public void SignRequestVerifyExcludeBodyHeaders(string httpMethod)
{
// Set up HttpRequestMessage.
var method = new HttpMethod(httpMethod);
var uriBuilder = new UriBuilder("http://test.com/test/path")
{
Query = "query1=1&query2=2"
};
var message = new HttpRequestMessage(method, uriBuilder.Uri)
{
Content = new StringContent("Dummy Content")
};
var excludeBodyRequestSigner = new DefaultRequestSigner(
authProviderMock.Object,
SigningStrategy.STANDARD,
signerMock.Object);
excludeBodyRequestSigner.SignRequest(message);
// Validations
Assert.True(message.Headers.Contains(Constants.AUTHORIZATION_HEADER));
var headers = GetHeadersList(message.Headers.GetValues(Constants.AUTHORIZATION_HEADER).FirstOrDefault());
logger.Info($"Headers size: {headers.Length}");
AssertEqualHeaders(Constants.REQUIRED_EXCLUDE_BODY_SIGNING_HEADERS, httpMethod.ToLowerInvariant(), headers);
}
public void SignRequestVerifyRequiredAndOptionalHeaders(string httpMethod)
{
// Set up HttpRequestMessage.
var method = new HttpMethod(httpMethod);
var uriBuilder = new UriBuilder("http://test.com/test/path")
{
Query = "query1=1&query2=2"
};
var message = new HttpRequestMessage(method, uriBuilder.Uri);
if (httpMethod.Equals("PUT") || httpMethod.Equals("POST") || httpMethod.Equals("PATCH"))
{
message.Content = new StringContent("Dummy Content");
}
message.Headers.Add("opc-request-id", "2F9BA4A30BB3452397A5BC1BFE447C5D");
message.Headers.Add("accept", Constants.JSON_CONTENT_TYPE);
var defaultRequestSigner = new DefaultRequestSigner(authProviderMock.Object, signerMock.Object);
defaultRequestSigner.SignRequest(message);
// Validations
Assert.True(message.Headers.Contains(Constants.AUTHORIZATION_HEADER));
var headers = GetHeadersList(message.Headers.GetValues(Constants.AUTHORIZATION_HEADER).FirstOrDefault());
logger.Info($"Headers size: {headers.Length}");
AssertEqualHeaders(Constants.REQUIRED_SIGNING_HEADERS, httpMethod.ToLowerInvariant(), headers);
//verify Constants.OPC_OBO_TOKEN is not included in headers for a non IUserDelegationprovider
Assert.False(message.Headers.Contains(Constants.OPC_OBO_TOKEN));
// Add optional headers
message.Headers.Add("opc-obo-token", "dummy-obo-token");
message.Headers.Add("x-subscription", "dummy-subscription");
message.Headers.Add("x-cross-tenancy-request", "true");
// remove previously signed AuthHeader
message.Headers.Remove(Constants.AUTHORIZATION_HEADER);
defaultRequestSigner.SignRequest(message);
// Validations
Assert.True(message.Headers.Contains(Constants.AUTHORIZATION_HEADER));
headers = GetHeadersList(message.Headers.GetValues(Constants.AUTHORIZATION_HEADER).FirstOrDefault());
AssertEqualHeaders(Constants.OPTIONAL_SIGNING_HEADERS, httpMethod.ToLowerInvariant(), headers);
}
public void VerifyOBOHeaderAdditionForDelegationProviders(string httpMethod, int expectedOBOHeaderCount)
{
// Set up HttpRequestMessage.
var method = new HttpMethod(httpMethod);
var uriBuilder = new UriBuilder("http://test.com/test/path")
{
Query = "query1=1&query2=2"
};
var message = new HttpRequestMessage(method, uriBuilder.Uri);
if (httpMethod.Equals("PUT") || httpMethod.Equals("POST") || httpMethod.Equals("PATCH"))
{
message.Content = new StringContent("Dummy Content");
}
message.Headers.Add("opc-request-id", "2F9BA4A30BB3452397A5BC1BFE447C5D");
message.Headers.Add("accept", Constants.JSON_CONTENT_TYPE);
var defaultRequestSigner = new DefaultRequestSigner(GetDelegationProviderMockObject().Object, signerMock.Object);
defaultRequestSigner.SignRequest(message);
// Validations
Assert.True(message.Headers.Contains(Constants.AUTHORIZATION_HEADER));
var headers = GetHeadersList(message.Headers.GetValues(Constants.AUTHORIZATION_HEADER).FirstOrDefault());
logger.Info($"Headers size: {headers.Length}");
AssertEqualHeaders(Constants.REQUIRED_SIGNING_HEADERS, httpMethod.ToLowerInvariant(), headers);
// Validations
Assert.True(message.Headers.Contains(Constants.AUTHORIZATION_HEADER));
headers = GetHeadersList(message.Headers.GetValues(Constants.AUTHORIZATION_HEADER).FirstOrDefault());
//verifies if obo token is signed
Assert.Contains(Constants.OPC_OBO_TOKEN, headers);
//verifies only one Constants.OPC_OBO_TOKEN is included in the header
Assert.Equal(message.Headers.GetValues(Constants.OPC_OBO_TOKEN).Count(), expectedOBOHeaderCount);
//verify value of Constants.OPC_OBO_TOKEN is injected into http headers when provider implements IUserDelegationDetailsProvider.
Assert.Equal(OBO_TOKEN, message.Headers.GetValues(Constants.OPC_OBO_TOKEN).First());
}
public static HttpClientHandler FromAuthProvider(IBasicAuthenticationDetailsProvider provider, SigningStrategy signingStrategy)
{
var requestSigner = new DefaultRequestSigner(provider, signingStrategy);
return(FromRequestSigner(requestSigner));
}
