using Xunit;
using OpenHarbor.MCP.Gateway.Core.Configuration;
namespace OpenHarbor.MCP.Gateway.Core.Tests.Configuration;
///
/// Unit tests for SecurityConfig following TDD approach.
/// Tests security configuration and validation.
///
public class SecurityConfigTests
{
[Fact]
public void SecurityConfig_DefaultValues_DisablesAuthentication()
{
// Arrange & Act
var config = new SecurityConfig();
// Assert
Assert.False(config.EnableAuthentication);
Assert.False(config.EnableAuthorization);
}
[Fact]
public void SecurityConfig_WithApiKeyAuth_StoresCorrectly()
{
// Arrange & Act
var config = new SecurityConfig
{
EnableAuthentication = true,
AuthenticationScheme = "ApiKey",
ApiKeys = new List { "key1", "key2", "key3" }
};
// Assert
Assert.True(config.EnableAuthentication);
Assert.Equal("ApiKey", config.AuthenticationScheme);
Assert.NotNull(config.ApiKeys);
Assert.Equal(3, config.ApiKeys.Count);
}
[Fact]
public void SecurityConfig_WithJwtAuth_StoresCorrectly()
{
// Arrange & Act
var config = new SecurityConfig
{
EnableAuthentication = true,
AuthenticationScheme = "JWT",
JwtSecret = "my-secret-key",
JwtIssuer = "gateway.example.com",
JwtAudience = "mcp-clients"
};
// Assert
Assert.Equal("JWT", config.AuthenticationScheme);
Assert.Equal("my-secret-key", config.JwtSecret);
Assert.Equal("gateway.example.com", config.JwtIssuer);
Assert.Equal("mcp-clients", config.JwtAudience);
}
[Fact]
public void SecurityConfig_WithAuthorization_StoresClientPermissions()
{
// Arrange & Act
var config = new SecurityConfig
{
EnableAuthorization = true,
ClientPermissions = new Dictionary>
{
{ "client-1", new List { "read", "write" } },
{ "client-2", new List { "read" } }
}
};
// Assert
Assert.True(config.EnableAuthorization);
Assert.NotNull(config.ClientPermissions);
Assert.Equal(2, config.ClientPermissions.Count);
Assert.Contains("write", config.ClientPermissions["client-1"]);
}
[Fact]
public void SecurityConfig_WithRateLimiting_StoresCorrectly()
{
// Arrange & Act
var config = new SecurityConfig
{
EnableRateLimiting = true,
RequestsPerMinute = 60,
BurstSize = 10
};
// Assert
Assert.True(config.EnableRateLimiting);
Assert.Equal(60, config.RequestsPerMinute);
Assert.Equal(10, config.BurstSize);
}
[Fact]
public void SecurityConfig_Validate_WithApiKeyButNoKeys_ReturnsFalse()
{
// Arrange
var config = new SecurityConfig
{
EnableAuthentication = true,
AuthenticationScheme = "ApiKey",
ApiKeys = new List()
};
// Act
var isValid = config.Validate();
// Assert
Assert.False(isValid);
}
[Fact]
public void SecurityConfig_Validate_WithJwtButNoSecret_ReturnsFalse()
{
// Arrange
var config = new SecurityConfig
{
EnableAuthentication = true,
AuthenticationScheme = "JWT",
JwtSecret = null
};
// Act
var isValid = config.Validate();
// Assert
Assert.False(isValid);
}
[Fact]
public void SecurityConfig_Validate_WithValidApiKeyConfig_ReturnsTrue()
{
// Arrange
var config = new SecurityConfig
{
EnableAuthentication = true,
AuthenticationScheme = "ApiKey",
ApiKeys = new List { "valid-key" }
};
// Act
var isValid = config.Validate();
// Assert
Assert.True(isValid);
}
}