Search in sources :

Example 1 with IWebRequestHandler

use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.

the class AcquireTokenSilentHandlerTest method testTokenForAliasedAuthorityPresent.

@Test
public void testTokenForAliasedAuthorityPresent() throws IOException, JSONException {
    final FileMockContext mockContext = new FileMockContext(getContext());
    final ITokenCacheStore mockedCache = new DefaultTokenCacheStore(getContext());
    clearCache(mockedCache);
    updateAuthorityMetadataCache();
    // insert token with authority as other aliased host
    final String resource = "resource";
    final String clientId = "clientId";
    // Add regular RT item without RT in the cache
    final String aliasedAuthority = "https://test.alias/test.onmicrosoft.com";
    final String rtForAliashedHost = "rt with aliased authority";
    final TokenCacheItem rtTokenCacheItem = Util.getTokenCacheItem(aliasedAuthority, resource, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
    rtTokenCacheItem.setRefreshToken(rtForAliashedHost);
    rtTokenCacheItem.setIsMultiResourceRefreshToken(false);
    saveTokenIntoCache(mockedCache, rtTokenCacheItem);
    // insert token with authority as aliased host
    final String preferredNetworkAuthority = "https://preferred.network/test.onmicrosoft.com";
    final String rtForPreferredNetwork = "rt for preferred network";
    final TokenCacheItem itemWithPreferredNetwork = Util.getTokenCacheItem(preferredNetworkAuthority, resource, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
    itemWithPreferredNetwork.setRefreshToken(rtForPreferredNetwork);
    saveTokenIntoCache(mockedCache, itemWithPreferredNetwork);
    final AuthenticationRequest authenticationRequest = getAuthenticationRequest("https://test.host/test.onmicrosoft.com", resource, clientId, false);
    authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
    authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
    final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockedCache);
    // inject mocked web request handler
    final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
    // MRRT request fails with invalid_grant
    Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), (byte[]) Mockito.any(), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_OK, Util.getSuccessTokenResponse(false, false), null));
    acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
    try {
        final AuthenticationResult result = acquireTokenSilentHandler.getAccessToken();
        assertNotNull(result);
        assertNotNull(result.getAccessToken());
    } catch (final AuthenticationException e) {
        fail();
    }
    Mockito.verify(mockedWebRequestHandler, Mockito.times(1)).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), (byte[]) Mockito.any(), Mockito.anyString());
    // verify token items
    final String preferredCacheLocation = "https://preferred.cache/test.onmicrosoft.com";
    assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForRTEntry(preferredCacheLocation, resource, clientId, TEST_IDTOKEN_USERID)));
    assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForRTEntry(preferredCacheLocation, resource, clientId, TEST_IDTOKEN_UPN)));
    clearCache(mockedCache);
}
Also used : IWebRequestHandler(com.microsoft.identity.common.adal.internal.net.IWebRequestHandler) URL(java.net.URL) HttpWebResponse(com.microsoft.identity.common.adal.internal.net.HttpWebResponse) SmallTest(androidx.test.filters.SmallTest) Test(org.junit.Test)

Example 2 with IWebRequestHandler

use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.

the class AcquireTokenSilentHandlerTest method testRegularRTExistsMRRTForSameClientIdExist.

