├── .appveyor.yml
├── .gitattributes
├── .gitignore
├── .travis.yml
├── CONTRIBUTING.md
├── LICENSE
├── License.txt
├── README.md
├── Security.sln
├── config
├── versions-dev.props
├── versions-master.props
└── versions.props
├── nuget.config
├── open_source_licenses.txt
├── src
├── Steeltoe.Security.Authentication.CloudFoundryBase
│ ├── AuthServerOptions.cs
│ ├── CheckTokenResponse.cs
│ ├── CloudFoundryDefaults.cs
│ ├── CloudFoundryHelper.cs
│ ├── CloudFoundryTokenKeyResolver.cs
│ ├── CloudFoundryTokenValidator.cs
│ ├── OpenIdTokenResponse.cs
│ ├── Properties
│ │ └── AssemblyInfo.cs
│ ├── Steeltoe.Security.Authentication.CloudFoundryBase.csproj
│ └── TokenExchanger.cs
├── Steeltoe.Security.Authentication.CloudFoundryCore
│ ├── CloudFoundryClaimActionExtensions.cs
│ ├── CloudFoundryExtensions.cs
│ ├── CloudFoundryJwtBearerConfigurer.cs
│ ├── CloudFoundryJwtBearerOptions.cs
│ ├── CloudFoundryOAuthConfigurer.cs
│ ├── CloudFoundryOAuthHandler.cs
│ ├── CloudFoundryOAuthOptions.cs
│ ├── CloudFoundryOpenIdConnectConfigurer.cs
│ ├── CloudFoundryOpenIdConnectOptions.cs
│ ├── CloudFoundryScopeClaimAction.cs
│ ├── Properties
│ │ └── AssemblyInfo.cs
│ ├── Readme.md
│ └── Steeltoe.Security.Authentication.CloudFoundryCore.csproj
├── Steeltoe.Security.Authentication.CloudFoundryOwin
│ ├── CloudFoundryExtensions.cs
│ ├── Constants.cs
│ ├── ForwardedProtocolMiddleware.cs
│ ├── JwtBearer
│ │ ├── CloudFoundryJwtBearerAuthenticationOptions.cs
│ │ └── CloudFoundryJwtOwinConfigurer.cs
│ ├── OpenIdConnect
│ │ ├── OpenIDConnectExtension.cs
│ │ ├── OpenIDTokenResponse.cs
│ │ ├── OpenIdConnectAuthenticationHandler.cs
│ │ ├── OpenIdConnectAuthenticationMiddleware.cs
│ │ ├── OpenIdConnectConfigurer.cs
│ │ └── OpenIdConnectOptions.cs
│ ├── Properties
│ │ └── AssemblyInfo.cs
│ ├── Steeltoe.Security.Authentication.CloudFoundryOwin.csproj
│ └── UriUtility.cs
├── Steeltoe.Security.Authentication.CloudFoundryWcf
│ ├── CloudFoundryClientTokenResolver.cs
│ ├── CloudFoundryExtensions.cs
│ ├── CloudFoundryJwt.cs
│ ├── CloudFoundryOptions.cs
│ ├── CloudFoundryOptionsConfigurer.cs
│ ├── CloudFoundryTokenKeyResolver.cs
│ ├── CloudFoundryWcfTokenValidator.cs
│ ├── JsonWebKeySetEx.cs
│ ├── JwtAuthorizationManager.cs
│ ├── JwtHeaderEndpointBehavior.cs
│ ├── JwtHeaderMessageInspector.cs
│ ├── PrincipalPermissionEnvAttribute.cs
│ ├── Properties
│ │ └── AssemblyInfo.cs
│ ├── ScopePermission.cs
│ ├── ScopePermissionAttribute.cs
│ └── Steeltoe.Security.Authentication.CloudFoundryWcf.csproj
├── Steeltoe.Security.DataProtection.CredHubBase
│ ├── CredHubClient.cs
│ ├── CredHubEnums.cs
│ ├── CredHubException.cs
│ ├── CredHubGenerateRequest.cs
│ ├── CredHubOptions.cs
│ ├── CredHubServerInfo.cs
│ ├── CredentialFindResponse.cs
│ ├── CredentialPath.cs
│ ├── CredentialPathsResponse.cs
│ ├── Credentials
│ │ ├── Certificate
│ │ │ ├── CertificateCredential.cs
│ │ │ ├── CertificateGenerationParameters.cs
│ │ │ ├── CertificateGenerationRequest.cs
│ │ │ ├── CertificateSetRequest.cs
│ │ │ └── RegeneratedCertificates.cs
│ │ ├── CredHubBaseObject.cs
│ │ ├── CredHubCredential.cs
│ │ ├── CredHubResponse.cs
│ │ ├── CredentialSetRequest.cs
│ │ ├── ICredentialParameter.cs
│ │ ├── JSON
│ │ │ ├── JsonCredential.cs
│ │ │ └── JsonSetRequest.cs
│ │ ├── KeyPairCredential.cs
│ │ ├── KeyParameters.cs
│ │ ├── Password
│ │ │ ├── PasswordCredential.cs
│ │ │ ├── PasswordGenerationParameters.cs
│ │ │ ├── PasswordGenerationRequest.cs
│ │ │ └── PasswordSetRequest.cs
│ │ ├── Permissions
│ │ │ ├── CredentialPermission.cs
│ │ │ └── CredentialPermissions.cs
│ │ ├── RSA
│ │ │ ├── RsaCredential.cs
│ │ │ ├── RsaGenerationRequest.cs
│ │ │ └── RsaSetRequest.cs
│ │ ├── SSH
│ │ │ ├── SshCredential.cs
│ │ │ ├── SshGenerationParameters.cs
│ │ │ ├── SshGenerationRequest.cs
│ │ │ └── SshSetRequest.cs
│ │ ├── StringCredential.cs
│ │ ├── User
│ │ │ ├── UserCredential.cs
│ │ │ ├── UserGenerationParameters.cs
│ │ │ ├── UserGenerationRequest.cs
│ │ │ └── UserSetRequest.cs
│ │ ├── Utilities
│ │ │ ├── JsonCredentialJsonConverter.cs
│ │ │ └── StringCredentialJsonConverter.cs
│ │ └── Value
│ │ │ ├── ValueCredential.cs
│ │ │ └── ValueSetRequest.cs
│ ├── FoundCredential.cs
│ ├── ICredHubClient.cs
│ ├── ICredentialValue.cs
│ └── Steeltoe.Security.DataProtection.CredHubBase.csproj
├── Steeltoe.Security.DataProtection.CredHubCore
│ ├── CredHubHostBuilderExtensions.cs
│ ├── CredHubServiceCollectionExtensions.cs
│ └── Steeltoe.Security.DataProtection.CredHubCore.csproj
└── Steeltoe.Security.DataProtection.RedisCore
│ ├── CloudFoundryRedisXmlRepository.cs
│ ├── Properties
│ └── AssemblyInfo.cs
│ ├── Readme.md
│ ├── RedisDataProtectionBuilderExtensions.cs
│ └── Steeltoe.Security.DataProtection.RedisCore.csproj
├── stylecop.json
├── targetframework.props
├── test
├── Steeltoe.Security.Authentication.CloudFoundryBaseTest
│ ├── CloudFoundryHelperTest.cs
│ ├── CloudFoundryTokenKeyResolverTest.cs
│ ├── CloudFoundryTokenValidatorTest.cs
│ ├── Steeltoe.Security.Authentication.CloudFoundryBase.Test.csproj
│ ├── TestHelpers.cs
│ ├── TestMessageHandler.cs
│ └── TokenExchangerTest.cs
├── Steeltoe.Security.Authentication.CloudFoundryCore.Test
│ ├── CloudFoundryClaimActionExtensionsTest.cs
│ ├── CloudFoundryExtensionsTest.cs
│ ├── CloudFoundryJwtBearerConfigurerTest.cs
│ ├── CloudFoundryJwtBearerOptionsTest.cs
│ ├── CloudFoundryOAuthConfigurerTest.cs
│ ├── CloudFoundryOAuthHandlerTest.cs
│ ├── CloudFoundryOAuthOptionsTest.cs
│ ├── CloudFoundryOpenIdConnectConfigurerTest.cs
│ ├── CloudFoundryOpenIdConnectOptionsTest.cs
│ ├── CloudFoundryScopeClaimActionTest.cs
│ ├── MonitorWrapper.cs
│ ├── MyTestCloudFoundryHandler.cs
│ ├── Steeltoe.Security.Authentication.CloudFoundryCore.Test.csproj
│ ├── TestClock.cs
│ ├── TestResponse.cs
│ ├── TestServerJwtStartup.cs
│ ├── TestServerOpenIdStartup.cs
│ ├── TestServerStartup.cs
│ └── xunit.runner.json
├── Steeltoe.Security.Authentication.CloudFoundryOwin.Test
│ ├── IAppBuilderExtensionsTest.cs
│ ├── Jwt
│ │ └── CloudFoundryJwtOwinConfigurerTest.cs
│ ├── OpenIdConnect
│ │ ├── OpenIdConnectConfigurerTest.cs
│ │ └── OpenIdConnectOptionsTest.cs
│ ├── OwinTestHelpers.cs
│ ├── Steeltoe.Security.Authentication.CloudFoundryOwin.Test.csproj
│ └── UriUtilityTest.cs
├── Steeltoe.Security.Authentication.CloudFoundryWcf.Test
│ ├── CloudFoundryClientTokenResolverTest.cs
│ ├── CloudFoundryJwtTest.cs
│ ├── CloudFoundryOptionsConfigurerTest.cs
│ ├── CloudFoundryOptionsTest.cs
│ ├── CloudFoundryTokenKeyResolverTest.cs
│ ├── JwtAuthorizationManagerTest.cs
│ ├── JwtHeaderMessageInspectorTest.cs
│ └── Steeltoe.Security.Authentication.CloudFoundryWcf.Test.csproj
├── Steeltoe.Security.DataProtection.CredHubBase.Test
│ ├── CredHubClientTests.cs
│ ├── CredentialJsonConverterTests.cs
│ └── Steeltoe.Security.DataProtection.CredHubBase.Test.csproj
├── Steeltoe.Security.DataProtection.CredHubCore.Test
│ ├── CredHubHostBuilderExtensionsTest.cs
│ ├── CredHubServiceCollectionExtensionsTest.cs
│ └── Steeltoe.Security.DataProtection.CredHubCore.Test.csproj
└── Steeltoe.Security.DataProtection.RedisCore.Test
│ ├── RedisDataProtectionBuilderExtensionsTest.cs
│ └── Steeltoe.Security.DataProtection.RedisCore.Test.csproj
└── versions.props
/.appveyor.yml:
--------------------------------------------------------------------------------
1 | version: '2.2.0-{branch}-{build}'
2 | init:
3 | - git config --global core.autocrlf true
4 | image: Visual Studio 2017
5 | skip_tags: true
6 | branches:
7 | only:
8 | - master
9 | - dev
10 | - /^update[0-9]{2}x/
11 | install:
12 | - git clone https://github.com/SteeltoeOSS/steeltoe-ci.git -v
13 | - ps: steeltoe-ci\scripts\appveyor_install.ps1
14 | test_script:
15 | - ps: steeltoe-ci\scripts\appveyor_tests.ps1
16 | build_script:
17 | - ps: steeltoe-ci\scripts\appveyor_build.ps1
18 | - ps: steeltoe-ci\scripts\sign-packages.ps1
19 | artifacts:
20 | - path: 'localfeed\*.nupkg'
21 | environment:
22 | DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
23 | DOTNET_CLI_TELEMETRY_OPTOUT: 1
24 | ProjectList:
25 | PackageReferencesToUpdate:
26 | github_access_token:
27 | secure: ko4J3M/czguVI9AbVdkv5qZuj3Wuzts5nkz/6cypneFkQGWJXDs8Akg7xOEMu8qU
28 | SignClientUser:
29 | secure: Tt9mySuspn9dHJOLKMoGxrNJvJbpBrWK44UI9Qc9+eNilYdoukHZ3jUF06pl2r60
30 | SignClientSecret:
31 | secure: ZmCTr+SyfQtewSNsiB8OMISmQJp8RfjRSK0Dvg60iTQ=
32 | deploy:
33 | - provider: NuGet
34 | skip_symbols: false
35 | artifact: /.*\.nupkg/
36 | server: https://www.myget.org/F/steeltoedev/api/v2/package
37 | symbol_server: https://www.myget.org/F/steeltoedev/symbols/api/v2/package
38 | api_key:
39 | secure: 246ApObnMYYvzDo9Ki72CxxuKfuoqYbrbUK2HLevGIGHXYY6f0OkAdE3EWCwNJ7g
40 | on:
41 | branch: dev
42 | appveyor_repo_tag: false
43 | - provider: NuGet
44 | skip_symbols: false
45 | artifact: /.*\.nupkg/
46 | server: https://www.myget.org/F/steeltoemaster/api/v2/package
47 | symbol_server: https://www.myget.org/F/steeltoemaster/symbols/api/v2/package
48 | api_key:
49 | secure: 246ApObnMYYvzDo9Ki72CxxuKfuoqYbrbUK2HLevGIGHXYY6f0OkAdE3EWCwNJ7g
50 | on:
51 | branch: master
52 | appveyor_repo_tag: false
53 | - provider: NuGet
54 | skip_symbols: true
55 | artifact: /.*\.nupkg/
56 | server: https://www.myget.org/F/steeltoestaging/api/v2/package
57 | symbol_server: https://www.myget.org/F/steeltoestaging/symbols/api/v2/package
58 | api_key:
59 | secure: 246ApObnMYYvzDo9Ki72CxxuKfuoqYbrbUK2HLevGIGHXYY6f0OkAdE3EWCwNJ7g
60 | on:
61 | branch: /^update[0-9]{2}x/
62 | appveyor_repo_tag: false
63 | after_deploy:
64 | - git config --global credential.helper store
65 | - ps: Add-Content "$env:USERPROFILE\.git-credentials" "https://$($env:github_access_token):x-oauth-basic@github.com`n"
66 | - git config --global user.email "steeltoe@pivotal.io"
67 | - git config --global user.name "SteeltoeCI"
68 | - ps: steeltoe-ci\scripts\update_downstream_props.ps1
69 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | *.doc diff=astextplain
2 | *.DOC diff=astextplain
3 | *.docx diff=astextplain
4 | *.DOCX diff=astextplain
5 | *.dot diff=astextplain
6 | *.DOT diff=astextplain
7 | *.pdf diff=astextplain
8 | *.PDF diff=astextplain
9 | *.rtf diff=astextplain
10 | *.RTF diff=astextplain
11 |
12 | *.jpg binary
13 | *.png binary
14 | *.gif binary
15 |
16 | *.cs text=auto diff=csharp
17 | *.vb text=auto
18 | *.resx text=auto
19 | *.c text=auto
20 | *.cpp text=auto
21 | *.cxx text=auto
22 | *.h text=auto
23 | *.hxx text=auto
24 | *.py text=auto
25 | *.rb text=auto
26 | *.java text=auto
27 | *.html text=auto
28 | *.htm text=auto
29 | *.css text=auto
30 | *.scss text=auto
31 | *.sass text=auto
32 | *.less text=auto
33 | *.js text=auto
34 | *.lisp text=auto
35 | *.clj text=auto
36 | *.sql text=auto
37 | *.php text=auto
38 | *.lua text=auto
39 | *.m text=auto
40 | *.asm text=auto
41 | *.erl text=auto
42 | *.fs text=auto
43 | *.fsx text=auto
44 | *.hs text=auto
45 |
46 | *.csproj text=auto
47 | *.vbproj text=auto
48 | *.fsproj text=auto
49 | *.dbproj text=auto
50 | *.sln text=auto eol=crlf
51 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: csharp
2 | dist: trusty
3 | env:
4 | TestFrameworkVersion: netcoreapp2.1
5 | STEELTOE_VERSION: 2.2.0
6 | global:
7 | - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
8 | - DOTNET_CLI_TELEMETRY_OPTOUT: 1
9 | mono: none
10 | dotnet: 2.1.403
11 | os:
12 | - linux
13 | - osx
14 | osx_image: xcode8.3
15 | branches:
16 | only:
17 | - master
18 | - dev
19 | - /^update[0-9]{2}x/
20 | script:
21 | - ./steeltoe-ci/scripts/travis_install.sh
22 | - ./steeltoe-ci/scripts/travis_build.sh
23 | - ./steeltoe-ci/scripts/travis_test.sh
24 | before_install:
25 | - git clone https://github.com/SteeltoeOSS/steeltoe-ci.git -v
26 | - if [ "$TRAVIS_OS_NAME" = "osx" ]; then ulimit -n 1024; fi
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | If you have not previously done so, please fill out and
2 | submit the [Contributor License Agreement](https://cla.pivotal.io/sign/pivotal).
