private static TokenValidationParameters createTokenParameters(ICertificateLoader certLoader)
{
var certificate = certLoader.Load();
var tokenValidationParameters = new TokenValidationParameters
{
// Token signature will be verified using a private key.
ValidateIssuerSigningKey = true,
RequireSignedTokens = true,
IssuerSigningKey = new X509SecurityKey(certificate),
// Token will only be valid if contains "example.com" for "iss" claim.
ValidateIssuer = false,
// ValidIssuer = "example.com",
// Token will only be valid if contains "example.com" for "aud" claim.
ValidateAudience = false,
// ValidAudience = "example.com",
// Token will only be valid if not expired yet, with clock skew.
ValidateLifetime = true,
RequireExpirationTime = true,
ClockSkew = TimeSpan.Zero,
ValidateActor = false,
};
return(tokenValidationParameters);
}
public static void UseJwtAuthentication(this IApplicationBuilder app, ICertificateLoader loader)
{
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = createTokenParameters(loader)
});
}
public ProvisioningClient(ILogger <ProvisioningClient> logger, ISettings settings,
ICertificateLoader certificateLoader)
{
_logger = logger;
_settings = settings;
_certificateLoader = certificateLoader;
InitializeClient(settings.IotEndpoint, settings.SecureCertificatePath, settings.RootCertificate,
settings.ClaimCertificate, settings.ClaimCertificateKey);
}
/// <summary>
/// Creates a configuration instance
/// </summary>
/// <param name="applicationSettings">Container for the application settings necessary for instantiating Configuration object</param>
/// <param name="certificateLoader">Service to load certificates. If left null, a CertificateStoreLoader instance will be used.</param>
public Configuration(ApplicationSettings applicationSettings, ICertificateLoader certificateLoader = null) : this(applicationSettings.MerchantAcquirerId,
applicationSettings.MerchantMerchantId,
applicationSettings.MerchantSubId,
applicationSettings.MerchantReturnUrl,
applicationSettings.AcquirerDirectoryUrl,
applicationSettings.AcquirerTransactionUrl,
applicationSettings.AcquirerStatusUrl,
applicationSettings.MerchantCertificateFingerprint,
applicationSettings.RoutingServiceCertificateFingerprint,
applicationSettings.AlternateRoutingServiceCertificateFingerprint,
applicationSettings.SamlCertificateFingerprint,
applicationSettings.ServiceLogsLocation,
applicationSettings.ServiceLogsEnabled,
applicationSettings.ServiceLogsPattern,
certificateLoader
)
{
}
private static ConfigFileCrypter CreateCrypter(CommandlineOptions options)
{
ICertificateLoader certLoader = null;
if (!string.IsNullOrEmpty(options.CertificatePath))
{
certLoader = new FilesystemCertificateLoader(options.CertificatePath);
}
else if (!string.IsNullOrEmpty(options.CertSubjectName))
{
certLoader = new StoreCertificateLoader(options.CertSubjectName);
}
var configCrypter = new JsonConfigCrypter(new RSACrypter(certLoader));
var fileCrypter = new ConfigFileCrypter(configCrypter, new ConfigFileCrypterOptions()
{
ReplaceCurrentConfig = options.Replace
});
return(fileCrypter);
}
/// <summary>
/// Creates an instance of the RSACrypter.
