Skip to content

Commit

Permalink
Revert "Revert "Removing CDT""
Browse files Browse the repository at this point in the history 
This reverts commit fba6bd9.
  • Loading branch information
trwalke committed Oct 2, 2024
1 parent a069466 commit 2a96823
Show file tree
Hide file tree
Showing 6 changed files with 299 additions and 347 deletions.
9 changes: 4 additions & 5 deletions Directory.Packages.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,7 @@
<PackageVersion Include="Microsoft.CodeAnalysis.RulesetToEditorconfigConverter" Version="3.3.3" PrivateAssets="All" />
<PackageVersion Include="Microsoft.CSharp" Version="4.5.0" />
<PackageVersion Include="Microsoft.Identity.Client.NativeInterop" Version="$(MSALRuntimeNativeInteropVersion)" IncludeAssets="all" />
<PackageVersion Include="Microsoft.IdentityModel.Abstractions" Version="8.1.0" />
<PackageVersion Include="Microsoft.IdentityModel.Tokens" Version="8.1.0" />
<PackageVersion Include="Microsoft.IdentityModel.Abstractions" Version="6.35.0" />
<PackageVersion Include="Microsoft.Web.WebView2" Version="1.0.864.35" />
<PackageVersion Include="System.ComponentModel.TypeConverter" Version="4.3.0" />
<!-- Should match Azure Functions runtime: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4456 -->
Expand Down Expand Up @@ -50,7 +49,7 @@
<PackageVersion Include="Microsoft.Extensions.Configuration.Binder" Version="2.2.0" />
<PackageVersion Include="Microsoft.Extensions.Configuration.FileExtensions" Version="2.2.0" />
<PackageVersion Include="Microsoft.Extensions.Configuration.Json" Version="2.2.0" />
<PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.1.0" />
<PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.35.0" />
<PackageVersion Include="Microsoft.IdentityModel.Protocols.SignedHttpRequest" Version="6.35.0" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
<PackageVersion Include="MSTest.TestAdapter" Version="3.1.1" />
Expand All @@ -72,12 +71,12 @@
<PackageVersion Include="System.Net.Http" Version="4.3.4" />
<PackageVersion Include="System.Reflection.TypeExtensions" Version="4.7.0" />
<PackageVersion Include="System.Security.Cryptography.Cng" Version="5.0.0" />
<PackageVersion Include="System.Text.Json" Version="8.0.4" />
<PackageVersion Include="System.Text.Json" Version="6.0.5" />
<PackageVersion Include="System.Threading" Version="4.3.0" />
<PackageVersion Include="System.Threading.Tasks" Version="4.3.0" />
<PackageVersion Include="System.Threading.Tasks.Parallel" Version="4.3.0" />
<PackageVersion Include="System.Threading.Thread" Version="4.3.0" />
<PackageVersion Include="System.ValueTuple" Version="4.5.0" />
<PackageVersion Include="System.Windows.Forms" Version="4.0.0" />
</ItemGroup>
</Project>
</Project>
45 changes: 0 additions & 45 deletions LibsAndSamples.sln
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,8 +185,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "CacheExtension", "tests\dev
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Identity.Client.Extensions.Msal", "src\client\Microsoft.Identity.Client.Extensions.Msal\Microsoft.Identity.Client.Extensions.Msal.csproj", "{87679336-95BE-47E4-B42B-8F6860A0B215}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MsalCdtExtension", "MsalCdtExtension\MsalCdtExtension.csproj", "{71FFABC1-A20A-48CC-86DD-4D28541F2359}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug + MobileApps|Any CPU = Debug + MobileApps|Any CPU
Expand Down Expand Up @@ -1743,48 +1741,6 @@ Global
{87679336-95BE-47E4-B42B-8F6860A0B215}.Release|x64.Build.0 = Release|Any CPU
{87679336-95BE-47E4-B42B-8F6860A0B215}.Release|x86.ActiveCfg = Release|Any CPU
{87679336-95BE-47E4-B42B-8F6860A0B215}.Release|x86.Build.0 = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|Any CPU.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|Any CPU.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|ARM.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|ARM.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|ARM64.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|ARM64.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|iPhone.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|iPhone.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|iPhoneSimulator.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|iPhoneSimulator.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|x64.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|x64.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|x86.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug + MobileApps|x86.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|Any CPU.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|ARM.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|ARM.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|ARM64.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|ARM64.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|iPhone.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|iPhone.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|iPhoneSimulator.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|iPhoneSimulator.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|x64.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|x64.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|x86.ActiveCfg = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Debug|x86.Build.0 = Debug|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|Any CPU.ActiveCfg = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|Any CPU.Build.0 = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|ARM.ActiveCfg = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|ARM.Build.0 = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|ARM64.ActiveCfg = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|ARM64.Build.0 = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|iPhone.ActiveCfg = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|iPhone.Build.0 = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|x64.ActiveCfg = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|x64.Build.0 = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|x86.ActiveCfg = Release|Any CPU
{71FFABC1-A20A-48CC-86DD-4D28541F2359}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
Expand Down Expand Up @@ -1837,7 +1793,6 @@ Global
{74805FE3-2E0D-4EAB-8CFE-A9D46F8D5972} = {34BE693E-3496-45A4-B1D2-D3A0E068EEDB}
{92064C48-0136-48CD-AE8D-C6FEDBC7B639} = {74805FE3-2E0D-4EAB-8CFE-A9D46F8D5972}
{87679336-95BE-47E4-B42B-8F6860A0B215} = {1A37FD75-94E9-4D6F-953A-0DABBD7B49E9}
{71FFABC1-A20A-48CC-86DD-4D28541F2359} = {34BE693E-3496-45A4-B1D2-D3A0E068EEDB}
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {020399A9-DC27-4B82-9CAA-EF488665AC27}
Expand Down
238 changes: 119 additions & 119 deletions tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/CdtTests.cs
View file
Original file line number Diff line number Diff line change
@@ -1,119 +1,119 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
#if NET6_0_OR_GREATER
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.ConstrainedExecution;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Identity.Client;
using Microsoft.Identity.Client.Extensibility;
using Microsoft.Identity.Client.Internal;
using Microsoft.Identity.Client.Utils;
using Microsoft.Identity.Test.Common;
using Microsoft.Identity.Test.Common.Core.Helpers;
using Microsoft.Identity.Test.LabInfrastructure;
using Microsoft.Identity.Test.Unit;
using Microsoft.VisualStudio.TestTools.UnitTesting;