3 |
--------------------------------------------------------------------------------
/config/versions-dev.props:
--------------------------------------------------------------------------------
1 |
2 |
3 | $(STEELTOE_VERSION)
4 | $(STEELTOE_DASH_VERSION_SUFFIX)
5 | 2.2.0-dev-00373
6 | 2.2.0-dev-00117
7 | 2.0.0
8 | 2.0.0
9 | 0.3.0
10 | 2.1.0
11 | 2.1.0
12 | 2.1.0
13 | 1.8.2
14 | 4.4.1
15 | 1.0.2
16 | 4.5.0
17 | 4.3.3
18 | 11.0.2
19 | 4.0.0
20 | 5.2.2
21 | 15.7.2
22 | 4.0.0
23 | 4.8.2
24 | 0.9.0
25 | 2.3.1
26 | 2.3.1
27 | 1.0.0-beta2-18618-05
28 |
29 |
--------------------------------------------------------------------------------
/config/versions-master.props:
--------------------------------------------------------------------------------
1 |
2 |
3 | $(STEELTOE_VERSION)
4 | $(STEELTOE_DASH_VERSION_SUFFIX)
5 | 2.2.0-master-00364
6 | 2.2.0-master-00094
7 | 2.0.0
8 | 2.0.0
9 | 0.3.0
10 | 2.1.0
11 | 2.1.0
12 | 2.1.0
13 | 1.8.2
14 | 4.4.1
15 | 1.0.2
16 | 4.5.0
17 | 4.3.3
18 | 11.0.2
19 | 4.0.0
20 | 5.2.2
21 | 15.7.2
22 | 4.0.0
23 | 4.8.2
24 | 0.9.0
25 | 2.3.1
26 | 2.3.1
27 | 1.0.0-beta2-18618-05
28 |
29 |
--------------------------------------------------------------------------------
/config/versions.props:
--------------------------------------------------------------------------------
1 |
2 |
3 | $(STEELTOE_VERSION)
4 | $(STEELTOE_DASH_VERSION_SUFFIX)
5 | 2.1.0
6 | 2.1.0
7 | 2.0.0
8 | 2.0.0
9 | 0.3.0
10 | 2.1.0
11 | 2.1.0
12 | 2.1.0
13 | 1.8.2
14 | 4.4.1
15 | 1.0.2
16 | 4.5.0
17 | 4.3.3
18 | 11.0.2
19 | 4.0.0
20 | 5.2.2
21 | 15.7.2
22 | 4.0.0
23 | 4.8.2
24 | 0.9.0
25 | 2.3.1
26 | 2.3.1
27 | 1.0.0-beta2-18618-05
28 |
29 |
--------------------------------------------------------------------------------
/nuget.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryBase/AuthServerOptions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace Steeltoe.Security.Authentication.CloudFoundry
16 | {
17 | public class AuthServerOptions
18 | {
19 | ///
20 | /// Gets or sets the location of the OAuth server
21 | ///
22 | public string AuthorizationUrl { get; set; }
23 |
24 | ///
25 | /// Gets or sets the location the user is sent to after authentication
26 | ///
27 | public string CallbackUrl { get; set; }
28 |
29 | ///
30 | /// Gets or sets the application's client id for interacting with the auth server
31 | ///
32 | public string ClientId { get; set; } = CloudFoundryDefaults.ClientId;
33 |
34 | ///
35 | /// Gets or sets the application's client secret for interacting with the auth server
36 | ///
37 | public string ClientSecret { get; set; } = CloudFoundryDefaults.ClientSecret;
38 |
39 | ///
40 | /// Gets or sets the name of the authentication type currently in use
41 | ///
42 | public string SignInAsAuthenticationType { get; set; }
43 |
44 | ///
45 | /// Gets or sets the timeout (in ms) for calls to the auth server
46 | ///
47 | public int ClientTimeout { get; set; } = 3000;
48 |
49 | ///
50 | /// Gets or sets additional scopes beyond 'openid' when requesting tokens
51 | ///
52 | public string AdditionalTokenScopes { get; set; } = string.Empty;
53 |
54 | ///
55 | /// Gets or sets a scopes to require
56 | ///
57 | public string[] RequiredScopes { get; set; }
58 |
59 | ///
60 | /// Gets or sets a list of additional audiences to use with token validation
61 | ///
62 | public string[] AdditionalAudiences { get; set; }
63 |
64 | ///
65 | /// Gets or sets a value indicating whether to validate SSO server certificate
66 | ///
67 | public bool ValidateCertificates { get; set; } = true;
68 | }
69 | }
70 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryBase/CheckTokenResponse.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin
18 | {
19 | ///
20 | /// Response object for /check_token endpoint
21 | ///
22 | public class CheckTokenResponse
23 | {
24 | public string User_id { get; set; }
25 |
26 | public string User_name { get; set; }
27 |
28 | public string Email { get; set; }
29 |
30 | public string Client_id { get; set; }
31 |
32 | public int Exp { get; set; }
33 |
34 | public List Scope { get; set; }
35 |
36 | public string Jti { get; set; }
37 |
38 | public List Aud { get; set; }
39 |
40 | public string Sub { get; set; }
41 |
42 | public string Iss { get; set; }
43 |
44 | public int Iat { get; set; }
45 |
46 | public string Cid { get; set; }
47 |
48 | public string Grant_type { get; set; }
49 |
50 | public string Azp { get; set; }
51 |
52 | public int Auth_time { get; set; }
53 |
54 | public string Zid { get; set; }
55 |
56 | public string Rev_sig { get; set; }
57 |
58 | public string Origin { get; set; }
59 |
60 | public bool Revocable { get; set; }
61 | }
62 | }
63 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryBase/CloudFoundryDefaults.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry
18 | {
19 | public class CloudFoundryDefaults
20 | {
21 | public const string SECURITY_CLIENT_SECTION_PREFIX = "security:oauth2:client";
22 | public const string SECURITY_RESOURCE_SECTION_PREFIX = "security:oauth2:resource";
23 |
24 | public const string AuthenticationScheme = "CloudFoundry";
25 | public const string DisplayName = "CloudFoundry";
26 |
27 | public const string AuthorizationUri = "/oauth/authorize";
28 | public const string AccessTokenUri = "/oauth/token";
29 | public const string UserInfoUri = "/userinfo";
30 | public const string CheckTokenUri = "/check_token";
31 | public const string JwtTokenUri = "/token_keys";
32 |
33 | [Obsolete("Use JwtTokenUri instead")]
34 | public const string JwtTokenKey = JwtTokenUri;
35 |
36 | public const string OAuthServiceUrl = "Default_OAuthServiceUrl";
37 | public const string ClientId = "Default_ClientId";
38 | public const string ClientSecret = "Default_ClientSecret";
39 | public const string CallbackPath = "/signin-cloudfoundry";
40 |
41 | public const bool ValidateCertificates = true;
42 |
43 | public const string ParamsClientId = "client_id";
44 | public const string ParamsClientSecret = "client_secret";
45 | public const string ParamsResponseType = "response_type";
46 | public const string ParamsScope = "scope";
47 | public const string ParamsRedirectUri = "redirect_uri";
48 | public const string ParamsGrantType = "grant_type";
49 | public const string ParamsTokenFormat = "token_format";
50 | public const string ParamsCode = "code";
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryBase/OpenIdTokenResponse.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry
18 | {
19 | public class OpenIdTokenResponse
20 | {
21 | [JsonProperty(PropertyName = "id_token")]
22 | public string IdentityToken { get; set; }
23 |
24 | [JsonProperty(PropertyName = "access_token")]
25 | public string AccessToken { get; set; }
26 |
27 | [JsonProperty(PropertyName = "refresh_token")]
28 | public string RefreshToken { get; set; }
29 |
30 | [JsonProperty(PropertyName = "token_type")]
31 | public string TokenType { get; set; }
32 |
33 | [JsonProperty(PropertyName = "expires_in")]
34 | public int ExpiresIn { get; set; }
35 |
36 | public string Scope { get; set; }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryBase/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.CompilerServices;
16 |
17 | [assembly: InternalsVisibleTo("Steeltoe.Security.Authentication.CloudFoundryBase.Test")]
18 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryBase/Steeltoe.Security.Authentication.CloudFoundryBase.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | Base Security Provider for CloudFoundry
7 | $(SteeltoeVersion)
8 | $(VersionSuffix)
9 | Pivotal;dtillman
10 | netstandard2.0
11 | Steeltoe.Security.Authentication.CloudFoundryBase
12 | Steeltoe.Security.Authentication.CloudFoundryBase
13 | CloudFoundry;ASPNET;ASPNET Core;Security;OAuth2;SSO;OpenID
14 | https://steeltoe.io/images/transparent.png
15 | https://steeltoe.io
16 | https://www.apache.org/licenses/LICENSE-2.0
17 | true
18 | true
19 | snupkg
20 |
21 |
22 | bin\$(Configuration)\$(TargetFramework)\Steeltoe.Security.Authentication.CloudFoundryBase.xml
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 | All
31 |
32 |
33 |
34 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
35 |
36 |
37 |
38 | stylecop.json
39 | Always
40 |
41 |
42 |
43 |
44 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryCore/CloudFoundryClaimActionExtensions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication.OAuth.Claims;
16 | using System;
17 | using System.Security.Claims;
18 |
19 | namespace Steeltoe.Security.Authentication.CloudFoundry
20 | {
21 | public static class CloudFoundryClaimActionExtensions
22 | {
23 | public static void MapScopes(this ClaimActionCollection collection, string claimType = "scope")
24 | {
25 | if (collection == null)
26 | {
27 | throw new ArgumentNullException(nameof(collection));
28 | }
29 |
30 | collection.Add(new CloudFoundryScopeClaimAction(claimType, ClaimValueTypes.String));
31 | }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryCore/CloudFoundryJwtBearerConfigurer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication.JwtBearer;
16 | using Microsoft.IdentityModel.Tokens;
17 | using Steeltoe.CloudFoundry.Connector.Services;
18 |
19 | namespace Steeltoe.Security.Authentication.CloudFoundry
20 | {
21 | public static class CloudFoundryJwtBearerConfigurer
22 | {
23 | internal static void Configure(SsoServiceInfo si, JwtBearerOptions jwtOptions, CloudFoundryJwtBearerOptions options)
24 | {
25 | if (jwtOptions == null || options == null)
26 | {
27 | return;
28 | }
29 |
30 | if (si != null)
31 | {
32 | options.JwtKeyUrl = si.AuthDomain + CloudFoundryDefaults.JwtTokenUri;
33 | }
34 |
35 | jwtOptions.ClaimsIssuer = options.ClaimsIssuer;
36 | jwtOptions.BackchannelHttpHandler = CloudFoundryHelper.GetBackChannelHandler(options.ValidateCertificates);
37 | jwtOptions.TokenValidationParameters = jwtOptions.TokenValidationParameters ?? new TokenValidationParameters();
38 | jwtOptions.TokenValidationParameters.ValidateAudience = options.TokenValidationParameters.ValidateAudience;
39 | jwtOptions.TokenValidationParameters.ValidateIssuer = options.TokenValidationParameters.ValidateIssuer;
40 | jwtOptions.TokenValidationParameters.ValidateLifetime = options.TokenValidationParameters.ValidateLifetime;
41 | jwtOptions.TokenValidationParameters = CloudFoundryHelper.GetTokenValidationParameters(jwtOptions.TokenValidationParameters, options.JwtKeyUrl, jwtOptions.BackchannelHttpHandler, options.ValidateCertificates);
42 | jwtOptions.SaveToken = options.SaveToken;
43 | }
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryCore/CloudFoundryJwtBearerOptions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication.JwtBearer;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry
18 | {
19 | public class CloudFoundryJwtBearerOptions : JwtBearerOptions
20 | {
21 | public CloudFoundryJwtBearerOptions()
22 | {
23 | string authURL = "http://" + CloudFoundryDefaults.OAuthServiceUrl;
24 | ClaimsIssuer = CloudFoundryDefaults.AuthenticationScheme;
25 | JwtKeyUrl = authURL + CloudFoundryDefaults.JwtTokenUri;
26 | SaveToken = true;
27 | TokenValidationParameters.ValidateAudience = false;
28 | TokenValidationParameters.ValidateIssuer = true;
29 | TokenValidationParameters.ValidateLifetime = true;
30 | }
31 |
32 | public string JwtKeyUrl { get; set; }
33 |
34 | public bool Validate_Certificates { get; set; } = true;
35 |
36 | ///
37 | /// Gets or sets a value indicating whether gets a value indicating whether to validate auth server certificate
38 | ///
39 | public bool ValidateCertificates
40 | {
41 | get { return Validate_Certificates; }
42 | set { Validate_Certificates = value; }
43 | }
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryCore/CloudFoundryOAuthConfigurer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Steeltoe.CloudFoundry.Connector.Services;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry
18 | {
