public async Task KeyVaultCertificateSecretIdentifierSuccessTest(bool includeTenantId)
        {
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);

            MockProcessManager          mockProcessManager          = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success);
            AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager);

            // Create KeyVaultClient with MockKeyVault to mock successful calls to KeyVault
            MockKeyVault   mockKeyVault   = new MockKeyVault(MockKeyVault.KeyVaultClientTestType.CertificateSecretIdentifierSuccess);
            HttpClient     httpClient     = new HttpClient(mockKeyVault);
            KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider);

            // MockAuthenticationContext is being asked to act like client cert auth suceeded.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            string tenantIdParam = includeTenantId ? Constants.TenantId : null;

            // Create ClientCertificateAzureServiceTokenProvider instance with a subject name
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 Constants.TestKeyVaultCertificateSecretIdentifier, CertificateIdentifierType.KeyVaultCertificateSecretIdentifier, null, Constants.AzureAdInstance, tenantIdParam, 0, mockAuthenticationContext, keyVaultClient);

            // Get the token. This will test that ClientCertificateAzureServiceTokenProvider could fetch the cert from CurrentUser store based on subject name in the connection string.
            var authResult = await provider.GetAuthResultAsync(Constants.ArmResourceId, string.Empty).ConfigureAwait(false);

            Validator.ValidateToken(authResult.AccessToken, provider.PrincipalUsed, Constants.AppType, Constants.TenantId, Constants.TestAppId, cert.Thumbprint, expiresOn: authResult.ExpiresOn);
        }
Пример #2
0
        public async Task CertificateNotFoundTest()
        {
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 Guid.NewGuid().ToString(), CertificateIdentifierType.SubjectName, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);

            var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => Task.Run(() => provider.GetAuthResultAsync(Constants.KeyVaultResourceId, Constants.TenantId)));

            Assert.Contains(Constants.KeyVaultResourceId, exception.Message);
            Assert.Contains(Constants.TenantId, exception.Message);
            Assert.Contains(Constants.LocalCertificateNotFoundError, exception.Message);
        }
Пример #3
0
        public async Task ThumbprintFailTest()
        {
            // Import the test certificate.
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);

            CertUtil.ImportCertificate(cert);

            // MockAuthenticationContext is being asked to act like client cert auth failed.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateFail);

            // Create ClientCertificateAzureServiceTokenProvider instance
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 cert.Thumbprint, CertificateIdentifierType.Thumbprint, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);

            // Ensure exception is thrown when getting the token
            var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => provider.GetAuthResultAsync(Constants.KeyVaultResourceId, Constants.TenantId));

            Assert.Contains(AzureServiceTokenProviderException.GenericErrorMessage, exception.ToString());
            // Delete the cert, since testing is done.
            CertUtil.DeleteCertificate(cert.Thumbprint);
        }
Пример #4
0
        public async Task ThumbprintSuccessTest()
        {
            // Import the test certificate.
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);

            CertUtil.ImportCertificate(cert);

            // MockAuthenticationContext is being asked to act like client cert auth suceeded.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            // Create ClientCertificateAzureServiceTokenProvider instance
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 cert.Thumbprint, CertificateIdentifierType.Thumbprint, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);

            // Get the token. This will test that ClientCertificateAzureServiceTokenProvider could fetch the cert from CurrentUser store based on thumbprint in the connection string.
            var authResult = await provider.GetAuthResultAsync(Constants.KeyVaultResourceId, Constants.TenantId).ConfigureAwait(false);

            // Delete the cert, since testing is done.
            CertUtil.DeleteCertificate(cert.Thumbprint);

            Validator.ValidateToken(authResult.AccessToken, provider.PrincipalUsed, Constants.AppType, Constants.TenantId, Constants.TestAppId, cert.Thumbprint, expiresOn: authResult.ExpiresOn);
        }
Пример #5
0
        public async Task KeyVaultCertificateNotFoundTest()
        {
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);

            MockProcessManager          mockProcessManager          = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success);
            AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager);

            MockKeyVault   mockKeyVault   = new MockKeyVault(MockKeyVault.KeyVaultClientTestType.SecretNotFound);
            HttpClient     httpClient     = new HttpClient(mockKeyVault);
            KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider);

            string SecretIdentifier = "https://testbedkeyvault.vault.azure.net/secrets/secret/";
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 SecretIdentifier, CertificateIdentifierType.KeyVaultSecretIdentifier, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext, keyVaultClient);

            var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => Task.Run(() => provider.GetAuthResultAsync(Constants.ArmResourceId, Constants.TenantId)));

            Assert.Contains(Constants.ArmResourceId, exception.Message);
            Assert.Contains(Constants.TenantId, exception.Message);
            Assert.Contains(AzureServiceTokenProviderException.KeyVaultCertificateRetrievalError, exception.Message);
            Assert.Contains(KeyVaultClient.KeyVaultResponseError, exception.Message);
            Assert.Contains(MockKeyVault.SecretNotFoundErrorMessage, exception.Message);
        }
Пример #6
0
        public void CannotAcquireTokenThroughCertTest()
        {
            // Import the test certificate.
            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);

            CertUtil.ImportCertificate(cert);

            // MockAuthenticationContext is being asked to act like client cert auth failed.
            MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireInvalidTokenAsyncFail);

            // Create ClientCertificateAzureServiceTokenProvider instance with a subject name
            ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
                                                                                                                 cert.Subject, CertificateIdentifierType.SubjectName, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext);

            // Get the token. This will test that ClientCertificateAzureServiceTokenProvider could fetch the cert from CurrentUser store based on subject name in the connection string.
            var exception = Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => provider.GetAuthResultAsync(Constants.KeyVaultResourceId, string.Empty));

            // Delete the cert, since testing is done.
            CertUtil.DeleteCertificate(cert.Thumbprint);

            Assert.Contains(Constants.TokenFormatExceptionMessage, exception.Result.Message);
            Assert.Contains(Constants.TokenNotInExpectedFormatError, exception.Result.Message);
        }