public async Task DeviceAuthenticationWithSakRefresh_SharedAccessKeyConnectionString_HasRefresher()
{
var csBuilder = IotHubConnectionStringBuilder.Create(
TestIoTHubName,
new DeviceAuthenticationWithRegistrySymmetricKey(TestDeviceId, TestSharedAccessKey));
IotHubConnectionString cs = csBuilder.ToIotHubConnectionString();
Assert.IsNotNull(cs.TokenRefresher);
Assert.IsInstanceOfType(cs.TokenRefresher, typeof(DeviceAuthenticationWithSakRefresh));
var auth = (IAuthorizationProvider)cs;
var cbsAuth = new AmqpIoTCbsTokenProvider(cs);
string token1 = await auth.GetPasswordAsync().ConfigureAwait(false);
CbsToken token2 = await cbsAuth.GetTokenAsync(new Uri("amqp://" + TestIoTHubName), "testAppliesTo", null).ConfigureAwait(false);
Assert.IsNull(cs.SharedAccessSignature);
Assert.AreEqual(TestDeviceId, cs.DeviceId);
Assert.IsNotNull(token1);
Assert.IsNotNull(token2);
Assert.AreEqual(token1, token2.TokenValue);
}
public override Task <CbsToken> GetTokenAsync(Uri namespaceAddress, string appliesTo, string[] requiredClaims)
{
#if NET451
throw new InvalidOperationException($"IotHubSasCredential is not supported on NET451");
#else
// Parse the SAS token to find the expiration date and time.
// SharedAccessSignature sr=ENCODED(dh://myiothub.azure-devices.net/a/b/c?myvalue1=a)&sig=<Signature>&se=<ExpiryInSecondsFromEpochTime>[&skn=<KeyName>]
var tokenParts = _credential.Signature.Split('&').ToList();
IEnumerable <string> expiresAtTokenPart = tokenParts.Where(tokenPart => tokenPart.StartsWith("se=", StringComparison.OrdinalIgnoreCase));
if (!expiresAtTokenPart.Any())
{
throw new InvalidOperationException($"There is no expiration time on {nameof(AzureSasCredential)} signature.");
}
string expiresAtStr = expiresAtTokenPart.First().Split('=')[1];
bool isSuccess = double.TryParse(expiresAtStr, out double secondsFromEpochTime);
if (!isSuccess)
{
throw new InvalidOperationException($"Invalid seconds from epoch time on {nameof(AzureSasCredential)} signature.");
}
var epochTime = new DateTime(1970, 1, 1);
var timeToLiveFromEpochTime = TimeSpan.FromSeconds(secondsFromEpochTime);
DateTime expiresAt = epochTime.Add(timeToLiveFromEpochTime);
var token = new CbsToken(
_credential.Signature,
CbsConstants.IotHubSasTokenType,
expiresAt);
return(Task.FromResult(token));
#endif
}
public async Task GetTokenAsyncSetsTheCorrectTypeForSharedAccessSignatureTokens()
{
var value = "TOkEn!";
var signature = new SharedAccessSignature(string.Empty, "keyName", "key", value, DateTimeOffset.Parse("2015-10-27T00:00:00Z"));
var sasCredential = new SharedAccessSignatureCredential(signature);
var credential = new EventHubTokenCredential(sasCredential, "test");
var provider = new CbsTokenProvider(credential, default);
CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
Assert.That(cbsToken, Is.Not.Null, "The token should have been produced");
Assert.That(cbsToken.TokenType, Is.EqualTo(GetSharedAccessTokenType()), "The token type should match");
}
public async Task GetTokenAsyncSetsTheCorrectTypeForOtherTokens()
{
var tokenValue = "ValuE_oF_tHE_tokEn";
var expires = DateTimeOffset.Parse("2015-10-27T00:00:00Z");
var mockCredential = new Mock <TokenCredential>();
var credential = new EventHubTokenCredential(mockCredential.Object, "test");
var provider = new CbsTokenProvider(credential, default);
mockCredential
.Setup(credential => credential.GetTokenAsync(It.IsAny <TokenRequest>(), It.IsAny <CancellationToken>()))
.Returns(Task.FromResult(new AccessToken(tokenValue, expires)));
CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
Assert.That(cbsToken, Is.Not.Null, "The token should have been produced");
Assert.That(cbsToken.TokenType, Is.EqualTo(GetGenericTokenType()), "The token type should match");
}
