private static void EnableTraceLogging(OperationArguments operationArguments)
{
const int LogFileMaxLength = 8 * 1024 * 1024; // 8 MB
Trace.WriteLine("Program::EnableTraceLogging");
if (operationArguments.WriteLog)
{
Trace.WriteLine(" trace logging enabled");
string gitConfigPath;
if (Where.GitLocalConfig(out gitConfigPath))
{
Trace.WriteLine(" git local config found at " + gitConfigPath);
string dotGitPath = Path.GetDirectoryName(gitConfigPath);
string logFilePath = Path.Combine(dotGitPath, Path.ChangeExtension(ConfigPrefix, ".log"));
string logFileName = operationArguments.TargetUri.ToString();
FileInfo logFileInfo = new FileInfo(logFilePath);
if (logFileInfo.Exists && logFileInfo.Length > LogFileMaxLength)
{
for (int i = 1; i < Int32.MaxValue; i++)
{
string moveName = String.Format("{0}{1:000}.log", ConfigPrefix, i);
string movePath = Path.Combine(dotGitPath, moveName);
if (!File.Exists(movePath))
{
logFileInfo.MoveTo(movePath);
break;
}
}
}
Trace.WriteLine(" trace log destination is " + logFilePath);
var listener = new TextWriterTraceListener(logFilePath, logFileName);
Trace.Listeners.Add(listener);
// write a small header to help with identifying new log entries
listener.WriteLine(Environment.NewLine);
listener.WriteLine(String.Format("Log Start ({0:u})", DateTimeOffset.Now));
listener.WriteLine(String.Format("Microsoft {0} version {0}", Program.Title, Version.ToString(3)));
}
}
}
private static void Store()
{
// parse the operations arguments from stdin (this is how git sends commands)
// see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html
// see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
OperationArguments operationArguments = new OperationArguments(Console.In);
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.Username != null, "The operaionArgument.Username is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
LoadOperationArguments(operationArguments);
EnableTraceLogging(operationArguments);
Trace.WriteLine("Program::Store");
Trace.WriteLine(" targetUri = " + operationArguments.TargetUri);
BaseAuthentication authentication = CreateAuthentication(operationArguments);
Credential credentials = new Credential(operationArguments.Username, operationArguments.Password);
authentication.SetCredentials(operationArguments.TargetUri, credentials);
}
private static void Store()
{
// parse the operations arguments from stdin (this is how git sends commands)
// see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html
// see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
OperationArguments operationArguments = new OperationArguments(Console.In);
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.Username != null, "The operaionArgument.Username is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
LoadOperationArguments(operationArguments);
EnableTraceLogging(operationArguments);
Trace.WriteLine("Program::Store");
Trace.WriteLine(" targetUri = " + operationArguments.TargetUri);
BaseAuthentication authentication = CreateAuthentication(operationArguments);
Credential credentials = new Credential(operationArguments.Username, operationArguments.Password);
authentication.SetCredentials(operationArguments.TargetUri, credentials);
}
private static void LoadOperationArguments(OperationArguments operationArguments)
{
Debug.Assert(operationArguments != null, "The operationsArguments parameter is null.");
Trace.WriteLine("Program::LoadOperationArguments");
Configuration config = new Configuration();
Configuration.Entry entry;
if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigAuthortyKey, out entry))
{
Trace.WriteLine(" " + ConfigAuthortyKey + " = " + entry.Value);
if (String.Equals(entry.Value, "MSA", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "Microsoft", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "MicrosoftAccount", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "Live", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "LiveConnect", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "LiveID", StringComparison.OrdinalIgnoreCase))
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
}
else if (String.Equals(entry.Value, "AAD", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "Azure", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "AzureDirectory", StringComparison.OrdinalIgnoreCase))
{
operationArguments.Authority = AuthorityType.AzureDirectory;
}
