Refactor lab api.

Author: bgavrilMS

tests/CacheCompat/CommonCache.Test.Unit/CacheExecutionTests.cs

@@ -19,8 +19,8 @@ public class CacheExecutionTests
 
         private static async Task<LabUserData> GetPublicAadUserDataAsync()
         {
-            var api = new LabServiceApi();
-            LabResponse labResponse = (await api.GetLabResponseFromApiAsync(UserQuery.PublicAadUserQuery).ConfigureAwait(false));
+            LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
+
             return new LabUserData(
               labResponse.User.Upn,
               labResponse.User.GetOrFetchPassword(),

tests/Microsoft.Identity.Test.Common/Core/Helpers/CertHelper.cs

@@ -0,0 +1,72 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Collections.Generic;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+namespace Microsoft.Identity.Test.Common.Core.Helpers
+{
+    public static class CertificateFinder
+    {       
+        /// <summary>
+        /// Try and locate a certificate matching the given <paramref name="subjectName"/> by searching in
+        /// the <see cref="StoreName.My"/> store subjectName for all available <see cref="StoreLocation"/>s.
+        /// </summary>
+        /// <param name="subjectName">Thumbprint of certificate to locate</param>
+        /// <returns><see cref="X509Certificate2"/> with <paramref subjectName="subjectName"/>, or null if no matching certificate was found</returns>
+        public static X509Certificate2 FindCertificateByName(string subjectName)
+        {
+            foreach (StoreLocation storeLocation in Enum.GetValues(typeof(StoreLocation)))
+            {
+                var certificate = FindCertificateByName(subjectName, storeLocation, StoreName.My);
+                if (certificate != null)
+                {
+                    return certificate;
+                }
+            }
+
+            return null;
+        }
+        /// <summary>
+        /// Try and locate a certificate matching the given <paramref name="certName"/> by searching in
+        /// the in the given <see cref="StoreName"/> and <see cref="StoreLocation"/>.
+        /// </summary>
+        /// <param subjectName="certName">Thumbprint of certificate to locate</param>
+        /// <param subjectName="location"><see cref="StoreLocation"/> in which to search for a matching certificate</param>
+        /// <param subjectName="name"><see cref="StoreName"/> in which to search for a matching certificate</param>
+        /// <returns><see cref="X509Certificate2"/> with <paramref subjectName="certName"/>, or null if no matching certificate was found</returns>
+        public static X509Certificate2 FindCertificateByName(string certName, StoreLocation location, StoreName name)
+        {
+            // Don't validate certs, since the test root isn't installed.
+            const bool validateCerts = false;
+
+            using (var store = new X509Store(name, location))
+            {
+                store.Open(OpenFlags.ReadOnly);
+                X509Certificate2Collection collection = store.Certificates.Find(X509FindType.FindBySubjectName, certName, validateCerts);
+
+                X509Certificate2 certToUse = null;
+
+                // select the "freshest" certificate
+                foreach (X509Certificate2 cert in collection)
+                {
+                    if (certToUse == null || cert.NotBefore > certToUse.NotBefore)
+                    {
+                        certToUse = cert;
+                    }
+                }
+
+                return certToUse;
+
+            }
+        }
+    }
+
+    public enum KnownTestCertType
+    {
+        RSA,
+        ECD
+    }
+}

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/CiamIntegrationTests.cs

@@ -32,11 +32,7 @@ public async Task ROPC_Ciam_StandardDomains_CompletesSuccessfully()
         {
             string authority;
             //Get lab details
-            var labResponse = await LabUserHelper.GetLabUserDataAsync(new UserQuery()
-            {
-                FederationProvider = FederationProvider.CIAMCUD,
-                SignInAudience = SignInAudience.AzureAdMyOrg
-            }).ConfigureAwait(false);
+            var labResponse = await LabUserHelper.GetCiamUserAync().ConfigureAwait(false);
 
             //https://tenantName.ciamlogin.com/
             authority = string.Format("https://{0}.ciamlogin.com/", labResponse.User.LabName);
@@ -87,12 +83,7 @@ public async Task ClientCredentialCiam_WithClientCredentials_ReturnsValidTokens(
         {
             string authority;
             //Get lab details
-            var labResponse = await LabUserHelper.GetLabUserDataAsync(new UserQuery()
-            {
-                FederationProvider = FederationProvider.CIAMCUD,
-                SignInAudience = SignInAudience.AzureAdMyOrg
-            }).ConfigureAwait(false);
-
+            var labResponse = await LabUserHelper.GetCiamUserAync().ConfigureAwait(false);
 
             //https://tenantName.ciamlogin.com/
             authority = string.Format("https://{0}.ciamlogin.com/", labResponse.User.LabName);
@@ -117,7 +108,7 @@ private async Task RunCiamCCATest(string authority, string appId)
             //Acquire tokens
             var msalConfidentialClientBuilder = ConfidentialClientApplicationBuilder
                 .Create(appId)
-                .WithCertificate(CertificateHelper.FindCertificateByName(TestConstants.AutomationTestCertName))
+                .WithCertificate(CertificateFinder.FindCertificateByName(TestConstants.AutomationTestCertName))
                 .WithExperimentalFeatures();
 
             if (authority.Contains(Constants.CiamAuthorityHostSuffix))
@@ -157,11 +148,7 @@ public async Task OBOCiam_CustomDomain_ReturnsValidTokens()
             string ciamWebApi = "634de702-3173-4a71-b336-a4fab786a479";
 
