public async Task <SecurityResult> GetPermissionsAsync(string token)
{
if (string.IsNullOrEmpty(token))
{
return(new SecurityResult(HttpStatusCode.Unauthorized, AUTHORIZATION_HEADER_INVALID));
}
var checkPermissionsUri = _options.CloudFoundryApi + "/v2/apps/" + _options.ApplicationId + "/permissions";
var request = new HttpRequestMessage(HttpMethod.Get, checkPermissionsUri);
var auth = new AuthenticationHeaderValue("bearer", token);
request.Headers.Authorization = auth;
// If certificate validation is disabled, inject a callback to handle properly
HttpClientHelper.ConfigureCertificateValidation(
_options.ValidateCertificates,
out var prevProtocols,
out var prevValidator);
try
{
_logger?.LogDebug("GetPermissions({0}, {1})", checkPermissionsUri, SecurityUtilities.SanitizeInput(token));
_httpClient ??= HttpClientHelper.GetHttpClient(_options.ValidateCertificates, DEFAULT_GETPERMISSIONS_TIMEOUT);
using var response = await _httpClient.SendAsync(request).ConfigureAwait(false);
if (response.StatusCode != HttpStatusCode.OK)
{
_logger?.LogInformation(
"Cloud Foundry returned status: {HttpStatus} while obtaining permissions from: {PermissionsUri}",
response.StatusCode,
checkPermissionsUri);
return(response.StatusCode == HttpStatusCode.Forbidden
? new SecurityResult(HttpStatusCode.Forbidden, ACCESS_DENIED_MESSAGE)
: new SecurityResult(HttpStatusCode.ServiceUnavailable, CLOUDFOUNDRY_NOT_REACHABLE_MESSAGE));
}
return(new SecurityResult(await GetPermissions(response).ConfigureAwait(false)));
}
catch (Exception e)
{
_logger?.LogError("Cloud Foundry returned exception: {SecurityException} while obtaining permissions from: {PermissionsUri}", e, checkPermissionsUri);
return(new SecurityResult(HttpStatusCode.ServiceUnavailable, CLOUDFOUNDRY_NOT_REACHABLE_MESSAGE));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_options.ValidateCertificates, prevProtocols, prevValidator);
}
}
protected internal async void DoPost(HttpClient client, HttpRequestMessage request)
{
HttpClientHelper.ConfigureCertificateValidation(
options.ValidateCertificates,
out SecurityProtocolType prevProtocols,
out RemoteCertificateValidationCallback prevValidator);
try
{
using (HttpResponseMessage response = await client.SendAsync(request))
{
logger?.LogDebug("DoPost {0}, status: {1}", request.RequestUri, response.StatusCode);
if (response.StatusCode != HttpStatusCode.OK &&
response.StatusCode != HttpStatusCode.Accepted)
{
var headers = response.Headers;
var statusCode = (int)response.StatusCode;
if (statusCode == UNPROCESSABLE_ENTITY)
{
logger?.LogError("Failed to send metrics to Metrics Forwarder service due to unprocessable payload. Discarding metrics.");
}
else if (statusCode == PAYLOAD_TOO_LARGE)
{
logger?.LogError("Failed to send metrics to Metrics Forwarder service due to rate limiting. Discarding metrics.");
}
else if (statusCode == TOO_MANY_REQUESTS)
{
logger?.LogError("Failed to send metrics to Metrics Forwarder service due to rate limiting. Discarding metrics.");
}
else
{
logger?.LogError("Failed to send metrics to Metrics Forwarder service. Discarding metrics. StatusCode: {status}", statusCode);
}
}
return;
}
}
catch (Exception e)
{
logger?.LogError(e, "DoPost Exception: {uri}", request.RequestUri);
}
finally
{
client.Dispose();
HttpClientHelper.RestoreCertificateValidation(options.ValidateCertificates, prevProtocols, prevValidator);
}
}
public async Task <CredHubCredential <T> > GenerateAsync <T>(CredHubGenerateRequest requestParameters)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out var protocolType, out var prevValidator);
try
{
_logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/data");
var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/data", requestParameters, SerializerOptions).ConfigureAwait(false);
return(await HandleErrorParseResponse <CredHubCredential <T> >(response, $"Generate {typeof(T).Name}").ConfigureAwait(false));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
private async Task<List<CredentialPermission>> AddPermissionsInternalAsync(string name, List<CredentialPermission> permissions)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out var protocolType, out var prevValidator);
try
{
_logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/permissions");
var newPermissions = new CredentialPermissions { CredentialName = name, Permissions = permissions };
_ = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/permissions", newPermissions, SerializerOptions).ConfigureAwait(false);
