public static async Task Run(string tag, string value, UiLambdaSet uiLambda = null)
{
ServicePointManager.ServerCertificateValidationCallback =
new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);
// Initializes the variables to pass to the MessageBox.Show method.
string caption = "Connect with " + tag + ".dat";
string message = "";
bool withOpenidFile = false;
if (value != "")
{
dataServer = value;
authServer = "";
certPfx = "";
certPfxPW = "";
value = "";
}
else
{
// read openx.dat
try
{
using (StreamReader sr = new StreamReader(tag + ".dat"))
{
authServer = sr.ReadLine();
dataServer = sr.ReadLine();
certPfx = sr.ReadLine();
certPfxPW = sr.ReadLine();
outputDir = sr.ReadLine();
}
}
catch (Exception ex)
{
AdminShellNS.LogInternally.That.Error(ex, $"The file {tag}.dat can not be read.");
return;
}
withOpenidFile = true;
}
message =
"authServer: " + authServer + "\n" +
"dataServer: " + dataServer + "\n" +
"certPfx: " + certPfx + "\n" +
"certPfxPW: " + certPfxPW + "\n" +
"outputDir: " + outputDir + "\n" +
"\nConinue?";
// Displays the MessageBox.
var result = UiLambdaSet.MesssageBoxShow(
uiLambda, message, "", caption, MessageBoxButtons.YesNo);
if (result != System.Windows.Forms.DialogResult.Yes)
{
// Closes the parent form.
return;
}
UiLambdaSet.MesssageBoxShow(uiLambda, "", "Access Aasx Server at " + dataServer,
"Data Server", MessageBoxButtons.OK);
var handler = new HttpClientHandler();
handler.DefaultProxyCredentials = CredentialCache.DefaultCredentials;
handler.AllowAutoRedirect = false;
var client = new HttpClient(handler)
{
BaseAddress = new Uri(dataServer)
};
if (token != "")
{
client.SetBearerToken(token);
}
string operation = "";
string lastOperation = "";
if (withOpenidFile)
{
operation = "authenticate";
lastOperation = "/server/listaas/";
}
else
{
operation = "/server/listaas/";
}
while (operation != "")
{
UiLambdaSet.MesssageBoxShow(uiLambda, "", "operation: " + operation + value + "\ntoken: " + token,
"Operation", MessageBoxButtons.OK);
switch (operation)
{
case "/server/listaas/":
case "/server/getaasx2/":
try
{
HttpResponseMessage response2 = null;
switch (operation)
{
case "/server/listaas/":
response2 = await client.GetAsync(operation);
break;
case "/server/getaasx2/":
response2 = await client.GetAsync(operation + value);
break;
}
if (response2.StatusCode == System.Net.HttpStatusCode.TemporaryRedirect)
{
string redirectUrl = response2.Headers.Location.ToString();
string[] splitResult = redirectUrl.Split(new string[] { "?" },
StringSplitOptions.RemoveEmptyEntries);
Console.WriteLine("Redirect to:" + splitResult[0]);
authServer = splitResult[0];
UiLambdaSet.MesssageBoxShow(
uiLambda, authServer, "", "Redirect to", MessageBoxButtons.OK);
lastOperation = operation;
operation = "authenticate";
continue;
}
if (!response2.IsSuccessStatusCode)
{
lastOperation = operation;
operation = "error";
continue;
}
String urlContents = await response2.Content.ReadAsStringAsync();
switch (operation)
{
case "/server/listaas/":
UiLambdaSet.MesssageBoxShow(uiLambda,
"", "SelectFromListFlyoutItem missing", "SelectFromListFlyoutItem missing",
MessageBoxButtons.OK);
value = "0";
operation = "/server/getaasx2/";
break;
//// return;
case "/server/getaasx2/":
try
{
var parsed3 = JObject.Parse(urlContents);
string fileName = parsed3.SelectToken("fileName").Value <string>();
string fileData = parsed3.SelectToken("fileData").Value <string>();
