private Task ConnectAsync(IChannelHandlerContext context)
{
string registrationId = _message.Security.GetRegistrationID();
string userAgent = _message.ProductInfo;
bool hasPassword = false;
string password = null;
if (_message.Security is SecurityProviderSymmetricKey)
{
hasPassword = true;
string key = ((SecurityProviderSymmetricKey)_message.Security).GetPrimaryKey();
password = ProvisioningSasBuilder.BuildSasSignature(Registration, key, string.Concat(_message.IdScope, '/', "registrations", '/', registrationId), TimeSpan.FromDays(1));
}
var message = new ConnectPacket()
{
CleanSession = true,
ClientId = registrationId,
HasWill = false,
HasUsername = true,
Username = string.Format(
CultureInfo.InvariantCulture,
UsernameFormat,
_message.IdScope,
registrationId,
ClientApiVersionHelper.ApiVersion,
Uri.EscapeDataString(userAgent)),
HasPassword = hasPassword,
Password = hasPassword ? password : null
};
return(context.WriteAndFlushAsync(message));
}
public override Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
string audience = request.RequestUri.AbsolutePath.Trim('/');
var segments = audience.Split('/');
_sasToken = ProvisioningSasBuilder.BuildSasSignature(Registration, this.SymmetricKey, string.Concat(segments[0], '/', segments[1], '/', segments[2]), TimeSpan.FromDays(1));
SetAuthorizationHeader(request, _sasToken);
return(base.ProcessHttpRequestAsync(request, cancellationToken));
}
protected override async Task <HttpResponseMessage> SendAsync(
HttpRequestMessage request,
CancellationToken cancellationToken)
{
if (Logging.IsEnabled)
{
Logging.Enter(this, $"{request.RequestUri}", nameof(SendAsync));
}
HttpResponseMessage response = await base.SendAsync(request, cancellationToken).ConfigureAwait(false);
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
#if NET5_0_OR_GREATER
if (request.Options.TryGetValue(new HttpRequestOptionsKey <object>(ProvisioningHeaderName), out object result))
#else
if (request.Properties.TryGetValue(ProvisioningHeaderName, out object result))
#endif
{
if (result is Action <string> setSasToken)
{
string target = GetTarget(request.RequestUri.LocalPath);
string responseContent = await response.Content.ReadHttpContentAsStringAsync(cancellationToken).ConfigureAwait(false);
TpmChallenge challenge = JsonConvert.DeserializeObject <TpmChallenge>(responseContent);
string sasToken = ProvisioningSasBuilder.ExtractServiceAuthKey(
_securityProvider,
target,
Convert.FromBase64String(challenge.AuthenticationKey));
setSasToken(sasToken);
if (Logging.IsEnabled)
{
Logging.Info(this, $"Authorization challenge. Retrying with Token:{sasToken}");
}
response = await base.SendAsync(request, cancellationToken).ConfigureAwait(false);
}
}
}
if (Logging.IsEnabled)
{
Logging.Exit(this, $"{request.RequestUri}", nameof(SendAsync));
}
return(response);
}
private void SendLastResponse()
{
string sas = ProvisioningSasBuilder.ExtractServiceAuthKey(
_security,
_hostName,
_nonceBuffer);
byte[] responseBuffer = new byte[sas.Length + 1];
responseBuffer[0] = 0x0;
Buffer.BlockCopy(Encoding.UTF8.GetBytes(sas), 0, responseBuffer, 1, sas.Length);
var response = new SaslResponse {
Response = new ArraySegment <byte>(responseBuffer)
};
Negotiator.WriteFrame(response, true);
}
public override AmqpSettings CreateAmqpSettings(string idScope)
{
var settings = new AmqpSettings();
var saslProvider = new SaslTransportProvider();
saslProvider.Versions.Add(AmqpConstants.DefaultProtocolVersion);
settings.TransportProviders.Add(saslProvider);
SaslPlainHandler saslHandler = new SaslPlainHandler();
saslHandler.AuthenticationIdentity = $"{idScope}/registrations/{_security.GetRegistrationID()}";
string key = _security.GetPrimaryKey();
saslHandler.Password = ProvisioningSasBuilder.BuildSasSignature("registration", key, saslHandler.AuthenticationIdentity, TimeSpan.FromDays(1));
saslProvider.AddHandler(saslHandler);
return(settings);
}
