public ProjectDocumentRepository(IDocumentStorer documentStorer,
IDocumentRetriever documentRetriever,
IDocumentDeleter documentDeleter,
IResultCreator resultCreator,
IMapper mapper)
{
_documentStorer = documentStorer;
_documentRetriever = documentRetriever;
_documentDeleter = documentDeleter;
_resultCreator = resultCreator;
_mapper = mapper;
}
public TestDocumentRetriever(string primaryDocument, IDocumentRetriever fallback)
{
_primaryDocument = primaryDocument;
_fallback = fallback;
}
public PostCacheTask(IDocumentRetriever dynamoTableRetriever)
{
this.dynamoTableRetriever = dynamoTableRetriever;
}
/// <inheritdoc/>
public Task <WsFederationConfiguration> GetConfigurationAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
{
return(GetAsync(address, retriever, cancel));
}
public TestDocumentRetriever(string primaryDocument, IDocumentRetriever fallback)
{
_primaryDocument = primaryDocument;
_fallback = fallback;
}
/// <summary>
/// Retrieves a populated <see cref="OpenIdConnectConfiguration"/> given an address and an <see cref="IDocumentRetriever"/>.
/// </summary>
/// <param name="address">address of the jwks uri.</param>
/// <param name="retriever">the <see cref="IDocumentRetriever"/> to use to read the jwks</param>
/// <param name="cancel"><see cref="CancellationToken"/>.</param>
/// <returns>A populated <see cref="OpenIdConnectConfiguration"/> instance.</returns>
public static async Task <OpenIdConnectConfiguration> GetAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
{
if (string.IsNullOrWhiteSpace(address))
{
throw LogHelper.LogArgumentNullException(nameof(address));
}
if (retriever == null)
{
throw LogHelper.LogArgumentNullException(nameof(retriever));
}
var doc = await retriever.GetDocumentAsync(address, cancel).ConfigureAwait(false);
LogHelper.LogVerbose("IDX21811: Deserializing the string: '{0}' obtained from metadata endpoint into openIdConnectConfiguration object.", doc);
var jwks = new JsonWebKeySet(doc);
var openIdConnectConfiguration = new OpenIdConnectConfiguration()
{
JsonWebKeySet = jwks,
JwksUri = address,
};
foreach (var securityKey in jwks.GetSigningKeys())
{
openIdConnectConfiguration.SigningKeys.Add(securityKey);
}
return(openIdConnectConfiguration);
}
/// <summary>
/// Retrieves a populated <see cref="WsFederationConfiguration"/> given an address and an <see cref="IDocumentRetriever"/>.
/// </summary>
/// <param name="address">address of the metadata document.</param>
/// <param name="retriever">the <see cref="IDocumentRetriever"/> to use to read the metadata document</param>
/// <param name="cancel"><see cref="CancellationToken"/>.</param>
/// <returns>A populated <see cref="WsFederationConfiguration"/> instance.</returns>
/// <exception cref="ArgumentNullException">if <paramref name="address"/> is null or empty.</exception>
/// <exception cref="ArgumentNullException">if <paramref name="retriever"/> is null.</exception>
public static async Task <WsFederationConfiguration> GetAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
{
if (string.IsNullOrEmpty(address))
{
throw LogArgumentNullException(nameof(address));
}
if (retriever == null)
{
throw LogArgumentNullException(nameof(retriever));
}
string document = await retriever.GetDocumentAsync(address, cancel).ConfigureAwait(false);
using (var metaDataReader = XmlReader.Create(new StringReader(document), SafeSettings))
{
return((new WsFederationMetadataSerializer()).ReadMetadata(metaDataReader));
}
}
/// <summary>
/// Initializes a new instance of <see cref="ConfigurationManagerStub" />
/// </summary>
/// <param name="metadataAddress">The address to obtain configuration.</param>
/// <param name="configRetriever">The <see cref="IConfigurationRetriever{OpenIdConnectConfiguration}" /></param>
/// <param name="docRetriever">The <see cref="IDocumentRetriever" /> that reaches out to obtain the configuration.</param>
public ConfigurationManagerStub(
string metadataAddress,
IConfigurationRetriever <OpenIdConnectConfiguration> configRetriever,
IDocumentRetriever docRetriever)
{
}
private async Task <MetadataBase> GetAsync(FederationPartyConfiguration context, IDocumentRetriever retriever, CancellationToken cancel)
{
this._metadataSerialiser.Validator.SetFederationPartyId(context.FederationPartyId);