else if (String.Equals(entry.Value, "Integrated", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "NTLM", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "Kerberos", StringComparison.OrdinalIgnoreCase)
|| String.Equals(entry.Value, "SSO", StringComparison.OrdinalIgnoreCase))
{
operationArguments.Authority = AuthorityType.Integrated;
}
else
{
operationArguments.Authority = AuthorityType.Basic;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigInteractiveKey, out entry))
{
Trace.WriteLine(" " + ConfigInteractiveKey + " = " + entry.Value);
if (String.Equals("always", entry.Value, StringComparison.OrdinalIgnoreCase)
|| String.Equals("true", entry.Value, StringComparison.OrdinalIgnoreCase)
|| String.Equals("force", entry.Value, StringComparison.OrdinalIgnoreCase))
{
operationArguments.Interactivity = Interactivity.Always;
}
else if (String.Equals("never", entry.Value, StringComparison.OrdinalIgnoreCase)
|| String.Equals("false", entry.Value, StringComparison.OrdinalIgnoreCase))
{
operationArguments.Interactivity = Interactivity.Never;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigValidateKey, out entry))
{
Trace.WriteLine(" " + ConfigValidateKey + " = " + entry.Value);
bool validate = operationArguments.ValidateCredentials;
if (Boolean.TryParse(entry.Value, out validate))
{
operationArguments.ValidateCredentials = validate;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigWritelogKey, out entry))
{
Trace.WriteLine(" " + ConfigWritelogKey + " = " + entry.Value);
bool writelog = operationArguments.WriteLog;
if (Boolean.TryParse(entry.Value, out writelog))
{
operationArguments.WriteLog = writelog;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigUseModalUi, out entry))
{
Trace.WriteLine(" " + ConfigUseModalUi + " = " + entry.Value);
bool usemodel = operationArguments.WriteLog;
if (Boolean.TryParse(entry.Value, out usemodel))
{
operationArguments.UseModalUi = usemodel;
}
}
}
private static void Get()
{
const string AadMsaAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt.";
const string GitHubAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt.";
// parse the operations arguments from stdin (this is how git sends commands)
// see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html
// see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
OperationArguments operationArguments = new OperationArguments(Console.In);
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
LoadOperationArguments(operationArguments);
EnableTraceLogging(operationArguments);
Trace.WriteLine("Program::Get");
Trace.WriteLine(" targetUri = " + operationArguments.TargetUri);
BaseAuthentication authentication = CreateAuthentication(operationArguments);
Credential credentials = null;
switch (operationArguments.Authority)
{
default:
case AuthorityType.Basic:
if (authentication.GetCredentials(operationArguments.TargetUri, out credentials))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
}
else if (operationArguments.UseModalUi)
{
// display the modal dialog
string username;
string password;
if (PromptForCredentials(operationArguments.TargetUri, out username, out password))
{
// set the credentials object
// no need to save the credentials explicitly, as Git will call back
// with a store command if the credentials are valid.
credentials = new Credential(username, password);
}
}
break;
case AuthorityType.AzureDirectory:
VsoAadAuthentication aadAuth = authentication as VsoAadAuthentication;
Task.Run(async () =>
{
// attmempt to get cached creds -> refresh creds -> non-interactive logon -> interactive logon
// note that AAD "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always
&& aadAuth.GetCredentials(operationArguments.TargetUri, out credentials)
&& (!operationArguments.ValidateCredentials
|| await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))
|| (operationArguments.Interactivity != Interactivity.Always
&& await aadAuth.RefreshCredentials(operationArguments.TargetUri, true)
&& aadAuth.GetCredentials(operationArguments.TargetUri, out credentials)
&& (!operationArguments.ValidateCredentials
|| await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))
|| (operationArguments.Interactivity != Interactivity.Always
&& await aadAuth.NoninteractiveLogon(operationArguments.TargetUri, true)
&& aadAuth.GetCredentials(operationArguments.TargetUri, out credentials)
&& (!operationArguments.ValidateCredentials
|| await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))
