public void InvalidAuthChainTest_UnauthorizedActor()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string rootEdgeId = "rootEdge";
string actorEdgeId = "childEdge";
string leafDeviceId = "leaf";
var authChain = Option.Some <string>(leafDeviceId + ";" + "NotActorEdge" + ";" + rootEdgeId);
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
string key = GetKey();
deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == leafDeviceId)))
.ReturnsAsync(authChain);
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == leafDeviceId && d.Id == leafDeviceId);
string token = GetDeviceToken(iothubHostName, actorEdgeId, Constants.EdgeHubModuleId, key);
SharedAccessSignature sharedAccessSignature = SharedAccessSignature.Parse(iothubHostName, token);
string audience = sharedAccessSignature.Audience;
// Act
bool isAuthenticated = authenticator.ValidateAudience(audience, identity, authChain);
// Assert
Assert.False(isAuthenticated);
}
public void InvalidAudienceTest_Hostname()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>();
string key = GetKey();
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId);
string token = GetDeviceToken("edgehub2", deviceId, key);
SharedAccessSignature sharedAccessSignature = SharedAccessSignature.Parse(edgehubHostName, token);
string audience = sharedAccessSignature.Audience;
// Act
bool isAuthenticated = authenticator.ValidateAudience(audience, identity);
// Assert
Assert.False(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
}
public void InvalidAudienceTest_Device_Format()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>();
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId);
string audience = $"{iothubHostName}/devices/{deviceId}/foo";
// Act
bool isAuthenticated = authenticator.ValidateAudience(audience, identity);
// Assert
Assert.False(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
}
public void InvalidAudienceTest_Module_Format()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
string moduleId = "m1";
var connectionManager = Mock.Of <IConnectionManager>();
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>();
string key = GetKey();
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, iothubHostName, edgehubHostName, underlyingAuthenticator, connectionManager);
var identity = Mock.Of <IModuleIdentity>(d => d.DeviceId == deviceId && d.ModuleId == moduleId && d.Id == $"{deviceId}/{moduleId}");
string audience = $"{iothubHostName}/devices/{deviceId}/modules/{moduleId}/m1";
// Act
bool isAuthenticated = authenticator.ValidateAudience(audience, identity);
// Assert
Assert.False(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
}