namespace Microsoft.Identity.Test.Integration.NetCore.HeadlessTests
{
[TestClass]
public class CdtTests
{
private static readonly string[] s_scopes = new[] { "88f91eac-c606-4c67-a0e2-a5e8a186854f/.default" };

[TestInitialize]
public void TestInitialize()
{
TestCommon.ResetInternalStaticCaches();
}

[TestMethod]
//[Ignore("Need to wait for ESTS to release feature from test slice.")]
public async Task CDT_WithCertIntegrationTest_Async()
{
//Client.Constraint constraint = new Client.Constraint();
//constraint.Type = "wk:user";
//constraint.Action = "U";
//constraint.Version = "1.0";
//constraint.Targets = new List<ConstraintTarget>();

//constraint.Targets.Add(new ConstraintTarget("constraint1", "pol1"));
//constraint.Targets.Add(new ConstraintTarget("constraint2", "pol2"));

//var constraintAsString = JsonHelper.SerializeToJson(new[] { constraint });

//TODO: Resolve serialization failure in test. Seems to be related to some internal .net serialization issue
//Using a hardcoded string for now
var constraintAsString = "[{\"Version\":\"1.0\",\"Type\":\"wk:user\",\"Action\":\"U\",\"Targets\":[{\"Value\":\"constraint1\",\"Policy\":\"pol1\",\"AdditionalProperties\":null},{\"Value\":\"constraint2\",\"Policy\":\"pol2\",\"AdditionalProperties\":null}],\"AdditionalProperties\":null}]";

var secret = GetSecretLazy(KeyVaultInstance.MSIDLab, TestConstants.MsalCCAKeyVaultSecretName).Value;
var certificate = CertificateHelper.FindCertificateByName(TestConstants.AutomationTestCertName);

var confidentialApp = ConfidentialClientApplicationBuilder
.Create("88f91eac-c606-4c67-a0e2-a5e8a186854f")
.WithAuthority("https://login.microsoftonline.com/msidlab4.onmicrosoft.com")
.WithClientSecret(secret)
.WithExperimentalFeatures(true)
.BuildConcrete();

var provider = new CdtCryptoProvider();