|| (operationArguments.Interactivity != Interactivity.Never
&& aadAuth.InteractiveLogon(operationArguments.TargetUri, true))
&& aadAuth.GetCredentials(operationArguments.TargetUri, out credentials)
&& (!operationArguments.ValidateCredentials
|| await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("Azure Directory credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(AadMsaAuthFailureMessage);
LogEvent("Failed to retrieve Azure Directory credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.MicrosoftAccount:
VsoMsaAuthentication msaAuth = authentication as VsoMsaAuthentication;
Task.Run(async () =>
{
// attmempt to get cached creds -> refresh creds -> interactive logon
// note that MSA "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always
&& msaAuth.GetCredentials(operationArguments.TargetUri, out credentials)
&& (!operationArguments.ValidateCredentials
|| await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))
|| (operationArguments.Interactivity != Interactivity.Always
&& await msaAuth.RefreshCredentials(operationArguments.TargetUri, true)
&& msaAuth.GetCredentials(operationArguments.TargetUri, out credentials)
&& (!operationArguments.ValidateCredentials
|| await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))
|| (operationArguments.Interactivity != Interactivity.Never
&& msaAuth.InteractiveLogon(operationArguments.TargetUri, true))
&& msaAuth.GetCredentials(operationArguments.TargetUri, out credentials)
&& (!operationArguments.ValidateCredentials
|| await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("Microsoft Live credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(AadMsaAuthFailureMessage);
LogEvent("Failed to retrieve Microsoft Live credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.GitHub:
GithubAuthentication ghAuth = authentication as GithubAuthentication;
Task.Run(async () =>
{
if ((operationArguments.Interactivity != Interactivity.Always
&& ghAuth.GetCredentials(operationArguments.TargetUri, out credentials)
&& (!operationArguments.ValidateCredentials
|| await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))
|| (operationArguments.Interactivity != Interactivity.Never
&& ghAuth.InteractiveLogon(operationArguments.TargetUri, out credentials)
&& ghAuth.GetCredentials(operationArguments.TargetUri, out credentials)
&& (!operationArguments.ValidateCredentials
|| await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("GitHub credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(GitHubAuthFailureMessage);
LogEvent("Failed to retrieve GitHub credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.Integrated:
credentials = new Credential(String.Empty, String.Empty);
operationArguments.SetCredentials(credentials);
break;
}
Console.Out.Write(operationArguments);
}
private static void Erase()
{
// parse the operations arguments from stdin (this is how git sends commands)
// see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html
// see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
OperationArguments operationArguments = new OperationArguments(Console.In);
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
LoadOperationArguments(operationArguments);
EnableTraceLogging(operationArguments);
Trace.WriteLine("Program::Erase");
Trace.WriteLine(" targetUri = " + operationArguments.TargetUri);
BaseAuthentication authentication = CreateAuthentication(operationArguments);
switch (operationArguments.Authority)
{
default:
case AuthorityType.Basic:
authentication.DeleteCredentials(operationArguments.TargetUri);
break;
case AuthorityType.AzureDirectory:
case AuthorityType.MicrosoftAccount:
BaseVsoAuthentication vsoAuth = authentication as BaseVsoAuthentication;
vsoAuth.DeleteCredentials(operationArguments.TargetUri);
break;
}
}
private static void EnableTraceLogging(OperationArguments operationArguments)
{
const int LogFileMaxLength = 8 * 1024 * 1024; // 8 MB
Trace.WriteLine("Program::EnableTraceLogging");
if (operationArguments.WriteLog)
{
Trace.WriteLine(" trace logging enabled");
string gitConfigPath;
if (Where.GitLocalConfig(out gitConfigPath))
{
Trace.WriteLine(" git local config found at " + gitConfigPath);
string dotGitPath = Path.GetDirectoryName(gitConfigPath);
string logFilePath = Path.Combine(dotGitPath, Path.ChangeExtension(ConfigPrefix, ".log"));
string logFileName = operationArguments.TargetUri.ToString();
FileInfo logFileInfo = new FileInfo(logFilePath);
