OAuth Connector should respect setting validateCertificates or validate_certificates

2018-01-26 12:11:55 -06:00 · 2018-01-26 12:11:55 -06:00 · 10e4b150a5
--- a/src/Steeltoe.CloudFoundry.ConnectorBase/OAuth/OAuthConfigurer.cs
+++ b/src/Steeltoe.CloudFoundry.ConnectorBase/OAuth/OAuthConfigurer.cs
@ -57,7 +57,7 @@ namespace Steeltoe.CloudFoundry.Connector.OAuth
            options.TokenInfoUrl = config.OAuthServiceUrl + config.TokenInfoUri;
            options.UserInfoUrl = config.OAuthServiceUrl + config.UserInfoUri;
            options.JwtKeyUrl = config.OAuthServiceUrl + config.JwtKeyUri;
-            options.ValidateCertificates = config.Validate_Certificates;
+            options.ValidateCertificates = config.ValidateCertificates;
            if (config.Scope != null)
            {
                foreach (var scope in config.Scope)
--- a/src/Steeltoe.CloudFoundry.ConnectorBase/OAuth/OAuthConnectorOptions.cs
+++ b/src/Steeltoe.CloudFoundry.ConnectorBase/OAuth/OAuthConnectorOptions.cs
@ -13,6 +13,7 @@
 // limitations under the License.

 using Microsoft.Extensions.Configuration;
+using Steeltoe.Common.Configuration;
 using System;
 using System.Collections.Generic;

@ -37,6 +38,7 @@ namespace Steeltoe.CloudFoundry.Connector.OAuth

            var section = config.GetSection(SECURITY_CLIENT_SECTION_PREFIX);
            section.Bind(this);
+            ValidateCertificates = GetCertificateValidation(section, config, ValidateCertificates);

            section = config.GetSection(SECURITY_RESOURCE_SECTION_PREFIX);
            section.Bind(this);
@ -60,6 +62,11 @@ namespace Steeltoe.CloudFoundry.Connector.OAuth

        public List<string> Scope { get; set; }

-        public bool Validate_Certificates { get; set; } = OAuthConnectorDefaults.Default_ValidateCertificates;
+        public bool ValidateCertificates { get; set; } = OAuthConnectorDefaults.Default_ValidateCertificates;
+
+        private static bool GetCertificateValidation(IConfigurationSection clientConfigsection, IConfiguration resolve, bool def)
+        {
+            return ConfigurationValuesHelper.GetBoolean("validate_certificates", clientConfigsection, resolve, def);
+        }
    }
 }
--- a/test/Steeltoe.CloudFoundry.ConnectorBase.Test/OAuth/OAuthConfigurerTest.cs
+++ b/test/Steeltoe.CloudFoundry.ConnectorBase.Test/OAuth/OAuthConfigurerTest.cs
@ -25,7 +25,7 @@ namespace Steeltoe.CloudFoundry.Connector.OAuth.Test
            OAuthServiceOptions opts = new OAuthServiceOptions();
            OAuthConnectorOptions config = new OAuthConnectorOptions()
            {
-                Validate_Certificates = false
+                ValidateCertificates = false
            };
            OAuthConfigurer configurer = new OAuthConfigurer();
            configurer.UpdateOptions(config, opts);
--- a/test/Steeltoe.CloudFoundry.ConnectorBase.Test/OAuth/OAuthConnectorOptionsTest.cs
+++ b/test/Steeltoe.CloudFoundry.ConnectorBase.Test/OAuth/OAuthConnectorOptionsTest.cs
@ -42,7 +42,6 @@ namespace Steeltoe.CloudFoundry.Connector.OAuth.Test
                ["security:oauth2:client:clientSecret"] = "clientsecret",
                ["security:oauth2:client:userAuthorizationUri"] = "userauthorizationuri",
                ["security:oauth2:client:accessTokenUri"] = "accesstokenuri",
-                ["security:oauth2:client:validate_certificates"] = "false",
                ["security:oauth2:client:scope:0"] = "foo",
                ["security:oauth2:client:scope:1"] = "bar",
                ["security:oauth2:resource:userInfoUri"] = "userinfouri",
@ -66,7 +65,45 @@ namespace Steeltoe.CloudFoundry.Connector.OAuth.Test
            Assert.NotNull(sconfig.Scope);
            Assert.Equal(2, sconfig.Scope.Count);
            Assert.True(sconfig.Scope.Contains("foo") && sconfig.Scope.Contains("bar"));
-            Assert.False(sconfig.Validate_Certificates);
+            Assert.True(sconfig.ValidateCertificates);
+        }
+
+        [Fact]
+        public void ValidateCertificates_Binds()
+        {
+            // arrange a configuration with validateCertificates=false
+            var appsettings = new Dictionary<string, string>()
+            {
+                ["security:oauth2:client:validateCertificates"] = "false",
+            };
+            ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(appsettings);
+            var config = configurationBuilder.Build();
+
+            // act
+            var sconfig = new OAuthConnectorOptions(config);
+
+            // assert
+            Assert.False(sconfig.ValidateCertificates);
+        }
+
+        [Fact]
+        public void Validate_Certificates_Binds()
+        {
+            // arrange a configuration with validateCertificates=false
+            var appsettings = new Dictionary<string, string>()
+            {
+                ["security:oauth2:client:validate_certificates"] = "false",
+            };
+            ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(appsettings);
+            var config = configurationBuilder.Build();
+
+            // act
+            var sconfig = new OAuthConnectorOptions(config);
+
+            // assert
+            Assert.False(sconfig.ValidateCertificates);
        }
    }
 }