MsalAuthenticationExtension cdtExtension = new MsalAuthenticationExtension()
{
AuthenticationOperation = new CdtAuthenticationScheme(constraintAsString),
AdditionalCacheParameters = new[] { CdtAuthenticationScheme.CdtNonce, CdtAuthenticationScheme.CdtEncKey }
};

var result = await confidentialApp.AcquireTokenForClient(s_scopes)
.WithAuthenticationExtension(cdtExtension)
.WithExtraQueryParameters("dc=ESTS-PUB-JPELR1-AZ1-FD000-TEST1")
.ExecuteAsync()
.ConfigureAwait(false);

// access token parsing can be done with MSAL's id token parsing logic
var claims = IdToken.Parse(result.AccessToken).ClaimsPrincipal;

Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
AssertConstrainedDelegationClaims(provider, claims, constraintAsString);

//Verify that the original AT token is cached and the CDT can be recreated
result = await confidentialApp.AcquireTokenForClient(s_scopes)
.WithAuthenticationExtension(cdtExtension)
.ExecuteAsync()
.ConfigureAwait(false);

// access token parsing can be done with MSAL's id token parsing logic
claims = IdToken.Parse(result.AccessToken).ClaimsPrincipal;

Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
AssertConstrainedDelegationClaims(provider, claims, constraintAsString);
}

private static Lazy<string> GetSecretLazy(string keyVaultInstance, string secretName) => new Lazy<string>(() =>
{
var keyVault = new KeyVaultSecretsProvider(keyVaultInstance);
var secret = keyVault.GetSecretByName(secretName).Value;
return secret;
});

private static void AssertConstrainedDelegationClaims(CdtCryptoProvider cdtCryptoProvider, System.Security.Claims.ClaimsPrincipal claims, string constraint)
{
var ticket = claims.FindAll("t").Single().Value;
var constraints = claims.FindAll("c").Single().Value;

Assert.IsTrue(!string.IsNullOrEmpty(ticket));
Assert.IsTrue(!string.IsNullOrEmpty(constraints));

Assert.IsTrue(!string.IsNullOrEmpty(ticket));

var constraintsClaims = IdToken.Parse(constraints).ClaimsPrincipal;
var constraintsClaim = constraintsClaims.FindAll("constraints").Single().Value;

Assert.AreEqual(constraint, constraintsClaim);
}
}
}
#endif
//// Copyright (c) Microsoft Corporation. All rights reserved.
//// Licensed under the MIT License.
//#if NET6_0_OR_GREATER
//using System;
//using System.Collections.Generic;
//using System.Linq;
//using System.Runtime.ConstrainedExecution;
//using System.Text;
//using System.Threading.Tasks;
//using Microsoft.Identity.Client;
//using Microsoft.Identity.Client.Extensibility;
//using Microsoft.Identity.Client.Internal;
//using Microsoft.Identity.Client.Utils;
//using Microsoft.Identity.Test.Common;
//using Microsoft.Identity.Test.Common.Core.Helpers;
//using Microsoft.Identity.Test.LabInfrastructure;
//using Microsoft.Identity.Test.Unit;
//using Microsoft.VisualStudio.TestTools.UnitTesting;

//namespace Microsoft.Identity.Test.Integration.NetCore.HeadlessTests
//{
// [TestClass]
// public class CdtTests
// {
// private static readonly string[] s_scopes = new[] { "88f91eac-c606-4c67-a0e2-a5e8a186854f/.default" };

// [TestInitialize]
// public void TestInitialize()
// {
// TestCommon.ResetInternalStaticCaches();
// }

// [TestMethod]
// //[Ignore("Need to wait for ESTS to release feature from test slice.")]
// public async Task CDT_WithCertIntegrationTest_Async()
// {
// //Client.Constraint constraint = new Client.Constraint();
// //constraint.Type = "wk:user";
// //constraint.Action = "U";
// //constraint.Version = "1.0";
// //constraint.Targets = new List<ConstraintTarget>();

// //constraint.Targets.Add(new ConstraintTarget("constraint1", "pol1"));
// //constraint.Targets.Add(new ConstraintTarget("constraint2", "pol2"));

// //var constraintAsString = JsonHelper.SerializeToJson(new[] { constraint });

