public void CanCRUDApplication()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IGraphRbacManager manager = TestHelper.CreateGraphRbacManager();
String name = SdkContext.RandomResourceName("javasdkapp", 20);
IActiveDirectoryApplication application = null;
try
{
application = manager.Applications.Define(name)
.WithSignOnUrl("http://easycreate.azure.com/" + name)
.DefinePasswordCredential("passwd")
.WithPasswordValue("P@ssw0rd")
.WithDuration(TimeSpan.FromDays(100))
.Attach()
.DefineCertificateCredential("cert")
.WithAsymmetricX509Certificate()
.WithPublicKey(File.ReadAllBytes("Assets/myTest.cer"))
.WithDuration(TimeSpan.FromDays(100))
.Attach()
.DefineCertificateCredential("cert")
.WithAsymmetricX509Certificate()
.WithPublicKey(File.ReadAllBytes("Assets/myTest2.cer"))
.WithDuration(TimeSpan.FromDays(80))
.Attach()
.Create();
Console.WriteLine(application.Id + " - " + application.ApplicationId);
Assert.NotNull(application.Id);
Assert.NotNull(application.ApplicationId);
Assert.Equal(name, application.Name);
Assert.Equal(2, application.CertificateCredentials.Count);
Assert.Equal(1, application.PasswordCredentials.Count);
Assert.Equal(1, application.ReplyUrls.Count);
Assert.Equal(1, application.IdentifierUris.Count);
Assert.Equal("http://easycreate.azure.com/" + name, application.SignOnUrl.ToString());
application.Update()
.WithoutCredential("passwd")
.Apply();
Console.WriteLine(application.Id + " - " + application.ApplicationId);
Assert.Equal(0, application.PasswordCredentials.Count);
}
finally
{
if (application != null)
{
manager.Applications.DeleteById(application.Id);
}
}
}
}
private static void UpdateApplication(Azure.IAuthenticated authenticated, IActiveDirectoryApplication activeDirectoryApplication)
{
Utilities.Log("Updating Active Directory application...");
activeDirectoryApplication.Update()
// add another password credentials
.DefinePasswordCredential("password-1")
.WithPasswordValue("P@ssw0rd-1")
.WithDuration(TimeSpan.FromDays(700))
.Attach()
// add a reply url
.WithReplyUrl("http://localhost:8080")
.Apply();
}
public async Task RemoveExpiredKeys(IActiveDirectoryApplication application)
{
Log.LogDebug($"Remove expired keys of application with Id '{application.Id}'");
try
{
var expiredCredentials = application
.PasswordCredentials
.Where(s => s.Value.EndDate < DateTime.UtcNow)
.ToList();
if (expiredCredentials.Any())
{
foreach (var expiredCredential in expiredCredentials)
{
string keyName = expiredCredential.Value.Name;
await application
.Update()
.WithoutCredential(keyName)
.ApplyAsync();
Log.LogInformation($"Removed the expired key '{keyName}' of application with id '{application.Id}'");
}
}
else
{
Log.LogInformation($"No expired keys to remove for application with id '{application.Id}'");
}
Log.LogDebug($"Removed all expired keys of application with id '{application.Id}'");
}
catch (GraphErrorException ex)
{
if (ex.Response.StatusCode == HttpStatusCode.Forbidden)
{
Log.LogError($"Forbidden to remove expired keys of active directory application with id '{application.Id}'");
Log.LogDebug($"Extra info for application with id '{application.Id}': '{ex.Response.Content}'.");
}
else
{
Log.LogError(ex.Response.Content);
}
}
}
public async Task AddSecretToActiveDirectoryApplication(IActiveDirectoryApplication application, string keyName, string key, int keyDurationInMinutes)
{
Log.LogDebug($"Add new secret to application with Id '{application.Id}'");
string availableKeyName = GetAvailableKeyName(application, keyName, 1);
if (keyDurationInMinutes < 1)
{
keyDurationInMinutes = Convert.ToInt32(Environment.GetEnvironmentVariable("KeyDurationInMinutes", EnvironmentVariableTarget.Process));
Log.LogDebug($"No custom keyduration so use default keyduration of '{keyName}' minutes");
}
var duration = new TimeSpan(0, keyDurationInMinutes, 0);
DateTime utcNow = DateTime.UtcNow;
try
{
await application
.Update()
.DefinePasswordCredential(availableKeyName)
.WithPasswordValue(key)
.WithStartDate(utcNow)
.WithDuration(duration)
.Attach()
.ApplyAsync();
Log.LogInformation($"Added new key with name '{availableKeyName}' to application with id '{application.Id}' that is valid from UTC '{utcNow}' with a duraction of '{keyDurationInMinutes}' minutes");
