private Response BatchProcess(UriInfo uriInfo, HttpHeaders httpHeaders, HttpServletRequest req, Stream body) { try { NonStreamingBatchOperations batchOperations = new NonStreamingBatchOperations(_webServer); BatchOperationResults results = batchOperations.PerformBatchJobs(uriInfo, httpHeaders, req, body); Response res = Response.ok().entity(results.ToJSON()).type(HttpHeaderUtils.mediaTypeWithCharsetUtf8(MediaType.APPLICATION_JSON_TYPE)).build(); _representationWriteHandler.onRepresentationWritten(); return(res); } catch (Exception e) { return(_output.serverError(e)); } finally { _representationWriteHandler.onRepresentationFinal(); } }
public async Task IssueAccessTokenFromStsToken_WrongIssuingCertificate_ReturnsError() { var clientCertificate = CertificateUtil.GetCertificate("0E6DBCC6EFAAFF72E3F3D824E536381B26DEECF5"); var issuerAudienceses = new[] { //wrong issuing cert new IssuerAudiences("0E6DBCC6EFAAFF72E3F3D824E536381B26DEECF5", "sts cert") .Audience(new Uri("https://wsp.oioidws-net.dk")), }; await PerformValidationTestAsync(clientCertificate, issuerAudienceses, (options, response) => { Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); var errors = HttpHeaderUtils.ParseOAuthSchemeParameter(response.Headers.WwwAuthenticate.First().Parameter); Assert.AreEqual(AuthenticationErrorCodes.InvalidToken, errors["error"]); Assert.AreEqual("Issuer certificate 'D9F10C97AA647727ADB64A349BB037C5C23C9A7A' was unknown", errors["error_description"]); return(Task.FromResult(0)); }); }
public async Task Authenticate_UnknownToken_UnauthorizedByService() { await ProcessAuthenticateAsync( "bearer", (context, next) => { //this service requires auth, therefore denies context.Response.StatusCode = context.Request.User == null ? 401 : 200; return(Task.FromResult(0)); }, response => { Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); var errors = HttpHeaderUtils.ParseOAuthSchemeParameter(response.Headers.WwwAuthenticate.First().Parameter); Assert.AreEqual(AuthenticationErrorCodes.InvalidToken, errors["error"]); Assert.AreEqual("Token information could not be retrieved from the Authorization Server. The access token might be unknown or expired", errors["error_description"]); return(Task.FromResult(0)); }, tokenFunc : () => null); }
public async Task IssueAccessTokenFromStsToken_ExpiredSecurityToken_ReturnsError() { var clientCertificate = CertificateUtil.GetCertificate("0E6DBCC6EFAAFF72E3F3D824E536381B26DEECF5"); var issuerAudienceses = new[] { new IssuerAudiences("d9f10c97aa647727adb64a349bb037c5c23c9a7a", "sts cert") .Audience(new Uri("https://wsp.oioidws-net.dk")), }; var samlToken = File.ReadAllText(@"Resources\ExpiredSecurityToken.xml"); await PerformValidationTestAsync(clientCertificate, issuerAudienceses, (options, response) => { Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); var errors = HttpHeaderUtils.ParseOAuthSchemeParameter(response.Headers.WwwAuthenticate.First().Parameter); Assert.AreEqual(AuthenticationErrorCodes.InvalidToken, errors["error"]); Assert.AreEqual("The Token is expired", errors["error_description"]); return(Task.FromResult(0)); }, samlToken : () => samlToken); }
public async Task Authenticate_InsufficientScope_ReturnsRequiredScope() { await ProcessAuthenticateAsync( "bearer", (context, next) => { //this service requires auth, therefore denies if nu user var authProperties = new AuthenticationProperties(); authProperties.Dictionary[AuthenticationErrorCodes.InsufficentScope] = "scope1"; context.Authentication.Challenge(authProperties); return(Task.FromResult(0)); }, response => { Assert.AreEqual(HttpStatusCode.Forbidden, response.StatusCode); var errors = HttpHeaderUtils.ParseOAuthSchemeParameter(response.Headers.WwwAuthenticate.First().Parameter); Assert.AreEqual(AuthenticationErrorCodes.InsufficentScope, errors["error"]); Assert.AreEqual("scope1", errors["scope"]); return(Task.FromResult(0)); }); }