19 | public static class CloudFoundryOAuthConfigurer
20 | {
21 | internal static void Configure(SsoServiceInfo si, CloudFoundryOAuthOptions options)
22 | {
23 | if (options == null)
24 | {
25 | return;
26 | }
27 |
28 | if (si != null)
29 | {
30 | options.ClientId = si.ClientId;
31 | options.ClientSecret = si.ClientSecret;
32 | options.AuthorizationEndpoint = si.AuthDomain + CloudFoundryDefaults.AuthorizationUri;
33 | options.TokenEndpoint = si.AuthDomain + CloudFoundryDefaults.AccessTokenUri;
34 | options.UserInformationEndpoint = si.AuthDomain + CloudFoundryDefaults.UserInfoUri;
35 | options.TokenInfoUrl = si.AuthDomain + CloudFoundryDefaults.CheckTokenUri;
36 | }
37 |
38 | options.BackchannelHttpHandler = CloudFoundryHelper.GetBackChannelHandler(options.ValidateCertificates);
39 | }
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryCore/CloudFoundryOpenIdConnectOptions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication.Cookies;
16 | using Microsoft.AspNetCore.Authentication.OpenIdConnect;
17 | using Microsoft.AspNetCore.Http;
18 | using Microsoft.IdentityModel.Protocols.OpenIdConnect;
19 |
20 | namespace Steeltoe.Security.Authentication.CloudFoundry
21 | {
22 | public class CloudFoundryOpenIdConnectOptions : OpenIdConnectOptions
23 | {
24 | //// https://leastprivilege.com/2017/11/15/missing-claims-in-the-asp-net-core-2-openid-connect-handler/
25 |
26 | public CloudFoundryOpenIdConnectOptions()
27 | {
28 | AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
29 | Authority = "https://" + CloudFoundryDefaults.OAuthServiceUrl;
30 | CallbackPath = new PathString(CloudFoundryDefaults.CallbackPath);
31 | ClaimsIssuer = CloudFoundryDefaults.AuthenticationScheme;
32 | ClientId = CloudFoundryDefaults.ClientId;
33 | ClientSecret = CloudFoundryDefaults.ClientSecret;
34 | ResponseType = OpenIdConnectResponseType.Code;
35 | SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
36 | TokenValidationParameters.NameClaimType = "user_name";
37 | }
38 |
39 | ///
40 | /// Gets or sets additional scopes beyond openid and profile when requesting tokens
41 | ///
42 | public string AdditionalScopes { get; set; }
43 |
44 | ///
45 | /// Gets or sets a value indicating whether to validate auth server certificate
46 | ///
47 | public bool ValidateCertificates { get; set; } = true;
48 |
49 | internal AuthServerOptions BaseOptions(string updatedClientId)
50 | {
51 | return new AuthServerOptions
52 | {
53 | ClientId = updatedClientId ?? ClientId,
54 | ClientSecret = ClientSecret,
55 | ValidateCertificates = ValidateCertificates,
56 | AuthorizationUrl = Authority
57 | };
58 | }
59 | }
60 | }
61 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryCore/CloudFoundryScopeClaimAction.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication.OAuth.Claims;
16 | using Newtonsoft.Json.Linq;
17 | using System.Security.Claims;
18 |
19 | namespace Steeltoe.Security.Authentication.CloudFoundry
20 | {
21 | public class CloudFoundryScopeClaimAction : ClaimAction
22 | {
23 | public CloudFoundryScopeClaimAction(string claimType, string valueType)
24 | : base(claimType, valueType)
25 | {
26 | }
27 |
28 | public override void Run(JObject userData, ClaimsIdentity identity, string issuer)
29 | {
30 | var scopes = CloudFoundryHelper.GetScopes(userData);
31 | if (scopes != null)
32 | {
33 | foreach (var s in scopes)
34 | {
35 | identity.AddClaim(new Claim(ClaimType, s, ValueType, issuer));
36 | }
37 | }
38 | }
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryCore/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.CompilerServices;
16 |
17 | [assembly: InternalsVisibleTo("Steeltoe.Security.Authentication.CloudFoundryCore.Test")]
18 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryCore/Readme.md:
--------------------------------------------------------------------------------
1 | # ASP.NET Core Security Provider for CloudFoundry
2 |
3 | This project contains a [ASP.NET Core External Security Providers](https://github.com/aspnet/Security) for CloudFoundry.
4 |
5 | The providers simplify using CloudFoundry OAuth2 security services (e.g. [UAA Server](https://github.com/cloudfoundry/uaa) and/or [Pivotal Single Signon](https://docs.pivotal.io/p-identity/)) for Authentication and Authorization in an ASP.NET Core application.
6 |
7 | There are two providers to choose from in this package:
8 |
9 | * A provider that enables OAuth2 Single Signon with CloudFoundry Security services. Have a look at the Steeltoe [CloudFoundrySingleSignon](https://github.com/SteeltoeOSS/Samples/tree/dev/Security/src/CloudFoundrySingleSignon) for a sample app.
10 | * A provider that enables using JWT tokens issued by CloudFoundry Security services for securing REST endpoints. Have a look at the Steeltoe [CloudFoundryJwtAuthentication](https://github.com/SteeltoeOSS/Samples/tree/dev/Security/src/CloudFoundryJwtAuthentication) for a sample app.
11 |
12 | For more information on how to use this component see the online [Steeltoe documentation](https://steeltoe.io/).
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryCore/Steeltoe.Security.Authentication.CloudFoundryCore.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | ASP.NET Core External Security Provider for CloudFoundry
7 | $(SteeltoeVersion)
8 | $(VersionSuffix)
9 | Pivotal;dtillman
10 | netstandard2.0
11 | Steeltoe.Security.Authentication.CloudFoundryCore
12 | Steeltoe.Security.Authentication.CloudFoundryCore
13 | CloudFoundry;ASPNET Core;Security;OAuth2;SSO;OpenIDConnect
14 | https://steeltoe.io/images/transparent.png
15 | https://steeltoe.io
16 | https://www.apache.org/licenses/LICENSE-2.0
17 | true
18 | true
19 | snupkg
20 |
21 |
22 | bin\$(Configuration)\$(TargetFramework)\Steeltoe.Security.Authentication.CloudFoundryCore.xml
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 | All
33 |
34 |
35 |
36 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
37 | Steeltoe.Security.Authentication.CloudFoundry
38 |
39 |
40 |
41 | stylecop.json
42 | Always
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/Constants.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin
18 | {
19 | public static class Constants
20 | {
21 | public const string DefaultAuthenticationType = "PivotalSSO";
22 |
23 | [Obsolete("Use CloudFoundryDefaults.AuthorizationUri instead")]
24 | public const string EndPointOAuthAuthorize = CloudFoundryDefaults.AuthorizationUri;
25 | [Obsolete("Use CloudFoundryDefaults.AccessTokenUri instead")]
26 | public const string EndPointOAuthToken = CloudFoundryDefaults.AccessTokenUri;
27 | [Obsolete("Use CloudFoundryDefaults.ParamsClientID instead")]
28 | public const string ParamsClientID = CloudFoundryDefaults.ParamsClientId;
29 | [Obsolete("Use CloudFoundryDefaults.ParamsClientSecret instead")]
30 | public const string ParamsClientSecret = CloudFoundryDefaults.ParamsClientSecret;
31 | [Obsolete("Use CloudFoundryDefaults.ParamsResponseType instead")]
32 | public const string ParamsResponseType = CloudFoundryDefaults.ParamsResponseType;
33 | [Obsolete("Use CloudFoundryDefaults.ParamsScope instead")]
34 | public const string ParamsScope = CloudFoundryDefaults.ParamsScope;
35 | [Obsolete("Use CloudFoundryDefaults.ParamsRedirectUri instead")]
36 | public const string ParamsRedirectUri = CloudFoundryDefaults.ParamsRedirectUri;
37 | [Obsolete("Use CloudFoundryDefaults.ParamsGrantType instead")]
38 | public const string ParamsGrantType = CloudFoundryDefaults.ParamsGrantType;
39 | [Obsolete("Use CloudFoundryDefaults.ParamsTokenFormat instead")]
40 | public const string ParamsTokenFormat = CloudFoundryDefaults.ParamsTokenFormat;
41 | [Obsolete("Use CloudFoundryDefaults.ParamsCode instead")]
42 | public const string ParamsCode = CloudFoundryDefaults.ParamsCode;
43 |
44 | public const string ScopeOpenID = "openid";
45 | public const string GrantTypeAuthorizationCode = "authorization_code";
46 | public const string ResponseTypeIDToken = "id_token";
47 | public const string TokenFormatOpaque = "opaque";
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/ForwardedProtocolMiddleware.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Owin;
16 | using System.Threading.Tasks;
17 |
18 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin
19 | {
20 | public class ForwardedProtocolMiddleware : OwinMiddleware
21 | {
22 | public ForwardedProtocolMiddleware(OwinMiddleware next)
23 | : base(next)
24 | {
25 | }
26 |
27 | public override async Task Invoke(IOwinContext context)
28 | {
29 | if (context.Request.Headers["X-Forwarded-Proto"] == "https" && context.Request.Scheme != "https")
30 | {
31 | context.Request.Scheme = "https";
32 | context.Request.Headers.Remove("X-Forwarded-Proto");
33 | }
34 |
35 | await Next.Invoke(context);
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/JwtBearer/CloudFoundryJwtBearerAuthenticationOptions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Owin.Security.Jwt;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry
18 | {
19 | public class CloudFoundryJwtBearerAuthenticationOptions : JwtBearerAuthenticationOptions
20 | {
21 | public CloudFoundryJwtBearerAuthenticationOptions()
22 | {
23 | string authURL = "http://" + CloudFoundryDefaults.OAuthServiceUrl;
24 | JwtKeyUrl = authURL + CloudFoundryDefaults.JwtTokenUri;
25 | }
26 |
27 | ///
28 | /// Gets or sets a value indicating whether auth middleware is added if no service binding is found
29 | ///
30 | /// Is set to 'true' for compatibility with releases prior to Steeltoe 2.2.
31 | public bool SkipAuthIfNoBoundSSOService { get; set; } = true;
32 |
33 | public string JwtKeyUrl { get; set; }
34 |
35 | public bool ValidateCertificates { get; set; } = true;
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/JwtBearer/CloudFoundryJwtOwinConfigurer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Steeltoe.CloudFoundry.Connector.Services;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry
18 | {
19 | public static class CloudFoundryJwtOwinConfigurer
20 | {
21 | ///
22 | /// Apply service binding info to JWT options
23 | ///
24 | /// Info for bound SSO Service
25 | /// Options to be updated
26 | internal static void Configure(SsoServiceInfo si, CloudFoundryJwtBearerAuthenticationOptions options)
27 | {
28 | if (options == null)
29 | {
30 | return;
31 | }
32 |
33 | if (si != null)
34 | {
35 | options.JwtKeyUrl = si.AuthDomain + CloudFoundryDefaults.JwtTokenUri;
36 | }
37 |
38 | var backchannelHttpHandler = CloudFoundryHelper.GetBackChannelHandler(options.ValidateCertificates);
39 | options.TokenValidationParameters = CloudFoundryHelper.GetTokenValidationParameters(options.TokenValidationParameters, options.JwtKeyUrl, backchannelHttpHandler, options.ValidateCertificates);
40 | }
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/OpenIdConnect/OpenIDConnectExtension.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Owin;
16 | using System;
17 | using System.Net;
18 |
19 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin
20 | {
21 | public static class OpenIDConnectExtension
22 | {
23 | [Obsolete("Use app.UseCloudFoundryOpenIdConnect instead")]
24 | public static IAppBuilder UseOpenIDConnect(this IAppBuilder app, OpenIDConnectOptions options)
25 | {
26 | // In order to talk to Pivotal SSO tile, we must limit the TLS defaults used by the service
27 | // point manager, otherwise the SSO tile will reject the TLS level on the connection and remotely
28 | // close the socket.
29 | ServicePointManager.SecurityProtocol =
30 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
31 |
32 | return app.Use(typeof(OpenIDConnectAuthenticationMiddleware), app, options);
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/OpenIdConnect/OpenIDTokenResponse.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin
18 | {
19 | [Obsolete("This class will be removed in a future release, use Steeltoe.Security.Authentication.CloudFoundry.OpenIdTokenResponse instead.")]
