private AuthTokenDto GetJwtTokenByCertificate(ServiceGateway service, ServerDto serverDto)
{
var cert = new X509Certificate2(txtCertificate.Text);
var rsaKey = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(txtPrivateKey.Text);
return(service.JwtTokenService.GetTokenFromCertificate(serverDto, cert, rsaKey));
}
private string GetSignedJwtToken(RSACryptoServiceProvider rsa, X509Certificate2 cert, string url)
{
var subjectDN = ShaWithRsaSigner.GetX500SubjectDN(cert);
var claims = new List <Claim>();
claims.Add(new Claim("token_class", "solution_user_assertion"));
claims.Add(new Claim("token_type", "Bearer"));
claims.Add(new Claim("iat", DateTimeConverter.ToUnixDate(DateTime.UtcNow.AddMinutes(-5)).ToString(), ClaimValueTypes.Integer64));
claims.Add(new Claim("jti", new Random().Next().ToString()));
claims.Add(new Claim("sub", subjectDN));
claims.Add(new Claim("aud", url));
var payload = new JwtPayload(subjectDN, url, claims, DateTime.UtcNow.AddMinutes(-5), DateTime.UtcNow.AddMinutes(5));
var key = new RsaSecurityKey(rsa);
var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest);
var header = new JwtHeader(signingCredentials);
var token = new JwtSecurityToken(header, payload);
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
try
{
var jsonToken = jwtSecurityTokenHandler.WriteToken(token);
return(jsonToken);
}
catch (Exception)
{
// do nothing
}
return(null);
}
private string GetSamlTokenByCertificate(ServiceGateway service, ServerDto serverDto)
{
var cert = new X509Certificate2(txtCertificate.Text);
var rsaKey = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(txtPrivateKey.Text);
var token = service.SamlTokenService.GetSamlTokenFromCertificate(serverDto, cert, rsaKey);
return(token);
}
private string GetSamlTokenByToken(ServiceGateway service, ServerDto serverDto)
{
var cert = new X509Certificate2(txtTokCert.Text);
var rsaKey = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(txtTokPkey.Text);
var tokenText = File.ReadAllText(txtTokenFilePath.Text);
var token = service.SamlTokenService.GetSamlTokenFromToken(serverDto, tokenText, cert, rsaKey);
return(token);
}
void PopulateCertDN()
{
if (rdoUseFile.Checked)
{
var cert = new X509Certificate2(txtCertFile.Text);
var subjectDN = ShaWithRsaSigner.GetX500SubjectDN(cert);
txtCertDN.Text = subjectDN;
}
CertDn = txtCertDN.Text;
}
void BindControls()
{
var base64Value = CertificateHelper.PemToBase64EncodedString(_userDto.Certificate.Encoded);
var cert = CertificateHelper.GetX509Certificate2FromString(base64Value);
var subjectDN = ShaWithRsaSigner.GetX500SubjectDN(cert);
txtIssuedBy.Text = cert.IssuerName.Name;
txtValidFrom.Text = cert.NotBefore.ToString("MM-dd-yyyy hh:mm:ss");
txtValidTo.Text = cert.NotAfter.ToString("MM-dd-yyyy hh:mm:ss");
txtDN.Text = subjectDN;
}
public void OnClickAddButton(object sender, EventArgs e)
{
if (IsValid())
{
var serverDto = new ServerDto {
ServerName = TxtServer.StringValue,
Tenant = TxtTenant.StringValue,
Port = TxtPort.StringValue,
Protocol = CbSsl.StringValue == "1" ? "https" : "http",
TokenType = CbSaml.StringValue == "1" ? TokenType.SAML : TokenType.Bearer,
Url = LblServerUrl.StringValue,
StsUrl = string.IsNullOrEmpty(TxtStsUrl.StringValue) ? string.Empty : TxtStsUrl.StringValue
};
var login = new LoginDto {
User = TxtUsername.StringValue,
Pass = TxtPassword.StringValue,
DomainName = TxtDomain.StringValue,
TenantName = TxtTenant.StringValue