/// </summary>
/// <param name="certificateLoader">A certificate loader instance.</param>
public RSACrypter(ICertificateLoader certificateLoader)
{
_certificateLoader = certificateLoader;
InitKeys();
}
/// <summary>
/// Constructor that highlights all required fields for this object
/// </summary>
public Configuration(string eMandateContractId, string merchantReturnUrl, string signingCertificateFingerprint, string acquirerCertificateFingerprint, string acquirerAlternateCertificateFingerprint, string acquirerUrlDirectoryReq, string acquirerUrlTransactionReq,
string acquirerUrlStatusReq, bool serviceLogsEnabled, string serviceLogsLocation, ILoggerFactory loggerFactory = null, ICertificateLoader certificateLoader = null, string serviceLogsPattern = null, uint eMandateContractSubId = 0)
{
this.EMandateContractId = eMandateContractId;
this.EMandateContractSubId = eMandateContractSubId;
this.MerchantReturnUrl = merchantReturnUrl;
this.SigningCertificateFingerprint = signingCertificateFingerprint;
this.AcquirerCertificateFingerprint = acquirerCertificateFingerprint;
this.AcquirerAlternateCertificateFingerprint = acquirerAlternateCertificateFingerprint;
this.AcquirerUrlDirectoryReq = acquirerUrlDirectoryReq;
this.AcquirerUrlTransactionReq = acquirerUrlTransactionReq;
this.AcquirerUrlStatusReq = acquirerUrlStatusReq;
this.ServiceLogsEnabled = serviceLogsEnabled;
this.ServiceLogsLocation = serviceLogsLocation;
this.ServiceLogsPattern = string.IsNullOrWhiteSpace(serviceLogsPattern) ? @"%Y-%M-%D\%h%m%s.%f-%a.xml" : serviceLogsPattern;
this.LoggerFactory = loggerFactory ?? new LoggerFactory();
this.CertificateLoader = certificateLoader ?? new CertificateStoreLoader();
this.SigningCertificate = CertificateLoader.Load(SigningCertificateFingerprint);
this.AcquirerCertificate = CertificateLoader.Load(AcquirerCertificateFingerprint);
this.AcquirerAlternateCertificate = CertificateLoader.Load(AcquirerAlternateCertificateFingerprint);
}
/// <summary>
/// Constructor that highlights all required fields for this object
/// </summary>
public Configuration(string eMandateContractId, string merchantReturnUrl, string signingCertificateFingerprint, string acquirerCertificateFingerprint, string acquirerUrlDirectoryReq, string acquirerUrlTransactionReq,
string acquirerUrlStatusReq, bool serviceLogsEnabled, string serviceLogsLocation, ILoggerFactory loggerFactory = null, ICertificateLoader certificateLoader = null, string serviceLogsPattern = null, uint eMandateContractSubId = 0)
: this(eMandateContractId, merchantReturnUrl, signingCertificateFingerprint, acquirerCertificateFingerprint, null, acquirerUrlDirectoryReq, acquirerUrlTransactionReq, acquirerUrlStatusReq, serviceLogsEnabled, serviceLogsLocation, loggerFactory, certificateLoader, serviceLogsPattern, eMandateContractSubId)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="AadAccessTokenHandler"/> class.
/// This constructor will be used in testing
/// </summary>
public AadAccessTokenHandler(AadSettings settings)
{
_aadSettings = settings;
certificateLoader = new CertificateLoader();
}
public CertificateService(ICertificateLoader loader, ISamlCertificateRepository repository)
{
_loader = loader;
_repository = repository;
}
public LetsEncryptBuilder UseCertificateLoader(ICertificateLoader certificateLoader)
{
_certificateLoader = certificateLoader.ArgNotNull(nameof(certificateLoader));
return(this);
}
public PermanentClient(ILogger <PermanentClient> logger, ISettings settings,
ICertificateLoader certificateLoader) : base(logger, settings, certificateLoader)
{
_logger = logger;
}
public XmlProcessor(IConfiguration configuration, ILogger <XmlProcessor> logger, ICertificateLoader certificateLoader)
{
this.logger = logger;
this.certificateLoader = certificateLoader;
this.configuration = configuration;
}
/// <summary>
/// Creates a configuration instance
/// </summary>
/// <param name="acquirerId">Acquirer ID</param>
/// <param name="merchantId">ID of the Merchant</param>
/// <param name="merchantReturnUrl">The merchant return URL to be used after successfull authentication</param>
/// <param name="acquirerDirectoryUrl">The AcquirerDirectoryURL that the library will use to perform the DirectoryRequest</param>
/// <param name="acquirerTransactionUrl">The AcquirerTransactionURL that the library will use to start a new authentication></param>
/// <param name="acquirerStatusUrl">The AcquirerStatusURL that the library will use to get the status of an authentication</param>
/// <param name="merchantCertificateFingerprint">The fingerprint of the merchant certificate</param>
/// <param name="routingServiceCertificateFingerprint">The fingerprint of the Routing Service certificate</param>
/// <param name="samlCertificateFingerprint">The fingerprint of the SAML certificate</param>
/// <param name="serviceLogsLocation">Location of the service logs folder. The library will attempt to write service logs in the specified folder if service logs are enabled</param>
/// <param name="serviceLogsEnabled">True if service logs are enabled, False otherwise</param>
