public async Task <Client> Get(KeyId clientId)
{
if (_expiration <= TimeSpan.Zero)
{
return(await _decorated.Get(clientId).ConfigureAwait(continueOnCapturedContext: false));
}
await Semaphore.WaitAsync(MaxLockWaitTime).ConfigureAwait(continueOnCapturedContext: false);
var cacheKey = $"CacheEntry_Client_{clientId}";
try {
if (!_cache.TryGetValue <Client>(cacheKey, out var cachedClient))
{
var retrievedClient = await _decorated.Get(clientId).ConfigureAwait(continueOnCapturedContext: false);
var options = BuildEntryOptions();
_cache.Set(cacheKey, retrievedClient, options);
return(retrievedClient);
}
return(cachedClient);
}
finally {
Semaphore.Release();
}
}
public async Task <bool> DoesClientOwnItem(string clientId, string grain, string securableItem)
{
if (string.IsNullOrEmpty(clientId))
{
return(false);
}
var client = await _clientStore.Get(clientId);
return(DoesClientOwnItem(client.TopLevelSecurableItem, grain, securableItem));
}
private ICrmPlusPlus GetCrmClient()
{
var client = clientStore.Get() as CrmClient;
if (client == null)
{
throw new InvalidOperationException("Could not access CRM Client.");
}
return(client.Crm);
}
public async Task <RequestSignatureVerificationResult> VerifySignature(HttpRequestForVerification request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (request.Signature == null)
{
var failure = SignatureVerificationFailure.InvalidSignature("The signature is missing from the request.");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client: null, request, failure));
}
var firstValidationError = request.Signature.GetValidationErrors().FirstOrDefault();
if (firstValidationError != default)
{
var failure = SignatureVerificationFailure.InvalidSignature($"The signature is invalid: {firstValidationError.Message}");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client: null, request, failure));
}
var client = await _clientStore.Get(request.Signature.KeyId).ConfigureAwait(continueOnCapturedContext: false);
if (client == null)
{
var failure = SignatureVerificationFailure.InvalidClient($"No {nameof(Client)}s with id '{request.Signature.KeyId}' are registered in the server store.");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client: null, request, failure));
}
var verificationFailure = await _signatureVerifier.VerifySignature(request, client).ConfigureAwait(continueOnCapturedContext: false);
var verificationResultCreator = _verificationResultCreatorFactory.Create(client, request);
var result = verificationFailure == null
? verificationResultCreator.CreateForSuccess()
: verificationResultCreator.CreateForFailure(verificationFailure);
if (result is RequestSignatureVerificationResultSuccess success)
{
_logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
}
else if (result is RequestSignatureVerificationResultFailure failure)
{
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
}
return(result);
}
public async Task <RequestSignatureVerificationResult> VerifySignature(HttpRequest request, SignedRequestAuthenticationOptions options)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
Client client = null;
Signature signature = null;
try {
signature = _signatureParser.Parse(request);
client = await _clientStore.Get(signature.KeyId);
var requestForSigning = await request.ToRequestForSigning(signature);
var verificationFailure = await _signatureVerifier.VerifySignature(requestForSigning, signature, client);
var verificationResultCreator = _verificationResultCreatorFactory.Create(client, signature);
var result = verificationFailure == null
? verificationResultCreator.CreateForSuccess()
: verificationResultCreator.CreateForFailure(verificationFailure);
if (result is RequestSignatureVerificationResultSuccess success)
{
_logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
}
else if (result is RequestSignatureVerificationResultFailure failure)
{
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
}
return(result);
}
catch (InvalidClientException ex) {
var failure = SignatureVerificationFailure.InvalidClient(ex.Message, ex);
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
catch (InvalidSignatureException ex) {
var failure = SignatureVerificationFailure.InvalidSignature(ex.Message, ex);
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
}
public async Task <SecurableItem> GetTopLevelSecurableItem(string clientId)
{
var client = await _clientStore.Get(clientId);
return(client.TopLevelSecurableItem);
}
public async Task <RequestSignatureVerificationResult> VerifySignature(HttpRequest request, SignedRequestAuthenticationOptions options)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
Client client = null;
Signature signature = null;
try {
signature = _signatureParser.Parse(request, options);
var eventTask = options.OnSignatureParsed;
if (eventTask != null)
{
await eventTask.Invoke(request, signature).ConfigureAwait(false);
}
try {
signature.Validate();
}
catch (ValidationException ex) {
throw new InvalidSignatureException(
"The signature is invalid. See inner exception.",
ex);
}
client = await _clientStore.Get(signature.KeyId).ConfigureAwait(false);
if (client == null)
{
var failure = SignatureVerificationFailure.InvalidClient($"No {nameof(Client)}s with id '{signature.KeyId}' are registered in the server store.");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
var requestForSigning = await request.ToRequestForSigning(signature).ConfigureAwait(false);
var verificationFailure = await _signatureVerifier.VerifySignature(requestForSigning, signature, client).ConfigureAwait(false);
var verificationResultCreator = _verificationResultCreatorFactory.Create(client, signature);
var result = verificationFailure == null
? verificationResultCreator.CreateForSuccess()
: verificationResultCreator.CreateForFailure(verificationFailure);
if (result is RequestSignatureVerificationResultSuccess success)
{
_logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
}
else if (result is RequestSignatureVerificationResultFailure failure)
{
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
}
return(result);
}
catch (InvalidSignatureException ex) {
var failure = SignatureVerificationFailure.InvalidSignature(ex.Message, ex);
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
}
public async Task <Client> Get(KeyId clientId)
{
using (await _lock.ReaderLockAsync()) {
return(await _decorated.Get(clientId));
}
}
public DomainComponentRepository(IClientStore clientStore)
{
Client = clientStore.Get().Crm.EntityClient;
}
