private async Task <CredHubClient> InitializeAsync() { HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { var info = await _httpClient.GetAsync($"{_baseCredHubUrl.Replace("/api", "/info")}"); if (!info.IsSuccessStatusCode) { // we don't NEED to throw an error here as this was more of a connectivity test than anything else // throw new CredHubException($"Failed calling {_baseCredHubUrl.Replace("/api", "/info")}: {info.StatusCode}"); _logger?.LogError($"Failed calling {_baseCredHubUrl.Replace("/api", "/info")}: {info.StatusCode} -- CredHub interactions may not work!"); } } catch (Exception e) { _logger?.LogCritical($"Encountered an exception calling /info on the CredHub server: {e}"); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } return(this); }
public async Task <List <CredentialPermission> > AddPermissionsAsync(string name, List <CredentialPermission> permissions) { if (string.IsNullOrEmpty(name)) { throw new ArgumentException("Name is required"); } if (permissions == null || !permissions.Any()) { throw new ArgumentException("At least one permission is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/permissions"); var newPermissions = new CredentialPermissions { CredentialName = name, Permissions = permissions }; var addResponse = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/permissions", newPermissions, _serializerSettings); return(await GetPermissionsAsync(name)); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public async Task <bool> DeletePermissionAsync(string name, string actor) { if (string.IsNullOrEmpty(name)) { throw new ArgumentException("Name is required"); } if (string.IsNullOrEmpty(actor)) { throw new ArgumentException("Actor is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to DELETE {_baseCredHubUrl}/v1/permissions?credential_name={name}&actor={actor}"); var response = await _httpClient.DeleteAsync($"{_baseCredHubUrl}/v1/permissions?credential_name={name}&actor={actor}"); if (response.StatusCode == System.Net.HttpStatusCode.NoContent || response.StatusCode == System.Net.HttpStatusCode.NotFound) { return(true); } return(false); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public async Task <string> InterpolateServiceDataAsync(string serviceData) { if (string.IsNullOrEmpty(serviceData)) { throw new ArgumentException("Service data is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/interpolate"); var response = await _httpClient.PostAsync($"{_baseCredHubUrl}/v1/interpolate", new StringContent(serviceData, Encoding.Default, "application/json")); if (response.IsSuccessStatusCode) { return(await response.Content.ReadAsStringAsync()); } else { throw new CredHubException($"Failed to interpolate credentials, status code: {response.StatusCode}"); } } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public virtual async Task <JsonWebKeySet> FetchKeySet() { var requestMessage = new HttpRequestMessage(HttpMethod.Get, _jwtKeyUrl); requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); HttpClient client = GetHttpClient(); HttpClientHelper.ConfigureCertificateValidatation( _validateCertificates, out SecurityProtocolType prevProtocols, out RemoteCertificateValidationCallback prevValidator); HttpResponseMessage response = null; try { response = await client.SendAsync(requestMessage); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, prevProtocols, prevValidator); } if (response.IsSuccessStatusCode) { var result = await response.Content.ReadAsStringAsync(); return(GetJsonWebKeySet(result)); } return(null); }
private async Task DoPost(HttpClient client, HttpRequestMessage request) { HttpClientHelper.ConfigureCertificateValidatation( _options.ValidateCertificates, out SecurityProtocolType prevProtocols, out RemoteCertificateValidationCallback prevValidator); try { using (HttpResponseMessage response = await client.SendAsync(request)) { _logger?.LogDebug("DoPost {uri}, status: {status}", request.RequestUri, response.StatusCode); if (response.StatusCode != HttpStatusCode.OK && response.StatusCode != HttpStatusCode.Accepted) { var statusCode = (int)response.StatusCode; _logger?.LogError("Failed to send traces to Zipkin. Discarding traces. StatusCode: {status}, Uri: {uri}", statusCode, request.RequestUri); } return; } } catch (Exception e) { _logger?.LogError(e, "DoPost Exception: {uri}", request.RequestUri); } finally { client.Dispose(); HttpClientHelper.RestoreCertificateValidation(_options.ValidateCertificates, prevProtocols, prevValidator); } }