// Test the current cache that does not mark RT as MRRT even it's MRRT.
@Test
public void testRegularRTExistsMRRTForSameClientIdExist() throws IOException, JSONException {
    FileMockContext mockContext = new FileMockContext(getContext());
    final ITokenCacheStore mockedCache = new DefaultTokenCacheStore(getContext());
    final String resource = "resource";
    final String clientId = "clientId";
    // Add regular RT in the cache, RT is not MRRT
    final TokenCacheItem regularTokenCacheItem = Util.getTokenCacheItem(VALID_AUTHORITY, resource, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
    final String regularRT = "Regular RT";
    regularTokenCacheItem.setRefreshToken(regularRT);
    saveTokenIntoCache(mockedCache, regularTokenCacheItem);
    // Add MRRT in the cache for same clientid
    final TokenCacheItem mrrtTokenCacheItem = Util.getTokenCacheItem(VALID_AUTHORITY, resource, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
    final String mrrt = "MRRT Refresh Token";
    mrrtTokenCacheItem.setRefreshToken(mrrt);
    mrrtTokenCacheItem.setResource(null);
    mrrtTokenCacheItem.setFamilyClientId("familyClientId");
    mrrtTokenCacheItem.setIsMultiResourceRefreshToken(true);
    saveTokenIntoCache(mockedCache, mrrtTokenCacheItem);
    final AuthenticationRequest authenticationRequest = getAuthenticationRequest(VALID_AUTHORITY, resource, clientId, false);
    authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
    authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
    final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockedCache);
    // inject mocked web request handler
    final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
    // Token redeem with RT fail with invalid_grant.
    final byte[] postMessage = Util.getPostMessage(mrrt, clientId, resource);
    Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(postMessage), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_BAD_REQUEST, Util.getErrorResponseBody("invalid_grant"), null));
    acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
    try {
        final AuthenticationResult authenticationResult = acquireTokenSilentHandler.getAccessToken();
        assertNotNull(authenticationResult);
        assertTrue(authenticationResult.getErrorCode().equalsIgnoreCase("invalid_grant"));
    } catch (AuthenticationException authException) {
        fail("Unexpected Exception");
    }
    ArgumentCaptor<byte[]> webRequestHandlerArgument = ArgumentCaptor.forClass(byte[].class);
    Mockito.verify(mockedWebRequestHandler).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), webRequestHandlerArgument.capture(), Mockito.anyString());
    assertTrue(Arrays.equals(postMessage, webRequestHandlerArgument.getValue()));
    // verify regular token entry not existed
    assertNull(mockedCache.getItem(CacheKey.createCacheKeyForRTEntry(VALID_AUTHORITY, resource, clientId, TEST_IDTOKEN_USERID)));
    assertNull(mockedCache.getItem(CacheKey.createCacheKeyForRTEntry(VALID_AUTHORITY, resource, clientId, TEST_IDTOKEN_UPN)));
    // verify MRRT entry exist
    assertNull(mockedCache.getItem(CacheKey.createCacheKeyForMRRT(VALID_AUTHORITY, clientId, TEST_IDTOKEN_USERID)));
    assertNull(mockedCache.getItem(CacheKey.createCacheKeyForMRRT(VALID_AUTHORITY, clientId, TEST_IDTOKEN_UPN)));
    clearCache(mockedCache);
}
Also used : IWebRequestHandler(com.microsoft.identity.common.adal.internal.net.IWebRequestHandler) URL(java.net.URL) HttpWebResponse(com.microsoft.identity.common.adal.internal.net.HttpWebResponse) SmallTest(androidx.test.filters.SmallTest) Test(org.junit.Test)

Example 3 with IWebRequestHandler

use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.

the class AcquireTokenSilentHandlerTest method testRefreshTokenWithInteractionRequiredCacheNotCleared.

/**
 * Test RT request failed with interaction_required, cache will not be cleared.
 */
@Test
public void testRefreshTokenWithInteractionRequiredCacheNotCleared() throws IOException, JSONException {
    FileMockContext mockContext = new FileMockContext(getContext());
    ITokenCacheStore mockCache = getCacheForRefreshToken(TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
    final AuthenticationRequest authenticationRequest = getAuthenticationRequest(VALID_AUTHORITY, "resource", "clientid", false);
    authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
    authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
    final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockCache);
    // inject mocked web request handler
    final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
    Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), Mockito.any(byte[].class), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_BAD_REQUEST, Util.getErrorResponseBody("interaction_required"), null));
    acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
    try {
        final AuthenticationResult authenticationResult = acquireTokenSilentHandler.getAccessToken();
        assertNotNull(authenticationResult);
        assertTrue(authenticationResult.getErrorCode().equalsIgnoreCase("interaction_required"));
    } catch (final AuthenticationException e) {
        fail("unexpected exception");
    }
    // verify that the cache is cleared
    assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForRTEntry(VALID_AUTHORITY, "resource", "clientId", TEST_IDTOKEN_USERID)));
    assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForRTEntry(VALID_AUTHORITY, "resource", "clientId", TEST_IDTOKEN_UPN)));
    clearCache(mockCache);
}
Also used : IWebRequestHandler(com.microsoft.identity.common.adal.internal.net.IWebRequestHandler) URL(java.net.URL) HttpWebResponse(com.microsoft.identity.common.adal.internal.net.HttpWebResponse) SmallTest(androidx.test.filters.SmallTest) Test(org.junit.Test)

Example 4 with IWebRequestHandler

use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.

the class AcquireTokenSilentHandlerTest method testFRTExistedInPreferredLocation.

