public async Task KeyVaultCertificateSecretIdentifierSuccessTest(bool includeTenantId)
        {
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);

            MockProcessManager          mockProcessManager          = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success);
            AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager);

            // Create KeyVaultClient with MockKeyVault to mock successful calls to KeyVault
            MockKeyVault   mockKeyVault   = new MockKeyVault(MockKeyVault.KeyVaultClientTestType.CertificateSecretIdentifierSuccess);
            HttpClient     httpClient     = new HttpClient(mockKeyVault);
            KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider);

            // MockAuthenticationContext is being asked to act like client cert auth suceeded.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            string tenantIdParam = includeTenantId ? Constants.TenantId : null;

            // Create ClientCertificateAzureServiceTokenProvider instance with a subject name
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 Constants.TestKeyVaultCertificateSecretIdentifier, CertificateIdentifierType.KeyVaultCertificateSecretIdentifier, null, Constants.AzureAdInstance, tenantIdParam, 0, mockAuthenticationContext, keyVaultClient);

            // Get the token. This will test that ClientCertificateAzureServiceTokenProvider could fetch the cert from CurrentUser store based on subject name in the connection string.
            var authResult = await provider.GetAuthResultAsync(Constants.ArmResourceId, string.Empty).ConfigureAwait(false);

            Validator.ValidateToken(authResult.AccessToken, provider.PrincipalUsed, Constants.AppType, Constants.TenantId, Constants.TestAppId, cert.Thumbprint, expiresOn: authResult.ExpiresOn);
        }
        public async Task ClientSecretFailTest()
        {
            MockAuthenticationContext       mockAuthenticationContext       = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCredentialFail);
            ClientSecretAccessTokenProvider clientSecretAccessTokenProvider = new ClientSecretAccessTokenProvider(Constants.TestAppId, Constants.ClientSecret, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);
            var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => Task.Run(() => clientSecretAccessTokenProvider.GetAuthResultAsync(Constants.KeyVaultResourceId, string.Empty)));

            Assert.Contains(Constants.KeyVaultResourceId, exception.Message);
            Assert.Contains(Constants.TenantId, exception.Message);
            Assert.Contains(Constants.NoConnectionString, exception.Message);
        }
        public async Task SilentFailAndUserCredentialSuccessTest()
        {
            MockAuthenticationContext authenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncUserCredentialSuccess);

            WindowsAuthenticationAzureServiceTokenProvider provider = new WindowsAuthenticationAzureServiceTokenProvider(authenticationContext, Constants.AzureAdInstance);

            var authResult = await provider.GetAuthResultAsync(Constants.KeyVaultResourceId, string.Empty).ConfigureAwait(false);

            Validator.ValidateToken(authResult.AccessToken, provider.PrincipalUsed, Constants.UserType, Constants.TenantId, expiresOn: authResult.ExpiresOn);
        }
        public async Task SilentFailAndUserCredentialFailTest()
        {
            MockAuthenticationContext authenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncUserCredentialFail);

            WindowsAuthenticationAzureServiceTokenProvider provider = new WindowsAuthenticationAzureServiceTokenProvider(authenticationContext, Constants.AzureAdInstance);

            var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => Task.Run(() => provider.GetAuthResultAsync(Constants.KeyVaultResourceId, Constants.TenantId)));

            Assert.Contains(Constants.KeyVaultResourceId, exception.Message);
            Assert.Contains(Constants.TenantId, exception.Message);
        }
Exemplo n.º 5
0
        public async Task CertificateNotFoundTest()
        {
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 Guid.NewGuid().ToString(), CertificateIdentifierType.SubjectName, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);

            var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => Task.Run(() => provider.GetAuthResultAsync(Constants.KeyVaultResourceId, Constants.TenantId)));

            Assert.Contains(Constants.KeyVaultResourceId, exception.Message);
            Assert.Contains(Constants.TenantId, exception.Message);
            Assert.Contains(Constants.LocalCertificateNotFoundError, exception.Message);
        }
        public async Task ClientSecretSuccessTest()
        {
            // MockAuthenticationContext is being asked to act like client secret auth suceeded.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCredentialSuccess);

            // Create ClientSecretAccessTokenProvider instance
            ClientSecretAccessTokenProvider clientSecretAccessTokenProvider = new ClientSecretAccessTokenProvider(Constants.TestAppId, Constants.ClientSecret, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);

            // Get the token
            var authResult = await clientSecretAccessTokenProvider.GetAuthResultAsync(Constants.KeyVaultResourceId, Constants.TenantId).ConfigureAwait(false);

            // Check if the principal used and type were as expected.
            Validator.ValidateToken(authResult.AccessToken, clientSecretAccessTokenProvider.PrincipalUsed, Constants.AppType, Constants.TenantId, Constants.TestAppId, expiresOn: authResult.ExpiresOn);
        }
        public void ClientIdNullOrEmptyTest()
        {
            // MockAuthenticationContext is being asked to act like client secret auth suceeded.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCredentialSuccess);

            // Create ClientSecretAccessTokenProvider instance
            var exception = Assert.Throws <ArgumentNullException>(() => new ClientSecretAccessTokenProvider(null, Constants.ClientSecret, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext));

            Assert.Contains(Constants.CannotBeNullError, exception.ToString());

            // Create ClientSecretAccessTokenProvider instance
            exception = Assert.Throws <ArgumentNullException>(() => new ClientSecretAccessTokenProvider(string.Empty, Constants.ClientSecret, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext));