if (logFileInfo.Exists && logFileInfo.Length > LogFileMaxLength)
{
for (int i = 1; i < Int32.MaxValue; i++)
{
string moveName = String.Format("{0}{1:000}.log", ConfigPrefix, i);
string movePath = Path.Combine(dotGitPath, moveName);
if (!File.Exists(movePath))
{
logFileInfo.MoveTo(movePath);
break;
}
}
}
Trace.WriteLine(" trace log destination is " + logFilePath);
var listener = new TextWriterTraceListener(logFilePath, logFileName);
Trace.Listeners.Add(listener);
// write a small header to help with identifying new log entries
listener.WriteLine(Environment.NewLine);
listener.WriteLine(String.Format("Log Start ({0:u})", DateTimeOffset.Now));
listener.WriteLine(String.Format("Microsoft {0} version {0}", Program.Title, Version.ToString(3)));
}
}
}
private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments)
{
Debug.Assert(operationArguments != null, "The operationArguments is null");
Trace.WriteLine("Program::CreateAuthentication");
var secrets = new SecretStore(SecretsNamespace);
BaseAuthentication authority = null;
switch (operationArguments.Authority)
{
case AuthorityType.Auto:
Trace.WriteLine(" detecting authority type");
// detect the authority
if (BaseVsoAuthentication.GetAuthentication(operationArguments.TargetUri,
VsoCredentialScope,
secrets,
null,
out authority)
|| GithubAuthentication.GetAuthentication(operationArguments.TargetUri,
GithubCredentialScope,
secrets,
GithubCredentialPrompt,
GithubAuthCodePrompt,
null,
out authority))
{
// set the authority type based on the returned value
if (authority is VsoMsaAuthentication)
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
goto case AuthorityType.MicrosoftAccount;
}
else if (authority is VsoAadAuthentication)
{
operationArguments.Authority = AuthorityType.AzureDirectory;
goto case AuthorityType.AzureDirectory;
}
else if (authority is GithubAuthentication)
{
operationArguments.Authority = AuthorityType.GitHub;
goto case AuthorityType.GitHub;
}
}
operationArguments.Authority = AuthorityType.Basic;
goto case AuthorityType.Basic;
case AuthorityType.AzureDirectory:
Trace.WriteLine(" authority is Azure Directory");
Guid tenantId = Guid.Empty;
// return the allocated authority or a generic AAD backed VSO authentication object
return authority ?? new VsoAadAuthentication(Guid.Empty, VsoCredentialScope, secrets);
case AuthorityType.Basic:
default:
Trace.WriteLine(" authority is basic");
// return a generic username + password authentication object
return authority ?? new BasicAuthentication(secrets);
case AuthorityType.GitHub:
Trace.WriteLine(" authority it GitHub");
// return a GitHub authenitcation object
return authority ?? new GithubAuthentication(GithubCredentialScope,
secrets,
GithubCredentialPrompt,
GithubAuthCodePrompt,
null);
case AuthorityType.MicrosoftAccount:
Trace.WriteLine(" authority is Microsoft Live");
// return the allocated authority or a generic MSA backed VSO authentication object
return authority ?? new VsoMsaAuthentication(VsoCredentialScope, secrets);
}
}
private static void Erase()
{
// parse the operations arguments from stdin (this is how git sends commands)
// see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html
// see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
OperationArguments operationArguments = new OperationArguments(Console.In);
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
LoadOperationArguments(operationArguments);
EnableTraceLogging(operationArguments);
Trace.WriteLine("Program::Erase");
Trace.WriteLine(" targetUri = " + operationArguments.TargetUri);
if (operationArguments.PreserveCredentials)
{
Trace.WriteLine(" " + ConfigPreserveCredntials + " = true");
Trace.WriteLine(" cancelling erase request.");
return;
}
BaseAuthentication authentication = CreateAuthentication(operationArguments);
switch (operationArguments.Authority)
{
default:
case AuthorityType.Basic:
Trace.WriteLine(" deleting basic credentials");
authentication.DeleteCredentials(operationArguments.TargetUri);
break;
case AuthorityType.AzureDirectory:
case AuthorityType.MicrosoftAccount:
Trace.WriteLine(" deleting VSTS credentials");
BaseVstsAuthentication vstsAuth = authentication as BaseVstsAuthentication;
vstsAuth.DeleteCredentials(operationArguments.TargetUri);
break;
case AuthorityType.GitHub:
Trace.WriteLine(" deleting GitHub credentials");
GithubAuthentication ghAuth = authentication as GithubAuthentication;
ghAuth.DeleteCredentials(operationArguments.TargetUri);
