/// <summary> /// Creates <see cref="AcmeResponse"/> with headers /// </summary> /// <returns></returns> public AcmeResponse CreateResponse() { var resp = new AcmeResponse { StatusCode = 200, // OK }; resp.Headers.Link.Add(new LinkHeader($"{Options.BaseAddress}directory", new LinkHeaderItem("rel", "index", true))); resp.Headers.ReplayNonce = NonceService.Create(); return(resp); }
/// <inheritdoc/> public AcmeResponse GetNonce(AcmeRequest request) { return(WrapAction((response) => { response.Headers.ReplayNonce = NonceService.Create(); if (request.Method == null || !request.Method.Equals("head", StringComparison.CurrentCultureIgnoreCase)) { response.StatusCode = 204; // No content } }, request)); }
public YobitClient(Uri baseAddress, string apiKey, string privateKey) { _apiKey = apiKey ?? string.Empty; _privateKey = (privateKey ?? string.Empty).ToSecureString(); _nonceService = new NonceService(new NonceFileWriter(), new NonceFileReader()); _httpClient.BaseAddress = baseAddress; //_httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"); //_httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Accept-Encoding", "gzip, deflate"); //_httpClient.DefaultRequestHeaders.TryAddWithoutValidation("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"); //_sha512PrivateKey = new HMACSHA512(Convert.FromBase64String(_privateKey)); _sha512PrivateKey = new HMACSHA512(Encoding.ASCII.GetBytes(_privateKey.ToUnsecureString())); }
private void Initialise(TArgument argument) { var context = new InitialiseProjectContext { PrivateVariables = new Dictionary <string, string>(), PublicVariables = new Dictionary <string, string>() }; context.PrivateVariables.Add("MsSql.SaPassword", NonceService.Generate()); context.PrivateVariables.Add("Sitecore.License", CreateEncodedSitecoreLicense(argument)); context.PrivateVariables.Add("Sitecore.TelerikEncryptionKey", NonceService.Generate()); context.MetaData.Add("SitecoreVersion", Version); context.MetaData.Add(Constants.MetaData.SitecoreTopology, argument.Topology); context.WorkingPath = argument.WorkingPath; context.SourceCodePath = argument.SourceCodePath; context.Name = argument.Name; if (!string.IsNullOrEmpty(argument.DockerComposeTemplate)) { context.DockerComposeFilePath = argument.DockerComposeTemplate; } else { context.DockerComposeFilePath = Path.Join(TemplatePath, $"{argument.Topology}.template.docker-compose.yml"); } if (!string.IsNullOrEmpty(argument.DockerComposeTemplate)) { context.EnvironmentTemplateFilePath = argument.EnvironmentTemplate; } else { context.EnvironmentTemplateFilePath = Path.Join(TemplatePath, $"{argument.Topology}.template.env"); } DoInitialise(argument, context); InitialiseProjectPipeline.Execute(context); }
protected override void DoInitialise(SitecoreInitialiseArgument argument, InitialiseProjectContext context) { var identityCertificatePassword = NonceService.Generate(); var identityCertificate = _certificateService.CreateSelfSignedCertificate("dimmy.sitecore.plugin", "localhost"); var x509IdentityCertificate2Export = identityCertificate.Export(X509ContentType.Pfx, identityCertificatePassword); var x509IdentityCertificate2Base64String = Convert.ToBase64String(x509IdentityCertificate2Export); context.PublicVariables.Add("DevelopmentHelper.HookName", argument.DevelopmentHelperHookName); context.PrivateVariables.Add("Sitecore.AdminPassword", NonceService.Generate()); context.PrivateVariables.Add("Sitecore.MediaRequestProtectionSharedSecret", NonceService.Generate()); context.PrivateVariables.Add("Sitecore.Id.Secret", NonceService.Generate()); context.PrivateVariables.Add("Sitecore.Id.CertificatePassword", identityCertificatePassword); context.PrivateVariables.Add("Sitecore.Id.Certificate", x509IdentityCertificate2Base64String); context.PrivateVariables.Add("Sitecore.Rep.ApiKey", NonceService.Generate()); context.PrivateVariables.Add("Sitecore.Xc.Engine.Authoring.ClientId", NonceService.Generate()); context.PublicVariables.Add("Sitecore.Id.HostName", argument.IdHostName); context.PublicVariables.Add("Sitecore.Cd.HostName", argument.CdHostName); context.PublicVariables.Add("Sitecore.Cm.HostName", argument.CmHostName); context.PublicVariables.Add("WindowsVersion", argument.WindowsVersion); context.PublicVariables.Add("Sitecore.Xc.GlobalTrustedConnection", argument.XcGlobalTrustedConnection.ToString()); context.PublicVariables.Add("Sitecore.Xc.SharedTrustedConnection", argument.XcSharedTrustedConnection.ToString()); context.PublicVariables.Add("Sitecore.Xc.Engine.GlobalDatabaseName", argument.XcEngineGlobalDatabaseName); context.PublicVariables.Add("Sitecore.Xc.Engine.SharedDatabaseName", argument.XcEngineSharedDatabaseName); context.PublicVariables.Add("Sitecore.Xc.Braintree.Environment", argument.XcBraintreeEnvironment); context.PublicVariables.Add("Sitecore.Xc.Braintree.MerchantId", argument.XcBraintreeMerchantId); context.PublicVariables.Add("Sitecore.Xc.Braintree.PublicKey", argument.XcBraintreePublicKey); context.PublicVariables.Add("Sitecore.Xc.Braintree.PrivateKey", argument.XcBraintreePrivateKey); }
/// <summary> /// Wraps controller action /// </summary> /// <param name="action">Action</param> /// <param name="request">ACME request. If presents wrapper validates JWS</param> /// <returns></returns> public AcmeResponse WrapAction(Action <AcmeResponse> action, AcmeRequest request, bool UseJwk = false) { var response = CreateResponse(); try { Logger.Info("Request {method} {path} {token}", request.Method, request.Path, request.Token); if (request.Method == "POST") { #region Check JWS IAccount account = null; // Parse JWT var token = request.Token; var header = token.GetProtected(); try { if (token == null) { throw new Exception("JSON Web Token is empty"); } } catch (Exception e) { throw new AcmeException(ErrorType.Unauthorized, "Cannot parse JSON Web Token", System.Net.HttpStatusCode.Unauthorized, e); } if (header.Url == null) { throw new MalformedException("The JWS header MUST have 'url' field"); } /// The "jwk" and "kid" fields are mutually exclusive. Servers MUST /// reject requests that contain both. if (header.Key != null && header.KeyID != null) { throw new MalformedException("The JWS header contains both mutually exclusive fields 'jwk' and 'kid'"); } if (UseJwk) { if (header.Key == null) { throw new AcmeException(ErrorType.IncorrectResponse, "JWS MUST contain 'jwk' field", System.Net.HttpStatusCode.BadRequest); } if (!token.Verify()) { throw new AcmeException(ErrorType.Unauthorized, "JWS signature is invalid", System.Net.HttpStatusCode.Unauthorized); } account = AccountService.FindByPublicKey(header.Key); // If a server receives a POST or POST-as-GET from a deactivated account, it MUST return an error response with status // code 401(Unauthorized) and type "urn:ietf:params:acme:error:unauthorized" } else { if (header.KeyID == null) { throw new AcmeException(ErrorType.IncorrectResponse, "JWS MUST contain 'kid' field", System.Net.HttpStatusCode.BadRequest); } account = AccountService.GetById(GetIdFromLink(header.KeyID)); if (!token.Verify(account.Key.GetPublicKey())) { throw new AcmeException(ErrorType.Unauthorized, "JWS signature is invalid", System.Net.HttpStatusCode.Unauthorized); } // Once an account is deactivated, the server MUST NOT accept further // requests authorized by that account's key // https://tools.ietf.org/html/rfc8555#section-7.3.6 } if (account != null) { AssertAccountStatus(account); } #endregion #region Check Nonce // The "nonce" header parameter MUST be carried in the protected header of the JWS. var nonce = request.Token.GetProtected().Nonce ?? throw new MalformedException("The 'nonce' header parameter doesn't present in the protected header of the JWS"); NonceService.Validate(nonce); #endregion } // Invoke action action.Invoke(response); } catch (AcmeException e) { response.StatusCode = (int)e.StatusCode; Error error = e; response.Content = error; Logger.Error(e); } catch (Exception e) { response.StatusCode = 500; // Internal Server Error Error error = e; response.Content = error; Logger.Error(e); } Logger.Info("Response {@response}", response); return(response); }