var enc = new System.Text.ASCIIEncoding();
var fileString4 = Jose.JWT.Decode(fileData, enc.GetBytes(secretString),
JwsAlgorithm.HS256);
var parsed4 = JObject.Parse(fileString4);
string binaryBase64_4 = parsed4.SelectToken("file").Value <string>();
Byte[] fileBytes4 = Convert.FromBase64String(binaryBase64_4);
Console.WriteLine("Writing file: " + outputDir + "\\" + "download.aasx");
File.WriteAllBytes(outputDir + "\\" + "download.aasx", fileBytes4);
}
catch (Exception ex)
{
AdminShellNS.LogInternally.That.Error(ex, $"Failed at operation: {operation}");
lastOperation = operation;
operation = "error";
}
operation = "";
break;
}
}
catch (Exception ex)
{
AdminShellNS.LogInternally.That.Error(ex, $"Failed at operation: {operation}");
lastOperation = operation;
operation = "error";
}
break;
case "authenticate":
try
{
X509SigningCredentials x509Credential = null;
if (withOpenidFile)
{
x509Credential = new X509SigningCredentials(new X509Certificate2(certPfx, certPfxPW));
}
var response = await RequestTokenAsync(x509Credential, uiLambda);
token = response.AccessToken;
client.SetBearerToken(token);
response.Show();
UiLambdaSet.MesssageBoxShow(uiLambda, response.AccessToken, "",
"Access Token", MessageBoxButtons.OK);
operation = lastOperation;
lastOperation = "";
}
catch (Exception ex)
{
AdminShellNS.LogInternally.That.Error(ex, $"Failed at operation: {operation}");
lastOperation = operation;
operation = "error";
}
break;
case "error":
UiLambdaSet.MesssageBoxShow(uiLambda, "", $"Can not perform: {lastOperation}",
"Error", MessageBoxButtons.OK);
operation = "";
break;
}
}
}
public static async Task <TokenResponse> RequestTokenAsync(
SigningCredentials credential,
UiLambdaSet uiLambda = null)
{
var handler = new HttpClientHandler();
handler.DefaultProxyCredentials = CredentialCache.DefaultCredentials;
var client = new HttpClient(handler);
var disco = await client.GetDiscoveryDocumentAsync(authServer);
if (disco.IsError)
{
throw new Exception(disco.Error);
}
UiLambdaSet.MesssageBoxShow(uiLambda, disco.Raw, "", "Discovery JSON", MessageBoxButtons.OK);
List <string> rootCertSubject = new List <string>();
dynamic discoObject = Json.Decode(disco.Raw);
if (discoObject.rootCertSubjects != null)
{
int i = 0;
while (i < discoObject.rootCertSubjects.Length)
{
rootCertSubject.Add(discoObject.rootCertSubjects[i++]);
}
}
var clientToken = CreateClientToken(credential, "client.jwt",
disco.TokenEndpoint, rootCertSubject, uiLambda);
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("\nClientToken with x5c in header: \n");
Console.ResetColor();
Console.WriteLine(clientToken + "\n");
UiLambdaSet.MesssageBoxShow(uiLambda, clientToken, "", "Client Token", MessageBoxButtons.OK);
var response = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = disco.TokenEndpoint,
// Scope = "feature1",
// Scope = "scope1",
Scope = "resource1.scope1",
ClientAssertion =
{
Type = OidcConstants.ClientAssertionTypes.JwtBearer,
Value = clientToken
}
});
if (response.IsError)
{
throw new Exception(response.Error);
}
return(response);
}
private static string CreateClientToken(SigningCredentials credential, string clientId, string audience,
List <string> rootCertSubject,
UiLambdaSet uiLambda = null)
{
// oz
//// string x5c = "";
string[] x5c = null;
string certFileName = certPfx;
string password = certPfxPW;
X509Certificate2 certificate = null;
if (credential == null)