}
catch (GraphErrorException ex)
{
if (ex.Response.StatusCode == HttpStatusCode.Forbidden)
{
Log.LogError($"Forbidden to set key for active directory application with id '{application.Id}'");
Log.LogDebug($"Extra info for application with id '{application.Id}': '{ex.Response.Content}'.");
}
else
{
Log.LogError(ex.Response.Content);
}
}
}
private async Task AddSecretToActiveDirectoryApplication(IActiveDirectoryApplication application, string keyName, string key)
{
_log.Verbose($"Add new secret to application with Id '{application.Id}'");
string availableKeyName = GetAvailableKeyName(application, keyName, 1);
int keyDurationInMinutes = 5;
var duration = new TimeSpan(0, keyDurationInMinutes, 0);
DateTime utcNow = DateTime.UtcNow;
try
{
// Remove all existing keys... https://github.com/Azure/azure-libraries-for-net/issues/414
await application
.Update()
.DefinePasswordCredential(availableKeyName)
.WithPasswordValue(key)
.WithStartDate(utcNow)
.WithDuration(duration)
.Attach()
.ApplyAsync();
_log.Info($"Added new key with name '{availableKeyName}' to application with id '{application.Id}' that is valid from UTC '{utcNow}' with a duraction of '{keyDurationInMinutes}' minutes");
}
catch (GraphErrorException ex)
{
if (ex.Response.StatusCode == HttpStatusCode.Forbidden)
{
_log.Error($"Forbidden to set key for active directory application with id '{application.Id}'");
_log.Verbose($"Extra info for application with id '{application.Id}': '{ex.Response.Content}'.");
}
else
{
_log.Error(ex.Response.Content);
}
}
}
public void CanCRUDApplication()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IGraphRbacManager manager = TestHelper.CreateGraphRbacManager();
String name = SdkContext.RandomResourceName("javasdkapp", 20);
IActiveDirectoryApplication application = null;
try
{
application = manager.Applications.Define(name)
.WithSignOnUrl("http://easycreate.azure.com/" + name)
.DefinePasswordCredential("passwd")
.WithPasswordValue("P@ssw0rd")
.WithDuration(TimeSpan.FromDays(100))
.Attach()
.DefineCertificateCredential("cert")
.WithAsymmetricX509Certificate()
.WithPublicKey(File.ReadAllBytes("Assets/myTest.cer"))
.WithDuration(TimeSpan.FromDays(100))
.Attach()
.DefineCertificateCredential()
.WithAsymmetricX509Certificate()
.WithPublicKey(File.ReadAllBytes("Assets/myTest2.cer"))
.WithDuration(TimeSpan.FromDays(80))
.Attach()
.Create();
Console.WriteLine(application.Id + " - " + application.ApplicationId);
Assert.NotNull(application.Id);
Assert.NotNull(application.ApplicationId);
Assert.Equal(name, application.Name);
Assert.Equal(2, application.CertificateCredentials.Count);
Assert.Equal(1, application.PasswordCredentials.Count);
Assert.Equal(1, application.ReplyUrls.Count);
Assert.Equal(1, application.IdentifierUris.Count);
Assert.Equal("http://easycreate.azure.com/" + name, application.SignOnUrl.ToString());
// check thumbprint, the customKeyIdentifier would be thumbprint if not set
var certificate = new X509Certificate("Assets/myTest2.cer");
var certificateCount = 0;
foreach (var certificateCredential in application.CertificateCredentials.Values)
{
if (certificateCredential.Name != "cert")
{
certificateCount++;
Assert.Equal(certificate.GetCertHashString(), certificateCredential.CustomKeyIdentifier);
}
}
Assert.True(certificateCount > 0);
application.Update()
.DefinePasswordCredential("passwd2")
.WithPasswordValue("StrongPass!12")
.WithDuration(TimeSpan.FromDays(20))
.Attach()
.DefineCertificateCredential("cert")
.WithAsymmetricX509Certificate()
.WithPublicKey(File.ReadAllBytes("Assets/myTest2.cer"))
.WithDuration(TimeSpan.FromDays(1))
.Attach()
.WithoutCredentialByIdentifier(certificate.GetCertHashString())
.Apply();
Console.WriteLine(application.Id + " - " + application.ApplicationId);
Assert.Equal(2, application.PasswordCredentials.Count);
Assert.Equal(2, application.CertificateCredentials.Count);
application.Update()
.WithoutCredential("passwd")
.Apply();
Console.WriteLine(application.Id + " - " + application.ApplicationId);
Assert.Equal(1, application.PasswordCredentials.Count);
Assert.Equal("passwd2", application.PasswordCredentials.First().Value.Name);
}
finally
{
if (application != null)
{
manager.Applications.DeleteById(application.Id);
}
}
}
}