return await GetPermissionsAsync(name).ConfigureAwait(false);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
private async Task<RegeneratedCertificates> BulkRegenerateInternalAsync(string certificateAuthority)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out var protocolType, out var prevValidator);
try
{
_logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/bulk-regenerate");
#pragma warning disable CS0618 // Type or member is obsolete
var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/bulk-regenerate", new Dictionary<string, string> { { "signed_by", certificateAuthority } }).ConfigureAwait(false);
#pragma warning restore CS0618 // Type or member is obsolete
return await HandleErrorParseResponse<RegeneratedCertificates>(response, "Bulk Regenerate Credentials").ConfigureAwait(false);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
private async Task<CredHubCredential<T>> RegenerateInternalAsync<T>(string name)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out var protocolType, out var prevValidator);
try
{
_logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/data");
#pragma warning disable CS0618 // Type or member is obsolete
var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/regenerate", new Dictionary<string, string> { { "name", name } }).ConfigureAwait(false);
#pragma warning restore CS0618 // Type or member is obsolete
return await HandleErrorParseResponse<CredHubCredential<T>>(response, $"Regenerate {typeof(T).Name}").ConfigureAwait(false);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
#pragma warning disable SA1202 // Elements must be ordered by access
public async Task<CredHubCredential<T>> WriteAsync<T>(CredentialSetRequest credentialRequest)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out var protocolType, out var prevValidator);
try
{
_logger?.LogTrace($"About to PUT {_baseCredHubUrl}/v1/data");
var response = await _httpClient.PutAsJsonAsync($"{_baseCredHubUrl}/v1/data", credentialRequest, SerializerOptions).ConfigureAwait(false);
#pragma warning restore CS0618 // Type or member is obsolete
return await HandleErrorParseResponse<CredHubCredential<T>>(response, $"Write {typeof(T).Name}").ConfigureAwait(false);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
private async Task <CredHubCredential <T> > RegenerateInternalAsync <T>(string name)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/data");
var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/regenerate", new Dictionary <string, string> {
{ "name", name }
}).ConfigureAwait(false);
return(await HandleErrorParseResponse <CredHubCredential <T> >(response, $"Regenerate {typeof(T).Name}").ConfigureAwait(false));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
private async Task <RegeneratedCertificates> BulkRegenerateInternalAsync(string certificateAuthority)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/bulk-regenerate");
var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/bulk-regenerate", new Dictionary <string, string> {
{ "signed_by", certificateAuthority }
}).ConfigureAwait(false);
return(await HandleErrorParseResponse <RegeneratedCertificates>(response, "Bulk Regenerate Credentials").ConfigureAwait(false));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
protected internal async void RefreshVaultTokenAsync(object state)
{
if (string.IsNullOrEmpty(Settings.Token))
{
return;
}
var obscuredToken = Settings.Token.Substring(0, 4) + "[*]" + Settings.Token.Substring(Settings.Token.Length - 4);
// If certificate validation is disabled, inject a callback to handle properly
SecurityProtocolType prevProtocols = (SecurityProtocolType)0;
HttpClientHelper.ConfigureCertificateValidation(
_settings.ValidateCertificates,
out prevProtocols,
out RemoteCertificateValidationCallback prevValidator);
HttpClient client = null;
try
{
client = GetHttpClient(Settings);
var uri = GetVaultRenewUri();
var message = GetValutRenewMessage(uri);
_logger?.LogInformation("Renewing Vault token {0} for {1} milliseconds at Uri {2}", obscuredToken, Settings.TokenTtl, uri);
using (HttpResponseMessage response = await client.SendAsync(message).ConfigureAwait(false))
{
if (response.StatusCode != HttpStatusCode.OK)
{
_logger?.LogWarning("Renewing Vault token {0} returned status: {1}", obscuredToken, response.StatusCode);
}
}
}
catch (Exception e)
{
_logger?.LogError("Unable to renew Vault token {0}. Is the token invalid or expired? - {1}", obscuredToken, e);
}
finally
{
client.Dispose();
HttpClientHelper.RestoreCertificateValidation(_settings.ValidateCertificates, prevProtocols, prevValidator);
