/// <summary> /// Initialize a new instance of <see cref="JwtSigningCertificateProvider"/> with settings for accessing a key vault and file system. /// </summary> /// <param name="keyVaultSettings">Settings required to access a certificate stored in a key vault.</param> /// <param name="certificateSettings">Settings required to access a certificate stored on a file system.</param> public JwtSigningCertificateProvider( IOptions <KeyVaultSettings> keyVaultSettings, IOptions <CertificateSettings> certificateSettings) { _keyVaultSettings = keyVaultSettings.Value; _certificateSettings = certificateSettings.Value; }
public BankCheckService(FedsfmCheckService fedsfmService, IOptions <ConnectionSettings> connectionSettings, ILogger <BankCheckService> logger, IOptions <CertificateSettings> certificateSettings) { _fedsfmService = fedsfmService; _connectionSettings = connectionSettings.Value; _logger = logger; _certificatePassword = certificateSettings.Value; }
void Verify(CertificateSettings settings) { Assert.NotNull(settings.Resolvers); foreach (CertResolverSettings resolverSettings in settings.Resolvers) { Assert.DoesNotThrow(() => resolverSettings.Validate()); CertServiceResolverSettings serviceResolverSettings = resolverSettings as CertServiceResolverSettings; if (serviceResolverSettings != null) { Assert.False(serviceResolverSettings.OrgCertificatesOnly); } ICertificateResolver resolver = null; Assert.DoesNotThrow(() => resolver = resolverSettings.CreateResolver()); Assert.NotNull(resolver); if (serviceResolverSettings != null) { Assert.False(((ConfigCertificateResolver)resolver).OrgCertificatesOnly); serviceResolverSettings.OrgCertificatesOnly = true; resolver = serviceResolverSettings.CreateResolver(); Assert.True(((ConfigCertificateResolver)resolver).OrgCertificatesOnly); } } }
public void IsAvailable_NullCertificate_ReturnsFalse() { var settings = new CertificateSettings { UseDeveloperCredentials = true }; var certificate = new Certificate(settings, Mock.Of <ILogger>()); certificate.IsAvailable.Should().BeFalse(); }
public void Path_NullCertificate_ReturnsNull() { var settings = new CertificateSettings { UseDeveloperCredentials = true }; var certificate = new Certificate(settings, Mock.Of <ILogger>()); certificate.Path.Should().BeNull(); }
public void Constructor_BadCertificatePath_ThrowsException() { var settings = new CertificateSettings { CertificatePath = "BadPath", PrivateKeyPath = "NHSD" }; Assert.Throws <CertificateSettingsException>(() => new Certificate(settings, Mock.Of <ILogger>())); }
/// <summary> /// The default constructor /// </summary> /// <param name="options">The options</param> /// <param name="logger">The logger</param> /// <param name="encoder">The Url encoder</param> /// <param name="clock">The system clock</param> /// <param name="keyVaultSettings">The key vault settings</param> /// <param name="certSettings">The certification settings</param> public JwtCookieHandler( IOptionsMonitor <JwtCookieOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IOptions <KeyVaultSettings> keyVaultSettings, IOptions <CertificateSettings> certSettings) : base(options, logger, encoder, clock) { _keyVaultSettings = keyVaultSettings.Value; _certificateSettings = certSettings.Value; }
internal Certificate(CertificateSettings certificateSettings, ILogger logger) { if (logger is null) { throw new ArgumentNullException(nameof(logger)); } if (certificateSettings is null) { throw new ArgumentNullException(nameof(certificateSettings)); } Path = certificateSettings.CertificatePath; Instance = Load(logger, certificateSettings); }
// GET api/certificatetest public CertificateSettings Get() { CertificateSettings settings = new CertificateSettings(); X509Store _certStore = null; string _strCertificateAppSettings = string.Empty; try { _certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); _certStore.Open(OpenFlags.ReadOnly); _strCertificateAppSettings = Environment.GetEnvironmentVariable("APPSETTING_WEBSITE_LOAD_CERTIFICATES"); if (string.IsNullOrEmpty(_strCertificateAppSettings) != true) { settings.AppsettingWebsiteLoadCertificatesValue = _strCertificateAppSettings; X509Certificate2Collection col = _certStore.Certificates; if (_certStore.Certificates.Count > 0) { foreach (X509Certificate2 _cert in _certStore.Certificates) { ClientCert cert = new ClientCert { IssuerName = _cert.IssuerName.Name, SubjectName = _cert.SubjectName.Name, Thumbprint = _cert.Thumbprint, HasPrivateKey = _cert.HasPrivateKey, ExpirationDate = _cert.NotAfter, IsExportable = IsPrivateKeyExportable(_cert) }; settings.Certificates.Add(cert); } } } } catch (Exception ex) { throw ex; } finally { _certStore.Close(); } return(settings); }