public async Task Authenticate_WrongTokenType_UnauthorizedByService() { await ProcessAuthenticateAsync( "bearer", (context, next) => { //this service requires auth, therefore denies context.Response.StatusCode = context.Request.User == null ? 401 : 200; return(Task.FromResult(0)); }, response => { Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); var errors = HttpHeaderUtils.ParseOAuthSchemeParameter(response.Headers.WwwAuthenticate.First().Parameter); Assert.AreEqual(AuthenticationErrorCodes.InvalidToken, errors["error"]); Assert.AreEqual("Authentication scheme was not valid", errors["error_description"]); return(Task.FromResult(0)); }, tokenFunc : () => new OioIdwsToken { Type = AccessTokenType.HolderOfKey }); }
public async Task Authenticate_InvalidHolderOfKeyCertificate_UnauthorizedByService() { await ProcessAuthenticateAsync( "holder-of-key", (context, next) => { //this service requires auth, therefore denies context.Response.StatusCode = context.Request.User == null ? 401 : 200; return(Task.FromResult(0)); }, response => { Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); var errors = HttpHeaderUtils.ParseOAuthSchemeParameter(response.Headers.WwwAuthenticate.First().Parameter); Assert.AreEqual(AuthenticationErrorCodes.InvalidToken, errors["error"]); Assert.AreEqual("A valid certificate must be presented when presenting a Holder-of-key token", errors["error_description"]); return(Task.FromResult(0)); }, tokenFunc : () => new OioIdwsToken { Type = AccessTokenType.HolderOfKey, CertificateThumbprint = "correct cert thumbprint" }, certificateFunc : () => CertificateUtil.GetCertificate("d9f10c97aa647727adb64a349bb037c5c23c9a7a")); }
private static bool IsInvalidToken(HttpResponseMessage response) { return(response.Headers.WwwAuthenticate.Any(x => AccessTokenTypeParser.FromString(x.Scheme).HasValue&& HttpHeaderUtils.ParseOAuthSchemeParameter(x.Parameter)["error"].Equals(AuthenticationErrorCodes.InvalidToken, StringComparison.OrdinalIgnoreCase))); }
public async Task <AccessToken> GetTokenAsync(GenericXmlSecurityToken securityToken, CancellationToken cancellationToken) { if (securityToken == null) { throw new ArgumentNullException(nameof(securityToken)); } string samlToken; using (var stream = new MemoryStream()) { using (var writer = XmlWriter.Create(stream)) { securityToken.TokenXml.WriteTo(writer); } samlToken = Convert.ToBase64String(stream.ToArray()); } var requestHandler = new WebRequestHandler { ClientCertificates = { _settings.ClientCertificate } }; var formFields = new Dictionary <string, string> { { "saml-token", samlToken } }; if (_settings.DesiredAccessTokenExpiry.HasValue) { formFields["should-expire-in"] = ((int)_settings.DesiredAccessTokenExpiry.Value.TotalSeconds).ToString(); } var client = new HttpClient(requestHandler); var response = await client.PostAsync( _settings.AccessTokenIssuerEndpoint, new FormUrlEncodedContent(formFields), cancellationToken); if (!response.IsSuccessStatusCode) { //just find the first valid authenticate header we recognize var challenge = response.Headers.WwwAuthenticate .Select(x => new { Type = AccessTokenTypeParser.FromString(x.Scheme), x.Parameter }) .FirstOrDefault(x => x.Type.HasValue); if (challenge != null) { var parms = HttpHeaderUtils.ParseOAuthSchemeParameter(challenge.Parameter); throw