             //Get lab details
-            LabResponse labResponse = await LabUserHelper.GetLabUserDataAsync(new UserQuery()
-            {
-                FederationProvider = FederationProvider.CIAMCUD,
-                SignInAudience = SignInAudience.AzureAdMyOrg
-            }).ConfigureAwait(false);
+            var labResponse = await LabUserHelper.GetCiamUserAync().ConfigureAwait(false);
 
             //Acquire tokens
             var msalPublicClient = PublicClientApplicationBuilder
@@ -184,7 +171,7 @@ public async Task OBOCiam_CustomDomain_ReturnsValidTokens()
             //Acquire tokens for OBO
             var msalConfidentialClient = ConfidentialClientApplicationBuilder
                 .Create(ciamWebApi)
-                .WithCertificate(CertificateHelper.FindCertificateByName(TestConstants.AutomationTestCertName))
+                .WithCertificate(CertificateFinder.FindCertificateByName(TestConstants.AutomationTestCertName))
                 .WithAuthority(authorityCud, false)
                 .WithRedirectUri(_ciamRedirectUri)
                 .BuildConcrete();

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs

@@ -64,19 +64,19 @@ public async Task RefreshOnIsEnabled(bool useRegional)
                 Assert.Inconclusive("Can't run regional on local devbox.");
             }
 
-            var cert = CertificateHelper.FindCertificateByName(TestConstants.AutomationTestCertName);
+            var cert = CertificateFinder.FindCertificateByName(TestConstants.AutomationTestCertName);
 
-            var builder = ConfidentialClientApplicationBuilder.Create(LabAuthenticationHelper.LabAccessConfidentialClientId)
+            var builder = ConfidentialClientApplicationBuilder.Create(LabApiConstants.LabClientId)
                 .WithCertificate(cert, sendX5C: true)
-                .WithAuthority(LabAuthenticationHelper.LabClientInstance, LabAuthenticationHelper.LabClientTenantId);
+                .WithAuthority(LabApiConstants.LabClientInstance, LabApiConstants.LabClientTenantId);
 
             // auto-detect should work on Azure DevOps build
             if (useRegional)
                 builder = builder.WithAzureRegion();
 
             var cca = builder.Build();
 
-            var result = await cca.AcquireTokenForClient([LabAuthenticationHelper.LabScope]).ExecuteAsync().ConfigureAwait(false);
+            var result = await cca.AcquireTokenForClient([LabApiConstants.LabScope]).ExecuteAsync().ConfigureAwait(false);
 
             Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
             Assert.IsTrue(result.AuthenticationResultMetadata.RefreshOn.HasValue, "refresh_in was not issued - did the MSAL SKU value change?");

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/PoPTests.NetFwk.cs

@@ -770,7 +770,7 @@ public void CheckPopRuntimeBrokerSupportTest()
 
         private static X509Certificate2 GetCertificate()
         {
-            X509Certificate2 cert = CertificateHelper.FindCertificateByName(TestConstants.AutomationTestCertName);
+            X509Certificate2 cert = CertificateFinder.FindCertificateByName(TestConstants.AutomationTestCertName);
 
             if (cert == null)
             {

tests/Microsoft.Identity.Test.Integration.netcore/Infrastructure/ConfidentialAppSettings.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Security.Cryptography.X509Certificates;
+using Microsoft.Identity.Test.Common.Core.Helpers;
 using Microsoft.Identity.Test.LabInfrastructure;
 using Microsoft.Identity.Test.Unit;
 
@@ -196,7 +197,7 @@ public static IConfidentialAppSettings GetSettings(Cloud cloud)
 
         public static Lazy<X509Certificate2> GetCertificateLazy(string certName) => new Lazy<X509Certificate2>(() =>
         {
-            X509Certificate2 cert = CertificateHelper.FindCertificateByName(certName);
+            X509Certificate2 cert = CertificateFinder.FindCertificateByName(certName);
             if (cert == null)
             {
                 throw new InvalidOperationException(

tests/Microsoft.Identity.Test.Integration.netcore/Infrastructure/MsiProxyHttpManager.cs

@@ -3,16 +3,12 @@
 
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Cryptography.X509Certificates;
-using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using System.Web;
-using Microsoft.Identity.Client;
 using Microsoft.Identity.Client.Core;
 using Microsoft.Identity.Client.Http;
 using Microsoft.Identity.Test.LabInfrastructure;

tests/Microsoft.Identity.Test.LabInfrastructure/CertificateHelper.cs

@@ -6,7 +6,7 @@
 
 namespace Microsoft.Identity.Test.LabInfrastructure
 {
-    public static class CertificateHelper
+    internal static class CertificateHelper
     {
         /// <summary>
         /// Try and locate a certificate matching the given <paramref name="subjectName"/> by searching in

tests/Microsoft.Identity.Test.LabInfrastructure/KeyVaultConfiguration.cs

@@ -86,9 +86,7 @@ public async Task<X509Certificate2> GetCertificateWithPrivateMaterialAsync(strin
 
         private async Task<TokenCredential> GetKeyVaultCredentialAsync()
         {
-            var accessToken = await LabAuthenticationHelper.GetLabAccessTokenAsync(
-                "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/",
-                new[] { "https://vault.azure.net/.default" }).ConfigureAwait(false);
+            var accessToken = await LabAuthenticationHelper.GetKeyVaultAccessToken().ConfigureAwait(false);
             return DelegatedTokenCredential.Create((_, __) => accessToken);
         }