public static HttpClient CreateHttpClient(IProxyAndRecordSettings settings)
{
#if NETSTANDARD
var handler = new HttpClientHandler
{
CheckCertificateRevocationList = false,
SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls,
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};
#elif NET46
var handler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;
#else
var handler = new WebRequestHandler
{
ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;
#endif
if (!string.IsNullOrEmpty(settings.ClientX509Certificate2ThumbprintOrSubjectName))
{
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
var x509Certificate2 = ClientCertificateHelper.GetCertificate(settings.ClientX509Certificate2ThumbprintOrSubjectName);
handler.ClientCertificates.Add(x509Certificate2);
}
handler.AllowAutoRedirect = settings.AllowAutoRedirect == true;
// If UseCookies enabled, httpClient ignores Cookie header
handler.UseCookies = false;
if (settings.WebProxySettings != null)
{
handler.UseProxy = true;
handler.Proxy = new WebProxy(settings.WebProxySettings.Address);
if (settings.WebProxySettings.UserName != null && settings.WebProxySettings.Password != null)
{
handler.Proxy.Credentials = new NetworkCredential(settings.WebProxySettings.UserName, settings.WebProxySettings.Password);
}
}
var client = new HttpClient(handler);
#if NET452 || NET46
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
#endif
return(client);
}
public async void ClientCertificateHelper_ValidateCertificate_NonExistingThumbprint_ReturnsFail()
{
// Arrange
var thumbprint = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
// Act
var result = await ClientCertificateHelper.ValidateCertificate(thumbprint, StoreName.My, StoreLocation.LocalMachine,
false, true, HealthStatus.Unhealthy);
// Assert
Assert.Equal(HealthStatus.Unhealthy, result.Status);
Assert.Contains(" was not found in", result.Description);
}
public static HttpClient CreateHttpClient(string clientX509Certificate2ThumbprintOrSubjectName = null)
{
#if NETSTANDARD
var handler = new HttpClientHandler
{
CheckCertificateRevocationList = false,
SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls,
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};
#elif NET46
var handler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;
#else
var handler = new WebRequestHandler
{
ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;
#endif
if (!string.IsNullOrEmpty(clientX509Certificate2ThumbprintOrSubjectName))
{
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
var x509Certificate2 = ClientCertificateHelper.GetCertificate(clientX509Certificate2ThumbprintOrSubjectName);
handler.ClientCertificates.Add(x509Certificate2);
}
// For proxy we shouldn't follow auto redirects
handler.AllowAutoRedirect = false;
// If UseCookies enabled, httpClient ignores Cookie header
handler.UseCookies = false;
var client = new HttpClient(handler);
#if NET452 || NET46
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
#endif
return(client);
}
public async void ClientCertificateHelper_ValidateCertificate_CertificateWithoutPrivateKey_WhenRequirePrivateKey_ReturnsFail()
{
// Arrange
// Fetch a thumbprint from a cert hopefully already in store... could we assume it exists one? Or must insert cert in test case?
var thumbprint = GetThumbprint(StoreName.My, StoreLocation.LocalMachine, false, true);
var anExistingCertFound = thumbprint != null;
Assert.True(anExistingCertFound,
"No existing suitable cert found in store for this test (add or rewrite test needed...)");
// Act
var result = await ClientCertificateHelper.ValidateCertificate(thumbprint, StoreName.My, StoreLocation.LocalMachine,
true, true, HealthStatus.Unhealthy);
// Assert
Assert.Equal(HealthStatus.Unhealthy, result.Status);
Assert.Contains("has no corresponding private key", result.Description);
}
public static OAUTHtoken GetOAUTHToken()
{
Result returnResult = new Result();
Assembly assembly = Assembly.GetExecutingAssembly();
GuidAttribute attribute = (GuidAttribute)assembly.GetCustomAttributes(typeof(GuidAttribute), true)[0];
String id = attribute.Value;
X509Certificate2 clientCert = ClientCertificateHelper.GetClientCertificate("RGDAT108VCC");
OAUTHtoken OAUTHtokenReturned = new OAUTHtoken();
using (HttpClient quangoPingClient = NetworkHelper.GetHttpClient("https://beta-sso.cognisec.com:9998", new MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded"), clientCert)) //Get an instance of HttpClient and populate with token and stuff
{
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair <string, string>("grant_type", "client_credentials") //Ping expects a Form with client credentials request
}
);
string quangoPingUri = "/as/token.oauth2?client_id=cc_" + id; //Ping OAUTH URI set, ready to pass to HttpClient
try
{
using (HttpResponseMessage quangoPingResponse = quangoPingClient.PostAsync(quangoPingUri, content).Result) //Attempt to POST the form and extract Result
{
if (quangoPingResponse.StatusCode != HttpStatusCode.OK) //Connected to host, but got non-OK HTTP back
{
try
{
OAUTHerror OAUTHerrorReturned = JsonConvert.DeserializeObject <OAUTHerror>(quangoPingResponse.Content.ReadAsStringAsync().Result); //Attempt to get OAUTHerror
returnResult.ExceptionInfo = OAUTHerrorReturned.error_description;
returnResult.ResultText = "OAUTH token error";
}
catch (Exception ex)
{
returnResult.ExceptionInfo = ex.Message; //No OAUTHerror found
returnResult.ResultText = "OAUTH response deserialisation failed - HTTP status code " + quangoPingResponse.StatusCode; //so just send status code
}
returnResult.Outcome = "Fail";
}
else
{
OAUTHtokenReturned = JsonConvert.DeserializeObject <OAUTHtoken>(quangoPingResponse.Content.ReadAsStringAsync().Result);
returnResult.Outcome = "Success";
}
}
}
catch (Exception ex) //Failed to connect to host
{
returnResult.ExceptionInfo = ex.InnerException.InnerException.Message;
returnResult.ResultText = "Failed to contact token provider";
returnResult.Outcome = "Fail";
}
if (returnResult.Outcome.Equals("Fail")) //Inform the user of the failure
{
// result.Text("Outcome " + returnResult.Outcome);
// result.Text("ResultText " + returnResult.ResultText);
// result.Text("ExceptionInfo " + returnResult.ExceptionInfo);
string fail = "Outcome " + returnResult.Outcome;
fail += "\nResultText " + returnResult.ResultText;
fail += "\nExceptionInfo " + returnResult.ExceptionInfo;
throw new Exception(fail);
}
}
return(OAUTHtokenReturned);
}