if (string.IsNullOrWhiteSpace(context.MetadataAddress))
{
throw new ArgumentNullException("address");
}
if (retriever == null)
{
throw new ArgumentNullException("retriever");
}
var str = await retriever.GetDocumentAsync(context.MetadataAddress, cancel);
var document = str;
str = null;
if (String.IsNullOrWhiteSpace(document))
{
throw new ArgumentNullException(nameof(document));
}
using (XmlReader reader = XmlReader.Create(new StringReader(document), this._safeSettings))
{
var federationConfiguration = this._metadataSerialiser.Deserialise(reader);
if (this.MetadataReceivedCallback != null)
{
this.MetadataReceivedCallback(federationConfiguration);
}
return(federationConfiguration);
}
}
Task <TrustConfiguration> IConfigurationRetriever <TrustConfiguration> .GetConfigurationAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
{
return(GetAsync(address, retriever, cancel));
}
public Task <IDictionary <string, HashSet <string> > > GetConfigurationAsync(string address, IDocumentRetriever retriever, CancellationToken cancellationToken)
{
return(Task.FromResult(EndorsementTable));
}
public async Task <IDictionary <string, string[]> > GetConfigurationAsync(string address, IDocumentRetriever retriever, CancellationToken cancellationToken)
{
if (address == null)
{
throw new ArgumentNullException(nameof(address));
}
if (retriever == null)
{
throw new ArgumentNullException(nameof(retriever));
}
var jsonDocument = await retriever.GetDocumentAsync(address, cancellationToken);
var configurationRoot = JObject.Parse(jsonDocument);
var keys = configurationRoot["keys"]?.Value <JArray>();
if (keys == null)
{
return(new Dictionary <string, string[]>(0));
}
var results = new Dictionary <string, string[]>(keys.Count);
foreach (var key in keys)
{
var keyId = key[AuthenticationConstants.KeyIdHeader]?.Value <string>();
if (keyId != null
&&
!results.ContainsKey(keyId))
{
var endorsementsToken = key["endorsements"];
if (endorsementsToken != null)
{
results.Add(keyId, endorsementsToken.Values <string>().ToArray());
}
}
}
return(results);
}
/// <summary>
/// Retrieves a populated <see cref="WsFederationConfiguration"/> given an address and an <see cref="IDocumentRetriever"/>.
/// </summary>
/// <param name="address">address of the metadata document.</param>
/// <param name="retriever">the <see cref="IDocumentRetriever"/> to use to read the metadata document</param>
/// <param name="cancel"><see cref="CancellationToken"/>.</param>
/// <returns>A populated <see cref="WsFederationConfiguration"/> instance.</returns>
public static async Task <WsFederationConfiguration> GetAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
{
if (string.IsNullOrWhiteSpace(address))
{
throw new ArgumentNullException("address");
}
if (retriever == null)
{
throw new ArgumentNullException("retriever");
}
WsFederationConfiguration configuration = new WsFederationConfiguration();
string document = await retriever.GetDocumentAsync(address, cancel);
using (XmlReader metaDataReader = XmlReader.Create(new StringReader(document), SafeSettings))
{
var serializer = new MetadataSerializer {
CertificateValidationMode = X509CertificateValidationMode.None
};
MetadataBase metadataBase = serializer.ReadMetadata(metaDataReader);
var entityDescriptor = (EntityDescriptor)metadataBase;
if (!string.IsNullOrWhiteSpace(entityDescriptor.EntityId.Id))
{
configuration.Issuer = entityDescriptor.EntityId.Id;
}
SecurityTokenServiceDescriptor stsd = entityDescriptor.RoleDescriptors.OfType <SecurityTokenServiceDescriptor>().First();
if (stsd != null)
{
configuration.TokenEndpoint = stsd.PassiveRequestorEndpoints.First().Uri.AbsoluteUri;
foreach (KeyDescriptor keyDescriptor in stsd.Keys)
{
if (keyDescriptor.KeyInfo != null && (keyDescriptor.Use == KeyType.Signing || keyDescriptor.Use == KeyType.Unspecified))
{
foreach (SecurityKeyIdentifierClause clause in keyDescriptor.KeyInfo)
{
X509RawDataKeyIdentifierClause x509Clause = clause as X509RawDataKeyIdentifierClause;
if (x509Clause != null)
{
var key = new X509SecurityKey(new X509Certificate2(x509Clause.GetX509RawData()));
configuration.SigningKeys.Add(key);
}
}
}
}
}
}
return(configuration);
}
/// <summary>
/// Retrieves the OpenID 2.0 configuration from the specified address.
