/// <summary>
/// Gets a security token from the federation server.
/// </summary>
/// <returns>
/// The security token, which is basically a JWT token string.
/// </returns>
private SecurityTokenAdapter GetSecurityTokenFromServer()
{
logger.Info("Getting security token from the auth server");
var keyPair = sessionKeySupplier.GetKeyPair();
if (keyPair == null)
{
throw new InvalidOperationException("Keypair is not generated, it is null");
}
var publicKey = (RsaKeyParameters)keyPair.Public;
if (publicKey == null)
{
throw new InvalidOperationException("Public key is missing in the key pair");
}
string publicKeyDerBase64 = null;
try
{
byte[] publicKeyDer = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey).GetDerEncoded();
publicKeyDerBase64 = Convert.ToBase64String(publicKeyDer);
}
catch (Exception e)
{
throw new InvalidOperationException("Failed to convert public key from RsaKeyParameters type to string type", e);
}
var certificateAndKeyPair = leafCertificateSupplier.GetCertificateAndKeyPair();
if (certificateAndKeyPair == null)
{
throw new InvalidOperationException("Certificate and key pair are not present");
}
var leafCertificate = certificateAndKeyPair.Certificate;
if (leafCertificate == null)
{
throw new InvalidOperationException("Leaf certificate is not present");
}
if (certificateAndKeyPair.PrivateKey == null)
{
throw new InvalidOperationException("Leaf certificate's private key is missing");
}
HashSet <string> intermediateStrings = null;
if (intermediateCertificateSuppliers != null &&
intermediateCertificateSuppliers.Count > 0)
{
logger.Debug("Intermediate certificate(s) were supplied");
intermediateStrings = new HashSet <string>();
foreach (var supplier in intermediateCertificateSuppliers)
{
var supplierCertificateAndKeyPair = supplier.GetCertificateAndKeyPair();
if (supplierCertificateAndKeyPair != null &&
supplierCertificateAndKeyPair.Certificate != null)
{
intermediateStrings.Add(Convert.ToBase64String(supplierCertificateAndKeyPair.Certificate.RawData));
}
}
}
// create request body to be sent to the auth service
var url = this.federationEndpoint + Constants.AUTH_SERVICE_PATH;
var requestBody = new X509FederationRequest(publicKeyDerBase64, Convert.ToBase64String(leafCertificate.RawData), intermediateStrings, purpose);
var httpRequestMsg = new HttpRequestMessage(HttpMethod.Post, new Uri(url));
httpRequestMsg.Content = ContentHelper.CreateHttpContent(requestBody);
var keyId = this.tenancyId + Constants.FED_KEY_PATH + AuthUtils.GetFingerPrint(leafCertificate.Thumbprint);
if (FederationSigner == null)
{
FederationSigner = new FederationRequestSigner((RsaKeyParameters)certificateAndKeyPair.PrivateKey, keyId);
}
FederationSigner.SignRequest(httpRequestMsg);
var requestContent = httpRequestMsg.Content.ReadAsStringAsync().Result;
logger.Debug($"request content to Auth service is {requestContent}");
HttpResponseMessage response = null;
try
{
if (Client == null)
{
Client = new HttpClient();
}
for (int retry = 0; retry < Constants.RETRIES; retry++)
{
// A new copy of the request message needs to be created because it is disposed each time it is sent, and
// resending the same request will result in the following error message:
// "The request message was already sent. Cannot send the same request message multiple times."
var newRequestMessage = HttpUtils.CloneHttpRequestMessage(httpRequestMsg);
response = Client.SendAsync(newRequestMessage).Result;
if (response.IsSuccessStatusCode)
{
break;
}
Thread.Sleep(Constants.RETRY_MILLIS);
}
if (response == null || !response.IsSuccessStatusCode)
{
logger.Debug("Received non successful response while trying to get the AUTH token");
ResponseHelper.HandleNonSuccessfulResponse(response);
}
}
finally
{
Client.Dispose();
Client = null;
}
var securityTokenContent = response.Content.ReadAsStringAsync().Result;
var securityToken = JsonConvert.DeserializeObject <SecurityToken>(securityTokenContent);
logger.Info($"Security Token received from the Auth Service");
return(new SecurityTokenAdapter(securityToken.Token));
}
public void GetFingerPrintTest(string expected, string thumbprint)
{
Assert.Equal(expected, AuthUtils.GetFingerPrint(thumbprint));
}
