public async Task DeviceAuthenticationWithSakRefresh_SharedAccessKeyConnectionString_HasRefresher() { var csBuilder = IotHubConnectionStringBuilder.Create( TestIoTHubName, new DeviceAuthenticationWithRegistrySymmetricKey(TestDeviceId, TestSharedAccessKey)); IotHubConnectionString cs = csBuilder.ToIotHubConnectionString(); Assert.IsNotNull(cs.TokenRefresher); Assert.IsInstanceOfType(cs.TokenRefresher, typeof(DeviceAuthenticationWithSakRefresh)); var auth = (IAuthorizationProvider)cs; var cbsAuth = new AmqpIoTCbsTokenProvider(cs); string token1 = await auth.GetPasswordAsync().ConfigureAwait(false); CbsToken token2 = await cbsAuth.GetTokenAsync(new Uri("amqp://" + TestIoTHubName), "testAppliesTo", null).ConfigureAwait(false); Assert.IsNull(cs.SharedAccessSignature); Assert.AreEqual(TestDeviceId, cs.DeviceId); Assert.IsNotNull(token1); Assert.IsNotNull(token2); Assert.AreEqual(token1, token2.TokenValue); }
public override Task <CbsToken> GetTokenAsync(Uri namespaceAddress, string appliesTo, string[] requiredClaims) { #if NET451 throw new InvalidOperationException($"IotHubSasCredential is not supported on NET451"); #else // Parse the SAS token to find the expiration date and time. // SharedAccessSignature sr=ENCODED(dh://myiothub.azure-devices.net/a/b/c?myvalue1=a)&sig=<Signature>&se=<ExpiryInSecondsFromEpochTime>[&skn=<KeyName>] var tokenParts = _credential.Signature.Split('&').ToList(); IEnumerable <string> expiresAtTokenPart = tokenParts.Where(tokenPart => tokenPart.StartsWith("se=", StringComparison.OrdinalIgnoreCase)); if (!expiresAtTokenPart.Any()) { throw new InvalidOperationException($"There is no expiration time on {nameof(AzureSasCredential)} signature."); } string expiresAtStr = expiresAtTokenPart.First().Split('=')[1]; bool isSuccess = double.TryParse(expiresAtStr, out double secondsFromEpochTime); if (!isSuccess) { throw new InvalidOperationException($"Invalid seconds from epoch time on {nameof(AzureSasCredential)} signature."); } var epochTime = new DateTime(1970, 1, 1); var timeToLiveFromEpochTime = TimeSpan.FromSeconds(secondsFromEpochTime); DateTime expiresAt = epochTime.Add(timeToLiveFromEpochTime); var token = new CbsToken( _credential.Signature, CbsConstants.IotHubSasTokenType, expiresAt); return(Task.FromResult(token)); #endif }
public async Task GetTokenAsyncSetsTheCorrectTypeForSharedAccessSignatureTokens() { var value = "TOkEn!"; var signature = new SharedAccessSignature(string.Empty, "keyName", "key", value, DateTimeOffset.Parse("2015-10-27T00:00:00Z")); var sasCredential = new SharedAccessSignatureCredential(signature); var credential = new EventHubTokenCredential(sasCredential, "test"); var provider = new CbsTokenProvider(credential, default); CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); Assert.That(cbsToken, Is.Not.Null, "The token should have been produced"); Assert.That(cbsToken.TokenType, Is.EqualTo(GetSharedAccessTokenType()), "The token type should match"); }
public async Task GetTokenAsyncSetsTheCorrectTypeForOtherTokens() { var tokenValue = "ValuE_oF_tHE_tokEn"; var expires = DateTimeOffset.Parse("2015-10-27T00:00:00Z"); var mockCredential = new Mock <TokenCredential>(); var credential = new EventHubTokenCredential(mockCredential.Object, "test"); var provider = new CbsTokenProvider(credential, default); mockCredential .Setup(credential => credential.GetTokenAsync(It.IsAny <TokenRequest>(), It.IsAny <CancellationToken>())) .Returns(Task.FromResult(new AccessToken(tokenValue, expires))); CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); Assert.That(cbsToken, Is.Not.Null, "The token should have been produced"); Assert.That(cbsToken.TokenType, Is.EqualTo(GetGenericTokenType()), "The token type should match"); }
