public void ConstructorAllowsAnUnspecifiedClaimsMappingIsPresentInConfiguration(string serializedClaimsMap) { var config = new ClientCertificateAuthenticationConfiguration { Enabled = true, EnforceLocalCertificateValidation = false, SerializedCertificateClaimsMapping = serializedClaimsMap }; var handler = new ClientCertificateAuthenticationHandler(config, Mock.Of <IClock>()); var claimsMap = handler.GetType().GetField("claimsMap", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(handler) as Lazy <ClientCertificateClaimsMap>; claimsMap.Should().NotBeNull("because the handler should have created a claims map"); claimsMap.Value.Should().NotBeNull("because a default claims map should be created when no serialized value is present"); claimsMap.Value.GetCertificateThumbprints().Any().Should().BeFalse("because the defaul claims map should be empty"); }
public void AuthenticateDoesNotSucceedWithUnexpectedCallerCertificate() { var config = new ClientCertificateAuthenticationConfiguration { Enabled = true, EnforceLocalCertificateValidation = false, SerializedCertificateClaimsMapping = "{\"NOT-REAL-THUMPRINT\":{\"urn:ordering:security:privilege:sudo\":\"true\"}}" }; var mockClock = new Mock <IClock>(); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var mockDependencyScope = new Mock <IDependencyScope>(); var callerCertificate = new X509Certificate2(Convert.FromBase64String(ClientCertificateAuthenticationHandlerTests.Base64Certificate), ClientCertificateAuthenticationHandlerTests.CertificatePassword); var handler = new ClientCertificateAuthenticationHandler(config, mockClock.Object); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var requestContext = new HttpRequestContext(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationContext(actionContext, null); requestContext.ClientCertificate = callerCertificate; controllerContext.RequestContext = requestContext; controllerContext.Request = request; request.Properties.Add(HttpPropertyKeys.DependencyScope, mockDependencyScope.Object); request.Properties.Add(HttpPropertyKeys.RequestContextKey, requestContext); request.Properties.Add(HttpPropertyKeys.ClientCertificateKey, requestContext.ClientCertificate); var result = handler.Authenticate(new Dictionary <string, string>(), authcontext); result.Should().BeNull("because the caller certificate does not exist in the claims mapping for known certificates"); }
public void AuthenticateDoesNotSucceedWithMissingCallerCertificate() { var config = new ClientCertificateAuthenticationConfiguration { Enabled = true, EnforceLocalCertificateValidation = false, SerializedCertificateClaimsMapping = "{\"4497ebb9f0f694d219fe8652a8d4922fead6a5d9\":{\"urn:ordering:security:privilege:sudo\":\"true\"}}" }; var mockClock = new Mock <IClock>(); var mockActionDescriptor = new Mock <HttpActionDescriptor>(); var handler = new ClientCertificateAuthenticationHandler(config, mockClock.Object); var httpConfiguration = new HttpConfiguration(); var routeData = new HttpRouteData(new HttpRoute()); var request = new HttpRequestMessage(); var requestContext = new HttpRequestContext(); var controllerDescriptor = new HttpControllerDescriptor { Configuration = httpConfiguration, ControllerName = "generic" }; var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request) { ControllerDescriptor = controllerDescriptor }; var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object); var authcontext = new HttpAuthenticationContext(actionContext, null); requestContext.ClientCertificate = null; controllerContext.RequestContext = requestContext; controllerContext.Request = request; request.Properties.Add(HttpPropertyKeys.RequestContextKey, requestContext); request.Properties.Add(HttpPropertyKeys.ClientCertificateKey, requestContext.ClientCertificate); var result = handler.Authenticate(new Dictionary <string, string>(), authcontext); result.Should().BeNull("because there was no client certificate assocaited with the request"); }