};
try {
TxtIDTokenString.StringValue = string.Empty;
TxtAccessTokenString.StringValue = string.Empty;
TxtRefreshTokenString.StringValue = string.Empty;
TxtSamlToken.StringValue = string.Empty;
if (CbSaml.StringValue == "0")
{
if (RdoTypeGroup.SelectedTag == 1)
{
var auth = SnapInContext.Instance.ServiceGateway.Authentication.Login(serverDto, login, Constants.ClientId);
PopulateToken(auth);
}
else if (RdoTypeGroup.SelectedTag == 2)
{
var cert = new X509Certificate2(TxtCertificate.StringValue);
var rsa = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(TxtPrivateKey.StringValue);
var auth = SnapInContext.Instance.ServiceGateway.JwtTokenService.GetTokenFromCertificate(serverDto, cert, rsa);
PopulateToken(auth);
}
}
else
{
if (RdoTypeGroup.SelectedTag == 1)
{
var auth = SnapInContext.Instance.ServiceGateway.SamlTokenService.Authenticate(serverDto, login, Constants.ClientId);
var bytes = Convert.FromBase64String(auth.Token.AccessToken);
var token = System.Text.Encoding.Default.GetString(bytes);
TxtSamlToken.StringValue = token;
}
else if (RdoTypeGroup.SelectedTag == 2)
{
var cert = new X509Certificate2(TxtCertificate.StringValue);
var rsa = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(TxtPrivateKey.StringValue);
var token = SnapInContext.Instance.ServiceGateway.SamlTokenService.GetSamlTokenFromCertificate(serverDto, cert, rsa);
TxtSamlToken.StringValue = token;
}
else if (RdoTypeGroup.SelectedTag == 3)
{
var cert = new X509Certificate2(TxtCertificate.StringValue);
var rsa = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(TxtPrivateKey.StringValue);
var tokenText = System.IO.File.ReadAllText(TxtTokenFile.StringValue);
var token = SnapInContext.Instance.ServiceGateway.SamlTokenService.GetSamlTokenFromToken(serverDto, tokenText, cert, rsa);
TxtSamlToken.StringValue = token;
}
}
}
catch (WebException exp)
{
if (CbSaml.StringValue == "1")
{
if (exp != null && exp.Response != null)
{
var response = exp.Response as HttpWebResponse;
var resp = new StreamReader(exp.Response.GetResponseStream()).ReadToEnd();
UIErrorHelper.ShowAlert(resp, "Error");
return;
}
else
{
UIErrorHelper.ShowAlert(exp.Message, "Error");
return;
}
}
else
{
if (exp.Response is HttpWebResponse)
{
var response = exp.Response as HttpWebResponse;
if (response != null && response.StatusCode == HttpStatusCode.Unauthorized)
{
var resp = new StreamReader(exp.Response.GetResponseStream()).ReadToEnd();
var error = JsonConvert.Deserialize <AuthErrorDto> (resp);
if (error != null)
{
if (error.Error == AuthError.InvalidToken)
{
UIErrorHelper.ShowAlert("Token Expired", "Error");
}
else
{
UIErrorHelper.ShowAlert(error.Details, "Error");
}
}
}
else
{
if (response != null && response.StatusCode == HttpStatusCode.BadRequest && response.ContentType == "application/json;charset=UTF-8")
{
var resp = new StreamReader(response.GetResponseStream()).ReadToEnd();
var error = JsonConvert.Deserialize <AuthErrorDto> (resp);
if (resp.Contains(AuthError.InvalidGrant))
{
if (error != null)
{
UIErrorHelper.ShowAlert("Invalid username or password", "Error");
}
else
{
UIErrorHelper.ShowAlert(exp.Message + " Details: " + resp, "Error");
}
}
else
{
UIErrorHelper.ShowAlert(exp.Message + " Details: " + resp, "Error");
}
}
else if (response != null && response.ContentType == "application/json")
{
var resp = new StreamReader(response.GetResponseStream()).ReadToEnd();
UIErrorHelper.ShowAlert(exp.Message + " Details: " + resp, "Error");
