private TokenServiceMetadata GetMetadata()
{
TokenServiceMetadata metadata = null;
try
{
metadata = TryGetMetadata();
}
catch (Exception e)
{
TraceSource.WriteWarning(
TraceType,
"GetMetadata failed with exception: {0}",
e.Message);
throw new FabricTransientException(e.Message, e, FabricErrorCode.CommunicationError);
}
TraceSource.WriteNoise(
TraceType,
"DSTS Service metadata: ServiceName:{0}, ServiceDNSName:{1}, Metadata:{2}",
metadata.ServiceName,
metadata.ServiceDnsName,
metadata.Metadata);
return(metadata);
}
internal SecurityToken GetSecurityTokenInternal()
{
TokenServiceMetadata gatewayMetadata = GetMetadata();
AuthenticationMetadata dSTSMetadata = new AuthenticationMetadata(TVSSerializerUtility.Deserialize(gatewayMetadata.Metadata));
if (cloudServiceName != null && cloudServiceName != gatewayMetadata.ServiceName)
{
string warning = string.Format(StringResources.Error_dSTSMismatchInMetadata, "CloudServiceName", cloudServiceName, gatewayMetadata.ServiceName);
TraceSource.WriteWarning(
TraceType,
warning);
throw new FabricException(warning);
}
if (cloudServiceDnsNames != null &&
cloudServiceDnsNames.FirstOrDefault(name => name == gatewayMetadata.ServiceDnsName) == null)
{
string warning = string.Format(StringResources.Error_dSTSMismatchInMetadata, "CloudServiceDNSNames", string.Join(",", cloudServiceDnsNames), gatewayMetadata.ServiceDnsName);
TraceSource.WriteWarning(
TraceType,
warning);
throw new FabricException(warning);
}
SecurityTokenIssuanceResponse rstr;
try
{
rstr = authenticationClient.GetSecurityToken(
gatewayMetadata.ServiceName,
gatewayMetadata.ServiceDnsName,
dSTSMetadata);
}
catch (SecurityTokenIssuanceException e)
{
TraceSource.WriteWarning(
TraceType,
"GetSecurityToken failed with exception: {0}",
e.Message);
throw new FabricException(e.Message);
}
return(rstr.SecurityToken);
}
/// <summary>
/// Serializes the object to JSON.
/// </summary>
/// <param name="writer">The <see cref="T: Newtonsoft.Json.JsonWriter" /> to write to.</param>
/// <param name="obj">The object to serialize to JSON.</param>
internal static void Serialize(JsonWriter writer, TokenServiceMetadata obj)
{
// Required properties are always serialized, optional properties are serialized when not null.
writer.WriteStartObject();
if (obj.Metadata != null)
{
writer.WriteProperty(obj.Metadata, "Metadata", JsonWriterExtensions.WriteStringValue);
}
if (obj.ServiceName != null)
{
writer.WriteProperty(obj.ServiceName, "ServiceName", JsonWriterExtensions.WriteStringValue);
}
if (obj.ServiceDnsName != null)
{
writer.WriteProperty(obj.ServiceDnsName, "ServiceDnsName", JsonWriterExtensions.WriteStringValue);
}
writer.WriteEndObject();
}
/// <summary>
/// Gets Access token from Dsts secure token service. For internal use only by Service Fabric tooling.
/// </summary>
/// <param name="metadata">Token Service metadata used for secured connection to cluster.</param>
/// <param name="interactive">Flag to indicate interactive logon.</param>
/// <param name="cancellationToken">Cancellation Token to cancel the operation.</param>
/// <returns>Access Token from DSTS.</returns>
public static Task <string> GetAccessTokenFromDstsAsync(TokenServiceMetadata metadata, bool interactive, CancellationToken cancellationToken = default(CancellationToken))
{
if (cancellationToken.IsCancellationRequested)
{
throw new OperationCanceledException();
}
Assembly module;
var assembly = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), DstsClientLibraryName);
try
{
module = Assembly.LoadFrom(assembly);
}
catch (FileNotFoundException e)
{
throw new InvalidOperationException(SR.ErrorDstsNotSupported, e);
}
var dstsHelper = module.GetType(DstsHelperClassName, false);
if (dstsHelper == null)
{
throw new InvalidOperationException(SR.ErrorDstsNotSupported);
}
var getAuthorizationHeaderMetod = dstsHelper.GetMethod(GetSecurityTokenMethodName, BindingFlags.Static | BindingFlags.Public);
if (getAuthorizationHeaderMetod == null)
{
throw new InvalidOperationException(SR.ErrorDstsNotSupported);
}
var authHeader = getAuthorizationHeaderMetod.Invoke(null, new object[] { metadata.ServiceName, metadata.ServiceDnsName, metadata.Metadata, interactive });
return(Task.FromResult((string)authHeader));
}
public DstsTokenHandler(TokenServiceMetadata aadMetaData)
{
this.metaData = aadMetaData;
}
public static Task <string> GetAccessTokenDstsAsync(TokenServiceMetadata metadata, CancellationToken cancellationToken)
{
return(DstsTokenHelper.GetAccessTokenFromDstsAsync(metadata, true, cancellationToken));
}