private HttpClient InitializeHttpClient(bool validateCertificates) { HttpClientHelper.ConfigureCertificateValidatation(validateCertificates, out SecurityProtocolType sslProtocols, out RemoteCertificateValidationCallback certCallback); if (validateCertificates) { return(new HttpClient(_httpClientHandler)); } else { // TODO: this may need further attention if (Platform.IsFullFramework) { _logger?.LogTrace("Full .NET Framework detected, using ServicePointManager to disable Certificate Validation"); ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, sslPolicyErrors) => true; } else { _logger?.LogTrace("Full .NET Framework NOT detected, using HttpClientHandler to disable Certificate Validation"); _httpClientHandler.SslProtocols = SslProtocols.Tls12; _httpClientHandler.ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, cetChain, policyErrors) => true; } return(new HttpClient(_httpClientHandler)); } }
private async Task <CredHubClient> InitializeAsync(string credHubUser, string credHubPassword) { HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { Uri tokenUri; var uaaOverrideUrl = Environment.GetEnvironmentVariable("UAA_Server_Override"); if (string.IsNullOrEmpty(uaaOverrideUrl)) { var info = await _httpClient.GetAsync($"{_baseCredHubUrl.Replace("/api", "/info")}"); var infoResponse = await HandleErrorParseResponse <CredHubServerInfo>(info, "GET /info from CredHub Server"); tokenUri = new Uri($"{infoResponse.AuthServer.First().Value}/oauth/token"); _logger?.LogInformation($"Targeted CredHub server uses UAA server at {tokenUri}"); } else { tokenUri = new Uri(uaaOverrideUrl); _logger?.LogInformation($"UAA set by ENV variable {tokenUri}"); } // login to UAA var header = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.ASCII.GetBytes($"{credHubUser}:{credHubPassword}"))); _httpClient.DefaultRequestHeaders.Authorization = header; var postParams = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("grant_type", "client_credentials"), new KeyValuePair <string, string>("response_type", "token") }; var response = await _httpClient.PostAsync(tokenUri, new FormUrlEncodedContent(postParams)); if (response.IsSuccessStatusCode) { _logger?.LogTrace(await response.Content.ReadAsStringAsync()); // set the token var payload = JObject.Parse(await response.Content.ReadAsStringAsync()); _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", payload.Value <string>("access_token")); return(this); } else { _logger?.LogCritical($"Authentication with UAA Server failed, status code: {response.StatusCode}"); _logger?.LogCritical(await response.Content.ReadAsStringAsync()); throw new AuthenticationException($"Authentication with UAA Server failed, status code: {response.StatusCode}"); } } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { _logger?.LogDebug("CreateTicketAsync()"); HttpRequestMessage request = GetTokenInfoRequestMessage(tokens); HttpClient client = GetHttpClient(); HttpClientHelper.ConfigureCertificateValidatation( Options.ValidateCertificates, out SecurityProtocolType prevProtocols, out RemoteCertificateValidationCallback prevValidator); HttpResponseMessage response = null; try { response = await client.SendAsync(request, Context.RequestAborted); } finally { HttpClientHelper.RestoreCertificateValidation(Options.ValidateCertificates, prevProtocols, prevValidator); } if (!response.IsSuccessStatusCode) { _logger?.LogDebug("CreateTicketAsync() failure getting token info from {requesturi}", request.RequestUri); throw new HttpRequestException($"An error occurred when retrieving token information ({response.StatusCode})."); } var resp = await response.Content.ReadAsStringAsync(); _logger?.LogDebug("CreateTicketAsync() received json: {json}", resp); var payload = JObject.Parse(resp); var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, payload); context.RunClaimActions(); await Events.CreatingTicket(context); if (Options.UseTokenLifetime) { properties.IssuedUtc = CloudFoundryHelper.GetIssueTime(payload); properties.ExpiresUtc = CloudFoundryHelper.GetExpTime(payload); } await Events.CreatingTicket(context); var ticket = new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name); return(ticket); }