20 | public class OpenIDTokenResponse : OpenIdTokenResponse
21 | {
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Owin;
16 | using Microsoft.Owin.Security;
17 | using Microsoft.Owin.Security.DataHandler;
18 | using Microsoft.Owin.Security.DataProtection;
19 | using Microsoft.Owin.Security.Infrastructure;
20 | using Owin;
21 | using System;
22 |
23 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin
24 | {
25 | public class OpenIdConnectAuthenticationMiddleware : AuthenticationMiddleware
26 | {
27 | public OpenIdConnectAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app, OpenIdConnectOptions options)
28 | : base(next, options)
29 | {
30 | if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
31 | {
32 | options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
33 | }
34 |
35 | if (options.StateDataFormat == null)
36 | {
37 | var dataProtector = app.CreateDataProtector(
38 | typeof(OpenIdConnectAuthenticationMiddleware).FullName,
39 | options.AuthenticationType);
40 |
41 | options.StateDataFormat = new PropertiesDataFormat(dataProtector);
42 | }
43 | }
44 |
45 | protected override AuthenticationHandler CreateHandler()
46 | {
47 | return new OpenIdConnectAuthenticationHandler(Options.LoggerFactory?.CreateLogger("OpenIdConnectAuthenticationHandler"));
48 | }
49 | }
50 |
51 | #pragma warning disable SA1402 // File may only contain a single class
52 | [Obsolete("This class has been renamed OpenIdConnectAuthenticationHandler")]
53 | public class OpenIDConnectAuthenticationMiddleware : OpenIdConnectAuthenticationMiddleware
54 | #pragma warning restore SA1402 // File may only contain a single class
55 | {
56 | public OpenIDConnectAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app, OpenIDConnectOptions options)
57 | : base(next, app, options)
58 | {
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/OpenIdConnect/OpenIdConnectConfigurer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Steeltoe.CloudFoundry.Connector.Services;
16 | using System;
17 |
18 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin
19 | {
20 | public static class OpenIdConnectConfigurer
21 | {
22 | ///
23 | /// Apply service binding info to an instance
24 | ///
25 | /// Service binding information
26 | /// OpenID options to be updated
27 | internal static void Configure(SsoServiceInfo si, OpenIdConnectOptions options)
28 | {
29 | if (options == null)
30 | {
31 | throw new ArgumentNullException(nameof(options));
32 | }
33 |
34 | if (si == null)
35 | {
36 | return;
37 | }
38 |
39 | options.AuthDomain = si.AuthDomain;
40 | options.ClientId = si.ClientId;
41 | options.ClientSecret = si.ClientSecret;
42 | }
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.CompilerServices;
16 |
17 | [assembly: InternalsVisibleTo("Steeltoe.Security.Authentication.CloudFoundryOwin.Test")]
18 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/Steeltoe.Security.Authentication.CloudFoundryOwin.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | ASP.NET 4.x External Security Provider for CloudFoundry - Owin
7 | $(SteeltoeVersion)
8 | $(VersionSuffix)
9 | Pivotal;dtillman
10 | net461
11 | Steeltoe.Security.Authentication.CloudFoundryOwin
12 | Steeltoe.Security.Authentication.CloudFoundryOwin
13 | CloudFoundry;ASPNET;Security;OAuth2;SSO
14 | https://steeltoe.io/images/transparent.png
15 | https://steeltoe.io
16 | https://www.apache.org/licenses/LICENSE-2.0
17 | true
18 | true
19 | snupkg
20 |
21 |
22 |
23 | bin\$(Configuration)\$(TargetFramework)\Steeltoe.Security.Authentication.CloudFoundryOwin.xml
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 | All
34 |
35 |
36 |
37 |
38 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
39 | Steeltoe.Security.Authentication.CloudFoundry.Owin
40 |
41 |
42 |
43 | stylecop.json
44 | Always
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryOwin/UriUtility.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Owin;
16 | using Microsoft.Owin.Infrastructure;
17 | using System;
18 |
19 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin
20 | {
21 | internal static class UriUtility
22 | {
23 | ///
24 | /// Determine full redirect uri to send user to auth server, include a valid return path
25 | ///
26 | /// Auth configuration
27 | /// HTTP Request information, for generating a valid return paht
28 | /// A URL with enough info for the auth server to identify the app and return the user to the right location after auth
29 | internal static string CalculateFullRedirectUri(OpenIdConnectOptions options, IOwinRequest request)
30 | {
31 | var uri = options.AuthDomain + CloudFoundryDefaults.AuthorizationUri;
32 |
33 | var queryString = WebUtilities.AddQueryString(uri, CloudFoundryDefaults.ParamsClientId, options.ClientId);
34 | queryString = WebUtilities.AddQueryString(queryString, CloudFoundryDefaults.ParamsResponseType, "code");
35 | queryString = WebUtilities.AddQueryString(queryString, CloudFoundryDefaults.ParamsScope, $"{Constants.ScopeOpenID} {options.AdditionalScopes}");
36 | queryString = WebUtilities.AddQueryString(queryString, CloudFoundryDefaults.ParamsRedirectUri, DetermineRedirectUri(options, request));
37 |
38 | return queryString;
39 | }
40 |
41 | private static string DetermineRedirectUri(OpenIdConnectOptions options, IOwinRequest request)
42 | {
43 | return request.Scheme +
44 | Uri.SchemeDelimiter +
45 | request.Host +
46 | options.CallbackPath;
47 | }
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryWcf/CloudFoundryExtensions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Extensions.Configuration;
16 | using Microsoft.Extensions.Logging;
17 | using Steeltoe.CloudFoundry.Connector;
18 | using Steeltoe.CloudFoundry.Connector.Services;
19 | using System;
20 | using System.Net.Http;
21 | using System.ServiceModel;
22 |
23 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf
24 | {
25 | public static class CloudFoundryExtensions
26 | {
27 | ///
28 | /// Adds the to a
29 | ///
30 | /// Your service to be secured with JWT Auth
31 | /// Your application configuration, including VCAP_SERVICES
32 | /// Provide your own http client for interacting with the security server
33 | /// For logging within the library
34 | /// Your service
35 | public static ServiceHost AddJwtAuthorization(this ServiceHost serviceHost, IConfiguration configuration, HttpClient httpClient = null, LoggerFactory loggerFactory = null)
36 | {
37 | if (serviceHost == null)
38 | {
39 | throw new ArgumentNullException(nameof(serviceHost));
40 | }
41 |
42 | if (configuration == null)
43 | {
44 | throw new ArgumentNullException(nameof(configuration));
45 | }
46 |
47 | // get options with defaults
48 | var cloudFoundryOptions = new CloudFoundryOptions(loggerFactory);
49 |
50 | // get and apply config from application
51 | var securitySection = configuration.GetSection(CloudFoundryDefaults.SECURITY_CLIENT_SECTION_PREFIX);
52 | securitySection.Bind(cloudFoundryOptions);
53 |
54 | // get and apply service binding info
55 | SsoServiceInfo info = configuration.GetSingletonServiceInfo();
56 | CloudFoundryOptionsConfigurer.Configure(info, cloudFoundryOptions);
57 |
58 | var authManager = new JwtAuthorizationManager(cloudFoundryOptions);
59 | serviceHost.Authorization.ServiceAuthorizationManager = authManager;
60 |
61 | return serviceHost;
62 | }
63 | }
64 | }
65 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryWcf/CloudFoundryOptionsConfigurer.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Steeltoe.CloudFoundry.Connector.Services;
16 | using System;
17 |
18 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf
19 | {
20 | internal static class CloudFoundryOptionsConfigurer
21 | {
22 | ///
23 | /// Apply service binding info to an instance
24 | ///
25 | /// Service binding information
26 | /// CloudFoundryOptions options to be updated
27 | internal static void Configure(SsoServiceInfo si, CloudFoundryOptions options)
28 | {
29 | if (options == null)
30 | {
31 | throw new ArgumentNullException(nameof(options));
32 | }
33 |
34 | if (si == null)
35 | {
36 | return;
37 | }
38 |
39 | options.AuthorizationUrl = si.AuthDomain;
40 | options.ClientId = si.ClientId;
41 | options.ClientSecret = si.ClientSecret;
42 |
43 | var backchannelHttpHandler = CloudFoundryHelper.GetBackChannelHandler(options.ValidateCertificates);
44 | options.TokenValidationParameters = CloudFoundryHelper.GetTokenValidationParameters(options.TokenValidationParameters, options.AuthorizationUrl + CloudFoundryDefaults.JwtTokenUri, backchannelHttpHandler, options.ValidateCertificates, options);
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryWcf/JsonWebKeySetEx.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.IdentityModel.Tokens;
16 | using System;
17 |
18 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf
19 | {
20 | [Obsolete]
21 | public class JsonWebKeySetEx : JsonWebKeySet
22 | {
23 | public JsonWebKeySetEx(string json)
24 | : base(json)
25 | {
26 | // try to see if its just one key not the set
27 | if (Keys == null || Keys.Count == 0)
28 | {
29 | JsonWebKey key = new JsonWebKey(json);
30 | if (key != null)
31 | {
32 | Keys.Add(key);
33 | }
34 | }
35 | }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryWcf/JwtHeaderEndpointBehavior.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Configuration;
17 | using System.ServiceModel.Channels;
18 | using System.ServiceModel.Configuration;
19 | using System.ServiceModel.Description;
20 | using System.ServiceModel.Dispatcher;
21 |
22 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf
23 | {
24 | public class JwtHeaderEndpointBehavior : BehaviorExtensionElement, IEndpointBehavior
25 | {
26 | private const string SSOPropertyName = "ssoName";
27 | private CloudFoundryOptions _options;
28 | private string _userToken;
29 |
30 | public JwtHeaderEndpointBehavior(CloudFoundryOptions options, string userToken = null)
31 | {
32 | _options = options;
33 | _userToken = userToken;
34 | }
35 |
36 | [ConfigurationProperty(SSOPropertyName)]
37 | public string SsoName
38 | {
39 | get
40 | {
41 | return (string)this[SSOPropertyName];
42 | }
43 |
44 | set
45 | {
46 | this[SSOPropertyName] = value;
47 | }
48 | }
49 |
50 | public override Type BehaviorType
51 | {
52 | get { return typeof(JwtHeaderEndpointBehavior); }
53 | }
54 |
55 | public void ApplyClientBehavior(ServiceEndpoint endpoint, ClientRuntime clientRuntime)
56 | {
57 | clientRuntime.ClientMessageInspectors.Add(new JwtHeaderMessageInspector(_options, _userToken));
58 | }
59 |
60 | public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
61 | {
62 | }
63 |
64 | public void ApplyDispatchBehavior(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher)
65 | {
66 | }
67 |
68 | public void Validate(ServiceEndpoint endpoint)
69 | {
70 | }
71 |
72 | protected override object CreateBehavior()
73 | {
74 | // Create the endpoint behavior that will insert the message inspector into the client runtime
75 | return new JwtHeaderEndpointBehavior(_options, _userToken);
76 | }
77 | }
78 | }
79 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryWcf/PrincipalPermissionEnvAttribute.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Security;
17 | using System.Security.Permissions;
18 | using System.Security.Principal;
19 | using System.Threading;
20 |
21 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf
22 | {
23 | [Serializable]
24 | [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
25 | public class PrincipalPermissionEnvAttribute : CodeAccessSecurityAttribute
26 | {
27 | private readonly bool _authenticated;
28 |
29 | public string ConfigurationName { get; set; }
30 |
31 | public string Role { get; set; }
32 |
33 | public PrincipalPermissionEnvAttribute(SecurityAction action)
34 | : base(action)
35 | {
36 | _authenticated = true;
37 | }
38 |
39 | public override IPermission CreatePermission()
40 | {
41 | if (Unrestricted)
42 | {
43 | return new PrincipalPermission(PermissionState.Unrestricted);
44 | }
45 |
46 | string matchACL = Environment.GetEnvironmentVariable(Role);
47 | if (string.IsNullOrEmpty(matchACL))
48 | {
49 | CloudFoundryWcfTokenValidator.ThrowJwtException("Configuration for not provided for Role: " + Role, "insufficient_scope");
50 | }
51 |
52 | IPrincipal principal = Thread.CurrentPrincipal;
53 |
54 | if (principal.IsInRole(matchACL))
55 | {
56 | return new PrincipalPermission(principal.Identity.Name, matchACL, _authenticated);
57 | }
58 | else
59 | {
60 | Console.Out.WriteLine("Access denied user is not in Role: " + Role);
61 | CloudFoundryWcfTokenValidator.ThrowJwtException("Access denied user is not in Role: " + Role, "insufficient_scope");
62 | return null;
63 | }
64 | }
65 | }
66 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryWcf/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.CompilerServices;
16 |
17 | [assembly: InternalsVisibleTo("Steeltoe.Security.Authentication.CloudFoundryWcf.Test")]
18 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryWcf/ScopePermission.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Security;
17 | using System.Security.Claims;
18 | using System.Security.Permissions;
19 | using System.Web;
20 |
21 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf
22 | {
23 | [Serializable]
24 | public sealed class ScopePermission : IPermission, ISecurityEncodable, IUnrestrictedPermission
25 | {
26 | public string Scope { get; set; }
27 |
28 | public ScopePermission(string name, string scope)
29 | {
30 | Scope = scope;
31 | }
32 |
33 | public bool IsUnrestricted()
34 | {
35 | return true;
36 | }
37 |
38 | public void Demand()
39 | {
40 | ClaimsPrincipal principal = HttpContext.Current.User as ClaimsPrincipal;
41 |
42 | if (principal == null || !principal.HasClaim("scope", Scope))
43 | {
44 | Console.Out.WriteLine("Access denied token is not in Scope: " + Scope);
45 | CloudFoundryWcfTokenValidator.ThrowJwtException("Access denied token does not have Scope: " + Scope, "insufficient_scope");
46 | }
47 | }
48 |
49 | public IPermission Intersect(IPermission target)
50 | {
51 | if (target == null)
52 | {
53 | return null;
54 | }
55 |
56 | return new ScopePermission(null, Scope);
57 | }
58 |
59 | public bool IsSubsetOf(IPermission target)
60 | {
61 | if (target == null)
62 | {
63 | return false;
64 | }
65 |
66 | return true;
67 | }
68 |
69 | public IPermission Union(IPermission target)
70 | {
71 | if (target == null)
72 | {
73 | return null;
74 | }
75 |
76 | return new ScopePermission(null, Scope);
77 | }
78 |
79 | public void FromXml(SecurityElement e)
80 | {
81 | throw new NotImplementedException();
82 | }
83 |
84 | public SecurityElement ToXml()
85 | {
86 | throw new NotImplementedException();
87 | }
88 |
89 | public IPermission Copy()
90 | {
91 | throw new NotImplementedException();
92 | }
93 | }
94 | }
95 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.Authentication.CloudFoundryWcf/ScopePermissionAttribute.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Security;
17 | using System.Security.Permissions;
18 | using System.Threading;
19 |
20 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf
21 | {
22 | [Serializable]
23 | [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
24 | public class ScopePermissionAttribute : CodeAccessSecurityAttribute
25 | {
26 | public string Scope { get; set; }
27 |
28 | public ScopePermissionAttribute(SecurityAction action)
29 | : base(action)
30 | {
31 | }
32 |
33 | public override IPermission CreatePermission()
34 | {
35 | return new ScopePermission(Thread.CurrentPrincipal.Identity.Name, Scope);
36 | }
37 | }
38 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/CredHubEnums.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using Newtonsoft.Json.Converters;
17 | using System.ComponentModel;
18 | using System.Runtime.Serialization;
19 |
20 | namespace Steeltoe.Security.DataProtection.CredHub
21 | {
22 | public enum CredentialType
23 | {
24 | Value,
25 | Password,
26 | User,
27 | JSON,
28 | Certificate,
29 | RSA,
30 | SSH
31 | }
32 |
33 | public enum CertificateKeyLength
34 | {
35 | Length_2048 = 2048,
36 | Length_3072 = 3072,
37 | Length_4096 = 4096
38 | }
39 |
40 | #pragma warning disable SA1300 // ElementMustBeginWithUpperCaseLetter
41 | ///
