/// <summary> /// Creates a new access token to use the specified key /// </summary> /// <param name="code">Encryption code for the key</param> /// <param name="name">Name of the key</param> /// <returns>Access token and its config</returns> public (AccessToken accessToken, AccessTokenConfig accessTokenConfig) CreateAccessToken( string code, string name ) { var comment = ConsoleUtils.Prompt("Comment (optional)"); Console.WriteLine(); Console.WriteLine("Signing settings:"); var desc = ConsoleUtils.Prompt("Description"); var url = ConsoleUtils.Prompt("Product/Application URL"); var accessToken = new AccessToken { Id = Guid.NewGuid().ToShortGuid(), Code = code, IssuedAt = DateTime.Now, KeyName = name, }; var accessTokenConfig = new AccessTokenConfig { Comment = comment, IssuedAt = accessToken.IssuedAt, Valid = true, SignDescription = desc, SignUrl = url, }; return(accessToken, accessTokenConfig); }
public async Task <Response> GetPhoto <TPhoto>(string userId) where TPhoto : new() { //https://graph.microsoft.com/v1.0/me/photos/48x48/$value Response ResultResponse = new Response(); this.AccessToken = AccessTokenConfig.GetAccessToken(AppClient); ResultResponse = await ExecuteLocalRequest(); //var stream = ResultResponse.HttpResponse.Content.ReadAsStreamAsync(); // var pic = Convert.ToBase64String(ResultResponse.HttpResponse.Content); return(ResultResponse); //Função local que executa a requisição das infromações do usuário. //Essa função só é visivel nesse metodo. async Task <Response> ExecuteLocalRequest() { using (var client = new RESTService <HttpRestClientNative>(getUserEndPoint("/photos/48x48/$value", userId))) { //Headers necessário para obtenção da foto.Content-Type e Authrization Token //client.AddHeader("Content-Type", "image/jpg"); client.AddHeader("Authorization", "Bearer " + this.AccessToken.access_token); return(await client.Get <TPhoto>()); } } }
/// <summary> /// Creates a new access token to use the specified key /// </summary> /// <param name="code">Encryption code for the key</param> /// <param name="name">Name of the key</param> /// <returns>Access token and its config</returns> public (AccessToken accessToken, AccessTokenConfig accessTokenConfig) CreateAccessToken( string code, string name ) { var fingerprint = ConsoleUtils.Prompt("Key ID"); // Validate keyId is legit var key = _ctx.KeyStore.GetKey(fingerprint, secretOnly: false); if (key == null) { throw new Exception($"Invalid key ID: {fingerprint}"); } var comment = ConsoleUtils.Prompt("Comment (optional)"); var accessToken = new AccessToken { Id = Guid.NewGuid().ToShortGuid(), Code = code, IssuedAt = DateTime.Now, KeyFingerprint = fingerprint, KeyName = name, }; var accessTokenConfig = new AccessTokenConfig { Comment = comment, IssuedAt = accessToken.IssuedAt, Valid = true, }; return(accessToken, accessTokenConfig); }
/// <summary> /// Gets the file to sign from the request payload. /// </summary> /// <param name="token">Access token for the request</param> /// <param name="tokenConfig">Configuration for this access token</param> /// <param name="request">The request</param> /// <returns>The file contents</returns> private async Task <byte[]> GetFileFromPayloadAsync(AccessToken token, AccessTokenConfig tokenConfig, AuthenticodeSignRequest request) { if (!CheckIfRequestIsWhitelisted(token, tokenConfig, request)) { throw new InvalidOperationException("Upload request is not allowed."); } if (request.ArtifactUrl != null) { _logger.LogInformation("Signing request received: {Id} is signing {ArtifactUrl}", token.Id, request.ArtifactUrl); return(await _httpClient.GetByteArrayAsync(request.ArtifactUrl)); } if (request.Artifact != null) { _logger.LogInformation("Signing request received: {Id} is signing {Filename}", token.Id, request.Artifact.FileName); using (var stream = new MemoryStream()) { await request.Artifact.CopyToAsync(stream); return(stream.ToArray()); } } // TODO: This should likely throw instead return(new byte[0]); }
public async Task <Response> GetUser <TUser>() where TUser : new() { TUser result = new TUser(); Response ResultResponse = new Response(); try { //Efetua a requisição invocando a função local ExecuteLocalRequest() ResultResponse = await ExecuteLocalRequest(); //Trata o retorno da requisição. if (ResultResponse.Status == HttpStatusCode.OK) { var data = ResultResponse.Data; result = data; } else { if (ResultResponse.Status == HttpStatusCode.Unauthorized) { //Token invalido, requisita um novo AccessToken = AccessTokenConfig.GetAccessToken(AppClient); //Executa novamente a consulta com o novo Token ResultResponse = await ExecuteLocalRequest(); } else { return(ResultResponse); } } //Função local que executa a requisição das infromações do usuário. //Essa função só é visivel nesse metodo. async Task <Response> ExecuteLocalRequest() { this.EndPoint = string.Empty; using (var client = new RESTService <HttpRestClientRestSharp>(getUserEndPoint())) { client.AddHeader("Authorization", "Bearer " + this.AccessToken.access_token); return(await client.Get <TUser>()); } } } catch { } return(ResultResponse); }