// //TODO: Resolve serialization failure in test. Seems to be related to some internal .net serialization issue
// //Using a hardcoded string for now
// var constraintAsString = "[{\"Version\":\"1.0\",\"Type\":\"wk:user\",\"Action\":\"U\",\"Targets\":[{\"Value\":\"constraint1\",\"Policy\":\"pol1\",\"AdditionalProperties\":null},{\"Value\":\"constraint2\",\"Policy\":\"pol2\",\"AdditionalProperties\":null}],\"AdditionalProperties\":null}]";

// var secret = GetSecretLazy(KeyVaultInstance.MSIDLab, TestConstants.MsalCCAKeyVaultSecretName).Value;
// var certificate = CertificateHelper.FindCertificateByName(TestConstants.AutomationTestCertName);

// var confidentialApp = ConfidentialClientApplicationBuilder
// .Create("88f91eac-c606-4c67-a0e2-a5e8a186854f")
// .WithAuthority("https://login.microsoftonline.com/msidlab4.onmicrosoft.com")
// .WithClientSecret(secret)
// .WithExperimentalFeatures(true)
// .BuildConcrete();

// var provider = new CdtCryptoProvider();

// MsalAuthenticationExtension cdtExtension = new MsalAuthenticationExtension()
// {
// AuthenticationOperation = new CdtAuthenticationScheme(constraintAsString),
// AdditionalCacheParameters = new[] { CdtAuthenticationScheme.CdtNonce, CdtAuthenticationScheme.CdtEncKey }
// };

// var result = await confidentialApp.AcquireTokenForClient(s_scopes)
// .WithAuthenticationExtension(cdtExtension)
// .WithExtraQueryParameters("dc=ESTS-PUB-JPELR1-AZ1-FD000-TEST1")
// .ExecuteAsync()
// .ConfigureAwait(false);

// // access token parsing can be done with MSAL's id token parsing logic
// var claims = IdToken.Parse(result.AccessToken).ClaimsPrincipal;

// Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
// AssertConstrainedDelegationClaims(provider, claims, constraintAsString);

// //Verify that the original AT token is cached and the CDT can be recreated
// result = await confidentialApp.AcquireTokenForClient(s_scopes)
// .WithAuthenticationExtension(cdtExtension)
// .ExecuteAsync()
// .ConfigureAwait(false);

// // access token parsing can be done with MSAL's id token parsing logic
// claims = IdToken.Parse(result.AccessToken).ClaimsPrincipal;

// Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
// AssertConstrainedDelegationClaims(provider, claims, constraintAsString);
// }

// private static Lazy<string> GetSecretLazy(string keyVaultInstance, string secretName) => new Lazy<string>(() =>
// {
// var keyVault = new KeyVaultSecretsProvider(keyVaultInstance);
// var secret = keyVault.GetSecretByName(secretName).Value;
// return secret;
// });

// private static void AssertConstrainedDelegationClaims(CdtCryptoProvider cdtCryptoProvider, System.Security.Claims.ClaimsPrincipal claims, string constraint)
// {
// var ticket = claims.FindAll("t").Single().Value;
// var constraints = claims.FindAll("c").Single().Value;

// Assert.IsTrue(!string.IsNullOrEmpty(ticket));
// Assert.IsTrue(!string.IsNullOrEmpty(constraints));

// Assert.IsTrue(!string.IsNullOrEmpty(ticket));

// var constraintsClaims = IdToken.Parse(constraints).ClaimsPrincipal;
// var constraintsClaim = constraintsClaims.FindAll("constraints").Single().Value;

// Assert.AreEqual(constraint, constraintsClaim);
// }
// }
//}
//#endif
1 change: 0 additions & 1 deletion ...soft.Identity.Test.Integration.netcore/Microsoft.Identity.Test.Integration.NetCore.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
</PropertyGroup>

<ItemGroup>
<ProjectReference Include="..\..\MsalCdtExtension\MsalCdtExtension.csproj" />
<ProjectReference Include="..\..\src\client\Microsoft.Identity.Client.Broker\Microsoft.Identity.Client.Broker.csproj" />
<ProjectReference Include="..\..\src\client\Microsoft.Identity.Client.Extensions.Msal\Microsoft.Identity.Client.Extensions.Msal.csproj" />
<ProjectReference Include="..\..\src\client\Microsoft.Identity.Client\Microsoft.Identity.Client.csproj" />
Expand Down
Loading

0 comments on commit 2a96823

Please sign in to comment.