42 | /// Overwrite mode for existing credentials (https://credhub-api.cfapps.io/#overwriting-credential-values)
43 | ///
44 | [JsonConverter(typeof(StringEnumConverter))]
45 | public enum OverwiteMode
46 | {
47 | [EnumMember(Value = "no-overwrite")]
48 | noOverwrite,
49 | overwrite,
50 | converge
51 | }
52 |
53 | ///
54 | /// Uses for certificates
55 | ///
56 | [JsonConverter(typeof(StringEnumConverter))]
57 | public enum KeyUsage
58 | {
59 | digital_signature,
60 | non_repudiation,
61 | key_encipherment,
62 | data_encipherment,
63 | key_agreement,
64 | key_cert_sign,
65 | crl_sign,
66 | encipher_only,
67 | decipher_only
68 | }
69 |
70 | ///
71 | /// Extended key usage for certificates
72 | ///
73 | [JsonConverter(typeof(StringEnumConverter))]
74 | public enum ExtendedKeyUsage
75 | {
76 | [Description("Client Auth")]
77 | client_auth,
78 | server_auth,
79 | code_signing,
80 | email_protection,
81 | timestamping
82 | }
83 |
84 | ///
85 | /// Operations that can be allowed for an actor
86 | ///
87 | [JsonConverter(typeof(StringEnumConverter))]
88 | public enum OperationPermissions
89 | {
90 | read,
91 | write,
92 | delete,
93 | read_acl,
94 | write_acl
95 | }
96 | #pragma warning restore SA1300 // ElementMustBeginWithUpperCaseLetter
97 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/CredHubException.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class CredHubException : Exception
20 | {
21 | public CredHubException(string message)
22 | : base(message)
23 | {
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/CredHubGenerateRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using System.Collections.Generic;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | public abstract class CredHubGenerateRequest : CredHubBaseObject
21 | {
22 | ///
23 | /// Gets or sets a value indicating the overwrite interaction mode
24 | ///
25 | public OverwiteMode Mode { get; set; } = OverwiteMode.noOverwrite;
26 |
27 | ///
28 | /// Gets or sets parameters for generating credential
29 | ///
30 | public object Parameters { get; set; }
31 |
32 | ///
33 | /// Gets or sets optionally set permissions on the credential
34 | ///
35 | [JsonProperty("additional_permissions")]
36 | public List AdditionalPermissions { get; set; }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/CredHubOptions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | ///
20 | /// Configured CredHub client
21 | ///
22 | public class CredHubOptions
23 | {
24 | ///
25 | /// Gets or sets routable address of CredHub server
26 | ///
27 | public string CredHubUrl { get; set; } = "https://credhub.service.cf.internal:8844/api";
28 |
29 | ///
30 | /// Gets or sets Client Id for interactions with UAA
31 | ///
32 | public string ClientId { get; set; }
33 |
34 | ///
35 | /// Gets or sets Client Secret for interactions with UAA
36 | ///
37 | public string ClientSecret { get; set; }
38 |
39 | ///
40 | /// Gets or sets a value indicating whether validate server certificates for UAA and CredHub servers
41 | ///
42 | public bool ValidateCertificates { get; set; } = true;
43 |
44 | ///
45 | /// Perform basic validation to make sure a Client Id and Secret have been provided
46 | ///
47 | public void Validate()
48 | {
49 | if (string.IsNullOrEmpty(ClientId))
50 | {
51 | throw new ArgumentException("A Client Id is required for the CredHub Client");
52 | }
53 |
54 | if (string.IsNullOrEmpty(ClientSecret))
55 | {
56 | throw new ArgumentException("A Client Secret is required for the CredHub Client");
57 | }
58 | }
59 | }
60 | }
61 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/CredHubServerInfo.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using System.Collections.Generic;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | ///
21 | /// Response object from CredHub /info endpoint
22 | ///
23 | public class CredHubServerInfo
24 | {
25 | [JsonProperty("auth-server")]
26 | public Dictionary AuthServer { get; set; }
27 |
28 | public Dictionary App { get; set; }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/CredentialFindResponse.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | ///
20 | /// Used internally to process results of a Find request
21 | ///
22 | internal class CredentialFindResponse
23 | {
24 | ///
25 | /// Gets or sets credentials found by query
26 | ///
27 | public List Credentials { get; set; }
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/CredentialPath.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace Steeltoe.Security.DataProtection.CredHub
16 | {
17 | ///
18 | /// Path to a credential in CredHub
19 | ///
20 | public class CredentialPath
21 | {
22 | ///
23 | /// Gets or sets path containing one or more credentials
24 | ///
25 | public string Path { get; set; }
26 | }
27 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/CredentialPathsResponse.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | ///
20 | /// Used internally to process a list of paths from CredHub
21 | ///
22 | internal class CredentialPathsResponse
23 | {
24 | ///
25 | /// Gets or sets list of paths containing credentials
26 | ///
27 | public List Paths { get; set; }
28 | }
29 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Certificate/CertificateCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class CertificateCredential : ICredentialValue
20 | {
21 | ///
22 | /// Gets or sets certificate of the Certificate Authority
23 | ///
24 | [JsonProperty("ca")]
25 | public string CertificateAuthority { get; set; }
26 |
27 | ///
28 | /// Gets or sets name of CA credential in credhub that has signed this certificate
29 | ///
30 | [JsonProperty("ca_name")]
31 | public string CertificateAuthorityName { get; set; }
32 |
33 | ///
34 | /// Gets or sets string representation of the certificate
35 | ///
36 | public string Certificate { get; set; }
37 |
38 | ///
39 | /// Gets or sets private key for the certificate
40 | ///
41 | [JsonProperty("private_key")]
42 | public string PrivateKey { get; set; }
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Certificate/CertificateSetRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Collections.Generic;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | public class CertificateSetRequest : CredentialSetRequest
21 | {
22 | ///
23 | /// Initializes a new instance of the class.
24 | /// For writing a certificate to CredHub
25 | ///
26 | /// Name of credential to set
27 | /// Private key value of credential to set
28 | /// Certificate value of credential to set
29 | /// Certificate authority value of credential to set
30 | /// Name of CA credential in credhub that has signed this certificate
31 | /// List of additional permissions to set on credential
32 | /// Overwrite existing credential (default: no-overwrite)
33 | /// Must include either the CA or CA Name
34 | public CertificateSetRequest(string credentialName, string privateKey, string certificate, string certificateAuthority = null, string certificateAuthorityName = null, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
35 | {
36 | if (!string.IsNullOrEmpty(certificateAuthority) && !string.IsNullOrEmpty(certificateAuthorityName))
37 | {
38 | throw new ArgumentException("You must specify either the CA Certificate or the name, not both");
39 | }
40 |
41 | Name = credentialName;
42 | Type = CredentialType.Certificate;
43 | Value = new CertificateCredential
44 | {
45 | PrivateKey = privateKey,
46 | Certificate = certificate,
47 | CertificateAuthority = certificateAuthority,
48 | CertificateAuthorityName = certificateAuthorityName
49 | };
50 | AdditionalPermissions = additionalPermissions;
51 | Mode = overwriteMode;
52 | }
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Certificate/RegeneratedCertificates.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using System.Collections.Generic;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | ///
21 | /// Return object from bulk certificate regeneration request
22 | ///
23 | public class RegeneratedCertificates
24 | {
25 | ///
26 | /// Gets or sets names of certificates that were regenerated
27 | ///
28 | [JsonProperty("regenerated_credentials")]
29 | public List RegeneratedCredentials { get; set; }
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/CredHubBaseObject.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using Newtonsoft.Json.Converters;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | ///
21 | /// Common properties for CredHub requests
22 | ///
23 | public partial class CredHubBaseObject
24 | {
25 | ///
26 | /// Gets or sets name of Credential
27 | ///
28 | public string Name { get; set; }
29 |
30 | ///
31 | /// Gets or sets type of Credential
32 | ///
33 | [JsonConverter(typeof(StringEnumConverter))]
34 | public CredentialType Type { get; set; }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/CredHubCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class CredHubCredential : CredHubBaseObject
20 | {
21 | ///
22 | /// Gets or sets when this (version of this) credential was created
23 | ///
24 | public DateTime Version_Created_At { get; set; }
25 |
26 | ///
27 | /// Gets or sets credential ID (assigned by CredHub)
28 | ///
29 | public Guid Id { get; set; }
30 |
31 | ///
32 | /// Gets or sets value of the credential
33 | ///
34 | public T Value { get; set; }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/CredHubResponse.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | internal class CredHubResponse
20 | {
21 | public List> Data { get; set; }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/CredentialSetRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using System.Collections.Generic;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | public class CredentialSetRequest : CredHubBaseObject
21 | {
22 | ///
23 | /// Gets or sets value of the credential to be set
24 | ///
25 | public ICredentialValue Value { get; set; }
26 |
27 | ///
28 | /// Gets or sets a value indicating the overwrite interaction mode
29 | ///
30 | public OverwiteMode Mode { get; set; } = OverwiteMode.noOverwrite;
31 |
32 | ///
33 | /// Gets or sets optionally set permissions on the credential
34 | ///
35 | [JsonProperty("additional_permissions")]
36 | public List AdditionalPermissions { get; set; }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/ICredentialParameter.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace Steeltoe.Security.DataProtection.CredHub
16 | {
17 | public interface ICredentialParameter
18 | {
19 | }
20 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/JSON/JsonCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using Newtonsoft.Json.Linq;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | [JsonConverter(typeof(JsonCredentialJsonConverter))]
21 | public class JsonCredential : ICredentialValue
22 | {
23 | public JsonCredential(JObject value)
24 | {
25 | Value = value;
26 | }
27 |
28 | public JsonCredential(string valueAsString)
29 | {
30 | Value = JObject.Parse(valueAsString);
31 | }
32 |
33 | public JObject Value { get; private set; }
34 |
35 | public override string ToString()
36 | {
37 | return Value.ToString();
38 | }
39 |
40 | public override bool Equals(object obj)
41 | {
42 | return Value.ToString() == obj.ToString();
43 | }
44 |
45 | public override int GetHashCode()
46 | {
47 | return base.GetHashCode();
48 | }
49 | }
50 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/JSON/JsonSetRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json.Linq;
16 | using System.Collections.Generic;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | public class JsonSetRequest : CredentialSetRequest
21 | {
22 | ///
23 | /// Initializes a new instance of the class.
24 | ///
25 | /// Name of credential
26 | /// Value of the credential to set
27 | /// List of additional permissions to set on credential
28 | /// Overwrite existing credential (default: no-overwrite)
29 | public JsonSetRequest(string credentialName, JObject value, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
30 | {
31 | Name = credentialName;
32 | Type = CredentialType.JSON;
33 | Value = new JsonCredential(value);
34 | AdditionalPermissions = additionalPermissions;
35 | Mode = overwriteMode;
36 | }
37 |
38 | ///
39 | /// Initializes a new instance of the class.
40 | ///
41 | /// Name of credential
42 | /// Value of the credential to set
43 | /// List of additional permissions to set on credential
44 | /// Overwrite existing credential (default: no-overwrite)
45 | public JsonSetRequest(string credentialName, string value, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
46 | {
47 | Name = credentialName;
48 | Type = CredentialType.JSON;
49 | Value = new JsonCredential(value);
50 | AdditionalPermissions = additionalPermissions;
51 | Mode = overwriteMode;
52 | }
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/KeyPairCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public abstract class KeyPairCredential : ICredentialValue
20 | {
21 | ///
22 | /// Gets or sets public key for a credential
23 | ///
24 | [JsonProperty("public_key")]
25 | public string PublicKey { get; set; }
26 |
27 | ///
28 | /// Gets or sets private key for a certificate
29 | ///
30 | [JsonProperty("private_key")]
31 | public string PrivateKey { get; set; }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/KeyParameters.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class KeyParameters : ICredentialParameter
20 | {
21 | ///
22 | /// Gets or sets specify the length of key to be generated
23 | ///
24 | [JsonProperty("key_length")]
25 | public CertificateKeyLength KeyLength { get; set; } = CertificateKeyLength.Length_2048;
26 | }
27 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Password/PasswordCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class PasswordCredential : StringCredential
20 | {
21 | public PasswordCredential(string value)
22 | : base(value)
23 | {
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Password/PasswordGenerationParameters.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | ///
20 | /// Parameters for generating a new password credential. All parameters are optional
21 | ///
22 | public class PasswordGenerationParameters
23 | {
24 | ///
25 | /// Gets or sets length of generated password value
26 | ///
27 | public int? Length { get; set; }
28 |
29 | ///
30 | /// Gets or sets exclude upper case alpha characters from generated credential value
31 | ///
32 | [JsonProperty("exclude_upper")]
33 | public bool? ExcludeUpper { get; set; }
34 |
35 | ///
36 | /// Gets or sets exclude lower case alpha characters from generated credential value
37 | ///
38 | [JsonProperty("exclude_lower")]
39 | public bool? ExcludeLower { get; set; }
40 |
41 | ///
42 | /// Gets or sets exclude numeric characters from generated credential value
43 | ///
44 | [JsonProperty("exclude_number")]
45 | public bool? ExcludeNumber { get; set; }
46 |
47 | ///
48 | /// Gets or sets include non-alphanumeric characters in generated credential value
49 | ///
50 | [JsonProperty("include_special")]
51 | public bool? IncludeSpecial { get; set; }
52 | }
53 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Password/PasswordGenerationRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class PasswordGenerationRequest : CredHubGenerateRequest
20 | {
21 | ///
22 | /// Initializes a new instance of the class.
23 | /// Use to Request a new Password
24 | ///
25 | /// Name of the credential
26 | /// Variables for password generation
27 | /// List of additional permissions to set on credential
28 | /// Overwrite existing credential (default: no-overwrite)
29 | public PasswordGenerationRequest(string credentialName, PasswordGenerationParameters parameters, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
30 | {
31 | Name = credentialName;
32 | Type = CredentialType.Password;
33 | Parameters = parameters;
34 | AdditionalPermissions = additionalPermissions;
35 | Mode = overwriteMode;
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Password/PasswordSetRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class PasswordSetRequest : CredentialSetRequest
20 | {
21 | ///
22 | /// Initializes a new instance of the class.