public async Task <SecurityResult> GetPermissionsAsync(string token) { if (string.IsNullOrEmpty(token)) { return(new SecurityResult(HttpStatusCode.Unauthorized, AUTHORIZATION_HEADER_INVALID)); } string checkPermissionsUri = _options.CloudFoundryApi + "/v2/apps/" + _options.ApplicationId + "/permissions"; var request = new HttpRequestMessage(HttpMethod.Get, checkPermissionsUri); AuthenticationHeaderValue auth = new AuthenticationHeaderValue("bearer", token); request.Headers.Authorization = auth; // If certificate validation is disabled, inject a callback to handle properly HttpClientHelper.ConfigureCertificateValidatation( _options.ValidateCertificates, out SecurityProtocolType prevProtocols, out RemoteCertificateValidationCallback prevValidator); try { _logger.LogDebug("GetPermissions({0}, {1})", checkPermissionsUri, token); using (var client = HttpClientHelper.GetHttpClient(_options.ValidateCertificates, DEFAULT_GETPERMISSIONS_TIMEOUT)) { using (HttpResponseMessage response = await client.SendAsync(request)) { if (response.StatusCode != HttpStatusCode.OK) { _logger?.LogInformation( "Cloud Foundry returned status: {HttpStatus} while obtaining permissions from: {PermissionsUri}", response.StatusCode, checkPermissionsUri); return(response.StatusCode == HttpStatusCode.Forbidden ? new SecurityResult(HttpStatusCode.Forbidden, ACCESS_DENIED_MESSAGE) : new SecurityResult(HttpStatusCode.ServiceUnavailable, CLOUDFOUNDRY_NOT_REACHABLE_MESSAGE)); } return(new SecurityResult(await GetPermissions(response))); } } } catch (Exception e) { _logger?.LogError("Cloud Foundry returned exception: {SecurityException} while obtaining permissions from: {PermissionsUri}", e, checkPermissionsUri); return(new SecurityResult(HttpStatusCode.ServiceUnavailable, CLOUDFOUNDRY_NOT_REACHABLE_MESSAGE)); } finally { HttpClientHelper.RestoreCertificateValidation(_options.ValidateCertificates, prevProtocols, prevValidator); } }
public async Task <List <CredentialPath> > FindAllPathsAsync() { HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/data?paths=true"); var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/data?paths=true"); return((await HandleErrorParseResponse <CredentialPathsResponse>(response, "Find all Paths")).Paths); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
#pragma warning restore SA1202 // Elements must be ordered by access public async Task <CredHubCredential <T> > GenerateAsync <T>(CredHubGenerateRequest request) { HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/data"); var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/data", request, _serializerSettings); return(await HandleErrorParseResponse <CredHubCredential <T> >(response, $"Generate {typeof(T).Name}")); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
protected internal async void DoPost(HttpClient client, HttpRequestMessage request) { HttpClientHelper.ConfigureCertificateValidatation( options.ValidateCertificates, out SecurityProtocolType prevProtocols, out RemoteCertificateValidationCallback prevValidator); try { using (HttpResponseMessage response = await client.SendAsync(request)) { logger?.LogDebug("DoPost {0}, status: {1}", request.RequestUri, response.StatusCode); if (response.StatusCode != HttpStatusCode.OK && response.StatusCode != HttpStatusCode.Accepted) { var headers = response.Headers; var statusCode = (int)response.StatusCode; if (statusCode == UNPROCESSABLE_ENTITY) { logger?.LogError("Failed to send metrics to Metrics Forwarder service due to unprocessable payload. Discarding metrics."); } else if (statusCode == PAYLOAD_TOO_LARGE) { logger?.LogError("Failed to send metrics to Metrics Forwarder service due to rate limiting. Discarding metrics."); } else if (statusCode == TOO_MANY_REQUESTS) { logger?.LogError("Failed to send metrics to Metrics Forwarder service due to rate limiting. Discarding metrics."); } else { logger?.LogError("Failed to send metrics to Metrics Forwarder service. Discarding metrics. StatusCode: {status}", statusCode); } } return; } } catch (Exception e) { logger?.LogError(e, "DoPost Exception: {uri}", request.RequestUri); } finally { client.Dispose(); HttpClientHelper.RestoreCertificateValidation(options.ValidateCertificates, prevProtocols, prevValidator); } }
protected internal virtual async void RefreshVaultTokenAsync(object state) { if (string.IsNullOrEmpty(Settings.Token)) { return; } var obscuredToken = Settings.Token.Substring(0, 4) + "[*]" + Settings.Token.Substring(Settings.Token.Length - 4); // If certificate validation is disabled, inject a callback to handle properly SecurityProtocolType prevProtocols = (SecurityProtocolType)0; HttpClientHelper.ConfigureCertificateValidatation( _settings.ValidateCertificates, out prevProtocols, out RemoteCertificateValidationCallback prevValidator); HttpClient client = null; try { client = GetHttpClient(Settings); var uri = GetVaultRenewUri(); var message = GetValutRenewMessage(uri); _logger?.LogInformation("Renewing Vault token {0} for {1} milliseconds at Uri {2}", obscuredToken, Settings.TokenTtl, uri); using (HttpResponseMessage response = await client.SendAsync(message).ConfigureAwait(false)) { if (response.StatusCode != HttpStatusCode.OK) { _logger?.LogWarning("Renewing Vault token {0} returned status: {1}", obscuredToken, response.StatusCode); } } } catch (Exception e) { _logger?.LogError("Unable to renew Vault token {0}. Is the token invalid or expired? - {1}", obscuredToken, e); } finally { client.Dispose(); HttpClientHelper.RestoreCertificateValidation(_settings.ValidateCertificates, prevProtocols, prevValidator); } }