{
var res = UiLambdaSet.MesssageBoxShow(uiLambda, "",
"Select certificate chain from certificate store? \n" +
"(otherwise use file Andreas_Orzelski_Chain.pfx)",
"Select certificate chain", MessageBoxButtons.YesNo);
if (res == DialogResult.No)
{
certFileName = "Andreas_Orzelski_Chain.pfx";
password = "******";
credential = new X509SigningCredentials(new X509Certificate2(certFileName, password));
}
}
if (credential == null)
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(
X509FindType.FindByTimeValid, DateTime.Now, false);
Boolean rootCertFound = false;
X509Certificate2Collection fcollection2 = new X509Certificate2Collection();
foreach (X509Certificate2 fc in fcollection)
{
X509Chain fch = new X509Chain();
fch.Build(fc);
foreach (X509ChainElement element in fch.ChainElements)
{
if (rootCertSubject.Contains(element.Certificate.Subject))
{
rootCertFound = true;
fcollection2.Add(fc);
}
}
}
if (rootCertFound)
{
fcollection = fcollection2;
}
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection,
"Test Certificate Select",
"Select a certificate from the following list to get information on that certificate",
X509SelectionFlag.SingleSelection);
if (scollection.Count != 0)
{
certificate = scollection[0];
X509Chain ch = new X509Chain();
ch.Build(certificate);
string[] X509Base64 = new string[ch.ChainElements.Count];
int j = 0;
foreach (X509ChainElement element in ch.ChainElements)
{
X509Base64[j++] = Convert.ToBase64String(element.Certificate.GetRawCertData());
}
x5c = X509Base64;
}
}
else
{
// use old fixed certificate chain
X509Certificate2Collection xc = new X509Certificate2Collection();
xc.Import(certFileName, password, X509KeyStorageFlags.PersistKeySet);
string[] X509Base64 = new string[xc.Count];
int j = xc.Count;
var xce = xc.GetEnumerator();
for (int i = 0; i < xc.Count; i++)
{
xce.MoveNext();
X509Base64[--j] = Convert.ToBase64String(xce.Current.GetRawCertData());
}
x5c = X509Base64;
certificate = new X509Certificate2(certFileName, password);
}
string email = "";
string subject = certificate.Subject;
var split = subject.Split(new Char[] { ',' });
if (split[0] != "")
{
var split2 = split[0].Split(new Char[] { '=' });
if (split2[0] == "E")
{
email = split2[1];
}
}
Console.WriteLine("email: " + email);
//
StringBuilder builder = new StringBuilder();
builder.AppendLine("-----BEGIN CERTIFICATE-----");
builder.AppendLine(
Convert.ToBase64String(certificate.RawData, Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine("-----END CERTIFICATE-----");
UiLambdaSet.MesssageBoxShow(uiLambda, builder.ToString(), "", "Client Certificate", MessageBoxButtons.OK);
credential = new X509SigningCredentials(certificate);
// oz end
var now = DateTime.UtcNow;
var token = new JwtSecurityToken(
clientId,
audience,
new List <Claim>()
{
new Claim(JwtClaimTypes.JwtId, Guid.NewGuid().ToString()),
new Claim(JwtClaimTypes.Subject, clientId),
new Claim(JwtClaimTypes.IssuedAt, now.ToEpochTime().ToString(), ClaimValueTypes.Integer64),
// OZ
new Claim(JwtClaimTypes.Email, email)
// new Claim("x5c", x5c)
},
now,
now.AddMinutes(1),
credential)
;
token.Header.Add("x5c", x5c);
// oz
var tokenHandler = new JwtSecurityTokenHandler();
return(tokenHandler.WriteToken(token));
}
public async Task <TokenResponse> RequestTokenAsync(
SigningCredentials credential,
UiLambdaSet uiLambda = null)
{
var handler = new HttpClientHandler();
