/// <summary> /// Handles success raw response from Token api call /// </summary> /// <param name="raw">raw</param> /// <param name="policy">policy</param> public DiscoveryResponse(string raw, DiscoveryPolicy policy = null) { if (policy == null) { policy = new DiscoveryPolicy(); } IsError = false; StatusCode = HttpStatusCode.OK; Raw = raw; try { Json = JObject.Parse(raw); var validationError = Validate(policy); if (!string.IsNullOrEmpty(validationError)) { IsError = true; Json = null; ErrorType = ResponseErrorType.PolicyViolation; Error = validationError; } } catch (Exception ex) { IsError = true; ErrorType = ResponseErrorType.Exception; Error = ex.Message; Exception = ex; } }
/// <summary> /// Validates Endpoints /// </summary> /// <param name="json">json</param> /// <param name="policy">policy</param> /// <returns>bool</returns> public string ValidateEndpoints(JObject json, DiscoveryPolicy policy) { //var authorityHost = new Uri(policy.Authority).Authority; foreach (var element in json) { if (element.Key.EndsWith("Endpoint", StringComparison.OrdinalIgnoreCase) || element.Key.Equals(OidcConstants.Discovery.JwksUri, StringComparison.OrdinalIgnoreCase)) { var endpoint = element.Value.ToString(); Uri uri; var isValidUri = Uri.TryCreate(endpoint, UriKind.Absolute, out uri); if (!isValidUri)//Uri not valid { return($"Malformed endpoint: {endpoint}"); } if (!DiscoveryUrlHelper.IsValidScheme(uri))//Scheme not valid { return($"Malformed endpoint: {endpoint}"); } if (!DiscoveryUrlHelper.IsSecureScheme(uri, policy))//Scheme not secure { return($"Endpoint does not use HTTPS: {endpoint}"); } } } return(string.Empty); }
/// <summary> /// Validates Discovery policy /// </summary> /// <param name="policy">policy</param> /// <returns>string</returns> private string Validate(DiscoveryPolicy policy) { if (policy.ValidateIssuerName) { if (string.IsNullOrWhiteSpace(Issuer)) { return("Issuer name is missing"); } var isValid = ValidateIssuerName(Issuer.RemoveTrailingSlash(), policy.Authority.RemoveTrailingSlash()); if (!isValid) { return("Issuer name does not match authority: " + Issuer); } } var error = ValidateEndpoints(Json, policy); if (!string.IsNullOrEmpty(error)) { return(error); } return(string.Empty); }
/// <summary> /// Validates Discovery policy /// </summary> /// <param name="policy">policy</param> /// <returns>string</returns> private string Validate(DiscoveryPolicy policy = null) { if (policy.ValidateIssuerName) { if (string.IsNullOrWhiteSpace(Issuer)) { return("Issuer name is missing"); } if (Issuer == OidcConstants.Discovery.IssuerUrl)//do this check only for prod/sandbox url as partners may test with e2e { var isValid = ValidateIssuerName(Issuer.RemoveTrailingSlash(), policy.Authority.RemoveTrailingSlash()); if (!isValid) { return("Issuer name does not match authority: " + Issuer); } } } var error = ValidateEndpoints(Json, policy); if (!string.IsNullOrEmpty(error)) { return(error); } return(string.Empty); }
/// <summary> /// Validate if url scheme is https or not /// </summary> /// <param name="url"></param> /// <param name="policy"></param> /// <returns>boolean value</returns> public static bool IsSecureScheme(Uri url, DiscoveryPolicy policy) { if (policy.RequireHttps == true) { return(string.Equals(url.Scheme, "https", StringComparison.OrdinalIgnoreCase)); } return(true); }