#pragma warning disable SA1202 // Elements must be ordered by access public async Task <CredHubCredential <T> > WriteAsync <T>(CredentialSetRequest credentialRequest) { HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to PUT {_baseCredHubUrl}/v1/data"); var response = await _httpClient.PutAsJsonAsync($"{_baseCredHubUrl}/v1/data", credentialRequest, _serializerSettings); var dataAsString = await response.Content.ReadAsStringAsync(); var s = JsonConvert.DeserializeObject <CredHubCredential <T> >(dataAsString, _serializerSettings); return(await HandleErrorParseResponse <CredHubCredential <T> >(response, $"Write {typeof(T).Name}")); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public async Task <List <CredentialPermission> > GetPermissionsAsync(string name) { if (string.IsNullOrEmpty(name)) { throw new ArgumentException("Name is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/permissions?credential_name={name}"); var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/permissions?credential_name={name}"); return((await HandleErrorParseResponse <CredentialPermissions>(response, "Get Permissions")).Permissions); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public async Task <List <FoundCredential> > FindByPathAsync(string path) { if (string.IsNullOrEmpty(path)) { throw new ArgumentException("Path is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/data?path={path}"); var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/data?path={path}"); return((await HandleErrorParseResponse <CredentialFindResponse>(response, "Find by Path")).Credentials); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public async Task <List <CredHubCredential <T> > > GetByNameWithHistoryAsync <T>(string name, int entries = 10) { if (string.IsNullOrEmpty(name)) { throw new ArgumentException("Name is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/data?name={name}&versions={entries}"); var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/data?name={name}&versions={entries}"); return((await HandleErrorParseResponse <CredHubResponse <T> >(response, "Get credential by name with History")).Data); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public async Task <CredHubCredential <T> > GetByIdAsync <T>(Guid id) { if (id == Guid.Empty) { throw new ArgumentException("Id of credential is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/data{id}"); var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/data/{id}"); return(await HandleErrorParseResponse <CredHubCredential <T> >(response, $"Get {typeof(T).Name} by Id")); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public async Task <CredHubCredential <T> > GetByNameAsync <T>(string name) { if (string.IsNullOrEmpty(name)) { throw new ArgumentException("Name of credential is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to GET {_baseCredHubUrl}/v1/data?name={name}¤t=true"); var response = await _httpClient.GetAsync($"{_baseCredHubUrl}/v1/data?name={name}¤t=true"); return((await HandleErrorParseResponse <CredHubResponse <T> >(response, $"Get {typeof(T).Name} by Name")).Data.First()); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public virtual async Task <string> GetAccessToken() { HttpRequestMessage requestMessage = GetTokenRequestMessage(); HttpClientHelper.ConfigureCertificateValidatation(Options.ValidateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); HttpClient client = new HttpClient { BaseAddress = new Uri(Options.OAuthServiceUrl) }; HttpResponseMessage response = null; try { response = await client.SendAsync(requestMessage); } catch (Exception ex) { throw new Exception("Error getting access token:" + ex.Message); } finally { HttpClientHelper.RestoreCertificateValidation(Options.ValidateCertificates, protocolType, prevValidator); } if (response.IsSuccessStatusCode) { var resp = await response.Content.ReadAsStringAsync(); var payload = JObject.Parse(resp); return(payload.Value <string>("access_token")); } else { var error = "OAuth token endpoint failure: " + await Display(response); throw new Exception(error); } }
protected override async Task <OAuthTokenResponse> ExchangeCodeAsync(string code, string redirectUri) { _logger?.LogDebug("ExchangeCodeAsync({code},{redirectUri})", code, redirectUri); HttpRequestMessage requestMessage = GetTokenRequestMessage(code, redirectUri); HttpClient client = GetHttpClient(); HttpClientHelper.ConfigureCertificateValidatation( Options.ValidateCertificates, out SecurityProtocolType prevProtocols, out RemoteCertificateValidationCallback prevValidator); HttpResponseMessage response = null; try { response = await client.SendAsync(requestMessage, Context.RequestAborted); } finally { HttpClientHelper.RestoreCertificateValidation(Options.ValidateCertificates, prevProtocols, prevValidator); } if (response.IsSuccessStatusCode) { var result = await response.Content.ReadAsStringAsync(); _logger?.LogDebug("ExchangeCodeAsync() received json: {json}", result); var payload = JObject.Parse(result); var tokenResponse = OAuthTokenResponse.Success(payload); return(tokenResponse); } else { var error = "OAuth token endpoint failure: " + await Display(response); return(OAuthTokenResponse.Failed(new Exception(error))); } }
public async Task <RegeneratedCertificates> BulkRegenerateAsync(string certificateAuthority) { if (string.IsNullOrEmpty(certificateAuthority)) { throw new ArgumentException("Certificate authority used for certificates is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/bulk-regenerate"); var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/bulk-regenerate", new Dictionary <string, string> { { "signed_by", certificateAuthority } }); return(await HandleErrorParseResponse <RegeneratedCertificates>(response, "Bulk Regenerate Credentials")); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
public void ConfigureCertificateValidatation_ValidateTrue() { ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls; ServicePointManager.ServerCertificateValidationCallback = null; RemoteCertificateValidationCallback prevValidator; SecurityProtocolType protocolType; HttpClientHelper.ConfigureCertificateValidatation(true, out protocolType, out prevValidator); if (Platform.IsNetCore) { Assert.Equal(SecurityProtocolType.Tls, ServicePointManager.SecurityProtocol); Assert.Null(ServicePointManager.ServerCertificateValidationCallback); } if (Platform.IsFullFramework) { Assert.Equal(SecurityProtocolType.Tls, ServicePointManager.SecurityProtocol); Assert.Null(ServicePointManager.ServerCertificateValidationCallback); } }
public virtual async Task <JsonWebKeySet> FetchKeySet() { var requestMessage = new HttpRequestMessage(HttpMethod.Get, Options.JwtKeyEndpoint); requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); using (var handler = new HttpClientHandler()) { HttpClientHelper.ConfigureCertificateValidatation(Options.ValidateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); HttpClient client = new HttpClient(handler) { BaseAddress = new Uri(Options.OAuthServiceUrl) }; HttpResponseMessage response = null; try { response = await client.SendAsync(requestMessage); } catch (Exception ex) { throw new Exception("Error getting keys to validate token:" + ex.Message); } finally { HttpClientHelper.RestoreCertificateValidation(Options.ValidateCertificates, protocolType, prevValidator); } if (response.IsSuccessStatusCode) { var result = await response.Content.ReadAsStringAsync(); return(GetJsonWebKeySet(result)); } } return(null); }
public async Task <CredHubCredential <T> > RegenerateAsync <T>(string name) { if (string.IsNullOrEmpty(name)) { throw new ArgumentException("Name of credential to regenerate is required"); } HttpClientHelper.ConfigureCertificateValidatation(_validateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); try { _logger?.LogTrace($"About to POST {_baseCredHubUrl}/v1/data"); var response = await _httpClient.PostAsJsonAsync($"{_baseCredHubUrl}/v1/regenerate", new Dictionary <string, string> { { "name", name } }); return(await HandleErrorParseResponse <CredHubCredential <T> >(response, $"Regenerate {typeof(T).Name}")); } finally { HttpClientHelper.RestoreCertificateValidation(_validateCertificates, protocolType, prevValidator); } }
/// <summary> /// Asynchronously calls the Spring Cloud Configuration Server using the provided Uri and returning a /// a task that can be used to obtain the results /// </summary> /// <param name="requestUri">the Uri used in accessing the Spring Cloud Configuration Server</param> /// <returns>The task object representing the asynchronous operation</returns> protected internal virtual async Task <ConfigEnvironment> RemoteLoadAsync(string requestUri) { // Get client if not already set if (_client == null) { _client = GetHttpClient(_settings); } // Get the request message var request = GetRequestMessage(requestUri); // If certificate validation is disabled, inject a callback to handle properly RemoteCertificateValidationCallback prevValidator = null; SecurityProtocolType prevProtocols = (SecurityProtocolType)0; HttpClientHelper.ConfigureCertificateValidatation(_settings.ValidateCertificates, out prevProtocols, out prevValidator); // Invoke config server try { using (HttpResponseMessage response = await _client.SendAsync(request).ConfigureAwait(false)) { if (response.StatusCode != HttpStatusCode.OK) { if (response.StatusCode == HttpStatusCode.NotFound) { return(null); } // Log status var message = $"Config Server returned status: {response.StatusCode} invoking path: {requestUri}"; _logger?.LogInformation(message); // Throw if status >= 400 if (response.StatusCode >= HttpStatusCode.BadRequest) { throw new HttpRequestException(message); } else { return(null); } } Stream stream = await response.Content.ReadAsStreamAsync(); return(Deserialize(stream)); } } catch (Exception e) { // Log and rethrow _logger?.LogError("Config Server exception: {0}, path: {1}", e, requestUri); throw; } finally { HttpClientHelper.RestoreCertificateValidation(_settings.ValidateCertificates, prevProtocols, prevValidator); } }
internal static async Task <ClaimsIdentity> ExchangeCodeForToken(string code, OpenIDConnectOptions options) { string redirect_url = "https://" + options.AppHost; if (options.AppPort != 0) { redirect_url = redirect_url + ":" + options.AppPort + options.CallbackPath; } else { redirect_url = redirect_url + options.CallbackPath; } var hostName = options.AuthDomain; var pairs = new[] { new KeyValuePair <string, string>(Constants.ParamsClientID, options.ClientID), new KeyValuePair <string, string>(Constants.ParamsClientSecret, options.ClientSecret), new KeyValuePair <string, string>(Constants.ParamsGrantType, Constants.GrantTypeAuthorizationCode), new KeyValuePair <string, string>(Constants.ParamsRedirectUri, redirect_url), new KeyValuePair <string, string>(Constants.ParamsCode, code) }; var content = new FormUrlEncodedContent(pairs); var targetUrl = hostName + "/" + Constants.EndPointOAuthToken; Debug.WriteLine("About to submit request for token to : " + targetUrl); foreach (var item in pairs) { Debug.WriteLine(item.Key + ": " + item.Value); } HttpClientHelper.ConfigureCertificateValidatation(options.ValidateCertificates, out SecurityProtocolType protocolType, out RemoteCertificateValidationCallback prevValidator); using (var client = new HttpClient()) { var byteArray = Encoding.ASCII.GetBytes(options.ClientID + ":" + options.ClientSecret); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(byteArray)); try { var response = await client.PostAsync(targetUrl, content); if (response.IsSuccessStatusCode) { var tokens = await response.Content.ReadAsJsonAsync <OpenIDTokenResponse>(); Debug.WriteLine("Identity token from IDP: " + tokens.IdentityToken); Debug.WriteLine("Access token from IDP: " + tokens.AccessToken); JwtSecurityToken securityToken = new JwtSecurityToken(tokens.IdentityToken); var claimsId = new ClaimsIdentity(options.SignInAsAuthenticationType); string userName = securityToken.Claims.First(c => c.Type == "user_name").Value; string email = securityToken.Claims.First(c => c.Type == "email").Value; string userId = securityToken.Claims.First(c => c.Type == "user_id").Value; foreach (var claim in securityToken.Claims) { Debug.WriteLine(claim.Type + " : " + claim.Value); } claimsId.AddClaims(new List <Claim> { new Claim(ClaimTypes.NameIdentifier, userId), new Claim(ClaimTypes.Name, userName), new Claim(ClaimTypes.Email, email), }); var additionalScopes = tokens.Scope.Split(' ').Where(s => s != "openid"); foreach (var scope in additionalScopes) { claimsId.AddClaim(new Claim("scope", scope)); } claimsId.AddClaim(new Claim(ClaimTypes.Authentication, tokens.AccessToken)); return(claimsId); } else { Debug.WriteLine("Failed call to exchange code for token : " + response.StatusCode); Debug.WriteLine(response.ReasonPhrase); string resultJson = await response.Content.ReadAsStringAsync(); Debug.WriteLine(resultJson); return(null); } } finally { HttpClientHelper.RestoreCertificateValidation(options.ValidateCertificates, protocolType, prevValidator); } } }