handler.DefaultProxyCredentials = CredentialCache.DefaultCredentials;
var client = new HttpClient(handler);
if (keycloak != "")
{
TokenResponse tr = null;
bool error = false;
string BASE_URL = keycloak;
string client_id = "devicegrant"; // create a client in your keycloak instance
string DEVICE_GRANT_ENDPOINT = BASE_URL + "/auth/realms/test/protocol/openid-connect/auth/device";
string TOKEN_ENDPOINT = BASE_URL + "/auth/realms/test/protocol/openid-connect/token";
string USERINFO_ENDPOINT = BASE_URL + "/auth/realms/test/protocol/openid-connect/userinfo";
string verification_uri_complete = "";
string device_code = "";
HttpContent httpContent = new StringContent("client_id=" + client_id);
httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");
var r = await client.PostAsync(DEVICE_GRANT_ENDPOINT, httpContent);
error = !r.IsSuccessStatusCode;
if (!error)
{
var result = r.Content.ReadAsStringAsync().Result;
try
{
var parsed = JObject.Parse(result);
verification_uri_complete = parsed.SelectToken("verification_uri_complete").Value <string>();
device_code = parsed.SelectToken("device_code").Value <string>();
Process.Start(verification_uri_complete);
}
catch (Exception)
{
error = true;
}
}
if (!error)
{
string parameter = "grant_type=urn:ietf:params:oauth:grant-type:device_code&" +
"client_id=" + client_id + "&" +
"device_code=" + device_code;
string text = "Please login at " + verification_uri_complete + "\n" + parameter;
UiLambdaSet.MesssageBoxShow(uiLambda, "Press OK to continue", text,
"Keycloak Authentication", AnyUiMessageBoxButton.OK);
httpContent = new StringContent(parameter, Encoding.UTF8);
httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");
r = await client.PostAsync(TOKEN_ENDPOINT, httpContent);
if (r.IsSuccessStatusCode)
{
var result = r.Content.ReadAsStringAsync().Result;
try
{
var parsed = JObject.Parse(result);
token = parsed.SelectToken("access_token").Value <string>();
UiLambdaSet.MesssageBoxShow(uiLambda, "Press OK to continue", token,
"Access Token", AnyUiMessageBoxButton.OK);
}
catch (Exception)
{
error = true;
}
}
}
if (error)
{
keycloak = "";
}
return(tr);
}
var disco = await client.GetDiscoveryDocumentAsync(authServer);
if (disco.IsError)
{
throw new Exception(disco.Error);
}
UiLambdaSet.MesssageBoxShow(uiLambda, disco.Raw, "", "Discovery JSON", AnyUiMessageBoxButton.OK);
List <string> rootCertSubject = new List <string>();
dynamic discoObject = Json.Decode(disco.Raw);
if (discoObject.rootCertSubjects != null)
{
int i = 0;
while (i < discoObject.rootCertSubjects.Length)
{
rootCertSubject.Add(discoObject.rootCertSubjects[i++]);
}
}
var clientToken = CreateClientToken(credential, "client.jwt",
disco.TokenEndpoint, rootCertSubject, uiLambda);
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("\nClientToken with x5c in header: \n");
Console.ResetColor();
Console.WriteLine(clientToken + "\n");
if (ssiURL == "")
{
UiLambdaSet.MesssageBoxShow(uiLambda, clientToken, "", "Client Token", AnyUiMessageBoxButton.OK);
}
var response = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = disco.TokenEndpoint,
Scope = "resource1.scope1",
ClientAssertion =
{
Type = OidcConstants.ClientAssertionTypes.JwtBearer,
Value = clientToken
}
});
if (response.IsError)
{
throw new Exception(response.Error);
}
UiLambdaSet.MesssageBoxShow(uiLambda, response.AccessToken, "",
"Access Token", AnyUiMessageBoxButton.OK);
return(response);
}