}
}
private async Task<CredHubClient> InitializeAsync(CredHubOptions options)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out var protocolType, out var prevValidator);
try
{
Uri tokenUri;
var uaaOverrideUrl = Environment.GetEnvironmentVariable("UAA_Server_Override");
if (string.IsNullOrEmpty(uaaOverrideUrl))
{
var info = await _httpClient.GetAsync($"{_baseCredHubUrl.Replace("/api", "/info")}").ConfigureAwait(false);
var infoResponse = await HandleErrorParseResponse<CredHubServerInfo>(info, "GET /info from CredHub Server").ConfigureAwait(false);
tokenUri = new Uri($"{infoResponse.AuthServer.First().Value}/oauth/token");
_logger?.LogInformation($"Targeted CredHub server uses UAA server at {tokenUri}");
}
else
{
tokenUri = new Uri(uaaOverrideUrl);
_logger?.LogInformation($"UAA set by ENV variable {tokenUri}");
}
// login to UAA
var token = await HttpClientHelper.GetAccessToken(
tokenUri,
options.ClientId,
options.ClientSecret,
additionalParams: new Dictionary<string, string> { { "response_type", "token" } },
httpClient: _httpClient,
logger: _logger);
if (token is object)
{
// set the token
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
return this;
}
else
{
throw new AuthenticationException($"Authentication with UAA Server failed");
}
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
#pragma warning disable SA1202 // Elements must be ordered by access
public async Task <CredHubCredential <T> > WriteAsync <T>(CredentialSetRequest credentialRequest)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to PUT {_baseCredHubUrl}/v1/data");
var response = await _httpClient.PutAsJsonAsync($"{_baseCredHubUrl}/v1/data", credentialRequest, _serializerSettings);
var dataAsString = await response.Content.ReadAsStringAsync();
var s = JsonConvert.DeserializeObject <CredHubCredential <T> >(dataAsString, _serializerSettings);
return(await HandleErrorParseResponse <CredHubCredential <T> >(response, $"Write {typeof(T).Name}"));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
/// <summary>
/// Get an access token using client_credentials grant
/// </summary>
/// <param name="targetUrl">full address of the token endpoint at the auth server</param>
/// <returns>HttpResponse from the auth server</returns>
public async Task <HttpResponseMessage> GetAccessTokenWithClientCredentials(string targetUrl)
{
HttpRequestMessage requestMessage = GetTokenRequestMessage(ClientCredentialsTokenRequestParameters(), targetUrl);
HttpClientHelper.ConfigureCertificateValidation(_options.ValidateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
HttpResponseMessage response;
try
{
response = await _httpClient.SendAsync(requestMessage);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_options.ValidateCertificates, protocolType, prevValidator);
}
return(response);
}
public void ConfigureCertificateValidation_ValidateTrue()
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback = null;
HttpClientHelper.ConfigureCertificateValidation(true, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
if (Platform.IsNetCore)
{
Assert.Equal(SecurityProtocolType.Tls, ServicePointManager.SecurityProtocol);
Assert.Null(ServicePointManager.ServerCertificateValidationCallback);
}
if (Platform.IsFullFramework)
{
Assert.Equal(SecurityProtocolType.Tls, ServicePointManager.SecurityProtocol);
Assert.Null(ServicePointManager.ServerCertificateValidationCallback);
}
}
public async Task <List <FoundCredential> > FindByPathAsync(string path)
{
if (string.IsNullOrEmpty(path))
{
throw new ArgumentException("Path is required");
}
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/data?path={path}");
var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/data?path={path}");
return((await HandleErrorParseResponse <CredentialFindResponse>(response, "Find by Path")).Credentials);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
private async Task <bool> DeletePermissionInternalAsync(string name, string actor)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out var protocolType, out var prevValidator);
try
{
_logger?.LogTrace($"About to DELETE {_baseCredHubUrl}/v1/permissions?credential_name={name}&actor={actor}");
var response = await _httpClient.DeleteAsync($"{_baseCredHubUrl}/v1/permissions?credential_name={name}&actor={actor}").ConfigureAwait(false);
if (response.StatusCode == System.Net.HttpStatusCode.NoContent || response.StatusCode == System.Net.HttpStatusCode.NotFound)
{
return(true);
}
return(false);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
public async Task <bool> DeleteByNameInternalAsync(string name)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to DELETE {_baseCredHubUrl}/v1/data?name={name}");
var response = await _httpClient.DeleteAsync($"{_baseCredHubUrl}/v1/data?name={name}").ConfigureAwait(false);
if (response.StatusCode == System.Net.HttpStatusCode.NoContent || response.StatusCode == System.Net.HttpStatusCode.NotFound)
{
return(true);
}
return(false);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
public async Task <CredHubCredential <T> > GetByIdAsync <T>(Guid id)
{
if (id == Guid.Empty)
{
throw new ArgumentException("Id of credential is required");
}
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/data{id}");
var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/data/{id}");
return(await HandleErrorParseResponse <CredHubCredential <T> >(response, $"Get {typeof(T).Name} by Id"));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
public async Task <CredHubCredential <T> > GetByNameAsync <T>(string name)
{
if (string.IsNullOrEmpty(name))
{
throw new ArgumentException("Name of credential is required");
}
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/data?name={name}¤t=true");
var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/data?name={name}¤t=true");
return((await HandleErrorParseResponse <CredHubResponse <T> >(response, $"Get {typeof(T).Name} by Name")).Data.First());
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
public async Task <List <CredentialPermission> > GetPermissionsAsync(string name)
{
if (string.IsNullOrEmpty(name))
{
throw new ArgumentException("Name is required");
}
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/permissions?credential_name={name}");
var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/permissions?credential_name={name}");
return((await HandleErrorParseResponse <CredentialPermissions>(response, "Get Permissions")).Permissions);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
public async Task <List <CredHubCredential <T> > > GetByNameWithHistoryAsync <T>(string name, int entries = 10)
{
if (string.IsNullOrEmpty(name))
{
throw new ArgumentException("Name is required");
}
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/data?name={name}&versions={entries}");
var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/data?name={name}&versions={entries}");
return((await HandleErrorParseResponse <CredHubResponse <T> >(response, "Get credential by name with History")).Data);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
// fire and forget
#pragma warning disable S3168 // "async" methods should not return "void"
protected internal async void RefreshVaultTokenAsync(object state)
#pragma warning restore S3168 // "async" methods should not return "void"
{
if (string.IsNullOrEmpty(Settings.Token))
{
return;
}
var obscuredToken = Settings.Token.Substring(0, 4) + "[*]" + Settings.Token.Substring(Settings.Token.Length - 4);
// If certificate validation is disabled, inject a callback to handle properly
HttpClientHelper.ConfigureCertificateValidation(
_settings.ValidateCertificates,
out var prevProtocols,
out var prevValidator);
try
{
_httpClient ??= GetHttpClient(Settings);
var uri = GetVaultRenewUri();
var message = GetVaultRenewMessage(uri);
_logger?.LogInformation("Renewing Vault token {0} for {1} milliseconds at Uri {2}", obscuredToken, Settings.TokenTtl, uri);
using var response = await _httpClient.SendAsync(message).ConfigureAwait(false);
if (response.StatusCode != HttpStatusCode.OK)
{
_logger?.LogWarning("Renewing Vault token {0} returned status: {1}", obscuredToken, response.StatusCode);
}
}
catch (Exception e)
{
_logger?.LogError("Unable to renew Vault token {0}. Is the token invalid or expired? - {1}", obscuredToken, e);
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_settings.ValidateCertificates, prevProtocols, prevValidator);
}
}
/// <summary>
/// Perform the HTTP call to exchange an authorization code for a token
/// </summary>
/// <param name="code">The auth code to exchange</param>
/// <param name="targetUrl">The full address of the token endpoint</param>
/// <param name="cancellationToken">Your CancellationToken</param>
/// <returns>The response from the remote server</returns>
public async Task <HttpResponseMessage> ExchangeCodeForToken(string code, string targetUrl, CancellationToken cancellationToken)
{
var requestParameters = AuthCodeTokenRequestParameters(code);