23 | ///
24 | /// Name of credential
25 | /// Value of the credential to set
26 | /// List of additional permissions to set on credential
27 | /// Overwrite existing credential (default: no-overwrite)
28 | public PasswordSetRequest(string credentialName, string password, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
29 | {
30 | Name = credentialName;
31 | Type = CredentialType.Password;
32 | Value = new PasswordCredential(password);
33 | AdditionalPermissions = additionalPermissions;
34 | Mode = overwriteMode;
35 | }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Permissions/CredentialPermission.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class CredentialPermission
20 | {
21 | ///
22 | /// Gets or sets schemed string identifying an actor -- auth_type:scope/primary_identifier
23 | ///
24 | public string Actor { get; set; }
25 |
26 | ///
27 | /// Gets or sets list of operations permissioned for the actor
28 | ///
29 | public List Operations { get; set; }
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Permissions/CredentialPermissions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using System.Collections.Generic;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | ///
21 | /// Internal use: for request/response with permissions endpoints
22 | ///
23 | internal class CredentialPermissions
24 | {
25 | ///
26 | /// Gets or sets name of the credential with permissions
27 | ///
28 | [JsonProperty("credential_name")]
29 | public string CredentialName { get; set; }
30 |
31 | ///
32 | /// Gets or sets list of actors and their permissions for access to this credential
33 | ///
34 | public List Permissions { get; set; }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/RSA/RsaCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace Steeltoe.Security.DataProtection.CredHub
16 | {
17 | public class RsaCredential : KeyPairCredential
18 | {
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/RSA/RsaGenerationRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class RsaGenerationRequest : CredHubGenerateRequest
20 | {
21 | ///
22 | /// Initializes a new instance of the class.
23 | /// Use to request a new RSA Credential
24 | ///
25 | /// Name of credential
26 | /// Optional Key Length (default: 2048)
27 | /// List of additional permissions to set on credential
28 | /// Overwrite existing credential (default: no-overwrite)
29 | public RsaGenerationRequest(string credentialName, CertificateKeyLength keyLength = CertificateKeyLength.Length_2048, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
30 | {
31 | Name = credentialName;
32 | Type = CredentialType.RSA;
33 | Parameters = new KeyParameters { KeyLength = keyLength };
34 | AdditionalPermissions = additionalPermissions;
35 | Mode = overwriteMode;
36 | }
37 | }
38 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/RSA/RsaSetRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class RsaSetRequest : CredentialSetRequest
20 | {
21 | ///
22 | /// Initializes a new instance of the class.
23 | ///
24 | /// Name of credential
25 | /// Private key for the credential
26 | /// Public key for the credential
27 | /// List of additional permissions to set on credential
28 | /// Overwrite existing credential (default: no-overwrite)
29 | public RsaSetRequest(string credentialName, string privateKey, string publicKey, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
30 | {
31 | Name = credentialName;
32 | Type = CredentialType.RSA;
33 | Value = new RsaCredential { PrivateKey = privateKey, PublicKey = publicKey };
34 | AdditionalPermissions = additionalPermissions;
35 | Mode = overwriteMode;
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/SSH/SshCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class SshCredential : KeyPairCredential
20 | {
21 | [JsonProperty("public_key_fingerprint")]
22 | public string PublicKeyFingerprint { get; set; }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/SSH/SshGenerationParameters.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class SshGenerationParameters : KeyParameters
20 | {
21 | [JsonProperty("ssh_comment")]
22 | public string SshComment { get; set; }
23 | }
24 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/SSH/SshGenerationRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class SshGenerationRequest : CredHubGenerateRequest
20 | {
21 | private SshGenerationParameters defaultParams = new SshGenerationParameters { KeyLength = CertificateKeyLength.Length_2048, SshComment = null };
22 |
23 | ///
24 | /// Initializes a new instance of the class.
25 | /// Use to request a new SSH Credential
26 | ///
27 | /// Name of credential
28 | /// Optional parameters (defaults to key length 2048 and no SSH Comment)
29 | /// List of additional permissions to set on credential
30 | /// Overwrite existing credential (default: no-overwrite)
31 | public SshGenerationRequest(string credentialName, SshGenerationParameters parameters = null, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
32 | {
33 | Name = credentialName;
34 | Type = CredentialType.SSH;
35 | Parameters = parameters ?? defaultParams;
36 | Mode = overwriteMode;
37 | AdditionalPermissions = additionalPermissions;
38 | }
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/SSH/SshSetRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class SshSetRequest : CredentialSetRequest
20 | {
21 | ///
22 | /// Initializes a new instance of the class.
23 | ///
24 | /// Name of credential
25 | /// Private key for the credential
26 | /// Public key for the credential
27 | /// List of additional permissions to set on credential
28 | /// Overwrite existing credential (default: no-overwrite)
29 | public SshSetRequest(string credentialName, string privateKey, string publicKey, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
30 | {
31 | Name = credentialName;
32 | Type = CredentialType.SSH;
33 | Value = new SshCredential { PrivateKey = privateKey, PublicKey = publicKey };
34 | AdditionalPermissions = additionalPermissions;
35 | Mode = overwriteMode;
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/StringCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | [JsonConverter(typeof(StringCredentialJsonConverter))]
20 | public class StringCredential : ICredentialValue
21 | {
22 | private string _value;
23 |
24 | public StringCredential(string value)
25 | {
26 | _value = value;
27 | }
28 |
29 | public override string ToString()
30 | {
31 | return _value;
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/User/UserCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | ///
20 | /// Credential for a user
21 | ///
22 | public class UserCredential : ICredentialValue
23 | {
24 | ///
25 | /// Gets or sets name of the user
26 | ///
27 | public string Username { get; set; }
28 |
29 | ///
30 | /// Gets or sets password of the user
31 | ///
32 | public string Password { get; set; }
33 |
34 | ///
35 | /// Gets or sets hashed value of the password
36 | ///
37 | [JsonProperty("password_hash")]
38 | public string PasswordHash { get; set; }
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/User/UserGenerationParameters.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace Steeltoe.Security.DataProtection.CredHub
16 | {
17 | public class UserGenerationParameters : PasswordGenerationParameters
18 | {
19 | ///
20 | /// Gets or sets user provided value for username
21 | ///
22 | public string Username { get; set; }
23 | }
24 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/User/UserGenerationRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class UserGenerationRequest : CredHubGenerateRequest
20 | {
21 | ///
22 | /// Initializes a new instance of the class.
23 | /// Use to request a new
24 | ///
25 | /// Name of credential
26 | /// Variables for username and password generation
27 | /// List of additional permissions to set on credential
28 | /// Overwrite existing credential (default: no-overwrite)
29 | public UserGenerationRequest(string credentialName, UserGenerationParameters parameters, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
30 | {
31 | Name = credentialName;
32 | Type = CredentialType.User;
33 | Parameters = parameters;
34 | AdditionalPermissions = additionalPermissions;
35 | Mode = overwriteMode;
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/User/UserSetRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class UserSetRequest : CredentialSetRequest
20 | {
21 | ///
22 | /// Initializes a new instance of the class.
23 | ///
24 | /// Name of credential
25 | /// Name of the user
26 | /// Password of the user
27 | /// List of additional permissions to set on credential
28 | /// Overwrite existing credential (default: no-overwrite)
29 | public UserSetRequest(string credentialName, string userName, string password, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
30 | {
31 | Name = credentialName;
32 | Type = CredentialType.User;
33 | Value = new UserCredential { Username = userName, Password = password };
34 | AdditionalPermissions = additionalPermissions;
35 | Mode = overwriteMode;
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Utilities/JsonCredentialJsonConverter.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using Newtonsoft.Json.Linq;
17 | using System;
18 |
19 | namespace Steeltoe.Security.DataProtection.CredHub
20 | {
21 | public class JsonCredentialJsonConverter : JsonConverter
22 | {
23 | public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
24 | {
25 | writer.WriteRawValue(value.ToString());
26 | }
27 |
28 | public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
29 | {
30 | return new JsonCredential(JObject.Load(reader));
31 | }
32 |
33 | public override bool CanConvert(Type objectType)
34 | {
35 | return objectType == typeof(JsonCredential);
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Utilities/StringCredentialJsonConverter.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using System;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub
19 | {
20 | public class StringCredentialJsonConverter : JsonConverter
21 | {
22 | public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
23 | {
24 | writer.WriteValue(value.ToString());
25 | }
26 |
27 | public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
28 | {
29 | return Activator.CreateInstance(objectType, reader.Value);
30 | }
31 |
32 | public override bool CanConvert(Type objectType)
33 | {
34 | return objectType == typeof(string);
35 | }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Value/ValueCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace Steeltoe.Security.DataProtection.CredHub
16 | {
17 | public class ValueCredential : StringCredential
18 | {
19 | public ValueCredential(string value)
20 | : base(value)
21 | {
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Credentials/Value/ValueSetRequest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | public class ValueSetRequest : CredentialSetRequest
20 | {
21 | ///
22 | /// Initializes a new instance of the class.
23 | ///
24 | /// Name of credential
25 | /// Value of the credential to set
26 | /// List of additional permissions to set on credential
27 | /// Overwrite existing credential (default: no-overwrite)
28 | public ValueSetRequest(string credentialName, string value, List additionalPermissions = null, OverwiteMode overwriteMode = OverwiteMode.noOverwrite)
29 | {
30 | Name = credentialName;
31 | Type = CredentialType.Value;
32 | Value = new ValueCredential(value);
33 | AdditionalPermissions = additionalPermissions;
34 | Mode = overwriteMode;
35 | }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/FoundCredential.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 |
17 | namespace Steeltoe.Security.DataProtection.CredHub
18 | {
19 | ///
20 | /// Credential information returned from a Find request
21 | ///
22 | public class FoundCredential
23 | {
24 | ///
25 | /// Gets or sets full name of credential
26 | ///
27 | public string Name { get; set; }
28 |
29 | ///
30 | /// Gets or sets when this version of the credential was created
31 | ///
32 | [JsonProperty("version_created_at")]
33 | public string VersionCreatedAt { get; set; }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/ICredentialValue.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | namespace Steeltoe.Security.DataProtection.CredHub
16 | {
17 | public interface ICredentialValue
18 | {
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubBase/Steeltoe.Security.DataProtection.CredHubBase.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | .NET Client for CredHub - Base Package
5 | $(SteeltoeVersion)
6 | $(VersionSuffix)
7 | Pivotal;dtillman
8 | netstandard2.0
9 | Steeltoe.Security.DataProtection.CredHubBase
10 | Steeltoe.Security.DataProtection.CredHubBase
11 | CloudFoundry;NET Core;Security;DataProtection;CredHub
12 | https://steeltoe.io/images/transparent.png
13 | https://steeltoe.io
14 | https://www.apache.org/licenses/LICENSE-2.0
15 | true
16 | true
17 | snupkg
18 |
19 |
20 | bin\$(Configuration)\$(TargetFramework)\Steeltoe.Security.DataProtection.CredHubBase.xml
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 | All
30 |
31 |
32 |
33 |
34 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
35 |
36 |
37 |
38 | stylecop.json
39 | Always
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubCore/CredHubServiceCollectionExtensions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Extensions.Configuration;
16 | using Microsoft.Extensions.DependencyInjection;
17 | using Microsoft.Extensions.Logging;
18 | using Steeltoe.Security.DataProtection.CredHub;
19 | using System;
20 |
21 | namespace Steeltoe.Security.DataProtection.CredHubCore
22 | {
23 | public static class CredHubServiceCollectionExtensions
24 | {
25 | ///
26 | /// Make a CredHubClient available to DI
27 | ///
28 | /// Uses UAA user/password authentication if configured, otherwise mTLS
29 | /// Service collection
30 | /// App configuration
31 | /// Logger factory
32 | /// Service collection with CredHubClient added in
33 | public static IServiceCollection AddCredHubClient(this IServiceCollection services, IConfiguration config, ILoggerFactory loggerFactory = null)
34 | {
35 | ILogger startupLogger = null;
36 | ILogger credhubLogger = null;
37 | if (loggerFactory != null)
38 | {
39 | startupLogger = loggerFactory.CreateLogger("Steeltoe.Security.DataProtection.CredHubCore");
40 | credhubLogger = loggerFactory.CreateLogger();
41 | }
42 |
43 | var credHubOptions = config.GetSection("CredHubClient").Get();
44 | credHubOptions.Validate();
45 |
46 | CredHubClient credHubClient;
47 | try
48 | {
49 | startupLogger?.LogTrace("Using UAA auth for CredHub client with client id {ClientId}", credHubOptions.ClientId);
50 | credHubClient = CredHubClient.CreateUAAClientAsync(credHubOptions).GetAwaiter().GetResult();
51 |
52 | services.AddSingleton(credHubClient);
53 | }
54 | catch (Exception e)
55 | {
56 | startupLogger?.LogCritical(e, "Failed to initialize CredHub client for ServiceCollection");
57 | }
58 |
59 | return services;
60 | }
61 | }
62 | }
63 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.CredHubCore/Steeltoe.Security.DataProtection.CredHubCore.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | ASP.NET Core Extensions for CredHub Client
5 | $(SteeltoeVersion)
6 | $(VersionSuffix)
7 | Pivotal;dtillman
8 | netstandard2.0
9 | Steeltoe.Security.DataProtection.CredHubCore
10 | Steeltoe.Security.DataProtection.CredHubCore
11 | CloudFoundry;ASPNET Core;Security;DataProtection;CredHub
12 | https://steeltoe.io/images/transparent.png
13 | https://steeltoe.io
14 | https://www.apache.org/licenses/LICENSE-2.0
15 | true
16 | true
17 | snupkg
18 |
19 |
20 | bin\$(Configuration)\$(TargetFramework)\Steeltoe.Security.DataProtection.CredHubCore.xml
21 |
22 |
23 |
24 |
25 |
26 |
27 | All
28 |
29 |
30 |
31 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
32 |
33 |
34 |
35 | stylecop.json
36 | Always
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.RedisCore/CloudFoundryRedisXmlRepository.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.DataProtection;
16 | using StackExchange.Redis;
17 |
18 | namespace Steeltoe.Security.DataProtection.Redis
19 | {
20 | public class CloudFoundryRedisXmlRepository : RedisXmlRepository
21 | {
22 | private const string DataProtectionKeysName = "DataProtection-Keys";
23 |
24 | public CloudFoundryRedisXmlRepository(IConnectionMultiplexer redis)
25 | : base(() => redis.GetDatabase(), DataProtectionKeysName)
26 | {
27 | }
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.RedisCore/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Runtime.CompilerServices;
16 |
17 | [assembly: InternalsVisibleTo("Steeltoe.Security.DataProtection.RedisCore.Test")]
18 |
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.RedisCore/Readme.md:
--------------------------------------------------------------------------------
1 | # ASP.NET Core DataProtection Key Storage Provider for Redis
2 |
3 | This project contains a [ASP.NET Core DataProtection Key Storage Provider](https://docs.asp.net/en/latest/security/data-protection/implementation/key-storage-providers.html) for Redis which works together with the Steeltoe Redis Connector for CloudFoundry.