break;
}
}
private static void LoadOperationArguments(OperationArguments operationArguments)
{
Debug.Assert(operationArguments != null, "The operationsArguments parameter is null.");
Trace.WriteLine("Program::LoadOperationArguments");
Configuration config = new Configuration();
Configuration.Entry entry;
if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigAuthortyKey, out entry))
{
Trace.WriteLine(" " + ConfigAuthortyKey + " = " + entry.Value);
if (String.Equals(entry.Value, "MSA", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "Microsoft", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "MicrosoftAccount", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "Live", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "LiveConnect", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "LiveID", StringComparison.OrdinalIgnoreCase))
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
}
else if (String.Equals(entry.Value, "AAD", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "Azure", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "AzureDirectory", StringComparison.OrdinalIgnoreCase))
{
operationArguments.Authority = AuthorityType.AzureDirectory;
}
else if (String.Equals(entry.Value, "Integrated", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "NTLM", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "Kerberos", StringComparison.OrdinalIgnoreCase) ||
String.Equals(entry.Value, "SSO", StringComparison.OrdinalIgnoreCase))
{
operationArguments.Authority = AuthorityType.Integrated;
}
else
{
operationArguments.Authority = AuthorityType.Basic;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigInteractiveKey, out entry))
{
Trace.WriteLine(" " + ConfigInteractiveKey + " = " + entry.Value);
if (String.Equals("always", entry.Value, StringComparison.OrdinalIgnoreCase) ||
String.Equals("true", entry.Value, StringComparison.OrdinalIgnoreCase) ||
String.Equals("force", entry.Value, StringComparison.OrdinalIgnoreCase))
{
operationArguments.Interactivity = Interactivity.Always;
}
else if (String.Equals("never", entry.Value, StringComparison.OrdinalIgnoreCase) ||
String.Equals("false", entry.Value, StringComparison.OrdinalIgnoreCase))
{
operationArguments.Interactivity = Interactivity.Never;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigValidateKey, out entry))
{
Trace.WriteLine(" " + ConfigValidateKey + " = " + entry.Value);
bool validate = operationArguments.ValidateCredentials;
if (Boolean.TryParse(entry.Value, out validate))
{
operationArguments.ValidateCredentials = validate;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigWritelogKey, out entry))
{
Trace.WriteLine(" " + ConfigWritelogKey + " = " + entry.Value);
bool writelog = operationArguments.WriteLog;
if (Boolean.TryParse(entry.Value, out writelog))
{
operationArguments.WriteLog = writelog;
}
}
}
private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments)
{
Debug.Assert(operationArguments != null, "The operationArguments is null");
Trace.WriteLine("Program::CreateAuthentication");
var secrets = new SecretStore(SecretsNamespace);
BaseAuthentication authority = null;
switch (operationArguments.Authority)
{
case AuthorityType.Auto:
Trace.WriteLine(" detecting authority type");
// detect the authority
if (BaseVsoAuthentication.GetAuthentication(operationArguments.TargetUri,
VsoCredentialScope,
secrets,
null,
out authority) ||
GithubAuthentication.GetAuthentication(operationArguments.TargetUri,
GithubCredentialScope,
secrets,
out authority))
{
// set the authority type based on the returned value
if (authority is VsoMsaAuthentication)
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
goto case AuthorityType.MicrosoftAccount;
}
else if (authority is VsoAadAuthentication)
{
operationArguments.Authority = AuthorityType.AzureDirectory;
goto case AuthorityType.AzureDirectory;
}
else if (authority is GithubAuthentication)
{
operationArguments.Authority = AuthorityType.GitHub;
goto case AuthorityType.GitHub;
}
}
operationArguments.Authority = AuthorityType.Basic;
goto case AuthorityType.Basic;
case AuthorityType.AzureDirectory:
Trace.WriteLine(" authority is Azure Directory");
Guid tenantId = Guid.Empty;
// return the allocated authority or a generic AAD backed VSO authentication object
return(authority ?? new VsoAadAuthentication(Guid.Empty, VsoCredentialScope, secrets));
case AuthorityType.Basic:
default:
Trace.WriteLine(" authority is basic");
