/// <summary>
/// Refreshes the partner credentials.
/// </summary>
/// <param name="context">The partner context.</param>
/// <returns>A task which is complete when the refresh is done.</returns>
private async Task RefreshAsync(IRequestContext context)
{
if (AADToken.IsExpired())
{
if (tokenRefresher != null)
{
AuthenticationToken authenticationToken = await tokenRefresher(AADToken).ConfigureAwait(false);
if (authenticationToken == null)
{
throw new PartnerException("Token refresher returned null token.", context, PartnerErrorCategory.Unauthorized, null);
}
if (authenticationToken.IsExpired())
{
throw new PartnerException("Token refresher returned an expired token.", context, PartnerErrorCategory.Unauthorized, null);
}
AADToken = authenticationToken;
}
else
{
throw new PartnerException("AAD Token needs refreshing but no handler was registered.", context, PartnerErrorCategory.Unauthorized, null);
}
}
await AuthenticateAsync(context).ConfigureAwait(false);
}
/// <summary>
/// Initializes a new instance of the <see cref="UserPartnerCredentials" /> class.
/// </summary>
/// <param name="aadApplicationId">The id of the application in Azure Active Directory.</param>
/// <param name="aadAuthenticationToken">The Azure Active Directory token.</param>
/// <param name="aadTokenRefresher">An optional delegate which will be called when the Azure Active Directory token
/// expires and can no longer be used to generate the partner credentials. This delegate should return
/// an up to date Azure Active Directory token.</param>
public UserPartnerCredentials(string aadApplicationId, AuthenticationToken aadAuthenticationToken, TokenRefresher aadTokenRefresher = null)
: base(aadApplicationId)
{
aadAuthenticationToken.AssertNotNull(nameof(aadAuthenticationToken));
if (aadAuthenticationToken.IsExpired())
{
throw new ArgumentException(Resources.AuthenticationTokenExpired);
}
AADToken = aadAuthenticationToken;
tokenRefresher = aadTokenRefresher;
}
/// <exception cref="System.Exception"/>
private void TestValidDelegationTokenHeader()
{
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> dToken = (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)handler.GetTokenManager().CreateToken(UserGroupInformation
.GetCurrentUser(), "user");
Org.Mockito.Mockito.When(request.GetHeader(Org.Mockito.Mockito.Eq(DelegationTokenAuthenticator
.DelegationTokenHeader))).ThenReturn(dToken.EncodeToUrlString());
AuthenticationToken token = handler.Authenticate(request, response);
Assert.Equal(UserGroupInformation.GetCurrentUser().GetShortUserName
(), token.GetUserName());
Assert.Equal(0, token.GetExpires());
Assert.Equal(handler.GetType(), token.GetType());
Assert.True(token.IsExpired());
}