            Assert.Contains(Constants.CannotBeNullError, exception.ToString());
        }
Exemplo n.º 8
0
        public void InvalidStoreLocationTest()
        {
            // Import the test certificate.
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);

            CertUtil.ImportCertificate(cert);

            // MockAuthenticationContext is being asked to act like client cert auth suceeded.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            // Create ClientCertificateAzureServiceTokenProvider instance
            var exception = Assert.Throws <ArgumentException>(() => new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                   cert.Thumbprint, CertificateIdentifierType.Thumbprint, Constants.InvalidString, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext));

            Assert.Contains(Constants.InvalidCertLocationError, exception.ToString());
        }
Exemplo n.º 9
0
        public void CertSubjectNameOrThumbprintNullOrEmptyTest()
        {
            // MockAuthenticationContext is being asked to act like client cert auth suceeded.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            // Create ClientCertificateAzureServiceTokenProvider instance
            var exception = Assert.Throws <ArgumentNullException>(() => new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                       null, CertificateIdentifierType.Thumbprint, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext));

            Assert.Contains(Constants.CannotBeNullError, exception.ToString());

            exception = Assert.Throws <ArgumentNullException>(() => new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                   string.Empty, CertificateIdentifierType.Thumbprint, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext));

            Assert.Contains(Constants.CannotBeNullError, exception.ToString());
        }
Exemplo n.º 10
0
        public async Task ThumbprintFailTest()
        {
            // Import the test certificate.
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);

            CertUtil.ImportCertificate(cert);

            // MockAuthenticationContext is being asked to act like client cert auth failed.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateFail);

            // Create ClientCertificateAzureServiceTokenProvider instance
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 cert.Thumbprint, CertificateIdentifierType.Thumbprint, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);

            // Ensure exception is thrown when getting the token
            var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => provider.GetAuthResultAsync(Constants.KeyVaultResourceId, Constants.TenantId));

            Assert.Contains(AzureServiceTokenProviderException.GenericErrorMessage, exception.ToString());
            // Delete the cert, since testing is done.
            CertUtil.DeleteCertificate(cert.Thumbprint);
        }
Exemplo n.º 11
0
        public async Task ThumbprintSuccessTest()
        {
            // Import the test certificate.
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);

            CertUtil.ImportCertificate(cert);

            // MockAuthenticationContext is being asked to act like client cert auth suceeded.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            // Create ClientCertificateAzureServiceTokenProvider instance
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 cert.Thumbprint, CertificateIdentifierType.Thumbprint, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);

            // Get the token. This will test that ClientCertificateAzureServiceTokenProvider could fetch the cert from CurrentUser store based on thumbprint in the connection string.
            var authResult = await provider.GetAuthResultAsync(Constants.KeyVaultResourceId, Constants.TenantId).ConfigureAwait(false);

            // Delete the cert, since testing is done.
            CertUtil.DeleteCertificate(cert.Thumbprint);

            Validator.ValidateToken(authResult.AccessToken, provider.PrincipalUsed, Constants.AppType, Constants.TenantId, Constants.TestAppId, cert.Thumbprint, expiresOn: authResult.ExpiresOn);
        }
Exemplo n.º 12
0
        public async Task KeyVaultCertificateNotFoundTest()
        {
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            MockProcessManager          mockProcessManager          = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success);
            AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager);

            MockKeyVault   mockKeyVault   = new MockKeyVault(MockKeyVault.KeyVaultClientTestType.SecretNotFound);
            HttpClient     httpClient     = new HttpClient(mockKeyVault);
            KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider);

            string SecretIdentifier = "https://testbedkeyvault.vault.azure.net/secrets/secret/";
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 SecretIdentifier, CertificateIdentifierType.KeyVaultSecretIdentifier, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext, keyVaultClient);

            var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => Task.Run(() => provider.GetAuthResultAsync(Constants.ArmResourceId, Constants.TenantId)));

            Assert.Contains(Constants.ArmResourceId, exception.Message);
            Assert.Contains(Constants.TenantId, exception.Message);
            Assert.Contains(AzureServiceTokenProviderException.KeyVaultCertificateRetrievalError, exception.Message);
            Assert.Contains(KeyVaultClient.KeyVaultResponseError, exception.Message);
            Assert.Contains(MockKeyVault.SecretNotFoundErrorMessage, exception.Message);
        }
Exemplo n.º 13
0
        public void CannotAcquireTokenThroughCertTest()
        {
            // Import the test certificate.
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);

            CertUtil.ImportCertificate(cert);

            // MockAuthenticationContext is being asked to act like client cert auth failed.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireInvalidTokenAsyncFail);

            // Create ClientCertificateAzureServiceTokenProvider instance with a subject name
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 cert.Subject, CertificateIdentifierType.SubjectName, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);

            // Get the token. This will test that ClientCertificateAzureServiceTokenProvider could fetch the cert from CurrentUser store based on subject name in the connection string.
            var exception = Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => provider.GetAuthResultAsync(Constants.KeyVaultResourceId, string.Empty));

            // Delete the cert, since testing is done.
            CertUtil.DeleteCertificate(cert.Thumbprint);

            Assert.Contains(Constants.TokenFormatExceptionMessage, exception.Result.Message);
            Assert.Contains(Constants.TokenNotInExpectedFormatError, exception.Result.Message);
        }