4 |
5 | This provider simplifies using Redis on CloudFoundry as a custom key repository.
6 |
7 | For more information on how to use this component see the online [Steeltoe documentation](https://steeltoe.io/).
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.RedisCore/RedisDataProtectionBuilderExtensions.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.DataProtection;
16 | using Microsoft.AspNetCore.DataProtection.KeyManagement;
17 | using Microsoft.AspNetCore.DataProtection.Repositories;
18 | using Microsoft.Extensions.DependencyInjection;
19 | using Microsoft.Extensions.DependencyInjection.Extensions;
20 | using Microsoft.Extensions.Options;
21 | using Steeltoe.Security.DataProtection.Redis;
22 | using System;
23 |
24 | namespace Steeltoe.Security.DataProtection
25 | {
26 | public static class RedisDataProtectionBuilderExtensions
27 | {
28 | public static IDataProtectionBuilder PersistKeysToRedis(this IDataProtectionBuilder builder)
29 | {
30 | if (builder == null)
31 | {
32 | throw new ArgumentNullException(nameof(builder));
33 | }
34 |
35 | builder.Services.TryAddSingleton();
36 |
37 | builder.Services.AddSingleton>((p) =>
38 | {
39 | var config = new ConfigureNamedOptions(Options.DefaultName, (options) =>
40 | {
41 | options.XmlRepository = p.GetRequiredService();
42 | });
43 | return config;
44 | });
45 | return builder;
46 | }
47 | }
48 | }
--------------------------------------------------------------------------------
/src/Steeltoe.Security.DataProtection.RedisCore/Steeltoe.Security.DataProtection.RedisCore.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | ASP.NET Core DataProtection Redis Key Store
7 | $(SteeltoeVersion)
8 | $(VersionSuffix)
9 | Pivotal;dtillman
10 | netstandard2.0
11 | Steeltoe.Security.DataProtection.RedisCore
12 | Steeltoe.Security.DataProtection.RedisCore
13 | CloudFoundry;ASPNET Core;Security;DataProtection;Redis
14 | https://steeltoe.io/images/transparent.png
15 | https://steeltoe.io
16 | https://www.apache.org/licenses/LICENSE-2.0
17 | true
18 | true
19 | snupkg
20 |
21 |
22 | bin\$(Configuration)\$(TargetFramework)\Steeltoe.Security.DataProtection.RedisCore.xml
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 | All
31 |
32 |
33 |
34 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
35 |
36 |
37 |
38 | stylecop.json
39 | Always
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/stylecop.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://raw.githubusercontent.com/DotNetAnalyzers/StyleCopAnalyzers/master/StyleCop.Analyzers/StyleCop.Analyzers/Settings/stylecop.schema.json",
3 | "settings": {
4 | "documentationRules": {
5 | "copyrightText": "Copyright {copyrightYear} the original author or authors.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\nhttps://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.",
6 | "xmlHeader": false,
7 | "variables": {
8 | "copyrightYear": "2017"
9 | },
10 | "documentExposedElements": false,
11 | "documentInternalElements": false,
12 | "documentPrivateElements": false
13 | },
14 | "indentation": {
15 | "useTabs": false,
16 | "indentationSize": 4
17 | },
18 | "namingRules": {
19 | },
20 | "orderingRules": {
21 | "usingDirectivesPlacement": "outsideNamespace",
22 | "systemUsingDirectivesFirst": false
23 | },
24 | "readabilityRules": {
25 | }
26 | }
27 | }
--------------------------------------------------------------------------------
/targetframework.props:
--------------------------------------------------------------------------------
1 |
2 |
3 | $(NuGetPackageRoot)microsoft.targetingpack.netframework.v4.6.1/1.0.1/lib/net461/
4 | https://dotnet.myget.org/F/dotnet-core/api/v3/index.json
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryBaseTest/CloudFoundryTokenValidatorTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Xunit;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
18 | {
19 | public class CloudFoundryTokenValidatorTest
20 | {
21 | [Fact]
22 | public void ValidateIssuer_ValidatesCorrectly()
23 | {
24 | // arrange
25 | var cftv = new CloudFoundryTokenValidator();
26 |
27 | // act
28 | var uaaResult = cftv.ValidateIssuer("https://uaa.system.testcloud.com/", null, null);
29 | var foobarResult = cftv.ValidateIssuer("https://foobar.system.testcloud.com/", null, null);
30 |
31 | // assert
32 | Assert.NotNull(uaaResult);
33 | Assert.Null(foobarResult);
34 | }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryBaseTest/Steeltoe.Security.Authentication.CloudFoundryBase.Test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netcoreapp2.0;netcoreapp2.1;netcoreapp2.2;net461
5 | false
6 |
7 |
8 |
9 |
10 | PreserveNewest
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 | All
27 |
28 |
29 |
30 |
31 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
32 | Steeltoe.Security.Authentication.CloudFoundry.Test
33 |
34 |
35 |
36 | stylecop.json
37 | Always
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryBaseTest/TestMessageHandler.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Net.Http;
16 | using System.Threading;
17 | using System.Threading.Tasks;
18 |
19 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
20 | {
21 | public class TestMessageHandler : HttpMessageHandler
22 | {
23 | public HttpRequestMessage LastRequest { get; set; }
24 |
25 | public HttpResponseMessage Response { get; set; } = new HttpResponseMessage(System.Net.HttpStatusCode.OK);
26 |
27 | protected override Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
28 | {
29 | LastRequest = request;
30 | return Task.FromResult(Response);
31 | }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/CloudFoundryClaimActionExtensionsTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication.OAuth.Claims;
16 | using System.Linq;
17 | using Xunit;
18 |
19 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
20 | {
21 | public class CloudFoundryClaimActionExtensionsTest
22 | {
23 | [Fact]
24 | public void MapScopes_AddsClaimAction()
25 | {
26 | ClaimActionCollection col = new ClaimActionCollection();
27 | col.MapScopes();
28 | Assert.Single(col);
29 | Assert.IsType(col.FirstOrDefault());
30 | }
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/CloudFoundryJwtBearerConfigurerTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication.JwtBearer;
16 | using Steeltoe.CloudFoundry.Connector.Services;
17 |
18 | using Xunit;
19 |
20 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
21 | {
22 | public class CloudFoundryJwtBearerConfigurerTest
23 | {
24 | [Fact]
25 | public void Configure_NoServiceInfo_ReturnsExpected()
26 | {
27 | CloudFoundryJwtBearerOptions opts = new CloudFoundryJwtBearerOptions();
28 | JwtBearerOptions jwtOpts = new JwtBearerOptions();
29 |
30 | CloudFoundryJwtBearerConfigurer.Configure(null, jwtOpts, opts);
31 | Assert.True(opts.ValidateCertificates);
32 | Assert.Equal(opts.ClaimsIssuer, jwtOpts.ClaimsIssuer);
33 | Assert.Null(jwtOpts.BackchannelHttpHandler);
34 | Assert.NotNull(jwtOpts.TokenValidationParameters);
35 | Assert.Equal(opts.SaveToken, jwtOpts.SaveToken);
36 | }
37 |
38 | [Fact]
39 | public void Configure_WithServiceInfo_ReturnsExpected()
40 | {
41 | CloudFoundryJwtBearerOptions opts = new CloudFoundryJwtBearerOptions();
42 | SsoServiceInfo info = new SsoServiceInfo("foobar", "clientId", "secret", "http://domain");
43 | JwtBearerOptions jwtOpts = new JwtBearerOptions();
44 |
45 | CloudFoundryJwtBearerConfigurer.Configure(info, jwtOpts, opts);
46 | Assert.Equal("http://domain" + CloudFoundryDefaults.JwtTokenUri, opts.JwtKeyUrl);
47 | Assert.True(opts.ValidateCertificates);
48 | Assert.Equal(opts.ClaimsIssuer, jwtOpts.ClaimsIssuer);
49 | Assert.Null(jwtOpts.BackchannelHttpHandler);
50 | Assert.NotNull(jwtOpts.TokenValidationParameters);
51 | Assert.Equal(opts.SaveToken, jwtOpts.SaveToken);
52 | }
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/CloudFoundryJwtBearerOptionsTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Xunit;
16 |
17 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
18 | {
19 | public class CloudFoundryJwtBearerOptionsTest
20 | {
21 | [Fact]
22 | public void DefaultConstructor_SetsupDefaultOptions()
23 | {
24 | CloudFoundryJwtBearerOptions opts = new CloudFoundryJwtBearerOptions();
25 |
26 | string authURL = "http://" + CloudFoundryDefaults.OAuthServiceUrl;
27 | Assert.Equal(CloudFoundryDefaults.AuthenticationScheme, opts.ClaimsIssuer);
28 | Assert.Equal(authURL + CloudFoundryDefaults.JwtTokenUri, opts.JwtKeyUrl);
29 | Assert.True(opts.SaveToken);
30 | }
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/CloudFoundryOAuthOptionsTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication.Cookies;
16 | using Microsoft.AspNetCore.Http;
17 | using System.Linq;
18 |
19 | using Xunit;
20 |
21 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
22 | {
23 | public class CloudFoundryOAuthOptionsTest
24 | {
25 | [Fact]
26 | public void DefaultConstructor_SetsupDefaultOptions()
27 | {
28 | CloudFoundryOAuthOptions opts = new CloudFoundryOAuthOptions();
29 |
30 | string authURL = "http://" + CloudFoundryDefaults.OAuthServiceUrl;
31 | Assert.Equal(CloudFoundryDefaults.AuthenticationScheme, opts.ClaimsIssuer);
32 | Assert.Equal(CloudFoundryDefaults.ClientId, opts.ClientId);
33 | Assert.Equal(CloudFoundryDefaults.ClientSecret, opts.ClientSecret);
34 | Assert.Equal(new PathString("/signin-cloudfoundry"), opts.CallbackPath);
35 | Assert.Equal(authURL + CloudFoundryDefaults.AuthorizationUri, opts.AuthorizationEndpoint);
36 | Assert.Equal(authURL + CloudFoundryDefaults.AccessTokenUri, opts.TokenEndpoint);
37 | Assert.Equal(authURL + CloudFoundryDefaults.UserInfoUri, opts.UserInformationEndpoint);
38 | Assert.Equal(authURL + CloudFoundryDefaults.CheckTokenUri, opts.TokenInfoUrl);
39 | Assert.True(opts.ValidateCertificates);
40 | Assert.Equal(6, opts.ClaimActions.Count());
41 | Assert.Equal(CookieAuthenticationDefaults.AuthenticationScheme, opts.SignInScheme);
42 | Assert.True(opts.SaveTokens);
43 | }
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/CloudFoundryOpenIdConnectOptionsTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication.Cookies;
16 | using Microsoft.AspNetCore.Http;
17 | using System.Linq;
18 | using Xunit;
19 |
20 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
21 | {
22 | public class CloudFoundryOpenIdConnectOptionsTest
23 | {
24 | [Fact]
25 | public void DefaultConstructor_SetsDefaultOptions()
26 | {
27 | var opts = new CloudFoundryOpenIdConnectOptions();
28 |
29 | Assert.Equal(CloudFoundryDefaults.AuthenticationScheme, opts.ClaimsIssuer);
30 | Assert.Equal("https://" + CloudFoundryDefaults.OAuthServiceUrl, opts.Authority);
31 | Assert.Equal(CloudFoundryDefaults.ClientId, opts.ClientId);
32 | Assert.Equal(CloudFoundryDefaults.ClientSecret, opts.ClientSecret);
33 | Assert.Equal(new PathString("/signin-cloudfoundry"), opts.CallbackPath);
34 | Assert.True(opts.ValidateCertificates);
35 | Assert.Equal(21, opts.ClaimActions.Count());
36 | Assert.Equal(CookieAuthenticationDefaults.AuthenticationScheme, opts.SignInScheme);
37 | Assert.False(opts.SaveTokens);
38 | }
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/CloudFoundryScopeClaimActionTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json.Linq;
16 | using System.Security.Claims;
17 | using Xunit;
18 |
19 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
20 | {
21 | public class CloudFoundryScopeClaimActionTest
22 | {
23 | [Fact]
24 | public void Run_AddsClaims()
25 | {
26 | string resp = TestHelpers.GetValidTokenInfoRequestResponse();
27 | var payload = JObject.Parse(resp);
28 | var action = new CloudFoundryScopeClaimAction("scope", ClaimValueTypes.String);
29 | var ident = new ClaimsIdentity();
30 | action.Run(payload, ident, "Issuer");
31 | Assert.NotEmpty(ident.Claims);
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/MonitorWrapper.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Extensions.Options;
16 | using System;
17 |
18 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
19 | {
20 | public class MonitorWrapper : IOptionsMonitor
21 | {
22 | private T _options;
23 |
24 | public MonitorWrapper(T options)
25 | {
26 | _options = options;
27 | }
28 |
29 | public T CurrentValue
30 | {
31 | get
32 | {
33 | return _options;
34 | }
35 | }
36 |
37 | public T Get(string name)
38 | {
39 | return _options;
40 | }
41 |
42 | public IDisposable OnChange(Action listener)
43 | {
44 | throw new NotImplementedException();
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/MyTestCloudFoundryHandler.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication;
16 | using Microsoft.AspNetCore.Authentication.OAuth;
17 | using Microsoft.Extensions.Logging;
18 | using Microsoft.Extensions.Options;
19 | using System.Security.Claims;
20 | using System.Text.Encodings.Web;
21 | using System.Threading.Tasks;
22 |
23 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
24 | {
25 | public class MyTestCloudFoundryHandler : CloudFoundryOAuthHandler
26 | {
27 | public MyTestCloudFoundryHandler(
28 | IOptionsMonitor options,
29 | ILoggerFactory logger,
30 | UrlEncoder encoder,
31 | ISystemClock clock)
32 | : base(options, logger, encoder, clock)
33 | {
34 | }
35 |
