/// <summary>
/// Initializes a new instance of the <see cref="AmqpConnectionScope"/> class.
/// </summary>
///
/// <param name="serviceEndpoint">Endpoint for the Service Bus service to which the scope is associated.</param>
/// <param name="credential">The credential to use for authorization with the Service Bus service.</param>
/// <param name="transport">The transport to use for communication.</param>
/// <param name="proxy">The proxy, if any, to use for communication.</param>
/// <param name="identifier">The identifier to assign this scope; if not provided, one will be generated.</param>
///
public AmqpConnectionScope(Uri serviceEndpoint,
ServiceBusTokenCredential credential,
ServiceBusTransportType transport,
IWebProxy proxy,
string identifier = default)
{
Argument.AssertNotNull(serviceEndpoint, nameof(serviceEndpoint));
Argument.AssertNotNull(credential, nameof(credential));
ValidateTransport(transport);
ServiceEndpoint = serviceEndpoint;
Transport = transport;
Proxy = proxy;
TokenProvider = new CbsTokenProvider(new ServiceBusTokenCredential(credential, serviceEndpoint.ToString()), OperationCancellationSource.Token);
Id = identifier ?? $"{ ServiceEndpoint }-{ Guid.NewGuid().ToString("D").Substring(0, 8) }";
Task <AmqpConnection> connectionFactory(TimeSpan timeout) => CreateAndOpenConnectionAsync(AmqpVersion, ServiceEndpoint, Transport, Proxy, Id, timeout);
ActiveConnection = new FaultTolerantAmqpObject <AmqpConnection>(
connectionFactory,
CloseConnection);
TransactionController = new FaultTolerantAmqpObject <Controller>(
CreateControllerAsync,
CloseController);
}
/// <summary>
/// Initializes a new instance of the <see cref="AmqpConnectionScope"/> class.
/// </summary>
///
/// <param name="serviceEndpoint">Endpoint for the Service Bus service to which the scope is associated.</param>
/// <param name="credential">The credential to use for authorization with the Service Bus service.</param>
/// <param name="transport">The transport to use for communication.</param>
/// <param name="proxy">The proxy, if any, to use for communication.</param>
/// <param name="identifier">The identifier to assign this scope; if not provided, one will be generated.</param>
///
public AmqpConnectionScope(Uri serviceEndpoint,
ServiceBusTokenCredential credential,
ServiceBusTransportType transport,
IWebProxy proxy,
string identifier = default)
{
Argument.AssertNotNull(serviceEndpoint, nameof(serviceEndpoint));
Argument.AssertNotNull(credential, nameof(credential));
ValidateTransport(transport);
ServiceEndpoint = serviceEndpoint;
Transport = transport;
Proxy = proxy;
TokenProvider = new CbsTokenProvider(new ServiceBusTokenCredential(credential, serviceEndpoint.ToString()), OperationCancellationSource.Token);
Id = identifier ?? $"{ ServiceEndpoint }-{ Guid.NewGuid().ToString("D", CultureInfo.InvariantCulture).Substring(0, 8) }";
#pragma warning disable CA2214 // Do not call overridable methods in constructors. This internal method is virtual for testing purposes.
Task <AmqpConnection> connectionFactory(TimeSpan timeout) => CreateAndOpenConnectionAsync(AmqpVersion, ServiceEndpoint, Transport, Proxy, Id, timeout);
#pragma warning restore CA2214 // Do not call overridable methods in constructors
ActiveConnection = new FaultTolerantAmqpObject <AmqpConnection>(
connectionFactory,
CloseConnection);
TransactionController = new FaultTolerantAmqpObject <Controller>(
CreateControllerAsync,
CloseController);
}
/// <summary>
/// Creates the timer event handler to support refreshing AMQP link authorization
/// on a recurring basis.
/// </summary>
/// <param name="entityPath"></param>
///
/// <param name="connection">The AMQP connection to which the link being refreshed is bound to.</param>
/// <param name="amqpLink">The AMQO link to refresh authorization for.</param>
/// <param name="tokenProvider">The <see cref="CbsTokenProvider" /> to use for obtaining access tokens.</param>
/// <param name="endpoint">The Service Bus service endpoint that the AMQP link is communicating with.</param>
/// <param name="audience">The audience associated with the authorization. This is likely the <paramref name="endpoint"/> absolute URI.</param>
/// <param name="resource">The resource associated with the authorization. This is likely the <paramref name="endpoint"/> absolute URI.</param>
/// <param name="requiredClaims">The set of claims required to support the operations of the AMQP link.</param>
/// <param name="refreshTimeout">The timeout to apply when requesting authorization refresh.</param>
/// <param name="refreshTimerFactory">A function to allow retrieving the <see cref="Timer" /> associated with the link authorization.</param>
///
/// <returns>A <see cref="TimerCallback"/> delegate to perform the refresh when a timer is due.</returns>
///
protected virtual TimerCallback CreateAuthorizationRefreshHandler(
string entityPath,
AmqpConnection connection,
AmqpObject amqpLink,
CbsTokenProvider tokenProvider,
Uri endpoint,
string audience,
string resource,
string[] requiredClaims,
TimeSpan refreshTimeout,
Func <Timer> refreshTimerFactory)
{
return(async _ =>
{
ServiceBusEventSource.Log.AmqpLinkAuthorizationRefreshStart(entityPath, endpoint.AbsoluteUri);
Timer refreshTimer = refreshTimerFactory();
try
{
if (refreshTimer == null)
{
return;
}
DateTime authExpirationUtc = await RequestAuthorizationUsingCbsAsync(connection, tokenProvider, endpoint, audience, resource, requiredClaims, refreshTimeout).ConfigureAwait(false);
// Reset the timer for the next refresh.
