public void ProcessAuthorizationHeaderSuccess()
{
var request = new HttpRequestMessage();
var creds = new ImmutableCredentials("accessKeyId", "secretKey", "token");
ServerModeHttpClientAuthorizationHandler.AddAuthorizationHeader(request, creds);
if (!request.Headers.TryGetValues("Authorization", out var value))
{
throw new Exception("Missing Authorization header");
}
var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader(value.FirstOrDefault(), new NoEncryptionProvider());
Assert.True(authResults.Succeeded);
}
public void AuthPassCredentialsEncrypted()
{
var aes = Aes.Create();
var request = new HttpRequestMessage();
var creds = new ImmutableCredentials("accessKeyId", "secretKey", "token");
ServerModeHttpClientAuthorizationHandler.AddAuthorizationHeader(request, creds, aes);
if (!request.Headers.TryGetValues("Authorization", out var value))
{
throw new Exception("Missing Authorization header");
}
var authPayloadBase64 = value.FirstOrDefault().Split(' ')[1];
var authPayload = Encoding.UTF8.GetString(Convert.FromBase64String(authPayloadBase64));
// This should fail because the payload is encrypted.
Assert.Throws <JsonReaderException>(() => JsonConvert.DeserializeObject(authPayload));
var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader(value.FirstOrDefault(), new AesEncryptionProvider(aes));
Assert.True(authResults.Succeeded);
var accessKeyId = authResults.Principal.Claims.FirstOrDefault(x => string.Equals(AwsCredentialsAuthenticationHandler.ClaimAwsAccessKeyId, x.Type))?.Value;
Assert.Equal(creds.AccessKey, accessKeyId);
var secretKey = authResults.Principal.Claims.FirstOrDefault(x => string.Equals(AwsCredentialsAuthenticationHandler.ClaimAwsSecretKey, x.Type))?.Value;
Assert.Equal(creds.SecretKey, secretKey);
var token = authResults.Principal.Claims.FirstOrDefault(x => string.Equals(AwsCredentialsAuthenticationHandler.ClaimAwsSessionToken, x.Type))?.Value;
Assert.Equal(creds.Token, token);
}