}
else
{
UIErrorHelper.ShowAlert(exp.Message, "Error");
}
}
}
else
{
UIErrorHelper.ShowAlert(exp.Message, "Error");
}
}
}
catch (Exception exp)
{
UIErrorHelper.ShowAlert(exp.Message, "Error");
}
}
}
public override void AwakeFromNib()
{
base.AwakeFromNib();
_certs = new List <string> ();
TxtTenantName.Enabled = !UpdateCredentials;
txtUsername.Enabled = !UpdateCredentials;
TxtPassword.Enabled = !UpdateCredentials;
if (UpdateCredentials)
{
TxtTenantName.StringValue = TenantDto.Name;
}
else
{
TenantDto = new TenantDto();
}
TenantDto.Credentials = new TenantCredentialsDto()
{
Certificates = new List <CertificateDto>()
};
BtnAddCertificate.Activated += (object sender, EventArgs e) => {
var openPanel = new NSOpenPanel();
openPanel.ReleasedWhenClosed = true;
openPanel.Prompt = "Select file";
var result = openPanel.RunModal();
if (result == 1)
{
var filePath = openPanel.Url.AbsoluteString.Replace("file://", string.Empty);
var cert = new X509Certificate2();
ActionHelper.Execute(delegate() {
cert.Import(filePath);
_certs.Add(filePath);
var certfificateDto = new CertificateDto {
Encoded = cert.ExportToPem(),
};
TenantDto.Credentials.Certificates.Add(certfificateDto);
ReloadCertificates();
});
}
};
BtnRemoveCertificate.Activated += (object sender, EventArgs e) => {
if (CertificateChainTableView.SelectedRows.Count > 0)
{
foreach (var row in CertificateChainTableView.SelectedRows)
{
_certs.RemoveAt((int)row);
TenantDto.Credentials.Certificates.RemoveAt((int)row);
}
ReloadCertificates();
}
};
BtnBrowsePrivateKey.Activated += (object sender, EventArgs e) => {
var openPanel = new NSOpenPanel();
openPanel.ReleasedWhenClosed = true;
openPanel.Prompt = "Select file";
var result = openPanel.RunModal();
if (result == 1)
{
var filePath = openPanel.Url.AbsoluteString.Replace("file://", string.Empty);
ActionHelper.Execute(delegate() {
if (ShaWithRsaSigner.IsPrivateKeyValid(filePath))
{
var text = System.IO.File.ReadAllText(filePath);
var privateKey = PrivateKeyHelper.ExtractBase64EncodedPayload(text);
TxtPrivateKeyPath.StringValue = filePath;
TenantDto.Credentials.PrivateKey = new PrivateKeyDto()
{
Algorithm = EncrptionAlgorithm.RSA, Encoded = privateKey
};
}
else
{
UIErrorHelper.ShowAlert("Selected private key is not valid", "Alert");
}
});
}
};
BtnClose.Activated += (object sender, EventArgs e) => {
TenantDto = null;
this.Close();
NSApplication.SharedApplication.StopModalWithCode(0);
};
this.BtnSave.Activated += (object sender, EventArgs e) => {
if (!UpdateCredentials && string.IsNullOrEmpty(TxtTenantName.StringValue))
{
UIErrorHelper.ShowAlert("Please enter valid tenant name", "Alert");
}
else if (!UpdateCredentials && string.IsNullOrEmpty(txtUsername.StringValue))
{
UIErrorHelper.ShowAlert("Please enter valid username", "Alert");
}
else if (!UpdateCredentials && string.IsNullOrEmpty(TxtPassword.StringValue))
{
UIErrorHelper.ShowAlert("Please enter valid password", "Alert");
}
else if (string.IsNullOrEmpty(TxtPrivateKeyPath.StringValue))
{
UIErrorHelper.ShowAlert("Please enter valid private key", "Alert");
}
else if (_certs.Count < 2)
{
UIErrorHelper.ShowAlert("Please enter atleast 2 valid Certificates", "Alert");
}
else
{
TenantDto.Name = TxtTenantName.StringValue;
TenantDto.Username = txtUsername.StringValue;
TenantDto.Password = TxtPassword.StringValue;
this.Close();
NSApplication.SharedApplication.StopModalWithCode(1);
}
};
}