36 | public async Task TestCreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
37 | {
38 | return await CreateTicketAsync(identity, properties, tokens);
39 | }
40 |
41 | public async Task TestExchangeCodeAsync(string code, string redirectUri)
42 | {
43 | return await this.ExchangeCodeAsync(code, redirectUri);
44 | }
45 |
46 | public string TestBuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
47 | {
48 | return BuildChallengeUrl(properties, redirectUri);
49 | }
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/Steeltoe.Security.Authentication.CloudFoundryCore.Test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netcoreapp2.0;netcoreapp2.1;netcoreapp2.2;net461
5 |
6 |
7 |
8 |
9 |
10 | PreserveNewest
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 | All
29 |
30 |
31 |
32 |
33 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
34 |
35 |
36 |
37 | stylecop.json
38 | Always
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/TestClock.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Authentication;
16 | using System;
17 |
18 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
19 | {
20 | public class TestClock : ISystemClock
21 | {
22 | public TestClock()
23 | {
24 | UtcNow = new DateTimeOffset(2013, 6, 11, 12, 34, 56, 789, TimeSpan.Zero);
25 | }
26 |
27 | public DateTimeOffset UtcNow { get; set; }
28 |
29 | public void Add(TimeSpan timeSpan)
30 | {
31 | UtcNow = UtcNow + timeSpan;
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/TestResponse.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.Http;
16 | using Microsoft.AspNetCore.Http.Features;
17 | using System;
18 | using System.IO;
19 | using System.Threading.Tasks;
20 |
21 | namespace Steeltoe.Security.Authentication.CloudFoundry.Test
22 | {
23 | public class TestResponse : IHttpResponseFeature
24 | {
25 | public Stream Body
26 | {
27 | get
28 | {
29 | throw new NotImplementedException();
30 | }
31 |
32 | set
33 | {
34 | throw new NotImplementedException();
35 | }
36 | }
37 |
38 | public bool HasStarted
39 | {
40 | get
41 | {
42 | throw new NotImplementedException();
43 | }
44 | }
45 |
46 | public IHeaderDictionary Headers
47 | {
48 | get
49 | {
50 | throw new NotImplementedException();
51 | }
52 |
53 | set
54 | {
55 | throw new NotImplementedException();
56 | }
57 | }
58 |
59 | public string ReasonPhrase
60 | {
61 | get
62 | {
63 | throw new NotImplementedException();
64 | }
65 |
66 | set
67 | {
68 | throw new NotImplementedException();
69 | }
70 | }
71 |
72 | public int StatusCode
73 | {
74 | get
75 | {
76 | throw new NotImplementedException();
77 | }
78 |
79 | set
80 | {
81 | throw new NotImplementedException();
82 | }
83 | }
84 |
85 | public void OnCompleted(Func callback, object state)
86 | {
87 | }
88 |
89 | public void OnStarting(Func callback, object state)
90 | {
91 | }
92 | }
93 | }
94 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryCore.Test/xunit.runner.json:
--------------------------------------------------------------------------------
1 | {
2 | "maxParallelThreads": 1,
3 | "parallelizeTestCollections": false
4 | }
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryOwin.Test/IAppBuilderExtensionsTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Extensions.Configuration;
16 | using Microsoft.Owin.Builder;
17 | using Owin;
18 | using System;
19 | using Xunit;
20 |
21 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin.Test
22 | {
23 | public class IAppBuilderExtensionsTest
24 | {
25 | [Fact]
26 | public void UseCloudFoundryOpenIdConnect_ThrowsIfBuilderNull()
27 | {
28 | IAppBuilder app = null;
29 | IConfiguration config = new ConfigurationBuilder().Build();
30 |
31 | var exception = Assert.Throws(() => app.UseCloudFoundryOpenIdConnect(config));
32 | Assert.Equal("appBuilder", exception.ParamName);
33 | }
34 |
35 | [Fact]
36 | public void UseCloudFoundryOpenIdConnect_ThrowsIfConfigurationNull()
37 | {
38 | IAppBuilder app = new AppBuilder();
39 | IConfiguration config = null;
40 |
41 | var exception = Assert.Throws(() => app.UseCloudFoundryOpenIdConnect(config));
42 | Assert.Equal("configuration", exception.ParamName);
43 | }
44 |
45 | [Fact]
46 | public void UseCloudFoundryJwtBearerAuthentication_ThrowsIfBuilderNull()
47 | {
48 | IAppBuilder app = null;
49 | IConfiguration config = new ConfigurationBuilder().Build();
50 |
51 | var exception = Assert.Throws(() => app.UseCloudFoundryJwtBearerAuthentication(config));
52 | Assert.Equal("appBuilder", exception.ParamName);
53 | }
54 |
55 | [Fact]
56 | public void UseCloudFoundryJwtBearerAuthentication_ThrowsIfConfigurationNull()
57 | {
58 | IAppBuilder app = new AppBuilder();
59 | IConfiguration config = null;
60 |
61 | var exception = Assert.Throws(() => app.UseCloudFoundryJwtBearerAuthentication(config));
62 | Assert.Equal("configuration", exception.ParamName);
63 | }
64 | }
65 | }
66 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryOwin.Test/Jwt/CloudFoundryJwtOwinConfigurerTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Steeltoe.CloudFoundry.Connector.Services;
16 | using Xunit;
17 |
18 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin.Test
19 | {
20 | public class CloudFoundryJwtOwinConfigurerTest
21 | {
22 | [Fact]
23 | public void Configure_NoServiceInfo_ReturnsExpected()
24 | {
25 | // arrange
26 | CloudFoundryJwtBearerAuthenticationOptions opts = new CloudFoundryJwtBearerAuthenticationOptions();
27 |
28 | // act
29 | CloudFoundryJwtOwinConfigurer.Configure(null, opts);
30 |
31 | // assert
32 | Assert.Equal("http://" + CloudFoundryDefaults.OAuthServiceUrl + CloudFoundryDefaults.JwtTokenUri, opts.JwtKeyUrl);
33 | Assert.True(opts.ValidateCertificates); // <- default value
34 | Assert.NotNull(opts.TokenValidationParameters);
35 | }
36 |
37 | [Fact]
38 | public void Configure_NoOptions_ReturnsExpected()
39 | {
40 | // arrange
41 | SsoServiceInfo info = new SsoServiceInfo("foobar", "clientId", "secret", "http://domain");
42 |
43 | // act
44 | CloudFoundryJwtOwinConfigurer.Configure(info, null);
45 |
46 | // nothing to assert
47 | Assert.True(true, "If we got here, we didn't attempt to set properties on a null object");
48 | }
49 |
50 | [Fact]
51 | public void Configure_WithServiceInfo_ReturnsExpected()
52 | {
53 | // arrange
54 | CloudFoundryJwtBearerAuthenticationOptions opts = new CloudFoundryJwtBearerAuthenticationOptions();
55 | Assert.Null(opts.TokenValidationParameters);
56 | SsoServiceInfo info = new SsoServiceInfo("foobar", "clientId", "secret", "http://domain");
57 |
58 | // act
59 | CloudFoundryJwtOwinConfigurer.Configure(info, opts);
60 |
61 | // assert
62 | Assert.Equal("http://domain" + CloudFoundryDefaults.JwtTokenUri, opts.JwtKeyUrl);
63 | Assert.True(opts.ValidateCertificates); // <- default value
64 | Assert.NotNull(opts.TokenValidationParameters);
65 | }
66 | }
67 | }
68 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryOwin.Test/OwinTestHelpers.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Owin;
16 | using Moq;
17 | using System.Collections.Generic;
18 | using System.IO;
19 |
20 | namespace Steeltoe.Security.Authentication.CloudFoundry.Owin.Test
21 | {
22 | public static class OwinTestHelpers
23 | {
24 | public static readonly Dictionary Appsettings = new Dictionary()
25 | {
26 | };
27 |
28 | public static IOwinContext CreateRequest(string method, string path, string scheme = "http", string host = "localhost", int? port = null, Stream bodyStream = null)
29 | {
30 | var context = new Mock();
31 | bodyStream = bodyStream ?? new MemoryStream();
32 | context.Setup(r => r.Response).Returns(new OwinResponse { Body = bodyStream });
33 | context.Setup(r => r.Request).Returns(new OwinRequest
34 | {
35 | Method = method,
36 | Path = new PathString(path),
37 | Scheme = scheme,
38 | Host = new HostString(host + AddPortIfNotNull(port)),
39 | });
40 | return context.Object;
41 | }
42 |
43 | private static string AddPortIfNotNull(int? port)
44 | {
45 | if (port != null)
46 | {
47 | return ":" + port;
48 | }
49 |
50 | return string.Empty;
51 | }
52 | }
53 | }
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryOwin.Test/Steeltoe.Security.Authentication.CloudFoundryOwin.Test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net461
5 | false
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 | All
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
25 | Steeltoe.Security.Authentication.CloudFoundry.Owin.Test
26 |
27 |
28 |
29 | stylecop.json
30 | Always
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryWcf.Test/CloudFoundryJwtTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System.Collections.Generic;
16 | using System.IdentityModel.Tokens.Jwt;
17 | using System.Security.Claims;
18 | using Xunit;
19 |
20 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf.Test
21 | {
22 | public class CloudFoundryJwtTest
23 | {
24 | [Fact]
25 | public void ClaimsReMapped_WhenPresent()
26 | {
27 | // arrange
28 | var claims = new List
29 | {
30 | new Claim("client_id", "clientId"),
31 | new Claim("user_id", "nameId"),
32 | new Claim("given_name", "First_Name"),
33 | new Claim("family_name", "Last_Name"),
34 | };
35 | var jwt = new JwtSecurityToken(issuer: "uaa");
36 | var identity = new ClaimsIdentity(claims);
37 |
38 | // act
39 | CloudFoundryJwt.OnTokenValidatedAddClaims(identity, jwt);
40 |
41 | // assert
42 | Assert.Contains(identity.Claims, c => c.Type == ClaimTypes.NameIdentifier && c.Value == "nameId");
43 | Assert.Contains(identity.Claims, c => c.Type == ClaimTypes.GivenName && c.Value == "First_Name");
44 | Assert.Contains(identity.Claims, c => c.Type == ClaimTypes.Surname && c.Value == "Last_Name");
45 | Assert.DoesNotContain(identity.Claims, c => c.Type == ClaimTypes.Email);
46 | Assert.Contains(identity.Claims, c => c.Type == ClaimTypes.Name && c.Value == "clientId");
47 | }
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryWcf.Test/CloudFoundryOptionsConfigurerTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Steeltoe.CloudFoundry.Connector.Services;
16 | using System;
17 | using Xunit;
18 |
19 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf.Test
20 | {
21 | public class CloudFoundryOptionsConfigurerTest
22 | {
23 | [Fact]
24 | public void Configure_NoOptions_Throws()
25 | {
26 | var exception = Assert.Throws(() => CloudFoundryOptionsConfigurer.Configure(null, null));
27 | Assert.Equal("options", exception.ParamName);
28 | }
29 |
30 | [Fact]
31 | public void Configure_NoServiceInfo_ReturnsDefaults()
32 | {
33 | // arrange
34 | var opts = new CloudFoundryOptions();
35 | string authURL = "http://" + CloudFoundryDefaults.OAuthServiceUrl;
36 |
37 | // act
38 | CloudFoundryOptionsConfigurer.Configure(null, opts);
39 |
40 | // assert
41 | Assert.Equal(authURL, opts.AuthorizationUrl);
42 | Assert.Equal(CloudFoundryDefaults.ClientId, opts.ClientId);
43 | Assert.Equal(CloudFoundryDefaults.ClientSecret, opts.ClientSecret);
44 | Assert.Equal(authURL + CloudFoundryDefaults.CheckTokenUri, opts.TokenInfoUrl);
45 | Assert.True(opts.ValidateAudience);
46 | Assert.True(opts.ValidateCertificates);
47 | Assert.True(opts.ValidateIssuer);
48 | Assert.True(opts.ValidateLifetime);
49 | }
50 |
51 | [Fact]
52 | public void Configure_WithServiceInfo_ReturnsExpected()
53 | {
54 | // arrange
55 | string authURL = "http://domain";
56 | var opts = new CloudFoundryOptions();
57 | SsoServiceInfo info = new SsoServiceInfo("foobar", "clientId", "secret", "http://domain");
58 |
59 | // act
60 | CloudFoundryOptionsConfigurer.Configure(info, opts);
61 |
62 | // assert
63 | Assert.Equal("clientId", opts.ClientId);
64 | Assert.Equal("secret", opts.ClientSecret);
65 | Assert.Equal(authURL + CloudFoundryDefaults.CheckTokenUri, opts.TokenInfoUrl);
66 | Assert.True(opts.ValidateCertificates);
67 | }
68 | }
69 | }
70 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryWcf.Test/CloudFoundryOptionsTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using Xunit;
17 |
18 | namespace Steeltoe.Security.Authentication.CloudFoundry.Wcf.Test
19 | {
20 | public class CloudFoundryOptionsTest
21 | {
22 | [Fact]
23 | public void ParameterlessConstructor_StillReadsEnvVars()
24 | {
25 | // arrange
26 | Environment.SetEnvironmentVariable("sso_auth_domain", "auth_domain");
27 | Environment.SetEnvironmentVariable("sso_client_id", "ssoClientId");
28 | Environment.SetEnvironmentVariable("sso_client_secret", "ssoClientSecret");
29 |
30 | // act
31 | var options = new CloudFoundryOptions();
32 |
33 | // assert
34 | Assert.Equal("auth_domain", options.AuthorizationUrl);
35 | Assert.Equal("ssoClientId", options.ClientId);
36 | Assert.Equal("ssoClientSecret", options.ClientSecret);
37 |
38 | // reset the env
39 | Environment.SetEnvironmentVariable("sso_auth_domain", string.Empty);
40 | Environment.SetEnvironmentVariable("sso_client_id", string.Empty);
41 | Environment.SetEnvironmentVariable("sso_client_secret", string.Empty);
42 | }
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.Authentication.CloudFoundryWcf.Test/Steeltoe.Security.Authentication.CloudFoundryWcf.Test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net461
5 | false
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 | All
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
25 | