Beispiel #1
0
        //~ func (f *AuditFormatter) FormatRequest(
        //~     w io.Writer,
        //~     config FormatterConfig,
        //~     auth *logical.Auth,
        //~     req *logical.Request,
        //~     inErr error) error {
        public void FormatRequest(Stream w, FormatterConfig config,
                                  Logical.Auth auth, Logical.Request req, Exception inErr)
        {
            //~ if req == nil {
            //~     return fmt.Errorf("request to request-audit a nil request")
            //~ }
            //~
            //~ if w == nil {
            //~     return fmt.Errorf("writer for audit request is nil")
            //~ }
            //~
            //~ if f.AuditFormatWriter == nil {
            //~     return fmt.Errorf("no format writer specified")
            //~ }
            if (req == null)
            {
                throw new ArgumentNullException(nameof(req));
            }
            if (w == null)
            {
                throw new ArgumentNullException(nameof(w));
            }
            //if (this.AuditFormatWriter == null)
            //	throw new InvalidOperationException("no format writer present");

            using (var defer = new Util.Defer())
            {
                //~ if !config.Raw {
                if (!config.Raw)
                {
                    // Before we copy the structure we must nil out some data
                    // otherwise we will cause reflection to panic and die
                    //~ if req.Connection != nil && req.Connection.ConnState != nil {
                    //~     origReq := req
                    //~     origState := req.Connection.ConnState
                    //~     req.Connection.ConnState = nil
                    //~     defer func() {
                    //~         origReq.Connection.ConnState = origState
                    //~     }()
                    //~ }
                    if (req?.Connection?.ConnectionState != null)
                    {
                        var origReq   = req;
                        var origState = req.Connection.ConnectionState;
                        req.Connection.ConnectionState = null;
                        defer.Add(() => origReq.Connection.ConnectionState = origState);
                    }

                    // Copy the auth structure
                    //~ if auth != nil {
                    //~     cp, err:= copystructure.Copy(auth)
                    //~     if err != nil {
                    //~         return err
                    //~     }
                    //~     auth = cp.(*logical.Auth)
                    //~ }
                    if (auth != null)
                    {
                        auth = auth.DeepCopy();
                    }

                    //~ cp, err:= copystructure.Copy(req)
                    //~ if err != nil {
                    //~     return err
                    //~ }
                    //~ req = cp.(*logical.Request)
                    req = req.DeepCopy();

                    // Hash any sensitive information
                    //~ if auth != nil {
                    //~     if err := Hash(config.Salt, auth); err != nil {
                    //~         return err
                    //~     }
                    //~ }
                    if (auth != null)
                    {
                        HashStructure.Hash(config.Salt, auth);
                    }

                    // Cache and restore accessor in the request
                    //~ var clientTokenAccessor string
                    //~ if !config.HMACAccessor && req != nil && req.ClientTokenAccessor != "" {
                    //~     clientTokenAccessor = req.ClientTokenAccessor
                    //~ }
                    //~ if err := Hash(config.Salt, req); err != nil {
                    //~     return err
                    //~ }
                    //~ if clientTokenAccessor != "" {
                    //~     req.ClientTokenAccessor = clientTokenAccessor
                    //~ }
                    var clientTokenAccessor = config.HMACAccessor
                                                ? null
                                                : req?.ClientTokenAccessor;
                    HashStructure.Hash(config.Salt, req);
                    if (!string.IsNullOrEmpty(clientTokenAccessor))
                    {
                        req.ClientTokenAccessor = clientTokenAccessor;
                    }
                }

                // If auth is nil, make an empty one
                //~ if auth == nil {
                //~     auth = new(logical.Auth)
                //~ }
                if (auth == null)
                {
                    auth = new Logical.Auth();
                }

                //~ var errString string
                //~ if inErr != nil {
                //~         errString = inErr.Error()
                //~ }
                string errString = null;
                if (inErr != null)
                {
                    errString = inErr.Message;
                }

                //~reqEntry:= &AuditRequestEntry{
                var reqEntry = new AuditRequestEntry
                {
                    //~ Type: "request",
                    //~ Error: errString,
                    //~
                    //~ Auth: AuditAuth{
                    //~     DisplayName: auth.DisplayName,
                    //~     Policies: auth.Policies,
                    //~     Metadata: auth.Metadata,
                    //~ },
                    Type  = "request",
                    Error = errString,
                    Auth  = new AuditAuth
                    {
                        DisplayName = auth.DisplayName,
                        Policies    = auth.Policies,
                        Metadata    = auth.Metadata,
                    },