// return a generic username + password authentication object
return(authority ?? new BasicAuthentication(secrets));
case AuthorityType.GitHub:
Trace.WriteLine(" authority it GitHub");
// return a GitHub authenitcation object
return(authority ?? new GithubAuthentication(GithubCredentialScope, secrets));
case AuthorityType.MicrosoftAccount:
Trace.WriteLine(" authority is Microsoft Live");
// return the allocated authority or a generic MSA backed VSO authentication object
return(authority ?? new VsoMsaAuthentication(VsoCredentialScope, secrets));
}
}
private static void Get()
{
const string AadMsaAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt.";
const string GitHubAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt.";
// parse the operations arguments from stdin (this is how git sends commands)
// see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html
// see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
OperationArguments operationArguments = new OperationArguments(Console.In);
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
LoadOperationArguments(operationArguments);
EnableTraceLogging(operationArguments);
Trace.WriteLine("Program::Get");
Trace.WriteLine(" targetUri = " + operationArguments.TargetUri);
BaseAuthentication authentication = CreateAuthentication(operationArguments);
Credential credentials = null;
switch (operationArguments.Authority)
{
default:
case AuthorityType.Basic:
if (authentication.GetCredentials(operationArguments.TargetUri, out credentials))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
}
break;
case AuthorityType.AzureDirectory:
VsoAadAuthentication aadAuth = authentication as VsoAadAuthentication;
Task.Run(async() =>
{
// attmempt to get cached creds -> refresh creds -> non-interactive logon -> interactive logon
// note that AAD "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Always &&
await aadAuth.RefreshCredentials(operationArguments.TargetUri, true) &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Always &&
await aadAuth.NoninteractiveLogon(operationArguments.TargetUri, true) &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
aadAuth.InteractiveLogon(operationArguments.TargetUri, true)) &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("Azure Directory credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(AadMsaAuthFailureMessage);
LogEvent("Failed to retrieve Azure Directory credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.MicrosoftAccount:
VsoMsaAuthentication msaAuth = authentication as VsoMsaAuthentication;
Task.Run(async() =>
{
// attmempt to get cached creds -> refresh creds -> interactive logon
// note that MSA "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always &&
msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Always &&
await msaAuth.RefreshCredentials(operationArguments.TargetUri, true) &&
msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
msaAuth.InteractiveLogon(operationArguments.TargetUri, true)) &&
msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("Microsoft Live credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(AadMsaAuthFailureMessage);
LogEvent("Failed to retrieve Microsoft Live credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.GitHub:
GithubAuthentication ghAuth = authentication as GithubAuthentication;
Task.Run(async() =>
{
if ((operationArguments.Interactivity != Interactivity.Always &&
ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
ghAuth.InteractiveLogon(operationArguments.TargetUri, out credentials) &&
ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("GitHub credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(GitHubAuthFailureMessage);
LogEvent("Failed to retrieve GitHub credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.Integrated:
credentials = new Credential(String.Empty, String.Empty);
operationArguments.SetCredentials(credentials);
break;
}
Console.Out.Write(operationArguments);
}
private static void LoadOperationArguments(OperationArguments operationArguments)
{
Debug.Assert(operationArguments != null, "The operationsArguments parameter is null.");
Trace.WriteLine("Program::LoadOperationArguments");
if (operationArguments.TargetUri == null)
{
Console.Error.WriteLine("fatal: no host information, unable to continue.");
Environment.Exit(-1);
}
Configuration config = new Configuration();
Configuration.Entry entry;
if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigAuthortyKey, out entry))