public void Constructor_ValidCertificatePath_InitializesAsExpected() { WriteEmbeddedFilesToDisk(); var settings = new CertificateSettings { CertificatePath = CertificateName, PrivateKeyPath = CertificateKeyName }; var certificate = new Certificate(settings, Mock.Of <ILogger>()); certificate.Instance.Should().NotBeNull(); certificate.Instance.Thumbprint.Should().Be("13C9ED6D78CBE4905367D5A99A66BF84B9D2E55F"); certificate.IsAvailable.Should().BeTrue(); certificate.Path.Should().Be(CertificateName); DeleteEmbeddedFiles(); }
private static X509Certificate2 Load(ILogger logger, CertificateSettings settings) { if (settings.UseDeveloperCredentials) { return(null); } var path = settings.CertificatePath; logger.Information("Loading certificate {path}", path); try { byte[] certBuffer = GetBytesFromPem(settings.CertificatePath, "CERTIFICATE"); byte[] keyBuffer = GetBytesFromPem(settings.PrivateKeyPath, "RSA PRIVATE KEY"); using var certificate = new X509Certificate2(certBuffer); using var rsa = RSA.Create(); rsa.ImportRSAPrivateKey(keyBuffer, out _); var certificateWithPrivateKey = certificate.CopyWithPrivateKey(rsa); if (certificateWithPrivateKey.Verify()) { logger.Information("Certificate validation succeeded: {certificate}", certificate.ToString(true)); } else { logger.Warning("Certificate validation failed: {certificate}", certificate.ToString(true)); } return(certificateWithPrivateKey); } catch (Exception e) { throw new CertificateSettingsException("Error with certificate or settings", e); } }
/// <summary> /// Obtain the <see cref="SigningCredentials"/> to be used when signing a new JSON Web Token. /// </summary> /// <param name="keyVaultSettings">Settings that can be used to access a key vault with the signing certificate.</param> /// <param name="certificateSettings">Settings to identify a certificate stored on the file system.</param> /// <returns>The <see cref="SigningCredentials"/>.</returns> public static async Task <SigningCredentials> GetSigningCredentials(KeyVaultSettings keyVaultSettings, CertificateSettings certificateSettings) { await Semaphore.WaitAsync(); try { if (_signingCredentialsUpdateTime > DateTime.Now && _signingCredentials != null) { return(_signingCredentials); } X509Certificate2 cert; if (string.IsNullOrEmpty(keyVaultSettings.ClientId) || string.IsNullOrEmpty(keyVaultSettings.ClientSecret)) { cert = new X509Certificate2(certificateSettings.CertificatePath, certificateSettings.CertificatePwd); } else { KeyVaultClient client = KeyVaultSettings.GetClient(keyVaultSettings.ClientId, keyVaultSettings.ClientSecret); CertificateBundle certificate = await client.GetCertificateAsync(keyVaultSettings.SecretUri, certificateSettings.CertificateName); SecretBundle secret = await client.GetSecretAsync(certificate.SecretIdentifier.Identifier); byte[] pfxBytes = Convert.FromBase64String(secret.Value); cert = new X509Certificate2(pfxBytes); } _signingCredentials = new X509SigningCredentials(cert, SecurityAlgorithms.RsaSha256); // Reuse the same SigningCredentials for 30 minutes _signingCredentialsUpdateTime = DateTime.Now.AddMinutes(30); return(_signingCredentials); } finally { Semaphore.Release(); } }
/// <summary> /// Initialize a new instance of <see cref="JwtSigningCertificateProviderStub"/> with settings for accessing file system. /// </summary> /// <param name="certificateSettings">Settings required to access a certificate stored on a file system.</param> public JwtSigningCertificateProviderStub(IOptions <CertificateSettings> certificateSettings) { _certificateSettings = certificateSettings.Value; }
public void InstallServices(IServiceCollection services, IConfiguration configuration, IWebHostEnvironment environment) { IdentityModelEventSource.ShowPII = true; services.AddHttpContextAccessor(); JwtSecurityTokenHandler.DefaultMapInboundClaims = false; var certificateSettings = new CertificateSettings(); configuration.GetSection(nameof(CertificateSettings)).Bind(certificateSettings); string filePath = Path.Combine(environment.ContentRootPath, certificateSettings.Path); Console.WriteLine(filePath); var certificate = new X509Certificate2(filePath, certificateSettings.Password); var optionsTokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new X509SecurityKey(certificate), IssuerSigningKeyResolver = (token, securityToken, kid, validationParameters) => new List <X509SecurityKey> { new X509SecurityKey(certificate) }, ValidateIssuer = false, ValidateAudience = false, RequireExpirationTime = false, ValidateLifetime = true, }; var urlSettings = new UrlSettings(); configuration.GetSection(nameof(UrlSettings)).Bind(urlSettings); services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => { options.Authority = urlSettings.IdentityServer; options.RequireHttpsMetadata = false; options.Audience = Constants.ApiName; options.SaveToken = true; options.TokenValidationParameters = optionsTokenValidationParameters; options.Events = new JwtBearerEvents { OnChallenge = async context => { var errorDetails = new ErrorDetails { StatusCode = (int)HttpStatusCode.Unauthorized, Message = "Unauthorized User", }; context.Response.StatusCode = errorDetails.StatusCode; // Emit the WWW-Authenticate header. context.Response.Headers.Append(HeaderNames.WWWAuthenticate, context.Options.Challenge); context.Response.ContentType = "application/json"; await context.Response.WriteAsync(JsonConvert.SerializeObject(errorDetails)); context.HandleResponse(); }, }; }); services.AddAuthorization(options => { options.AddPolicy(PolicyConstants.UpdateCommunityRolePolicy, policy => { policy.AddRequirements(new CanUpdateCommunityAuthorizationRequirement()); }); options.AddPolicy(PolicyConstants.DeleteCommunityRolePolicy, policy => { policy.AddRequirements(new CanDeleteCommunityAuthorizationRequirement()); }); options.AddPolicy(PolicyConstants.AddModeratorRolePolicy, policy => { policy.AddRequirements(new CanAddModeratorAuthorizationRequirement()); }); options.AddPolicy(PolicyConstants.DeletePostRolePolicy, policy => { policy.AddRequirements(new CanDeletePostAuthorizationRequirement()); }); options.AddPolicy(PolicyConstants.UpdatePostRolePolicy, policy => { policy.AddRequirements(new CanUpdatePostAuthorizationRequirement()); }); options.AddPolicy(PolicyConstants.DeleteCommentRolePolicy, policy => { policy.AddRequirements(new CanDeleteCommentAuthorizationRequirement()); }); options.AddPolicy(PolicyConstants.UpdateCommentRolePolicy, policy => { policy.AddRequirements(new CanUpdateCommentAuthorizationRequirement()); }); options.AddPolicy(PolicyConstants.ManageCategoryRolePolicy, policy => { policy.AddRequirements(new CanManageCategoryAuthorizationRequirement()); }); }); services.AddScoped <IAuthorizationHandler, CanUpdateCommunityHandler>(); services.AddScoped <IAuthorizationHandler, CanDeleteCommunityHandler>(); services.AddScoped <IAuthorizationHandler, CanAddModeratorHandler>(); services.AddScoped <IAuthorizationHandler, CanDeletePostHandler>(); services.AddScoped <IAuthorizationHandler, CanUpdatePostHandler>(); services.AddScoped <IAuthorizationHandler, CanDeleteCommentHandler>(); services.AddScoped <IAuthorizationHandler, CanUpdateCommentHandler>(); services.AddScoped <IAuthorizationHandler, CanManageCategoryHandler>(); services.AddSingleton(x => new BlobServiceClient(configuration.GetValue <string>("AzureBlobStorageConnectionString"))); services.AddSingleton <IBlobService, BlobService>(); services.AddHttpClient(); services.AddCors(config => { config.AddPolicy(Constants.CorsPolicy, builder => { builder.WithOrigins(urlSettings.Spa) .AllowAnyMethod() .AllowAnyHeader(); }); }); services.AddCors(); services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); services.AddControllers(options => { options.Filters.Add <ValidationFilter>(); options.Filters.Add <ExceptionHandlerFilter>(); }) .AddFluentValidation(fv => { fv.RunDefaultMvcValidationAfterFluentValidationExecutes = false; fv.RegisterValidatorsFromAssemblyContaining <Startup>(); }); }
public ExtensionSettings() { WalletConfig = new WalletConfigSettings(); DataRPCServer = new DataRPCServerSettings(); Certificate = new CertificateSettings(); }
/// <summary> /// Initialise a new instance of <see cref="OpenIdController"/> with the given input values. /// </summary> /// <param name="generalSettings">The application general settings.</param> /// <param name="certSettings">The settings section for certificate information.</param> /// <param name="keyVaultSettings">The settings section for the platform key vault.</param> public OpenIdController(IOptions <GeneralSettings> generalSettings, IOptions <CertificateSettings> certSettings, IOptions <KeyVaultSettings> keyVaultSettings) { this.generalSettings = generalSettings.Value; this.certSettings = certSettings.Value; this.keyVaultSettings = keyVaultSettings.Value; }
public WebRequestWithCertHandlerCreator() { _certSettings = new CertificateSettings(); }