public virtual bool Equals(X509Certificate?other)
{
if (other == null)
{
return(false);
}
if (Pal == null)
{
return(other.Pal == null);
}
if (!Issuer.Equals(other.Issuer))
{
return(false);
}
byte[] thisSerialNumber = GetRawSerialNumber();
byte[] otherSerialNumber = other.GetRawSerialNumber();
if (thisSerialNumber.Length != otherSerialNumber.Length)
{
return(false);
}
for (int i = 0; i < thisSerialNumber.Length; i++)
{
if (thisSerialNumber[i] != otherSerialNumber[i])
{
return(false);
}
}
return(true);
}
public bool CheckSignature(X509Cert signer)
{
if (Issuer.Equals(signer.Subject))
{
return(signer.PubKey.Verify(rawTBSCertificate, Signature.Data));
}
return(false);
}
/// <summary>
/// Returns true if Qualification instances are equal
/// </summary>
/// <param name="other">Instance of Qualification to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(Qualification other)
{
if (ReferenceEquals(null, other))
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
Uuid == other.Uuid ||
Uuid != null &&
Uuid.Equals(other.Uuid)
) &&
(
Code == other.Code ||
Code != null &&
Code.Equals(other.Code)
) &&
(
Text == other.Text ||
Text != null &&
Text.Equals(other.Text)
) &&
(
Period == other.Period ||
Period != null &&
Period.Equals(other.Period)
) &&
(
Issuer == other.Issuer ||
Issuer != null &&
Issuer.Equals(other.Issuer)
) &&
(
Creation == other.Creation ||
Creation != null &&
Creation.Equals(other.Creation)
) &&
(
LastUpdated == other.LastUpdated ||
LastUpdated != null &&
LastUpdated.Equals(other.LastUpdated)
));
}
/// <summary>
/// Returns true if TruststoreItems instances are equal
/// </summary>
/// <param name="other">Instance of TruststoreItems to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(TruststoreItems other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
Alias == other.Alias ||
Alias != null &&
Alias.Equals(other.Alias)
) &&
(
EntryType == other.EntryType ||
EntryType != null &&
EntryType.Equals(other.EntryType)
) &&
(
Subject == other.Subject ||
Subject != null &&
Subject.Equals(other.Subject)
) &&
(
Issuer == other.Issuer ||
Issuer != null &&
Issuer.Equals(other.Issuer)
) &&
(
NotBefore == other.NotBefore ||
NotBefore != null &&
NotBefore.Equals(other.NotBefore)
) &&
(
NotAfter == other.NotAfter ||
NotAfter != null &&
NotAfter.Equals(other.NotAfter)
) &&
(
SerialNumber == other.SerialNumber ||
SerialNumber != null &&
SerialNumber.Equals(other.SerialNumber)
));
}
public TokenAutoRefreshedHttpClientHandler(IApiClient apiClient, IOptions <ApiClientOptions> options)
{
_apiClient = apiClient;
_options = options.Value;
#if DEBUG
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
{
if (cert !.Issuer.Equals("CN=localhost", GlobalSettings.Comparison))
{
return(true);
}
return(errors == System.Net.Security.SslPolicyErrors.None);
};
#endif
GlobalSettings.Logger.LogInformation("TokenAutoRefreshedHttpClientHandler Inited.");
}
public bool Validate(string expectedClientId, string expectedAlgorithm, string expectedIssuer, string accessToken = null)
{
// verify signature
if (!Algorithm.Equals(expectedAlgorithm, StringComparison.OrdinalIgnoreCase))
{
throw new ArgumentOutOfRangeException(nameof(Algorithm), $"The id_token 'alg' does not match the expected algorithm value. Expected '{expectedAlgorithm}' but found '{Algorithm}'.");
}
//TODO: Validate signature
// Verify expiration claim
if (Expiration < DateTime.UtcNow)
{
throw new ArgumentOutOfRangeException(nameof(Expiration), $"The id_token is expired");
}
// Verify issuer claim
if (!Issuer.Equals(expectedIssuer, StringComparison.OrdinalIgnoreCase))
{
throw new ArgumentOutOfRangeException(nameof(Issuer), $"The id_token 'iss' claim does not match expected issuer value. Expected '{expectedIssuer}' but fond '{Issuer}'.");
}
// Verify audience claim
if (!Audience.Equals(expectedClientId, StringComparison.OrdinalIgnoreCase))
{
throw new ArgumentOutOfRangeException(nameof(Audience), $"The id_token 'aud' claim does not match the provided clientId value.")
