public async Task KeyVaultCertificateSecretIdentifierSuccessTest(bool includeTenantId) { X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(Constants.TestCert), string.Empty); MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success); AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager); // Create KeyVaultClient with MockKeyVault to mock successful calls to KeyVault MockKeyVault mockKeyVault = new MockKeyVault(MockKeyVault.KeyVaultClientTestType.CertificateSecretIdentifierSuccess); HttpClient httpClient = new HttpClient(mockKeyVault); KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider); // MockAuthenticationContext is being asked to act like client cert auth suceeded. MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess); string tenantIdParam = includeTenantId ? Constants.TenantId : null; // Create ClientCertificateAzureServiceTokenProvider instance with a subject name ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId, Constants.TestKeyVaultCertificateSecretIdentifier, CertificateIdentifierType.KeyVaultCertificateSecretIdentifier, null, Constants.AzureAdInstance, tenantIdParam, 0, mockAuthenticationContext, keyVaultClient); // Get the token. This will test that ClientCertificateAzureServiceTokenProvider could fetch the cert from CurrentUser store based on subject name in the connection string. var authResult = await provider.GetAuthResultAsync(Constants.ArmResourceId, string.Empty).ConfigureAwait(false); Validator.ValidateToken(authResult.AccessToken, provider.PrincipalUsed, Constants.AppType, Constants.TenantId, Constants.TestAppId, cert.Thumbprint, expiresOn: authResult.ExpiresOn); }
public async Task KeyVaultUnavailable() { MockKeyVault mockKeyVault = new MockKeyVault(TestType.KeyVaultUnavailable); HttpClient httpClient = new HttpClient(mockKeyVault); KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient); var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier))); Assert.Contains(KeyVaultClient.EndpointNotAvailableError, exception.Message); }
public async Task HttpBearerChallengeInvalidTest() { MockKeyVault mockKeyVault = new MockKeyVault(TestType.HttpBearerChallengeInvalid); HttpClient httpClient = new HttpClient(mockKeyVault); KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient); var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier))); Assert.Contains(KeyVaultClient.KeyVaultAccessTokenRetrievalError, exception.Message); Assert.Contains(KeyVaultClient.BearerChallengeMissingOrInvalidError, exception.Message); }
public async Task SecretNotFoundTest() { MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success); AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager); MockKeyVault mockKeyVault = new MockKeyVault(TestType.SecretNotFound); HttpClient httpClient = new HttpClient(mockKeyVault); KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider); var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier))); Assert.Contains(KeyVaultClient.KeyVaultResponseError, exception.Message); Assert.Contains(MockKeyVault.SecretNotFoundErrorMessage, exception.Message); }
public async Task InvalidKeyVaultSecretType() { MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success); AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager); // use a secret identifier, but return secret bundle for password/secret and not certificate MockKeyVault mockKeyVault = new MockKeyVault(TestType.PasswordSecretIdentifierSuccess); HttpClient httpClient = new HttpClient(mockKeyVault); KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider); var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier))); Assert.Contains(KeyVaultClient.SecretBundleInvalidContentTypeError, exception.Message); }
public async Task KeyVaultTokenProviderErrorTest() { MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Failure); AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager); MockKeyVault mockKeyVault = new MockKeyVault(TestType.CertificateSecretIdentifierSuccess); HttpClient httpClient = new HttpClient(mockKeyVault); KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider); var exception = await Assert.ThrowsAnyAsync <Exception>(() => Task.Run(() => keyVaultClient.GetCertificateAsync(Constants.TestKeyVaultCertificateSecretIdentifier))); Assert.Contains(AzureServiceTokenProviderException.GenericErrorMessage, exception.Message); Assert.Contains(KeyVaultClient.KeyVaultAccessTokenRetrievalError, exception.Message); Assert.Contains(string.Format(KeyVaultClient.TokenProviderErrorsFormat, 1), exception.Message); Assert.Contains(Constants.DeveloperToolError, exception.Message); }
public async Task KeyVaultCertificateNotFoundTest() { MockAuthenticationContext mockAuthenticationContext = new MockAuthenticationContext(MockAuthenticationContext.MockAuthenticationContextTestType.AcquireTokenAsyncClientCertificateSuccess); MockProcessManager mockProcessManager = new MockProcessManager(MockProcessManager.MockProcessManagerRequestType.Success); AzureCliAccessTokenProvider azureCliAccessTokenProvider = new AzureCliAccessTokenProvider(mockProcessManager); MockKeyVault mockKeyVault = new MockKeyVault(MockKeyVault.KeyVaultClientTestType.SecretNotFound); HttpClient httpClient = new HttpClient(mockKeyVault); KeyVaultClient keyVaultClient = new KeyVaultClient(httpClient, azureCliAccessTokenProvider); string SecretIdentifier = "https://testbedkeyvault.vault.azure.net/secrets/secret/"; ClientCertificateAzureServiceTokenProvider provider = new ClientCertificateAzureServiceTokenProvider(Constants.TestAppId, SecretIdentifier, CertificateIdentifierType.KeyVaultSecretIdentifier, Constants.CurrentUserStore, Constants.TenantId, Constants.AzureAdInstance, mockAuthenticationContext, keyVaultClient); var exception = await Assert.ThrowsAsync <AzureServiceTokenProviderException>(() => Task.Run(() => provider.GetAuthResultAsync(Constants.ArmResourceId, Constants.TenantId))); Assert.Contains(Constants.ArmResourceId, exception.Message); Assert.Contains(Constants.TenantId, exception.Message); Assert.Contains(AzureServiceTokenProviderException.KeyVaultCertificateRetrievalError, exception.Message); Assert.Contains(KeyVaultClient.KeyVaultResponseError, exception.Message); Assert.Contains(MockKeyVault.SecretNotFoundErrorMessage, exception.Message); }