public override Task <CbsToken> GetTokenAsync(Uri namespaceAddress, string appliesTo, string[] requiredClaims) { string tokenValue; CbsToken token; if (string.IsNullOrWhiteSpace(SharedAccessSignature)) { tokenValue = BuildToken(out TimeSpan timeToLive); token = new CbsToken(tokenValue, CbsConstants.IotHubSasTokenType, DateTime.UtcNow.Add(timeToLive)); } else { tokenValue = SharedAccessSignature; token = new CbsToken(tokenValue, CbsConstants.IotHubSasTokenType, DateTime.MaxValue); } return(Task.FromResult(token)); }
public async Task GetTokenAsyncPopulatesUsingTheCredentialAccessToken() { var tokenValue = "ValuE_oF_tHE_tokEn"; var expires = DateTimeOffset.Parse("2015-10-27T00:00:00Z"); var mockCredential = new Mock<TokenCredential>(); var credential = new EventHubTokenCredential(mockCredential.Object); var provider = new CbsTokenProvider(credential, default); mockCredential .Setup(credential => credential.GetTokenAsync(It.IsAny<TokenRequestContext>(), It.IsAny<CancellationToken>())) .Returns(new ValueTask<AccessToken>(new AccessToken(tokenValue, expires))); CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); Assert.That(cbsToken, Is.Not.Null, "The token should have been produced"); Assert.That(cbsToken.TokenValue, Is.EqualTo(tokenValue), "The token value should match"); Assert.That(cbsToken.ExpiresAtUtc, Is.EqualTo(expires.DateTime), "The token expiration should match"); }
public async Task TestCbsTokenGeneration_Succeeds() { // arrange DateTime epochTime = new DateTime(1970, 1, 1); DateTime expiresAt = DateTime.UtcNow.Add(TimeSpan.FromHours(1)); TimeSpan secondsFromEpochTime = expiresAt.Subtract(epochTime); long seconds = Convert.ToInt64(secondsFromEpochTime.TotalSeconds, CultureInfo.InvariantCulture); string expiry = Convert.ToString(seconds, CultureInfo.InvariantCulture); DateTime updatedExpiresAt = DateTime.UtcNow.Add(TimeSpan.FromHours(2)); TimeSpan updatedSecondsFromEpochTime = updatedExpiresAt.Subtract(epochTime); long updatedSeconds = Convert.ToInt64(updatedSecondsFromEpochTime.TotalSeconds, CultureInfo.InvariantCulture); string updatedExpiry = Convert.ToString(updatedSeconds, CultureInfo.InvariantCulture); string token = string.Format( CultureInfo.InvariantCulture, "SharedAccessSignature sr={0}&sig={1}&se={2}", WebUtility.UrlEncode(_hostName), WebUtility.UrlEncode("signature"), expiry); string updatedToken = string.Format( CultureInfo.InvariantCulture, "SharedAccessSignature sr={0}&sig={1}&se={2}", WebUtility.UrlEncode(_hostName), WebUtility.UrlEncode("signature"), updatedExpiry); var azureSasCredential = new AzureSasCredential(token); var iotHubSasCredentialProperties = new IotHubSasCredentialProperties(_hostName, azureSasCredential); // act CbsToken cbsToken = await iotHubSasCredentialProperties.GetTokenAsync(null, null, null).ConfigureAwait(false); azureSasCredential.Update(updatedToken); CbsToken updatedCbsToken = await iotHubSasCredentialProperties.GetTokenAsync(null, null, null).ConfigureAwait(false); // assert Math.Abs(expiresAt.Subtract(cbsToken.ExpiresAtUtc).TotalSeconds).Should().BeLessThan(1); Math.Abs(updatedExpiresAt.Subtract(updatedCbsToken.ExpiresAtUtc).TotalSeconds).Should().BeLessThan(1); }
Task<CbsToken> ICbsTokenProvider.GetTokenAsync(Uri namespaceAddress, string appliesTo, string[] requiredClaims) { string tokenValue; CbsToken token; if (string.IsNullOrWhiteSpace(this.SharedAccessSignature)) { TimeSpan timeToLive; tokenValue = this.BuildToken(out timeToLive); token = new CbsToken(tokenValue, CbsConstants.IotHubSasTokenType, DateTime.UtcNow.Add(timeToLive)); } else { tokenValue = this.SharedAccessSignature; token = new CbsToken(tokenValue, CbsConstants.IotHubSasTokenType, DateTime.MaxValue); } return Task.FromResult(token); }