;
}
// Verify Access Token Hash claim (if provided)
if (!string.IsNullOrEmpty(accessToken) && !string.IsNullOrEmpty(AccessTokenHash))
{
var atHash = Util.Sha256AtHash(accessToken);
if (!AccessTokenHash.Equals(atHash, StringComparison.Ordinal))
{
throw new ArgumentOutOfRangeException(nameof(AccessTokenHash), $"The id_token 'at_hash' claim does not match the expected hash of the given token. Expected {atHash} but found {AccessTokenHash}");
}
}
return(true);
}
public virtual bool Equals([NotNullWhen(true)] X509Certificate?other)
{
if (other is null)
{
return(false);
}
if (Pal is null)
{
return(other.Pal is null);
}
if (!Issuer.Equals(other.Issuer))
{
return(false);
}
ReadOnlySpan <byte> thisSerialNumber = GetRawSerialNumber();
ReadOnlySpan <byte> otherSerialNumber = other.GetRawSerialNumber();
return(thisSerialNumber.SequenceEqual(otherSerialNumber));
}
/// <summary>
/// Returns true if KeystoreChainItems instances are equal
/// </summary>
/// <param name="other">Instance of KeystoreChainItems to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(KeystoreChainItems other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
Subject == other.Subject ||
Subject != null &&
Subject.Equals(other.Subject)
) &&
(
Issuer == other.Issuer ||
Issuer != null &&
Issuer.Equals(other.Issuer)
) &&
(
NotBefore == other.NotBefore ||
NotBefore != null &&
NotBefore.Equals(other.NotBefore)
) &&
(
NotAfter == other.NotAfter ||
NotAfter != null &&
NotAfter.Equals(other.NotAfter)
) &&
(
SerialNumber == other.SerialNumber ||
SerialNumber != null &&
SerialNumber.Equals(other.SerialNumber)
));
}
public sealed override bool Equals(object obj)
{
var other = obj as X509CertificateImpl;
if (other == null)
{
return(false);
}
if (!IsValid || !other.IsValid)
{
return(false);
}
if (!Issuer.Equals(other.Issuer))
{
return(false);
}
byte[] thisSerialNumber = SerialNumber;
byte[] otherSerialNumber = other.SerialNumber;
if (thisSerialNumber.Length != otherSerialNumber.Length)
{
return(false);
}
for (int i = 0; i < thisSerialNumber.Length; i++)
{
if (thisSerialNumber[i] != otherSerialNumber[i])
{
return(false);
}
}
return(true);
}
public virtual bool Equals([NotNullWhen(true)] X509Certificate? other)
{
if (other == null)
return false;
if (Pal == null)
return other.Pal == null;
if (!Issuer.Equals(other.Issuer))
return false;
byte[] thisSerialNumber = GetRawSerialNumber();
byte[] otherSerialNumber = other.GetRawSerialNumber();
if (thisSerialNumber.Length != otherSerialNumber.Length)
return false;
for (int i = 0; i < thisSerialNumber.Length; i++)
{
if (thisSerialNumber[i] != otherSerialNumber[i])
return false;
}
return true;
}
/// <summary>
/// Can read token.
/// </summary>
public bool CanReadToken(string securityToken)
{
var jwt = new JwtSecurityToken(securityToken);
return(Issuer.Equals(jwt.Issuer, StringComparison.InvariantCultureIgnoreCase));
}
private static void AddApiClientCore(IServiceCollection services, ApiClientOptions options)
{
//添加默认HttpClient
services.AddHttpClient(ApiClient.NO_BASEURL_HTTPCLIENT_NAME, httpClient =>
{
httpClient.DefaultRequestHeaders.Add("User-Agent", typeof(ApiClient).FullName);
})
#if DEBUG
.ConfigurePrimaryHttpMessageHandler(() =>
{
HttpClientHandler handler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
{
if (cert !.Issuer.Equals("CN=localhost", GlobalSettings.Comparison))
{
return(true);
}
return(errors == System.Net.Security.SslPolicyErrors.None);
}
};
return(handler);
})
#endif
;
//添加各站点的HttpClient
foreach (var endpoint in options.Endpoints)
{
services.AddHttpClient(endpoint.GetHttpClientName(), httpClient =>
{
httpClient.BaseAddress = endpoint.Url;
httpClient.DefaultRequestHeaders.Add("Accept", "application/json");
httpClient.DefaultRequestHeaders.Add("User-Agent", typeof(ApiClient).FullName);
})
//TODO: 调查这个
//.AddTransientHttpErrorPolicy(p =>
//{
// //TODO: Move this to options
// return p.WaitAndRetryAsync(3, _ => TimeSpan.FromMilliseconds(1000));
//})
#if DEBUG
.ConfigurePrimaryHttpMessageHandler(() =>
{
HttpClientHandler handler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
{
if (cert !.Issuer.Equals("CN=localhost", GlobalSettings.Comparison))
{
return(true);
}
return(errors == System.Net.Security.SslPolicyErrors.None);
}
};
return(handler);
})
#endif
;
}
services.AddSingleton <IApiClient, ApiClient>();
//HttpClientHandler会随着HttpClient Dispose 而Dispose
services.AddTransient <TokenAutoRefreshedHttpClientHandler>();
}