public TokenAuthenticationProvider(TokenAuthenticationInfo tokenAuthenticationInfo)
{
Checker.NotNull(tokenAuthenticationInfo, "tokenAuthenticationInfo");
Checker.NotNull(tokenAuthenticationInfo.Token, "tokenAuthenticationInfo.Token");
_tokenAuthenticationInfo = tokenAuthenticationInfo;
}
private static void InitializeVault()
{
// for all the tests to run smoothly, this is the only method,
// you need to setup your initial values.
// Ensure you have an instance of Vault Server started up but not initialized.
/*
backend "file" {
path = "e:\raja\work\vault\file_backend"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}
rd file_backend /S /Q
vault server -config f.hcl
*/
var vaultUriWithPort = "http://127.0.0.1:8200";
_vaultUri = new Uri(vaultUriWithPort);
_unauthenticatedVaultClient = VaultClientFactory.CreateVaultClient(_vaultUri, null);
if (DevServer)
{
_masterCredentials = new MasterCredentials
{
MasterKeys = new[] { MasterKey },
RootToken = RootToken
};
IAuthenticationInfo devRootTokenInfo = new TokenAuthenticationInfo(_masterCredentials.RootToken);
_authenticatedVaultClient = VaultClientFactory.CreateVaultClient(_vaultUri, devRootTokenInfo);
return;
}
// BEGIN setting values
var fileName = "E:\\raja\\work\\vault0.6.1\\StartVault.cmd";
var process = Process.Start(new ProcessStartInfo(fileName));
Assert.NotNull(process);
_vaultServerProcessId = process.Id;
// END setting values
var initialized = _unauthenticatedVaultClient.GetInitializationStatusAsync().Result;
Assert.False(initialized);
var healthStatus = _unauthenticatedVaultClient.GetHealthStatusAsync().Result;
Assert.False(healthStatus.Initialized);
// try to initialize with mismatched PGP Key
var invalidPgpException =
Assert.Throws<AggregateException>(
() =>
_masterCredentials =
_unauthenticatedVaultClient.InitializeAsync(new InitializeOptions
{
SecretShares = 5,
SecretThreshold = 3,
PgpKeys = new[] { Convert.ToBase64String(Encoding.UTF8.GetBytes("pgp_key1")) }
}).Result);
Assert.NotNull(invalidPgpException.InnerException);
Assert.True(invalidPgpException.InnerException.Message.Contains("400 BadRequest"));
_masterCredentials = _unauthenticatedVaultClient.InitializeAsync(new InitializeOptions
{
SecretShares = 7,
SecretThreshold = 6
}).Result;
Assert.NotNull(_masterCredentials);
Assert.NotNull(_masterCredentials.RootToken);
Assert.NotNull(_masterCredentials.MasterKeys);
Assert.True(_masterCredentials.MasterKeys.Length == 7);
process.CloseMainWindow();
process.WaitForExit();
process = Process.Start(new ProcessStartInfo(fileName));
Assert.NotNull(process);
_vaultServerProcessId = process.Id;
// todo find valid PGP keys
//var pgpKeys = new[] { Convert.ToBase64String(Encoding.UTF8.GetBytes("pgp_key1")), Convert.ToBase64String(Encoding.UTF8.GetBytes("pgp_key2")) };
//_masterCredentials = _unauthenticatedVaultClient.InitializeAsync(2, 2, pgpKeys).Result;
//Assert.NotNull(_masterCredentials);
//Assert.NotNull(_masterCredentials.RootToken);
//Assert.NotNull(_masterCredentials.MasterKeys);
//Assert.True(_masterCredentials.MasterKeys.Length == 5);
//process.CloseMainWindow();
//process.WaitForExit();
//process = Process.Start(new ProcessStartInfo(fileName));
//Assert.NotNull(process);
//_vaultServerProcessId = process.Id;
_masterCredentials = _unauthenticatedVaultClient.InitializeAsync(new InitializeOptions
{
SecretShares = 5,
SecretThreshold = 3
}).Result;
Assert.NotNull(_masterCredentials);
Assert.NotNull(_masterCredentials.RootToken);
Assert.NotNull(_masterCredentials.MasterKeys);
Assert.True(_masterCredentials.MasterKeys.Length == 5);
healthStatus = _unauthenticatedVaultClient.GetHealthStatusAsync().Result;
Assert.True(healthStatus.Initialized);
Assert.True(healthStatus.Sealed);
// try to initialize an already initialized vault.
var aggregateException =
Assert.Throws<AggregateException>(
() => _masterCredentials = _unauthenticatedVaultClient.InitializeAsync(new InitializeOptions
{
SecretShares = 5,
SecretThreshold = 3
}).Result);
Assert.NotNull(aggregateException.InnerException);
Assert.True(aggregateException.InnerException.Message.Contains("Vault is already initialized"));
var sealStatus = _unauthenticatedVaultClient.GetSealStatusAsync().Result;
if (sealStatus.Sealed)
{
foreach (var masterKey in _masterCredentials.MasterKeys)
{
sealStatus = _unauthenticatedVaultClient.UnsealAsync(masterKey).Result;
if (!sealStatus.Sealed)
{
healthStatus = _unauthenticatedVaultClient.GetHealthStatusAsync().Result;
Assert.True(healthStatus.Initialized);
Assert.False(healthStatus.Sealed);
// we are acting as the root user here.
IAuthenticationInfo tokenAuthenticationInfo =
new TokenAuthenticationInfo(_masterCredentials.RootToken);
_authenticatedVaultClient = VaultClientFactory.CreateVaultClient(_vaultUri, tokenAuthenticationInfo);
break;
}
}
}
}
private async Task TokenAuthenticationProviderTests()
{
// token auth
var secret = await _authenticatedVaultClient.CreateTokenAsync();
var tokenAuthenticationInfo = new TokenAuthenticationInfo(secret.AuthorizationInfo.ClientToken);
var tokenClient = VaultClientFactory.CreateVaultClient(_vaultUri, tokenAuthenticationInfo);
var authBackends = await tokenClient.GetAllEnabledAuthenticationBackendsAsync();
Assert.True(authBackends.Data.Any());
}