Esempio n. 1
0
        private SafeguardA2AContext(string networkAddress, string certificateThumbprint, string certificatePath,
                                    SecureString certificatePassword, int apiVersion, bool ignoreSsl)
        {
            _networkAddress = networkAddress;

            // set cloning properties
            _certificateThumbprint = certificateThumbprint;
            _certificatePath       = certificatePath;
            _certificatePassword   = certificatePassword?.Copy();
            _apiVersion            = apiVersion;

            var safeguardA2AUrl = $"https://{_networkAddress}/service/a2a/v{_apiVersion}";

            _a2AClient = new RestClient(safeguardA2AUrl);

            if (ignoreSsl)
            {
                _ignoreSsl = true;
                _a2AClient.RemoteCertificateValidationCallback += (sender, certificate, chain, errors) => true;
            }
            _clientCertificate = !string.IsNullOrEmpty(_certificateThumbprint)
                ? CertificateUtilities.GetClientCertificateFromStore(_certificateThumbprint)
                : CertificateUtilities.GetClientCertificateFromFile(_certificatePath, _certificatePassword);
            _a2AClient.ClientCertificates = new X509Certificate2Collection()
            {
                _clientCertificate
            };
        }
        protected override SecureString GetRstsTokenInternal()
        {
            if (_disposed)
            {
                throw new ObjectDisposedException("CertificateAuthenticator");
            }

            var request = new RestRequest("oauth2/token", RestSharp.Method.POST)
                          .AddHeader("Accept", "application/json")
                          .AddHeader("Content-type", "application/json")
                          .AddJsonBody(new
            {
                grant_type = "client_credentials",
                scope      = "rsts:sts:primaryproviderid:certificate"
            });
            var userCert = !string.IsNullOrEmpty(_certificateThumbprint)
                ? CertificateUtilities.GetClientCertificateFromStore(_certificateThumbprint)
                : CertificateUtilities.GetClientCertificateFromFile(_certificatePath, _certificatePassword);

            RstsClient.ClientCertificates = new X509Certificate2Collection()
            {
                userCert
            };
            var response = RstsClient.Execute(request);

            if (response.ResponseStatus != ResponseStatus.Completed)
            {
                throw new SafeguardDotNetException($"Unable to connect to RSTS service {RstsClient.BaseUrl}, Error: " +
                                                   response.ErrorMessage);
            }
            if (!response.IsSuccessful)
            {
                throw new SafeguardDotNetException("Error using client_credentials grant_type with " +
                                                   $"{(string.IsNullOrEmpty(_certificatePath) ? $"thumbprint={_certificateThumbprint}" : $"file={_certificatePath}")}" +
                                                   $", Error: {response.StatusCode} {response.Content}", response.Content);
            }