public void ConstructorAllowsAnUnspecifiedClaimsMappingIsPresentInConfiguration(string serializedClaimsMap)
{
var config = new ClientCertificateAuthenticationConfiguration
{
Enabled = true,
EnforceLocalCertificateValidation = false,
SerializedCertificateClaimsMapping = serializedClaimsMap
};
var handler = new ClientCertificateAuthenticationHandler(config, Mock.Of <IClock>());
var claimsMap = handler.GetType().GetField("claimsMap", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(handler) as Lazy <ClientCertificateClaimsMap>;
claimsMap.Should().NotBeNull("because the handler should have created a claims map");
claimsMap.Value.Should().NotBeNull("because a default claims map should be created when no serialized value is present");
claimsMap.Value.GetCertificateThumbprints().Any().Should().BeFalse("because the defaul claims map should be empty");
}
public void AuthenticateDoesNotSucceedWithUnexpectedCallerCertificate()
{
var config = new ClientCertificateAuthenticationConfiguration
{
Enabled = true,
EnforceLocalCertificateValidation = false,
SerializedCertificateClaimsMapping = "{\"NOT-REAL-THUMPRINT\":{\"urn:ordering:security:privilege:sudo\":\"true\"}}"
};
var mockClock = new Mock <IClock>();
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var mockDependencyScope = new Mock <IDependencyScope>();
var callerCertificate = new X509Certificate2(Convert.FromBase64String(ClientCertificateAuthenticationHandlerTests.Base64Certificate), ClientCertificateAuthenticationHandlerTests.CertificatePassword);
var handler = new ClientCertificateAuthenticationHandler(config, mockClock.Object);
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var requestContext = new HttpRequestContext();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic"
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var authcontext = new HttpAuthenticationContext(actionContext, null);
requestContext.ClientCertificate = callerCertificate;
controllerContext.RequestContext = requestContext;
controllerContext.Request = request;
request.Properties.Add(HttpPropertyKeys.DependencyScope, mockDependencyScope.Object);
request.Properties.Add(HttpPropertyKeys.RequestContextKey, requestContext);
request.Properties.Add(HttpPropertyKeys.ClientCertificateKey, requestContext.ClientCertificate);
var result = handler.Authenticate(new Dictionary <string, string>(), authcontext);
result.Should().BeNull("because the caller certificate does not exist in the claims mapping for known certificates");
}
public void AuthenticateDoesNotSucceedWithMissingCallerCertificate()
{
var config = new ClientCertificateAuthenticationConfiguration
{
Enabled = true,
EnforceLocalCertificateValidation = false,
SerializedCertificateClaimsMapping = "{\"4497ebb9f0f694d219fe8652a8d4922fead6a5d9\":{\"urn:ordering:security:privilege:sudo\":\"true\"}}"
};
var mockClock = new Mock <IClock>();
var mockActionDescriptor = new Mock <HttpActionDescriptor>();
var handler = new ClientCertificateAuthenticationHandler(config, mockClock.Object);
var httpConfiguration = new HttpConfiguration();
var routeData = new HttpRouteData(new HttpRoute());
var request = new HttpRequestMessage();
var requestContext = new HttpRequestContext();
var controllerDescriptor = new HttpControllerDescriptor {
Configuration = httpConfiguration, ControllerName = "generic"
};
var controllerContext = new HttpControllerContext(httpConfiguration, routeData, request)
{
ControllerDescriptor = controllerDescriptor
};
var actionContext = new HttpActionContext(controllerContext, mockActionDescriptor.Object);
var authcontext = new HttpAuthenticationContext(actionContext, null);
requestContext.ClientCertificate = null;
controllerContext.RequestContext = requestContext;
controllerContext.Request = request;
request.Properties.Add(HttpPropertyKeys.RequestContextKey, requestContext);
request.Properties.Add(HttpPropertyKeys.ClientCertificateKey, requestContext.ClientCertificate);
var result = handler.Authenticate(new Dictionary <string, string>(), authcontext);
result.Should().BeNull("because there was no client certificate assocaited with the request");
}