HttpRequestMessage requestMessage = GetTokenRequestMessage(requestParameters, targetUrl);
_logger?.LogDebug("Exchanging code {code} for token at {accessTokenUrl}", code, targetUrl);
HttpClientHelper.ConfigureCertificateValidation(
_options.ValidateCertificates,
out SecurityProtocolType protocolType,
out RemoteCertificateValidationCallback prevValidator);
try
{
return(await _httpClient.SendAsync(requestMessage, cancellationToken).ConfigureAwait(false));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_options.ValidateCertificates, protocolType, prevValidator);
}
}
private async Task <string> InterpolateServiceDataInternalAsync(string serviceData)
{
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out var protocolType, out var prevValidator);
try
{
_logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/interpolate");
var response = await _httpClient.PostAsync($"{_baseCredHubUrl}/v1/interpolate", new StringContent(serviceData, Encoding.Default, "application/json")).ConfigureAwait(false);
if (response.IsSuccessStatusCode)
{
return(await response.Content.ReadAsStringAsync().ConfigureAwait(false));
}
else
{
throw new CredHubException($"Failed to interpolate credentials, status code: {response.StatusCode}");
}
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
public async Task <CredHubCredential <T> > RegenerateAsync <T>(string name)
{
if (string.IsNullOrEmpty(name))
{
throw new ArgumentException("Name of credential to regenerate is required");
}
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/data");
var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/regenerate", new Dictionary <string, string> {
{ "name", name }
});
return(await HandleErrorParseResponse <CredHubCredential <T> >(response, $"Regenerate {typeof(T).Name}"));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
public async Task <RegeneratedCertificates> BulkRegenerateAsync(string certificateAuthority)
{
if (string.IsNullOrEmpty(certificateAuthority))
{
throw new ArgumentException("Certificate authority used for certificates is required");
}
HttpClientHelper.ConfigureCertificateValidation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/bulk-regenerate");
var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/bulk-regenerate", new Dictionary <string, string> {
{ "signed_by", certificateAuthority }
});
return(await HandleErrorParseResponse <RegeneratedCertificates>(response, "Bulk Regenerate Credentials"));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator);
}
}
protected internal async Task <ConfigEnvironment> RemoteLoadAsync(string[] requestUris, string label)
{
// Get client if not already set
if (_client == null)
{
_client = GetHttpClient(_settings);
}
Exception error = null;
foreach (var requestUri in requestUris)
{
error = null;
// Get a config server uri and username passwords to use
var trimUri = requestUri.Trim();
var serverUri = _settings.GetRawUri(trimUri);
string username = _settings.GetUserName(trimUri);
string password = _settings.GetPassword(trimUri);
// Make Config Server URI from settings
var path = GetConfigServerUri(serverUri, label);
// Get the request message
var request = GetRequestMessage(path, username, password);
// If certificate validation is disabled, inject a callback to handle properly
SecurityProtocolType prevProtocols = (SecurityProtocolType)0;
HttpClientHelper.ConfigureCertificateValidation(_settings.ValidateCertificates, out prevProtocols, out RemoteCertificateValidationCallback prevValidator);
// Invoke config server
try
{
using (HttpResponseMessage response = await _client.SendAsync(request).ConfigureAwait(false))
{
// Log status
var message = $"Config Server returned status: {response.StatusCode} invoking path: {requestUri}";
_logger?.LogInformation(WebUtility.UrlEncode(message));
if (response.StatusCode != HttpStatusCode.OK)
{
if (response.StatusCode == HttpStatusCode.NotFound)
{
return(null);
}
// Throw if status >= 400
if (response.StatusCode >= HttpStatusCode.BadRequest)
{
// HttpClientErrorException
throw new HttpRequestException(message);
}
else
{
return(null);
}
}
Stream stream = await response.Content.ReadAsStreamAsync().ConfigureAwait(false);
return(Deserialize(stream));
}
}
catch (Exception e)
{
error = e;
_logger?.LogError(e, "Config Server exception, path: {requestUri}", WebUtility.UrlEncode(requestUri));
if (IsContinueExceptionType(e))
{
continue;
}
throw;
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_settings.ValidateCertificates, prevProtocols, prevValidator);
}
}
if (error != null)
{
throw error;
}
return(null);
}