public override Task <CbsToken> GetTokenAsync(Uri namespaceAddress, string appliesTo, string[] requiredClaims)
{
string tokenValue;
CbsToken token;
if (string.IsNullOrWhiteSpace(SharedAccessSignature))
{
tokenValue = BuildToken(out TimeSpan timeToLive);
token = new CbsToken(tokenValue, CbsConstants.IotHubSasTokenType, DateTime.UtcNow.Add(timeToLive));
}
else
{
tokenValue = SharedAccessSignature;
token = new CbsToken(tokenValue, CbsConstants.IotHubSasTokenType, DateTime.MaxValue);
}
return(Task.FromResult(token));
}
public async Task GetTokenAsyncPopulatesUsingTheCredentialAccessToken()
{
var tokenValue = "ValuE_oF_tHE_tokEn";
var expires = DateTimeOffset.Parse("2015-10-27T00:00:00Z");
var mockCredential = new Mock<TokenCredential>();
var credential = new EventHubTokenCredential(mockCredential.Object);
var provider = new CbsTokenProvider(credential, default);
mockCredential
.Setup(credential => credential.GetTokenAsync(It.IsAny<TokenRequestContext>(), It.IsAny<CancellationToken>()))
.Returns(new ValueTask<AccessToken>(new AccessToken(tokenValue, expires)));
CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
Assert.That(cbsToken, Is.Not.Null, "The token should have been produced");
Assert.That(cbsToken.TokenValue, Is.EqualTo(tokenValue), "The token value should match");
Assert.That(cbsToken.ExpiresAtUtc, Is.EqualTo(expires.DateTime), "The token expiration should match");
}
public async Task TestCbsTokenGeneration_Succeeds()
{
// arrange
DateTime epochTime = new DateTime(1970, 1, 1);
DateTime expiresAt = DateTime.UtcNow.Add(TimeSpan.FromHours(1));
TimeSpan secondsFromEpochTime = expiresAt.Subtract(epochTime);
long seconds = Convert.ToInt64(secondsFromEpochTime.TotalSeconds, CultureInfo.InvariantCulture);
string expiry = Convert.ToString(seconds, CultureInfo.InvariantCulture);
DateTime updatedExpiresAt = DateTime.UtcNow.Add(TimeSpan.FromHours(2));
TimeSpan updatedSecondsFromEpochTime = updatedExpiresAt.Subtract(epochTime);
long updatedSeconds = Convert.ToInt64(updatedSecondsFromEpochTime.TotalSeconds, CultureInfo.InvariantCulture);
string updatedExpiry = Convert.ToString(updatedSeconds, CultureInfo.InvariantCulture);
string token = string.Format(
CultureInfo.InvariantCulture,
"SharedAccessSignature sr={0}&sig={1}&se={2}",
WebUtility.UrlEncode(_hostName),
WebUtility.UrlEncode("signature"),
expiry);
string updatedToken = string.Format(
CultureInfo.InvariantCulture,
"SharedAccessSignature sr={0}&sig={1}&se={2}",
WebUtility.UrlEncode(_hostName),
WebUtility.UrlEncode("signature"),
updatedExpiry);
var azureSasCredential = new AzureSasCredential(token);
var iotHubSasCredentialProperties = new IotHubSasCredentialProperties(_hostName, azureSasCredential);
// act
CbsToken cbsToken = await iotHubSasCredentialProperties.GetTokenAsync(null, null, null).ConfigureAwait(false);
azureSasCredential.Update(updatedToken);
CbsToken updatedCbsToken = await iotHubSasCredentialProperties.GetTokenAsync(null, null, null).ConfigureAwait(false);
// assert
Math.Abs(expiresAt.Subtract(cbsToken.ExpiresAtUtc).TotalSeconds).Should().BeLessThan(1);
Math.Abs(updatedExpiresAt.Subtract(updatedCbsToken.ExpiresAtUtc).TotalSeconds).Should().BeLessThan(1);
}
Task<CbsToken> ICbsTokenProvider.GetTokenAsync(Uri namespaceAddress, string appliesTo, string[] requiredClaims)
{
string tokenValue;
CbsToken token;
if (string.IsNullOrWhiteSpace(this.SharedAccessSignature))
{
TimeSpan timeToLive;
tokenValue = this.BuildToken(out timeToLive);
token = new CbsToken(tokenValue, CbsConstants.IotHubSasTokenType, DateTime.UtcNow.Add(timeToLive));
}
else
{
tokenValue = this.SharedAccessSignature;
token = new CbsToken(tokenValue, CbsConstants.IotHubSasTokenType, DateTime.MaxValue);
}
return Task.FromResult(token);
}
