public async Task KeyVaultCertificateSecretIdentifierSuccessTest(bool includeTenantId)
{
X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty);
MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success);
AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager);
// Create KeyVaultClient with MockKeyVault to mock successful calls to KeyVault
MockKeyVault mockKeyVault = new MockKeyVault(MockKeyVault.KeyVaultClientTestType.CertificateSecretIdentifierSuccess);
HttpClient httpClient = new HttpClient(mockKeyVault);
KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider);
// MockAuthenticationContext is being asked to act like client cert auth suceeded.
MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);
string tenantIdParam = includeTenantId ? Constants.TenantId : null;
// Create ClientCertificateAzureServiceTokenProvider instance with a subject name
ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
Constants.TestKeyVaultCertificateSecretIdentifier, CertificateIdentifierType.KeyVaultCertificateSecretIdentifier, null, Constants.AzureAdInstance, tenantIdParam, 0, mockAuthenticationContext, keyVaultClient);
// Get the token. This will test that ClientCertificateAzureServiceTokenProvider could fetch the cert from CurrentUser store based on subject name in the connection string.
var authResult = await provider.GetAuthResultAsync(Constants.ArmResourceId, string.Empty).ConfigureAwait(false);
Validator.ValidateToken(authResult.AccessToken, provider.PrincipalUsed, Constants.AppType, Constants.TenantId, Constants.TestAppId, cert.Thumbprint, expiresOn: authResult.ExpiresOn);
}
public async Task KeyVaultUnavailable()
{
MockKeyVault mockKeyVault = new MockKeyVault(TestType.KeyVaultUnavailable);
HttpClient httpClient = new HttpClient(mockKeyVault);
KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient);
var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier)));
Assert.Contains(KeyVaultClient.EndpointNotAvailableError, exception.Message);
}
public async Task HttpBearerChallengeInvalidTest()
{
MockKeyVault mockKeyVault = new MockKeyVault(TestType.HttpBearerChallengeInvalid);
HttpClient httpClient = new HttpClient(mockKeyVault);
KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient);
var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier)));
Assert.Contains(KeyVaultClient.KeyVaultAccessTokenRetrievalError, exception.Message);
Assert.Contains(KeyVaultClient.BearerChallengeMissingOrInvalidError, exception.Message);
}
public async Task SecretNotFoundTest()
{
MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success);
AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager);
MockKeyVault mockKeyVault = new MockKeyVault(TestType.SecretNotFound);
HttpClient httpClient = new HttpClient(mockKeyVault);
KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider);
var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier)));
Assert.Contains(KeyVaultClient.KeyVaultResponseError, exception.Message);
Assert.Contains(MockKeyVault.SecretNotFoundErrorMessage, exception.Message);
}
public async Task InvalidKeyVaultSecretType()
{
MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success);
AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager);
// use a secret identifier, but return secret bundle for password/secret and not certificate
MockKeyVault mockKeyVault = new MockKeyVault(TestType.PasswordSecretIdentifierSuccess);
HttpClient httpClient = new HttpClient(mockKeyVault);
KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider);
var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier)));
Assert.Contains(KeyVaultClient.SecretBundleInvalidContentTypeError, exception.Message);
}
public async Task KeyVaultTokenProviderErrorTest()
{
MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Failure);
AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager);
MockKeyVault mockKeyVault = new MockKeyVault(TestType.CertificateSecretIdentifierSuccess);
HttpClient httpClient = new HttpClient(mockKeyVault);
KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider);
var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier)));
Assert.Contains(AzureServiceTokenProviderException.GenericErrorMessage, exception.Message);
Assert.Contains(KeyVaultClient.KeyVaultAccessTokenRetrievalError, exception.Message);
Assert.Contains(string.Format(KeyVaultClient.TokenProviderErrorsFormat, 1), exception.Message);
Assert.Contains(Constants.DeveloperToolError, exception.Message);
}
public async Task KeyVaultCertificateNotFoundTest()
{
MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess);
MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success);
AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager);
MockKeyVault mockKeyVault = new MockKeyVault(MockKeyVault.KeyVaultClientTestType.SecretNotFound);
HttpClient httpClient = new HttpClient(mockKeyVault);
KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider);
string SecretIdentifier = "https://testbedkeyvault.vault.azure.net/secrets/secret/";
ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId,
SecretIdentifier, CertificateIdentifierType.KeyVaultSecretIdentifier, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext, keyVaultClient);
var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => Task.Run(() => provider.GetAuthResultAsync(Constants.ArmResourceId, Constants.TenantId)));
Assert.Contains(Constants.ArmResourceId, exception.Message);
Assert.Contains(Constants.TenantId, exception.Message);
Assert.Contains(AzureServiceTokenProviderException.KeyVaultCertificateRetrievalError, exception.Message);
Assert.Contains(KeyVaultClient.KeyVaultResponseError, exception.Message);
Assert.Contains(MockKeyVault.SecretNotFoundErrorMessage, exception.Message);
}