new OioIdwsChallengeException( challenge.Type.Value, parms["error"], parms["error_description"], $@"Got unexpected challenge while issuing access token from '{ _settings.AccessTokenIssuerEndpoint }' ({response.StatusCode})': {parms["error"]} - {parms["error_description"]}"); } throw new InvalidOperationException( $@"Got unexpected response while issuing access token from '{_settings.AccessTokenIssuerEndpoint}' {response.StatusCode}: {await response.Content.ReadAsStringAsync()}"); } var json = await response.Content.ReadAsStringAsync(); var jsonValue = JObject.Parse(json); var accessToken = new Rest.Client.AccessToken.AccessToken { Value = (string)jsonValue["access_token"], ExpiresIn = TimeSpan.FromSeconds((int)jsonValue["expires_in"]), RetrievedAtUtc = DateTime.UtcNow, Type = ParseAccessTokenType((string)jsonValue["token_type"]) }; return(accessToken); }
internal static EntityTagHeaderValue GetETagFromVersion(byte[] version) { string quotedEtag = HttpHeaderUtils.GetQuotedString(Convert.ToBase64String(version)); return(new EntityTagHeaderValue(quotedEtag)); }
protected internal virtual Response Response(Response.ResponseBuilder response, Representation representation) { return(FormatRepresentation(response, representation).type(HttpHeaderUtils.mediaTypeWithCharsetUtf8(MediaType)).build()); }
public async Task Authenticates_TokenExpired_IsUnauthorized() { var accessToken = "dummy"; var oioIdwsTokenKey = "token1"; var token = new OioIdwsToken { ExpiresUtc = DateTimeOffset.UtcNow.AddHours(-1), Claims = new[] { new OioIdwsClaim { Value = "hans", Type = "name" }, } }; var storeMock = new Mock <ISecurityTokenStore>(); storeMock .Setup(x => x.RetrieveTokenAsync(oioIdwsTokenKey)) .ReturnsAsync(token); var authProperties = new AuthenticationProperties { ExpiresUtc = DateTimeOffset.UtcNow.AddHours(-1), Dictionary = { { "value", oioIdwsTokenKey } } }; var tokenDataFormatMock = new Mock <ISecureDataFormat <AuthenticationProperties> >(); tokenDataFormatMock .Setup(x => x.Unprotect(accessToken)) .Returns(authProperties); using (var server = TestServer.Create(app => { app .UseOioIdwsAuthentication(new OioIdwsAuthenticationOptions()) .UseOioIdwsAuthorizationService(new OioIdwsAuthorizationServiceOptions { AccessTokenIssuerPath = new PathString("/accesstoken/issue"), IssuerAudiences = () => Task.FromResult(new[] { new IssuerAudiences("", "") }), SecurityTokenStore = storeMock.Object, TokenDataFormat = tokenDataFormatMock.Object, }) .Use((context, next) => { if (context.Request.Path == new PathString("/wsp")) { context.Response.StatusCode = context.Request.User != null ? 200 : 401; } return(Task.FromResult(0)); }); })) { var client = server.HttpClient; var authHeader = new AuthenticationHeaderValue("Bearer", accessToken); client.DefaultRequestHeaders.Authorization = authHeader; { var response = await client.GetAsync("/wsp"); Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); var errors = HttpHeaderUtils.ParseOAuthSchemeParameter(response.Headers.WwwAuthenticate.First().Parameter); Assert.AreEqual(AuthenticationErrorCodes.InvalidToken, errors["error"]); Assert.AreEqual("Token was expired", errors["error_description"]); } { authProperties.ExpiresUtc = DateTimeOffset.Now.AddHours(1); var response = await client.GetAsync("/wsp"); Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); var errors = HttpHeaderUtils.ParseOAuthSchemeParameter(response.Headers.WwwAuthenticate.First().Parameter); Assert.AreEqual(AuthenticationErrorCodes.InvalidToken, errors["error"]); Assert.AreEqual("Token was expired", errors["error_description"]); } } }