@Test
public void testFRTExistedInPreferredLocation() throws IOException, JSONException {
    final FileMockContext mockContext = new FileMockContext(getContext());
    final ITokenCacheStore mockedCache = new DefaultTokenCacheStore(getContext());
    clearCache(mockedCache);
    updateAuthorityMetadataCache();
    // insert token with authority as preferred cache
    final String resource = "resource";
    final String clientId = "clientId";
    final String familyClientId = "1";
    final String preferredCacheAuthority = "https://preferred.cache/test.onmicrosoft.com";
    final String frtForPreferredCache = "frt with preferred cache";
    final TokenCacheItem frtTokenCacheItem = Util.getTokenCacheItem(preferredCacheAuthority, null, null, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
    frtTokenCacheItem.setRefreshToken(frtForPreferredCache);
    frtTokenCacheItem.setIsMultiResourceRefreshToken(true);
    frtTokenCacheItem.setFamilyClientId(familyClientId);
    saveTokenIntoCache(mockedCache, frtTokenCacheItem);
    final String testHostAuthority = "https://test.host/test.onmicrosoft.com";
    final TokenCacheItem frtWithTestHost = Util.getTokenCacheItem(testHostAuthority, null, null, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
    frtWithTestHost.setRefreshToken("frt with test host");
    frtWithTestHost.setFamilyClientId(familyClientId);
    saveTokenIntoCache(mockedCache, frtWithTestHost);
    final AuthenticationRequest authenticationRequest = getAuthenticationRequest(testHostAuthority, resource, clientId, false);
    authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
    authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
    final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockedCache);
    // inject mocked web request handler
    final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
    Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(frtForPreferredCache, clientId, resource)), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_OK, Util.getSuccessTokenResponse(true, true), null));
    acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
    try {
        final AuthenticationResult result = acquireTokenSilentHandler.getAccessToken();
        assertNotNull(result);
        assertNotNull(result.getAccessToken());
    } catch (final AuthenticationException e) {
        fail();
    }
    Mockito.verify(mockedWebRequestHandler, Mockito.times(1)).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(frtForPreferredCache, clientId, resource)), Mockito.anyString());
    // verify token items
    assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForFRT(preferredCacheAuthority, familyClientId, TEST_IDTOKEN_USERID)));
    assertNotNull(mockedCache.getItem(CacheKey.createCacheKeyForFRT(preferredCacheAuthority, familyClientId, TEST_IDTOKEN_UPN)));
    clearCache(mockedCache);
}
Also used : IWebRequestHandler(com.microsoft.identity.common.adal.internal.net.IWebRequestHandler) URL(java.net.URL) HttpWebResponse(com.microsoft.identity.common.adal.internal.net.HttpWebResponse) SmallTest(androidx.test.filters.SmallTest) Test(org.junit.Test)

Example 5 with IWebRequestHandler

use of com.microsoft.identity.common.adal.internal.net.IWebRequestHandler in project azure-activedirectory-library-for-android by AzureAD.

the class AcquireTokenSilentHandlerTest method testFRTRequestFailFallBackToMRTMRTRequestFail.