if (authExpirationUtc >= DateTimeOffset.UtcNow)
{
refreshTimer.Change(CalculateLinkAuthorizationRefreshInterval(authExpirationUtc), Timeout.InfiniteTimeSpan);
}
}
catch (ObjectDisposedException)
{
// This can occur if the connection is closed or the scope disposed after the factory
// is called but before the timer is updated. The callback may also fire while the timer is
// in the act of disposing. Do not consider it an error.
}
catch (Exception ex)
{
ServiceBusEventSource.Log.AmqpLinkAuthorizationRefreshError(entityPath, endpoint.AbsoluteUri, ex.Message);
// Attempt to unset the timer; there's a decent chance that it has been disposed at this point or
// that the connection has been closed. Ignore potential exceptions, as they won't impact operation.
// At worse, another timer tick will occur and the operation will be retried.
try { refreshTimer.Change(Timeout.Infinite, Timeout.Infinite); } catch {}
}
finally
{
ServiceBusEventSource.Log.AmqpLinkAuthorizationRefreshComplete(entityPath, endpoint.AbsoluteUri);
}
});
}
/// <summary>
/// Requests authorization for a connection or link using a connection via the CBS mechanism.
/// </summary>
///
/// <param name="connection">The AMQP connection for which the authorization is associated.</param>
/// <param name="tokenProvider">The <see cref="CbsTokenProvider" /> to use for obtaining access tokens.</param>
/// <param name="endpoint">The Service Bus service endpoint that the authorization is requested for.</param>
/// <param name="audience">The audience associated with the authorization. This is likely the <paramref name="endpoint"/> absolute URI.</param>
/// <param name="resource">The resource associated with the authorization. This is likely the <paramref name="endpoint"/> absolute URI.</param>
/// <param name="requiredClaims">The set of claims required to support the operations of the AMQP link.</param>
/// <param name="timeout">The timeout to apply when requesting authorization.</param>
///
/// <returns>The date/time, in UTC, when the authorization expires.</returns>
///
/// <remarks>
/// It is assumed that there is a valid <see cref="AmqpCbsLink" /> already associated
/// with the connection; this will be used as the transport for the authorization
/// credentials.
/// </remarks>
///
protected virtual Task <DateTime> RequestAuthorizationUsingCbsAsync(AmqpConnection connection,
CbsTokenProvider tokenProvider,
Uri endpoint,
string audience,
string resource,
string[] requiredClaims,
TimeSpan timeout)
{
var authLink = connection.Extensions.Find <AmqpCbsLink>();
return(authLink.SendTokenAsync(TokenProvider, endpoint, audience, resource, requiredClaims, timeout));
}
/// <summary>
/// Requests authorization for a connection or link using a connection via the CBS mechanism.
/// </summary>
///
/// <param name="connection">The AMQP connection for which the authorization is associated.</param>
/// <param name="tokenProvider">The <see cref="CbsTokenProvider" /> to use for obtaining access tokens.</param>
/// <param name="endpoint">The Service Bus service endpoint that the authorization is requested for.</param>
/// <param name="audience">The audience associated with the authorization. This is likely the <paramref name="endpoint"/> absolute URI.</param>
/// <param name="requiredClaims">The set of claims required to support the operations of the AMQP link.</param>
/// <param name="timeout">The timeout to apply when requesting authorization.</param>
///
/// <returns>The date/time, in UTC, when the authorization expires.</returns>
///
/// <remarks>
/// It is assumed that there is a valid <see cref="AmqpCbsLink" /> already associated
/// with the connection; this will be used as the transport for the authorization
/// credentials.
/// </remarks>
///
protected virtual async Task <DateTime> RequestAuthorizationUsingCbsAsync(
AmqpConnection connection,
CbsTokenProvider tokenProvider,
Uri endpoint,
string[] audience,
string[] requiredClaims,
TimeSpan timeout)
{
AmqpCbsLink authLink = connection.Extensions.Find <AmqpCbsLink>();
DateTime cbsTokenExpiresAtUtc = DateTime.MaxValue;
foreach (string resource in audience)
{
cbsTokenExpiresAtUtc = TimeoutHelper.Min(
cbsTokenExpiresAtUtc,
await authLink.SendTokenAsync(TokenProvider, endpoint, resource, resource, requiredClaims, timeout).ConfigureAwait(false));
}
return(cbsTokenExpiresAtUtc);
}