{
Trace.WriteLine(" " + ConfigAuthortyKey + " = " + entry.Value);
if (ConfigStringComparer.Equals(entry.Value, "MSA")
|| ConfigStringComparer.Equals(entry.Value, "Microsoft")
|| ConfigStringComparer.Equals(entry.Value, "MicrosoftAccount")
|| ConfigStringComparer.Equals(entry.Value, "Live")
|| ConfigStringComparer.Equals(entry.Value, "LiveConnect")
|| ConfigStringComparer.Equals(entry.Value, "LiveID"))
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
}
else if (ConfigStringComparer.Equals(entry.Value, "AAD")
|| ConfigStringComparer.Equals(entry.Value, "Azure")
|| ConfigStringComparer.Equals(entry.Value, "AzureDirectory"))
{
operationArguments.Authority = AuthorityType.AzureDirectory;
}
else if (ConfigStringComparer.Equals(entry.Value, "Integrated")
|| ConfigStringComparer.Equals(entry.Value, "NTLM")
|| ConfigStringComparer.Equals(entry.Value, "Kerberos")
|| ConfigStringComparer.Equals(entry.Value, "SSO"))
{
operationArguments.Authority = AuthorityType.Integrated;
}
else
{
operationArguments.Authority = AuthorityType.Basic;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigInteractiveKey, out entry))
{
Trace.WriteLine(" " + ConfigInteractiveKey + " = " + entry.Value);
if (ConfigStringComparer.Equals(entry.Value, "always")
|| ConfigStringComparer.Equals(entry.Value, "true")
|| ConfigStringComparer.Equals(entry.Value, "force"))
{
operationArguments.Interactivity = Interactivity.Always;
}
else if (ConfigStringComparer.Equals(entry.Value, "never")
|| ConfigStringComparer.Equals(entry.Value, "false"))
{
operationArguments.Interactivity = Interactivity.Never;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigValidateKey, out entry))
{
Trace.WriteLine(" " + ConfigValidateKey + " = " + entry.Value);
bool validate = operationArguments.ValidateCredentials;
if (Boolean.TryParse(entry.Value, out validate))
{
operationArguments.ValidateCredentials = validate;
}
else
{
if (ConfigStringComparer.Equals(validate, "no"))
{
operationArguments.ValidateCredentials = false;
}
else if (ConfigStringComparer.Equals(validate, "yes"))
{
operationArguments.ValidateCredentials = true;
}
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigWritelogKey, out entry))
{
Trace.WriteLine(" " + ConfigWritelogKey + " = " + entry.Value);
bool writelog = operationArguments.WriteLog;
if (Boolean.TryParse(entry.Value, out writelog))
{
operationArguments.WriteLog = writelog;
}
else
{
if (ConfigStringComparer.Equals(writelog, "no"))
{
operationArguments.WriteLog = false;
}
else if (ConfigStringComparer.Equals(writelog, "yes"))
{
operationArguments.WriteLog = true;
}
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigUseModalPromptKey, out entry))
{
Trace.WriteLine(" " + ConfigUseModalPromptKey + " = " + entry.Value);
bool usemodel = operationArguments.UseModalUi;
if (Boolean.TryParse(entry.Value, out usemodel))
{
operationArguments.UseModalUi = usemodel;
}
else
{
if (ConfigStringComparer.Equals(usemodel, "no"))
{
operationArguments.UseModalUi = false;
}
else if (ConfigStringComparer.Equals(usemodel, "yes"))
{
operationArguments.UseModalUi = true;
}
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigPreserveCredentialsKey, out entry))
{
Trace.WriteLine(" " + ConfigPreserveCredentialsKey + " = " + entry.Value);
bool preserveCredentials = operationArguments.UseModalUi;
if (Boolean.TryParse(entry.Value, out preserveCredentials))
{
operationArguments.PreserveCredentials = preserveCredentials;
}
else
{
if (ConfigStringComparer.Equals(preserveCredentials, "no"))
{
operationArguments.PreserveCredentials = false;
}
else if (ConfigStringComparer.Equals(preserveCredentials, "yes"))
{
operationArguments.PreserveCredentials = true;
}
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigUseHttpPathKey, out entry))
{
Trace.WriteLine(" " + ConfigUseHttpPathKey + " = " + entry.Value);
bool useHttPath = operationArguments.UseHttpPath;
if (Boolean.TryParse(entry.Value, out useHttPath))
{
operationArguments.UseHttpPath = true;
}
}
if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigHttpProxyKey, out entry)
|| config.TryGetEntry("http", operationArguments.QueryUri, "proxy", out entry))
{
Trace.WriteLine(" " + ConfigHttpProxyKey + " = " + entry.Value);
operationArguments.SetProxy(entry.Value);
}
}
private static void Delete()
{
Trace.WriteLine("Program::Erase");
string[] args = Environment.GetCommandLineArgs();
if (args.Length < 3)
goto error_parse;