/// <param name="serviceLogsPattern">Pattern to be used when generating service logs files</param>
public Configuration(string acquirerId, string merchantId, Uri merchantReturnUrl, Uri acquirerDirectoryUrl, Uri acquirerTransactionUrl, Uri acquirerStatusUrl, string merchantCertificateFingerprint, string routingServiceCertificateFingerprint, string samlCertificateFingerprint, string serviceLogsLocation, bool serviceLogsEnabled, string serviceLogsPattern, ICertificateLoader certificateLoader = null)
: this(acquirerId, merchantId, 0, merchantReturnUrl, acquirerDirectoryUrl, acquirerTransactionUrl, acquirerStatusUrl, merchantCertificateFingerprint, routingServiceCertificateFingerprint, null, samlCertificateFingerprint, serviceLogsLocation, serviceLogsEnabled, serviceLogsPattern, certificateLoader)
{
}
/// <summary>
/// Creates a configuration instance
/// </summary>
/// <param name="acquirerId">Acquirer ID</param>
/// <param name="merchantId">ID of the Merchant</param>
/// <param name="merchantSubId">The SubID that uniquely defines a trade name of the Merchant to be used for display</param>
/// <param name="merchantReturnUrl">The merchant return URL to be used after successfull authentication</param>
/// <param name="acquirerDirectoryUrl">The AcquirerDirectoryURL that the library will use to perform the DirectoryRequest</param>
/// <param name="acquirerTransactionUrl">The AcquirerTransactionURL that the library will use to start a new authentication></param>
/// <param name="acquirerStatusUrl">The AcquirerStatusURL that the library will use to get the status of an authentication</param>
/// <param name="merchantCertificateFingerprint">The fingerprint of the merchant certificate</param>
/// <param name="routingServiceCertificateFingerprint">The fingerprint of the Routing Service certificate</param>
/// <param name="alternateRoutingServiceCertificateFingerprint">The alternate fingerprint of the Routing Service certificate</param>
/// <param name="samlCertificateFingerprint">The fingerprint of the SAML certificate</param>
/// <param name="serviceLogsLocation">Location of the service logs folder. The library will attempt to write service logs in the specified folder if service logs are enabled</param>
/// <param name="serviceLogsEnabled">True if service logs are enabled, False otherwise</param>
/// <param name="serviceLogsPattern">Pattern to be used when generating service logs files</param>
public Configuration(string acquirerId, string merchantId, uint merchantSubId, Uri merchantReturnUrl, Uri acquirerDirectoryUrl, Uri acquirerTransactionUrl, Uri acquirerStatusUrl, string merchantCertificateFingerprint, string routingServiceCertificateFingerprint, string alternateRoutingServiceCertificateFingerprint, string samlCertificateFingerprint, string serviceLogsLocation, bool serviceLogsEnabled, string serviceLogsPattern, ICertificateLoader certificateLoader = null)
: this(acquirerId, merchantId, merchantSubId, merchantReturnUrl, acquirerDirectoryUrl, acquirerTransactionUrl, acquirerStatusUrl, serviceLogsLocation, serviceLogsEnabled, serviceLogsPattern)
{
MerchantCertificateFingerprint = merchantCertificateFingerprint;
RoutingServiceCertificateFingerprint = routingServiceCertificateFingerprint;
AlternateRoutingServiceCertificateFingerprint = alternateRoutingServiceCertificateFingerprint;
SamlCertificateFingerprint = samlCertificateFingerprint;
var certLoader = certificateLoader ?? new CertificateStoreLoader();
MerchantCertificate = certLoader.Load(MerchantCertificateFingerprint);
RoutingServiceCertificate = certLoader.Load(RoutingServiceCertificateFingerprint);
if (!string.IsNullOrEmpty(AlternateRoutingServiceCertificateFingerprint))
{
AlternateRoutingServiceCertificate = certLoader.Load(AlternateRoutingServiceCertificateFingerprint);
}
SamlCertificate = certLoader.Load(SamlCertificateFingerprint);
}
public TokenService(IAppSetting appSetting, ICertificateLoader certificateLoader)
{
_certificateLoader = certificateLoader;
_appSetting = appSetting;
}
public CertificateService(ICertificateLoader loader, ISamlCertificateRepository repository)
{
_loader = loader;
_repository = repository;
}
/// <summary>
/// Constructor that highlights all required fields for this object
/// </summary>
public Configuration(ApplicationSettings applicationSettings, ILoggerFactory loggerFactory = null, ICertificateLoader certificateLoader = null) : this(
applicationSettings.ContractId,
applicationSettings.MerchantReturnUrl,
applicationSettings.SigningCertificateThumbprint,
applicationSettings.AcquirerCertificateThumbprint,
applicationSettings.AcquirerAlternateCertificateThumbprint,
applicationSettings.AcquirerDirectoryRequestUrl,
applicationSettings.AcquirerTransactionRequestUrl,
applicationSettings.AcquirerStatusRequestUrl,
applicationSettings.ServiceLogsEnabled,
applicationSettings.ServiceLogsLocation,
loggerFactory,
certificateLoader,
applicationSettings.ServiceLogsPattern,
applicationSettings.ContractSubId
)
{
}
