public async Task AuthenticateAsyncWithModuleThumbprintX509InScopeCacheFails() { string deviceId = "d1"; string moduleId = "m1"; string identity = FormattableString.Invariant($"{deviceId}/{moduleId}"); var primaryCertificate = TestCertificateHelper.GenerateSelfSignedCert("primo"); var primaryClientCertChain = new List <X509Certificate2>() { primaryCertificate }; var secondaryCertificate = TestCertificateHelper.GenerateSelfSignedCert("secondo"); var secondaryClientCertChain = new List <X509Certificate2>() { secondaryCertificate }; var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); IList <X509Certificate2> trustBundle = new List <X509Certificate2>(); var primaryCredentials = Mock.Of <ICertificateCredentials>( c => c.Identity == Mock.Of <IModuleIdentity>( i => i.DeviceId == deviceId && i.ModuleId == moduleId && i.Id == identity) && c.AuthenticationType == AuthenticationType.X509Cert && c.ClientCertificate == primaryCertificate && c.ClientCertificateChain == primaryClientCertChain); var secondaryCredentials = Mock.Of <ICertificateCredentials>( c => c.Identity == Mock.Of <IModuleIdentity>( i => i.DeviceId == deviceId && i.ModuleId == moduleId && i.Id == identity) && c.AuthenticationType == AuthenticationType.X509Cert && c.ClientCertificate == secondaryCertificate && c.ClientCertificateChain == secondaryClientCertChain); var serviceIdentity = new ServiceIdentity( deviceId, moduleId, "e1", new List <string>(), "1234", new string[0], new ServiceAuthentication(new X509ThumbprintAuthentication(primaryCertificate.Thumbprint, secondaryCertificate.Thumbprint)), ServiceIdentityStatus.Enabled); var authenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache.Object, UnderlyingAuthenticator, trustBundle, true); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == identity))).ReturnsAsync(Option.Some(serviceIdentity)); // Assert Assert.False(await authenticator.AuthenticateAsync(primaryCredentials)); Assert.False(await authenticator.AuthenticateAsync(secondaryCredentials)); }
public async Task AuthenticateAsyncWithModuleCAX509InScopeCacheFails() { var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2)); var notAfter = DateTime.Now.AddYears(1); var(caCert, caKeyPair) = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true); var(issuedClientCert, issuedClientKeyPair) = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, caKeyPair, false, null, null); IList <X509Certificate2> issuedClientCertChain = new List <X509Certificate2>() { caCert }; IList <X509Certificate2> trustBundle = new List <X509Certificate2>() { caCert }; string deviceId = "d1"; string moduleId = "MyIssuedTestClient"; string identity = FormattableString.Invariant($"{deviceId}/{moduleId}"); var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); var clientCredentials = Mock.Of <ICertificateCredentials>(c => c.Identity == Mock.Of <IModuleIdentity>(i => i.DeviceId == deviceId && i.ModuleId == moduleId && i.Id == identity) && c.AuthenticationType == AuthenticationType.X509Cert && c.ClientCertificate == issuedClientCert && c.ClientCertificateChain == issuedClientCertChain); var serviceIdentity = new ServiceIdentity(deviceId, moduleId, "1234", new string[0], new ServiceAuthentication(ServiceAuthenticationType.CertificateAuthority), ServiceIdentityStatus.Enabled); var authenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache.Object, UnderlyingAuthenticator, trustBundle, true); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == identity), false)).ReturnsAsync(Option.Some(serviceIdentity)); Assert.False(await authenticator.AuthenticateAsync(clientCredentials)); }
public async Task AuthenticateAsyncWithEmptyChainDeviceCAX509InScopeCacheFails() { var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2)); var notAfter = DateTime.Now.AddYears(1); var caCert = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true); var issuedClientCert = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, false, null, null); IList <X509Certificate2> issuedClientCertChain = new List <X509Certificate2>() { }; // empty chain supplied IList <X509Certificate2> trustBundle = new List <X509Certificate2>() { caCert }; string deviceId = "different from CN"; var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); var clientCredentials = Mock.Of <ICertificateCredentials>( c => c.Identity == Mock.Of <IDeviceIdentity>(i => i.DeviceId == deviceId && i.Id == deviceId) && c.AuthenticationType == AuthenticationType.X509Cert && c.ClientCertificate == issuedClientCert && c.ClientCertificateChain == issuedClientCertChain); var serviceIdentity = new ServiceIdentity( deviceId, "1234", new string[0], new ServiceAuthentication(ServiceAuthenticationType.CertificateAuthority), ServiceIdentityStatus.Enabled); var authenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache.Object, UnderlyingAuthenticator, trustBundle, true); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == deviceId))).ReturnsAsync(Option.Some(serviceIdentity)); Assert.False(await authenticator.AuthenticateAsync(clientCredentials)); }
public async Task AuthenticateAsyncWithNonX509CredsFails() { var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>(); IList <X509Certificate2> trustBundle = new List <X509Certificate2>(); IClientCredentials clientCredentials = Mock.Of <IClientCredentials>(); var authenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache, UnderlyingAuthenticator, trustBundle, true); Assert.False(await authenticator.AuthenticateAsync(clientCredentials)); }
public async Task AuthenticateAsyncWithDeviceThumbprintX509NotInScopeCacheFails() { string deviceId = "d1"; var primaryCertificate = TestCertificateHelper.GenerateSelfSignedCert("primo"); var primaryClientCertChain = new List <X509Certificate2>() { primaryCertificate }; var secondaryCertificate = TestCertificateHelper.GenerateSelfSignedCert("secondo"); var secondaryClientCertChain = new List <X509Certificate2>() { secondaryCertificate }; var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); IList <X509Certificate2> trustBundle = new List <X509Certificate2>(); var primaryCredentials = Mock.Of <ICertificateCredentials>( c => c.Identity == Mock.Of <IDeviceIdentity>(i => i.DeviceId == deviceId && i.Id == deviceId) && c.AuthenticationType == AuthenticationType.X509Cert && c.ClientCertificate == primaryCertificate && c.ClientCertificateChain == primaryClientCertChain); var secondaryCredentials = Mock.Of <ICertificateCredentials>( c => c.Identity == Mock.Of <IDeviceIdentity>(i => i.DeviceId == deviceId && i.Id == deviceId) && c.AuthenticationType == AuthenticationType.X509Cert && c.ClientCertificate == secondaryCertificate && c.ClientCertificateChain == secondaryClientCertChain); // setup identity for another device id var serviceIdentity = new ServiceIdentity( "some_other_device", "1234", new string[0], new ServiceAuthentication(new X509ThumbprintAuthentication(primaryCertificate.Thumbprint, secondaryCertificate.Thumbprint)), ServiceIdentityStatus.Enabled); var authenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache.Object, UnderlyingAuthenticator, trustBundle, true); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == "some_other_device"), false)).ReturnsAsync(Option.Some(serviceIdentity)); // Assert Assert.False(await authenticator.AuthenticateAsync(primaryCredentials)); Assert.False(await authenticator.AuthenticateAsync(secondaryCredentials)); }