string url = args[2];
Uri uri = null;
if (Uri.IsWellFormedUriString(url, UriKind.Absolute))
{
if (!Uri.TryCreate(url, UriKind.Absolute, out uri))
goto error_parse;
}
else
{
url = String.Format("{0}://{1}", Uri.UriSchemeHttps, url);
if (!Uri.TryCreate(url, UriKind.Absolute, out uri))
goto error_parse;
}
OperationArguments operationArguments = new OperationArguments(TextReader.Null);
operationArguments.QueryUri = uri;
LoadOperationArguments(operationArguments);
BaseAuthentication authentication = CreateAuthentication(operationArguments);
switch (operationArguments.Authority)
{
default:
case AuthorityType.Basic:
Trace.WriteLine(" deleting basic credentials");
authentication.DeleteCredentials(operationArguments.TargetUri);
break;
case AuthorityType.AzureDirectory:
case AuthorityType.MicrosoftAccount:
Trace.WriteLine(" deleting VSTS credentials");
BaseVstsAuthentication vstsAuth = authentication as BaseVstsAuthentication;
vstsAuth.DeleteCredentials(operationArguments.TargetUri);
// call delete twice to purge any stored ADA tokens
vstsAuth.DeleteCredentials(operationArguments.TargetUri);
break;
case AuthorityType.GitHub:
Trace.WriteLine(" deleting GitHub credentials");
GithubAuthentication ghAuth = authentication as GithubAuthentication;
ghAuth.DeleteCredentials(operationArguments.TargetUri);
break;
}
return;
error_parse:
Console.Out.WriteLine("Fatal: unable to parse target uri.");
}
private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments)
{
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
Trace.WriteLine("Program::CreateAuthentication");
Secret.UriNameConversion getTargetName = Secret.UriToSimpleName;
if (operationArguments.UseHttpPath)
{
getTargetName = Secret.UriToPathedName;
}
var secrets = new SecretStore(SecretsNamespace, null, null, getTargetName);
BaseAuthentication authority = null;
switch (operationArguments.Authority)
{
case AuthorityType.Auto:
Trace.WriteLine(" detecting authority type");
// detect the authority
if (BaseVstsAuthentication.GetAuthentication(operationArguments.TargetUri,
VstsCredentialScope,
secrets,
null,
out authority)
|| GithubAuthentication.GetAuthentication(operationArguments.TargetUri,
GithubCredentialScope,
secrets,
operationArguments.UseModalUi
? new GithubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt)
: new GithubAuthentication.AcquireCredentialsDelegate(GithubCredentialPrompt),
operationArguments.UseModalUi
? new GithubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt)
: new GithubAuthentication.AcquireAuthenticationCodeDelegate(GithubAuthCodePrompt),
null,
out authority))
{
// set the authority type based on the returned value
if (authority is VstsMsaAuthentication)
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
goto case AuthorityType.MicrosoftAccount;
}
else if (authority is VstsAadAuthentication)
{
operationArguments.Authority = AuthorityType.AzureDirectory;
goto case AuthorityType.AzureDirectory;
}
else if (authority is GithubAuthentication)
{
operationArguments.Authority = AuthorityType.GitHub;
goto case AuthorityType.GitHub;
}
}
operationArguments.Authority = AuthorityType.Basic;
goto case AuthorityType.Basic;
case AuthorityType.AzureDirectory:
Trace.WriteLine(" authority is Azure Directory");
Guid tenantId = Guid.Empty;
// return the allocated authority or a generic AAD backed VSTS authentication object
return authority ?? new VstsAadAuthentication(Guid.Empty, VstsCredentialScope, secrets);
case AuthorityType.Basic:
default:
Trace.WriteLine(" authority is basic");
// return a generic username + password authentication object
return authority ?? new BasicAuthentication(secrets);
case AuthorityType.GitHub:
Trace.WriteLine(" authority it GitHub");
// return a GitHub authenitcation object
return authority ?? new GithubAuthentication(GithubCredentialScope,
secrets,
operationArguments.UseModalUi
? new GithubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt)
: new GithubAuthentication.AcquireCredentialsDelegate(GithubCredentialPrompt),
operationArguments.UseModalUi
? new GithubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt)
: new GithubAuthentication.AcquireAuthenticationCodeDelegate(GithubAuthCodePrompt),
null);
case AuthorityType.MicrosoftAccount:
Trace.WriteLine(" authority is Microsoft Live");
// return the allocated authority or a generic MSA backed VSTS authentication object
return authority ?? new VstsMsaAuthentication(VstsCredentialScope, secrets);
}
}
