourVault = await VaultServerRef.ConnectVault("TokenTest");

            TokenAuthEngine ourTokenAuthEngine = (TokenAuthEngine)ourVault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);

            // Need a Token Role so we can autogenerate a token
            TokenRole tokenRole = new TokenRole();

            UniqueKeys UK = new UniqueKeys("", "");       // Unique Key generator

            tokenRole.Name = UK.GetKey();
            await ourTokenAuthEngine.SaveTokenRole(tokenRole);

            string           tokenName        = "Name" + tokenRole.Name;
            TokenNewSettings tokenNewSettings = new TokenNewSettings()
            {
                Name          = tokenName,
                NumberOfUses  = 6,
                NoParentToken = true,
                RoleName      = tokenRole.Name
            };

            Token token = await ourTokenAuthEngine.CreateToken(tokenNewSettings);

            Assert.NotNull(token, "A10:  Expected to receive the new token back, instead we received a null value.");

            // Read the token we just created.
            //Token token = await _tokenAuthEngine.GetTokenWithID(tokenID);
            Assert.IsNotNull(token, "A20: No Token returned.  Was expecting one.");


            VaultAgentAPI vault2 = await VaultServerRef.ConnectVault("TokenLoginTest");

            TokenLoginConnector loginConnector = new TokenLoginConnector(vault2, "test");

            loginConnector.TokenId = token.ID;
            Assert.IsTrue(await loginConnector.Connect(), "A30:  Login Failed");
        }
Esempio n. 6
0
        public async Task CreateTokenWithSettingsObject()
        {
            string tokenID   = UK.GetKey("token");
            int    numUses   = 19;
            string tokenName = "Name" + tokenID.ToString();
            bool   parent    = true;

            TokenNewSettings tokenNewSettings = new TokenNewSettings()
            {
                ID            = tokenID,
                Name          = tokenName,
                NumberOfUses  = numUses,
                NoParentToken = parent
            };

            Token token = await _tokenAuthEngine.CreateToken(tokenNewSettings);

            Assert.NotNull(token, "A1:  Expected to receive the new token back, instead we received a null value.");
            //Assert.True(await _tokenAuthEngine.CreateToken(tokenNewSettings));

            // Read the token we just created.
            //Token token = await _tokenAuthEngine.GetTokenWithID(tokenID);
            Assert.IsNotNull(token, "M1: No Token returned.  Was expecting one.");

            // Vault seems to prepend the auth backends name to the display name.
            Assert.AreEqual("token-" + tokenName, token.DisplayName, "M2: Token names are not equal");

            Assert.AreEqual(tokenID, token.ID, "M3: Token ID's are not equal");
            Assert.AreEqual(numUses, token.NumberOfUses, "M4: Token number of uses are not equal");
            Assert.AreEqual(parent, token.IsOrphan, "M5: Token parent setting is not the same as IsOrphan");
        }