/// <summary> /// Saves the provided access token to the config /// </summary> /// <param name="accessToken"></param> /// <param name="accessTokenConfig">Config to save</param> /// <returns>Serialized access token for use in SecureSign requests</returns> private string SaveAccessToken(AccessToken accessToken, AccessTokenConfig accessTokenConfig) { // If this is the first time an access token is being added, we need to create the config file if (!File.Exists(_pathConfig.AccessTokenConfig)) { File.WriteAllText(_pathConfig.AccessTokenConfig, JsonConvert.SerializeObject(new { AccessTokens = new Dictionary <string, AccessToken>() })); } // Save access token config to config file dynamic configFile = JObject.Parse(File.ReadAllText(_pathConfig.AccessTokenConfig)); configFile.AccessTokens[accessToken.Id] = JToken.FromObject(accessTokenConfig); File.WriteAllText(_pathConfig.AccessTokenConfig, JsonConvert.SerializeObject(configFile, Formatting.Indented)); var encodedAccessToken = _accessTokenSerializer.Serialize(accessToken); return(encodedAccessToken); }
private bool CheckIfRequestIsWhitelisted(AccessToken token, AccessTokenConfig tokenConfig, AuthenticodeSignRequest request) { if ( request.ArtifactUrl != null && tokenConfig.AllowedUrls != null && !tokenConfig.AllowedUrls.Any(item => Regex.IsMatch(request.ArtifactUrl.Host, item.Domain) && Regex.IsMatch(request.ArtifactUrl.AbsolutePath, item.Path) ) ) { _logger.LogWarning("[{Id}] URL signing requested, but url {Url} is not on the whitelist!", token.Id, request.ArtifactUrl); return(false); } if (request.Artifact != null && !tokenConfig.AllowUploads) { _logger.LogWarning("[{Id}] File uploaded, but access token is forbidden from doing so!", token.Id); return(false); } return(true); }
public SpotifyVault() { AccessToken = new AccessTokenConfig(); }
public async Task <Response> GetMessages <TMessage>() where TMessage : new() { List <TMessage> result = new List <TMessage>(); Response ResultResponse = new Response(); try { //Efetua a requisição invocando a função local ExecuteLocalRequest() ResultResponse = await ExecuteLocalRequest(); //Trata o retorno da requisição. if (ResultResponse.Status == HttpStatusCode.OK) { var data = ResultResponse.Data; var objeto = JSON.StringToObject <TMessage>(ResultResponse.HttpResponse.Content); //result.Add(); ResultResponse.Data = result; } else { if (ResultResponse.Status == HttpStatusCode.Unauthorized) { //Token invalido, requisita um novo AccessToken = AccessTokenConfig.GetAccessToken(AppClient); //Executa novamente a consulta com o novo Token ResultResponse = await ExecuteLocalRequest(); //var data = ResultResponse.Data; var objeto = JSON.StringToObject <dynamic>(ResultResponse.HttpResponse.Content); ResultResponse.Data = objeto; //result.Add(JSON.StringToObject<TMessage>(ResultResponse.HttpResponse.Content)); //ResultResponse.Data = result; } else { return(ResultResponse); } } //Função local que executa a requisição das infromações do usuário. //Essa função só é visivel nesse metodo. async Task <Response> ExecuteLocalRequest() { this.EndPoint = this.EndPoint ?? $"/messages"; using (var client = new RESTService <HttpRestClientRestSharp>(getUserEndPoint())) { //Headers necessário para obtenção da foto.Content-Type e Authrization Token //client.AddHeader("Content-Type", "image/jpg"); client.AddHeader("Authorization", "Bearer " + this.AccessToken.access_token); return(await client.Get <TMessage>()); } } } catch { } return(ResultResponse); }
/// <summary> /// Gets the file to sign from the request payload. /// </summary> /// <param name="token">Access token for the request</param> /// <param name="tokenConfig">Configuration for this access token</param> /// <param name="request">The request</param> /// <returns>The file contents</returns> public async Task <(Stream, IActionResult, string)> GetFileFromPayloadAsync(AccessToken token, AccessTokenConfig tokenConfig, SignRequest request) { try { if (!CheckIfRequestIsWhitelisted(token, tokenConfig, request)) { throw new InvalidOperationException("Upload request is not allowed."); } if (request.ArtifactUrl != null) { _logger.LogInformation("Signing request received: {Id} is signing {ArtifactUrl}", token.Id, request.ArtifactUrl); var artifact = await _httpClient.GetStreamAsync(request.ArtifactUrl); var fileExtension = Path.GetExtension(request.ArtifactUrl.AbsolutePath); return(artifact, null, fileExtension); } if (request.Artifact != null) { _logger.LogInformation("Signing request received: {Id} is signing {Filename}", token.Id, request.Artifact.FileName); var fileExtension = Path.GetExtension(request.Artifact.FileName); return(request.Artifact.OpenReadStream(), null, fileExtension); } return(null, new BadRequestObjectResult("No artifact found to sign"), null); } catch (Exception ex) { _logger.LogError(ex, "Could not retrieve artifact to sign"); return(null, new BadRequestObjectResult(ex.Message), null); } }
private int Run(string[] args) { var app = new CommandLineApplication(); app.Name = "SecureSignTools"; app.HelpOption("-?|-h|--help"); app.OnExecute(() => app.ShowHelp()); app.Command("addkey", command => { command.Description = "Add a new key"; var pathArg = command.Argument("path", "Path to the key file to add"); command.OnExecute(() => { var inputPath = pathArg.Value; if (string.IsNullOrWhiteSpace(inputPath)) { Console.WriteLine("Please include the file name to add"); return(1); } // Ensure input file exists if (!File.Exists(inputPath)) { throw new Exception("File does not exist: " + inputPath); } // Ensure output file does not exist var fileName = Path.GetFileName(inputPath); var outputPath = _secretStorage.GetPathForSecret(fileName); if (File.Exists(outputPath)) { throw new Exception(outputPath + " already exists! I'm not going to overwrite it."); } var password = ConsoleUtils.PasswordPrompt("Password"); var cert = new X509Certificate2(File.ReadAllBytes(inputPath), password, X509KeyStorageFlags.Exportable); var code = _passwordGenerator.Generate(); _secretStorage.SaveSecret(fileName, cert, code); Console.WriteLine(); Console.WriteLine($"Saved {fileName} ({cert.FriendlyName})"); Console.WriteLine($"Subject: {cert.SubjectName.Format(false)}"); Console.WriteLine($"Issuer: {cert.IssuerName.Format(false)}"); Console.WriteLine($"Valid from {cert.NotBefore} until {cert.NotAfter}"); Console.WriteLine(); Console.WriteLine($"Secret Code: {code}"); Console.WriteLine(); Console.WriteLine("This secret code is required whenever you create an access token that uses this key."); Console.WriteLine("Store this secret code in a SECURE PLACE! The code is not stored anywhere, "); Console.WriteLine("so if you lose it, you will need to re-install the key."); return(0); }); }); app.Command("addtoken", command => { command.Description = "Add a new access token"; command.OnExecute(() => { var name = ConsoleUtils.Prompt("Key name"); var code = ConsoleUtils.Prompt("Secret code"); try { _secretStorage.LoadSecret(name, code); } catch (Exception ex) { Console.Error.WriteLine($"Could not load key: {ex.Message}"); Console.Error.WriteLine("Please check that the name and secret code are valid."); return(1); } // If we got here, the key is valid var comment = ConsoleUtils.Prompt("Comment (optional)"); Console.WriteLine(); Console.WriteLine("Signing settings:"); var desc = ConsoleUtils.Prompt("Description"); var url = ConsoleUtils.Prompt("Product/Application URL"); var accessToken = new AccessToken { Id = Guid.NewGuid().ToShortGuid(), Code = code, IssuedAt = DateTime.Now, KeyName = name, }; var accessTokenConfig = new AccessTokenConfig { Comment = comment, IssuedAt = accessToken.IssuedAt, Valid = true, SignDescription = desc, SignUrl = url, }; // If this is the first time an access token is being added, we need to create the config file if (!File.Exists(_pathConfig.AccessTokenConfig)) { File.WriteAllText(_pathConfig.AccessTokenConfig, JsonConvert.SerializeObject(new { AccessTokens = new Dictionary <string, AccessToken>() })); } // Save access token config to config file dynamic configFile = JObject.Parse(File.ReadAllText(_pathConfig.AccessTokenConfig)); configFile.AccessTokens[accessToken.Id] = JToken.FromObject(accessTokenConfig); File.WriteAllText(_pathConfig.AccessTokenConfig, JsonConvert.SerializeObject(configFile, Formatting.Indented)); var encodedAccessToken = _accessTokenSerializer.Serialize(accessToken); Console.WriteLine(); Console.WriteLine("Created new access token:"); Console.WriteLine(encodedAccessToken); return(0); }); }); try { return(app.Execute(args)); } catch (Exception ex) { Console.Error.WriteLine("ERROR: " + ex.Message); #if DEBUG throw; #else return(1); #endif } }