private async Task <(CyberArkCCPPassword, string)> GetCyberArkPasswordAsync(
Uri uri,
string clientCertificateThumbprint,
string certificateAuthorityThumbprint)
{
for (int i = 0; i < PasswordChangeInProgressRetryCount; i++)
{
var httpClient = _httpClientCache.GetOrCreateWithCertificate(clientCertificateThumbprint, certificateAuthorityThumbprint);
using (var response = await httpClient.GetAsync(uri))
{
response.EnsureSuccessStatusCode();
var content = await response.Content.ReadAsStringAsync();
var cyberArkPassword = JsonConvert.DeserializeObject <CyberArkCCPPassword>(content);
if (cyberArkPassword.PasswordChangeInProcess != "True")
{
return(cyberArkPassword, content);
}
}
await Task.Delay(PasswordChangeDelayMS);
}
throw new SecureStoreException(
SecureStoreException.Type.UnsupportedOperation,
SecureStoresUtil.GetLocalizedResource(nameof(Resource.CyberArkPasswordChangeInProgress)));
}
private async Task <CyberArkCCPPassword> ReadFromCyberArkCCP(string context, string key)
{
SecureStoresUtil.ThrowIfNull(key);
var ctx = ThrowIfInvalidContext(context);
Exception normalizationException = null;
try
{
var uri = GetAimServiceUri(key, ctx);
var(cyberArkPassword, content) = await GetCyberArkPasswordAsync(uri,
ctx.ClientCertificateThumbprint,
ctx.CertificateAuthorityThumbprint);
if (string.IsNullOrEmpty(cyberArkPassword.Content))
{
var error = JsonConvert.DeserializeObject <CyberArkCCPError>(content);
throw new SecureStoreException(
SecureStoreException.Type.InvalidConfiguration,
$"{error.ErrorCode} - {error.ErrorMsg}",
normalizationException);
}
return(cyberArkPassword);
}
catch (Exception ex)
{
normalizationException = ex;
}
throw new SecureStoreException(
SecureStoreException.Type.InvalidConfiguration,
SecureStoresUtil.GetLocalizedResource(nameof(Resource.InvalidSecureStoreContext)),
normalizationException);
}
private static CyberArkCCPOptions ThrowIfInvalidContext(string context)
{
Exception normalizationException = null;
if (context != null)
{
try
{
var ctx = JsonConvert.DeserializeObject <CyberArkCCPOptions>(context);
if (!string.IsNullOrWhiteSpace(ctx.ApplicationId) &&
!string.IsNullOrWhiteSpace(ctx.Safe) &&
!string.IsNullOrWhiteSpace(ctx.URL) &&
Uri.IsWellFormedUriString(ctx.URL, UriKind.Absolute))
{
return(ctx);
}
}
catch (Exception ex)
{
normalizationException = ex;
}
}
throw new SecureStoreException(
SecureStoreException.Type.InvalidConfiguration,
SecureStoresUtil.GetLocalizedResource(nameof(Resource.SecureStore)),
normalizationException);
}
public IEnumerable <ConfigurationEntry> GetConfiguration()
{
return(new List <ConfigurationEntry>
{
new ConfigurationValue(ConfigurationValueType.String)
{
Key = "URL",
DisplayName = SecureStoresUtil.GetLocalizedResource(nameof(Resource.SettingURL)),
IsMandatory = true,
},
new ConfigurationValue(ConfigurationValueType.String)
{
Key = "ApplicationId",
DisplayName = SecureStoresUtil.GetLocalizedResource(nameof(Resource.SettingNameApplicationID)),
IsMandatory = true,
},
new ConfigurationValue(ConfigurationValueType.String)
{
Key = "Safe",
DisplayName = SecureStoresUtil.GetLocalizedResource(nameof(Resource.SettingNameSafe)),
IsMandatory = true,
},
new ConfigurationValue(ConfigurationValueType.String)
{
Key = "Folder",
DisplayName = SecureStoresUtil.GetLocalizedResource(nameof(Resource.SettingNameFolder)),
IsMandatory = false,
},
new ConfigurationValue(ConfigurationValueType.String)
{
Key = "ClientCertificateThumbprint",
DisplayName = SecureStoresUtil.GetLocalizedResource(nameof(Resource.SettingThumbprint)),
IsMandatory = false,
},
new ConfigurationValue(ConfigurationValueType.String)
{
Key = "CertificateAuthorityThumbprint",
DisplayName = SecureStoresUtil.GetLocalizedResource(nameof(Resource.SettingPersonalStoreCAThumbprint)),
IsMandatory = false,
},
});
}
public Task <string> UpdateCredentialsAsync(string context, string key, string oldAugumentedKey, Credential value) =>
throw new SecureStoreException(
SecureStoreException.Type.UnsupportedOperation,
SecureStoresUtil.GetLocalizedResource(nameof(Resource.CyberArkReadOnly)));
public Task <string> CreateValueAsync(string context, string key, string value) =>
throw new SecureStoreException(
SecureStoreException.Type.UnsupportedOperation,
SecureStoresUtil.GetLocalizedResource(nameof(Resource.CyberArkReadOnly)));