/// </summary>
/// <param name="address">The address of the discovery document.</param>
/// <param name="retriever">The object used to retrieve the discovery document.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
/// <returns>An <see cref="OpenIdAuthenticationConfiguration"/> instance.</returns>
public async Task <OpenIdAuthenticationConfiguration> GetConfigurationAsync(
[NotNull] string address, [NotNull] IDocumentRetriever retriever, CancellationToken cancellationToken)
{
if (string.IsNullOrEmpty(address))
{
throw new ArgumentException("The address cannot be null or empty.", nameof(address));
}
if (retriever == null)
{
throw new ArgumentNullException(nameof(retriever));
}
using (var cancellationTokenSource = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken))
{
// If the final authentication endpoint cannot be found after 30 seconds, abort the discovery operation.
cancellationTokenSource.CancelAfter(HttpClient.Timeout < TimeSpan.FromSeconds(30) ?
HttpClient.Timeout : TimeSpan.FromSeconds(30));
do
{
// application/xrds+xml MUST be the preferred content type to avoid a second round-trip.
// See http://openid.net/specs/yadis-v1.0.pdf (chapter 6.2.4)
var request = new HttpRequestMessage(HttpMethod.Get, address);
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(OpenIdAuthenticationConstants.Media.Xrds));
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(OpenIdAuthenticationConstants.Media.Html));
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(OpenIdAuthenticationConstants.Media.Xhtml));
var response = await HttpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, cancellationTokenSource.Token);
if (!response.IsSuccessStatusCode)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture,
"The Yadis discovery failed because an invalid response was received: the identity provider " +
"returned returned a {0} response with the following payload: {1} {2}.",
/* Status: */ response.StatusCode,
/* Headers: */ response.Headers.ToString(),
/* Body: */ await response.Content.ReadAsStringAsync()));
}
// Note: application/xrds+xml is the standard content type but text/xml is frequent.
// See http://openid.net/specs/yadis-v1.0.pdf (chapter 6.2.6)
var media = response.Content.Headers.ContentType?.MediaType;
if (string.Equals(media, OpenIdAuthenticationConstants.Media.Xrds, StringComparison.OrdinalIgnoreCase) ||
string.Equals(media, OpenIdAuthenticationConstants.Media.Xml, StringComparison.OrdinalIgnoreCase))
{
using (var stream = await response.Content.ReadAsStreamAsync())
using (var reader = XmlReader.Create(stream))
{
var document = XDocument.Load(reader);
var endpoint = (from service in document.Root.Element(XName.Get("XRD", "xri://$xrd*($v*2.0)"))
.Descendants(XName.Get("Service", "xri://$xrd*($v*2.0)"))
where service.Descendants(XName.Get("Type", "xri://$xrd*($v*2.0)"))
.Any(type => type.Value == "http://specs.openid.net/auth/2.0/server")
orderby service.Attribute("priority")?.Value
select service.Element(XName.Get("URI", "xri://$xrd*($v*2.0)"))?.Value).FirstOrDefault();
Uri uri;
if (!string.IsNullOrEmpty(endpoint) && Uri.TryCreate(endpoint, UriKind.Absolute, out uri))
{
return(new OpenIdAuthenticationConfiguration
{
AuthenticationEndpoint = uri.AbsoluteUri
});
}
throw new InvalidOperationException(
"The Yadis discovery failed because the XRDS document returned by the " +
"identity provider was invalid or didn't contain the endpoint address.");
}
}
// Try to extract the XRDS location from the response headers before parsing the body.
// See http://openid.net/specs/yadis-v1.0.pdf (chapter 6.2.6)
var location = (from header in response.Headers
where string.Equals(header.Key, OpenIdAuthenticationConstants.Headers.XrdsLocation, StringComparison.OrdinalIgnoreCase)
from value in header.Value
select value).FirstOrDefault();
if (!string.IsNullOrEmpty(location))
{
Uri uri;
if (!Uri.TryCreate(location, UriKind.Absolute, out uri))
{
throw new InvalidOperationException(
"The Yadis discovery failed because the X-XRDS-Location " +
"header returned by the identity provider was invalid.");
}
// Retry the discovery operation, but using the XRDS location extracted from the header.
address = uri.AbsoluteUri;
continue;
}
// Only text/html or application/xhtml+xml can be safely parsed.