                    //~ Request: AuditRequest{
                    //~     ID: req.ID,
                    //~     ClientToken: req.ClientToken,
                    //~     ClientTokenAccessor: req.ClientTokenAccessor,
                    //~     Operation: req.Operation,
                    //~     Path: req.Path,
                    //~     Data: req.Data,
                    //~     RemoteAddr: getRemoteAddr(req),
                    //~     ReplicationCluster: req.ReplicationCluster,
                    //~     Headers: req.Headers,
                    //~ },
                    Request = new AuditRequest
                    {
                        ID                  = req.ID,
                        ClientToken         = req.ClientToken,
                        ClientTokenAccessor = req.ClientTokenAccessor,
                        Operation           = req.Operation,
                        Path                = req.Path,
                        Data                = req.Data,
                        RemoteAddr          = GetRemoteAddr(req),
                        ReplicationCluster  = req.ReplicationCluster,
                        Headers             = req.Headers,
                    },
                };

                //~ if req.WrapInfo != nil {
                //~     reqEntry.Request.WrapTTL = int(req.WrapInfo.TTL / time.Second)
                //~ }
                if (req.WrapInfo != null)
                {
                    reqEntry.Request.WrapTTL = (int)req.WrapInfo.TTL.TotalSeconds;
                }

                //~ if !config.OmitTime {
                //~     reqEntry.Time = time.Now().UTC().Format(time.RFC3339)
                //~ }
                if (!config.OmitTime)
                {
                    reqEntry.Time = DateTime.UtcNow.FormatUtcAsRFC3339();
                }

                //~ return f.AuditFormatWriter.WriteRequest(w, reqEntry)
                this.WriteRequest(w, reqEntry);
            }
        }
Beispiel #2
0
        //~ func (f *AuditFormatter) FormatResponse(
        //~	w io.Writer,
        //~	config FormatterConfig,
        //~	auth *logical.Auth,
        //~	req *logical.Request,
        //~	resp *logical.Response,
        //~	inErr error) error {
        public void FormatResponse(Stream w, FormatterConfig config,
                                   Logical.Auth auth, Logical.Request req, Logical.Response resp, Exception inErr)
        {
            //~ if req == nil {
            //~     return fmt.Errorf("request to response-audit a nil request")
            //~ }
            //~
            //~ if w == nil {
            //~     return fmt.Errorf("writer for audit request is nil")
            //~ }
            //~
            //~ if f.AuditFormatWriter == nil {
            //~     return fmt.Errorf("no format writer specified")
            //~ }
            if (req == null)
            {
                throw new ArgumentNullException(nameof(req));
            }
            if (w == null)
            {
                throw new ArgumentNullException(nameof(w));
            }

            using (var defer = new Util.Defer())
            {
                //~ if !config.Raw {
                if (!config.Raw)
                {
                    // Before we copy the structure we must nil out some data
                    // otherwise we will cause reflection to panic and die
                    //~ if req.Connection != nil && req.Connection.ConnState != nil {
                    //~ origReq:= req
                    //~     origState:= req.Connection.ConnState
                    //~     req.Connection.ConnState = nil
                    //~     defer func() {
                    //~         origReq.Connection.ConnState = origState
                    //~     } ()
                    //~ }
                    if (req?.Connection?.ConnectionState != null)
                    {
                        var origReq   = req;
                        var origState = req.Connection.ConnectionState;
                        req.Connection.ConnectionState = null;
                        defer.Add(() => origReq.Connection.ConnectionState = origState);
                    }

                    // Copy the auth structure
                    //! if auth != nil {
                    //!     cp, err:= copystructure.Copy(auth)
                    //!     if err != nil {
                    //!         return err
                    //!     }
                    //!     auth = cp.(*logical.Auth)
                    //! }
                    if (auth != null)
                    {
                        auth = auth.DeepCopy();
                    }

                    //~ cp, err:= copystructure.Copy(req)
                    //~ if err != nil {
                    //~     return err
                    //~ }
                    //~ req = cp.(*logical.Request)
                    req = req.DeepCopy();

                    //~ if resp != nil {
                    //~     cp, err:= copystructure.Copy(resp)
                    //~     if err != nil {
                    //~         return err
                    //~     }
                    //~     resp = cp.(*logical.Response)
                    //~ }
                    if (resp != null)
                    {
                        resp = resp.DeepCopy();
                    }


                    // Hash any sensitive information

                    // Cache and restore accessor in the auth
                    //~ if auth != nil {
                    //~     var accessor string
                    //~     if !config.HMACAccessor && auth.Accessor != "" {
                    //~         accessor = auth.Accessor
                    //~     }
                    //~     if err := Hash(config.Salt, auth); err != nil {
                    //~         return err
                    //~     }
                    //~     if accessor != "" {
                    //~         auth.Accessor = accessor
                    //~     }
                    //~ }
                    if (auth != null)
                    {
                        var accessor = config.HMACAccessor
                                                        ? null
                                                        : auth.Accessor;
                        HashStructure.Hash(config.Salt, auth);
                        if (!string.IsNullOrEmpty(accessor))
                        {
                            auth.Accessor = accessor;
                        }
                    }

                    // Cache and restore accessor in the request
                    //~ var clientTokenAccessor string
                    //~ if !config.HMACAccessor && req != nil && req.ClientTokenAccessor != "" {
                    //~     clientTokenAccessor = req.ClientTokenAccessor
                    //~ }
                    //~ if err := Hash(config.Salt, req); err != nil {
                    //~     return err
                    //~ }
                    //~ if clientTokenAccessor != "" {
                    //~     req.ClientTokenAccessor = clientTokenAccessor
                    //~ }
                    var clientTokenAccessor = config.HMACAccessor
                                                ? null
                                                : req?.ClientTokenAccessor;
                    HashStructure.Hash(config.Salt, req);
                    if (!string.IsNullOrEmpty(clientTokenAccessor))
                    {
                        req.ClientTokenAccessor = clientTokenAccessor;
                    }

                    // Cache and restore accessor in the response
                    //~ if resp != nil {
                    //~     var accessor, wrappedAccessor string
                    //~     if !config.HMACAccessor && resp != nil && resp.Auth != nil && resp.Auth.Accessor != "" {
                    //~         accessor = resp.Auth.Accessor
                    //~     }
                    //~     if !config.HMACAccessor && resp != nil && resp.WrapInfo != nil && resp.WrapInfo.WrappedAccessor != "" {
                    //~         wrappedAccessor = resp.WrapInfo.WrappedAccessor
                    //~     }
                    //~     if err := Hash(config.Salt, resp); err != nil {
                    //~         return err
                    //~     }
                    //~     if accessor != "" {
                    //~         resp.Auth.Accessor = accessor
                    //~     }
                    //~     if wrappedAccessor != "" {
                    //~         resp.WrapInfo.WrappedAccessor = wrappedAccessor
                    //~     }
                    //~ }
                    if (resp != null)
                    {
                        var accessor = config.HMACAccessor
                                                        ? null
                                                        : resp?.Auth?.Accessor;
                        var wrappedAccessor = config.HMACAccessor
                                                        ? null
                                                        : resp?.WrapInfo?.WrappedAccessor;
                        HashStructure.Hash(config.Salt, resp);
                        if (!string.IsNullOrEmpty(accessor))
                        {
                            resp.Auth.Accessor = accessor;
                        }
                        if (!string.IsNullOrEmpty(wrappedAccessor))
                        {
                            resp.WrapInfo.WrappedAccessor = wrappedAccessor;
                        }
                    }
                }

                // If things are nil, make empty to avoid panics
                //~ if auth == nil {
                //~     auth = new(logical.Auth)
                //~ }
                //~ if resp == nil {
                //~     resp = new(logical.Response)
                //~ }
                //~ var errString string
                //~ if inErr != nil {
                //~     errString = inErr.Error()
                //~ }
                if (auth == null)
                {
                    auth = new Logical.Auth();
                }
                if (resp == null)
                {
                    resp = new Logical.Response();
                }
                string errString = null;
                if (inErr != null)
                {
                    errString = inErr.Message;
                }

                //~ var respAuth *AuditAuth
                //~ if resp.Auth != nil {
                //~     respAuth = &AuditAuth{
                //~         ClientToken: resp.Auth.ClientToken,
                //~         Accessor:    resp.Auth.Accessor,
                //~         DisplayName: resp.Auth.DisplayName,
                //~         Policies:    resp.Auth.Policies,
                //~         Metadata:    resp.Auth.Metadata,
                //~     }
                //~ }
                AuditAuth respAuth = null;
                if (resp.Auth != null)
                {
                    respAuth = new AuditAuth
                    {
                        ClientToken = resp.Auth.ClientToken,
                        Accessor    = resp.Auth.Accessor,
                        DisplayName = resp.Auth.DisplayName,
                        Policies    = resp.Auth.Policies,
                        Metadata    = resp.Auth.Metadata,
                    };
                }

                //~ var respSecret *AuditSecret
                //~ if resp.Secret != nil {
                //~     respSecret = &AuditSecret{
                //~         LeaseID: resp.Secret.LeaseID,
                //~     }
                //~ }
                AuditSecret respSecret = null;
                if (resp.Secret != null)
                {
                    respSecret = new AuditSecret
                    {
                        LeaseID = resp.Secret.LeaseID,
                    }
                }
                ;

                //~ var respWrapInfo *AuditResponseWrapInfo
                //~ if resp.WrapInfo != nil {
                //~     token := resp.WrapInfo.Token
                //~     if jwtToken := parseVaultTokenFromJWT(token); jwtToken != nil {
                //~         token = *jwtToken
                //~     }
                //~     respWrapInfo = &AuditResponseWrapInfo{
                //~         TTL:             int(resp.WrapInfo.TTL / time.Second),
                //~         Token:           token,
                //~         CreationTime:    resp.WrapInfo.CreationTime.Format(time.RFC3339Nano),
                //~         WrappedAccessor: resp.WrapInfo.WrappedAccessor,
                //~     }
                //~ }
                AuditResponseWrapInfo respWrapInfo = null;
                if (resp.WrapInfo != null)
                {
                    var token    = resp.WrapInfo.Token;
                    var jwtToken = ParseVaultTokenFromJWT(token);
                    if (!string.IsNullOrEmpty(jwtToken))
                    {
                        token = jwtToken;
                    }
                    respWrapInfo = new AuditResponseWrapInfo
                    {
                        TTL             = (int)resp.WrapInfo.TTL.TotalSeconds,
                        Token           = token,
                        CreationTime    = resp.WrapInfo.CreationTime.FormatUtcAsRFC3339Nano(),
                        WrappedAccessor = resp.WrapInfo.WrappedAccessor,
                    };
                }

                //~ respEntry := &AuditResponseEntry{
                var respEntry = new AuditResponseEntry
                {
                    //~ Type:  "response",
                    //~ Error: errString,
                    Type  = "response",
                    Error = errString,

                    //~ Auth: AuditAuth{
                    //~     DisplayName: auth.DisplayName,
                    //~     Policies:    auth.Policies,
                    //~     Metadata:    auth.Metadata,
                    //~ },
                    Auth = new AuditAuth
                    {
                        DisplayName = auth.DisplayName,
                        Policies    = auth.Policies,
                        Metadata    = auth.Metadata,
                    },

                    //~ Request: AuditRequest{
                    //~     ID:                  req.ID,
                    //~     ClientToken:         req.ClientToken,
                    //~     ClientTokenAccessor: req.ClientTokenAccessor,
                    //~     Operation:           req.Operation,
                    //~     Path:                req.Path,
                    //~     Data:                req.Data,
                    //~     RemoteAddr:          getRemoteAddr(req),
                    //~     ReplicationCluster:  req.ReplicationCluster,
                    //~     Headers:             req.Headers,
                    //~ },
                    Request = new AuditRequest
                    {
                        ID                  = req.ID,
                        ClientToken         = req.ClientToken,
                        ClientTokenAccessor = req.ClientTokenAccessor,
                        Operation           = req.Operation,
                        Path                = req.Path,
                        Data                = req.Data,
                        RemoteAddr          = GetRemoteAddr(req),
                        ReplicationCluster  = req.ReplicationCluster,
                        Headers             = req.Headers,
                    },

                    //~ Response: AuditResponse{
                    //~     Auth:     respAuth,
                    //~     Secret:   respSecret,
                    //~     Data:     resp.Data,
                    //~     Redirect: resp.Redirect,
                    //~     WrapInfo: respWrapInfo,
                    //~ },
                    Response = new AuditResponse
                    {
                        Auth     = respAuth,
                        Secret   = respSecret,
                        Data     = resp.Data,
                        Redirect = resp.Redirect,
                        WrapInfo = respWrapInfo,
                    },
                };

                //~ if req.WrapInfo != nil {
                //~     respEntry.Request.WrapTTL = int(req.WrapInfo.TTL / time.Second)
                //~ }
                if (req.WrapInfo != null)
                {
                    respEntry.Request.WrapTTL = (int)req.WrapInfo.TTL.TotalSeconds;
                }

                //~ if !config.OmitTime {
                //~     respEntry.Time = time.Now().UTC().Format(time.RFC3339)
                //~ }
                if (!config.OmitTime)
                {
                    respEntry.Time = DateTime.UtcNow.FormatUtcAsRFC3339();
                }

                //~ return f.AuditFormatWriter.WriteResponse(w, respEntry)
                WriteResponse(w, respEntry);
            }
        }