/**
 * Verify if FRT request fails with invalid_grant, and retry request with MRRT failed with invalid request,
 * only FRT token cache entry is removed.
 */
@Test
public void testFRTRequestFailFallBackToMRTMRTRequestFail() throws IOException, JSONException {
    FileMockContext mockContext = new FileMockContext(getContext());
    final ITokenCacheStore mockCache = new DefaultTokenCacheStore(getContext());
    mockCache.removeAll();
    final String clientId = "clientId";
    final String familyClientId = "familyClientId";
    final String resource = "resource";
    // MRRT token Cache Item with FoCI flag
    final String mrrtToken = "MRRT Refresh Token";
    final TokenCacheItem mrrtTokenCacheItem = Util.getTokenCacheItem(VALID_AUTHORITY, null, clientId, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
    mrrtTokenCacheItem.setRefreshToken(mrrtToken);
    mrrtTokenCacheItem.setIsMultiResourceRefreshToken(true);
    mrrtTokenCacheItem.setFamilyClientId(familyClientId);
    saveTokenIntoCache(mockCache, mrrtTokenCacheItem);
    // FRT token cache item
    final TokenCacheItem frtTokenCacheItem = Util.getTokenCacheItem(VALID_AUTHORITY, null, null, TEST_IDTOKEN_USERID, TEST_IDTOKEN_UPN);
    final String frtToken = "FRT Refresh Token";
    frtTokenCacheItem.setRefreshToken(frtToken);
    frtTokenCacheItem.setIsMultiResourceRefreshToken(true);
    frtTokenCacheItem.setFamilyClientId(familyClientId);
    saveTokenIntoCache(mockCache, frtTokenCacheItem);
    final AuthenticationRequest authenticationRequest = getAuthenticationRequest(VALID_AUTHORITY, resource, clientId, false);
    authenticationRequest.setUserIdentifierType(UserIdentifierType.UniqueId);
    authenticationRequest.setUserId(TEST_IDTOKEN_USERID);
    final AcquireTokenSilentHandler acquireTokenSilentHandler = getAcquireTokenHandler(mockContext, authenticationRequest, mockCache);
    // inject mocked web request handler
    final IWebRequestHandler mockedWebRequestHandler = Mockito.mock(WebRequestHandler.class);
    // FRT request fails with invalid_grant
    Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(frtToken, clientId, resource)), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_BAD_REQUEST, Util.getErrorResponseBody("invalid_grant"), null));
    // MRT request also fails
    Mockito.when(mockedWebRequestHandler.sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(mrrtToken, clientId, resource)), Mockito.anyString())).thenReturn(new HttpWebResponse(HttpURLConnection.HTTP_BAD_REQUEST, Util.getErrorResponseBody("invalid_request"), null));
    acquireTokenSilentHandler.setWebRequestHandler(mockedWebRequestHandler);
    try {
        final AuthenticationResult authResult = acquireTokenSilentHandler.getAccessToken();
        assertNotNull(authResult);
        assertTrue(authResult.getErrorCode().equalsIgnoreCase("invalid_request"));
    } catch (final AuthenticationException e) {
        fail("Unexpected exception");
    }
    // Verify post request with MRRT token is executed first, followed by post request with FRT.
    Mockito.verify(mockedWebRequestHandler, Mockito.times(1)).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(frtToken, clientId, resource)), Mockito.anyString());
    Mockito.verify(mockedWebRequestHandler, Mockito.times(1)).sendPost(Mockito.any(URL.class), Mockito.<String, String>anyMap(), AdditionalMatchers.aryEq(Util.getPostMessage(mrrtToken, clientId, resource)), Mockito.anyString());
    // Verify cache entry
    // the First FRT request should delete the FRT entries
    assertNull(mockCache.getItem(CacheKey.createCacheKeyForFRT(VALID_AUTHORITY, familyClientId, TEST_IDTOKEN_USERID)));
    assertNull(mockCache.getItem(CacheKey.createCacheKeyForFRT(VALID_AUTHORITY, familyClientId, TEST_IDTOKEN_UPN)));
    // MRT request gets back invalid_request, cache entry should still exist
    assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForMRRT(VALID_AUTHORITY, clientId, TEST_IDTOKEN_USERID)));
    assertNotNull(mockCache.getItem(CacheKey.createCacheKeyForMRRT(VALID_AUTHORITY, clientId, TEST_IDTOKEN_UPN)));
    clearCache(mockCache);
}
Also used : IWebRequestHandler(com.microsoft.identity.common.adal.internal.net.IWebRequestHandler) URL(java.net.URL) HttpWebResponse(com.microsoft.identity.common.adal.internal.net.HttpWebResponse) SmallTest(androidx.test.filters.SmallTest) Test(org.junit.Test)

Aggregations

HttpWebResponse (com.microsoft.identity.common.adal.internal.net.HttpWebResponse)18 IWebRequestHandler (com.microsoft.identity.common.adal.internal.net.IWebRequestHandler)18 URL (java.net.URL)18 Test (org.junit.Test)18 SmallTest (androidx.test.filters.SmallTest)16 ArrayList (java.util.ArrayList)2 List (java.util.List)2 JWSBuilder (com.microsoft.identity.common.adal.internal.JWSBuilder)1 KeyPair (java.security.KeyPair)1 X509Certificate (java.security.cert.X509Certificate)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 HashMap (java.util.HashMap)1