// See http://openid.net/specs/yadis-v1.0.pdf
if (string.Equals(media, OpenIdAuthenticationConstants.Media.Html, StringComparison.OrdinalIgnoreCase) ||
string.Equals(media, OpenIdAuthenticationConstants.Media.Xhtml, StringComparison.OrdinalIgnoreCase))
{
IHtmlDocument document = null;
try
{
using (var stream = await response.Content.ReadAsStreamAsync())
{
document = await HtmlParser.ParseAsync(stream, cancellationTokenSource.Token);
}
}
catch (Exception exception)
{
throw new InvalidOperationException("An exception occurred while parsing the HTML document.", exception);
}
var endpoint = (from element in document.Head.GetElementsByTagName(OpenIdAuthenticationConstants.Metadata.Meta)
let attribute = element.Attributes[OpenIdAuthenticationConstants.Metadata.HttpEquiv]
where string.Equals(attribute?.Value, OpenIdAuthenticationConstants.Metadata.XrdsLocation, StringComparison.OrdinalIgnoreCase)
select element.Attributes[OpenIdAuthenticationConstants.Metadata.Content]?.Value).FirstOrDefault();
if (!string.IsNullOrEmpty(endpoint))
{
Uri uri;
if (!Uri.TryCreate(endpoint, UriKind.Absolute, out uri))
{
throw new InvalidOperationException(
"The Yadis discovery failed because the X-XRDS-Location " +
"metadata returned by the identity provider was invalid.");
}
// Retry the discovery operation, but using the XRDS
// location extracted from the parsed HTML document.
address = uri.AbsoluteUri;
continue;
}
}
throw new InvalidOperationException("The Yadis discovery failed because the XRDS document location was not found.");
}while (!cancellationTokenSource.IsCancellationRequested);
}
throw new InvalidOperationException("The OpenID 2.0 configuration cannot be retrieved.");
}
/// <summary>
/// Retrieves a populated <see cref="OpenIdConnectConfiguration"/> given an address and an <see cref="IDocumentRetriever"/>.
/// </summary>
/// <param name="address">address of the discovery document.</param>
/// <param name="retriever">the <see cref="IDocumentRetriever"/> to use to read the discovery document</param>
/// <param name="cancel"><see cref="CancellationToken"/>.</param>
/// <returns>A populated <see cref="OpenIdConnectConfiguration"/> instance.</returns>
public static async Task <OpenIdConnectConfiguration> GetAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
{
if (string.IsNullOrWhiteSpace(address))
{
throw new ArgumentNullException("address");
}
if (retriever == null)
{
throw new ArgumentNullException("retriever");
}
string doc = await retriever.GetDocumentAsync(address, cancel).ConfigureAwait(false);
OpenIdConnectConfiguration openIdConnectConfiguration = new OpenIdConnectConfiguration(doc);
if (!string.IsNullOrEmpty(openIdConnectConfiguration.JwksUri))
{
string keys = await retriever.GetDocumentAsync(openIdConnectConfiguration.JwksUri, cancel).ConfigureAwait(false);
openIdConnectConfiguration.JsonWebKeySet = new JsonWebKeySet(keys);
foreach (SecurityToken token in openIdConnectConfiguration.JsonWebKeySet.GetSigningTokens())
{
openIdConnectConfiguration.SigningTokens.Add(token);
}
}
return(openIdConnectConfiguration);
}
public async Task <IDictionary <string, string[]> > GetConfigurationAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
{
var res = await retriever.GetDocumentAsync(address, cancel);
var obj = Newtonsoft.Json.JsonConvert.DeserializeObject <JObject>(res);
if (obj != null && obj.HasValues && obj["keys"] != null)
{
var keys = obj.SelectToken("keys").Value <JArray>();
var endorsements = keys.Where(key => key["endorsements"] != null).Select(key => Tuple.Create(key.SelectToken("kid").Value <string>(), key.SelectToken("endorsements").Values <string>()));
return(endorsements.Distinct(new EndorsementsComparer()).ToDictionary(item => item.Item1, item => item.Item2.ToArray()));
}
else
{
return(new Dictionary <string, string[]>());
}
}
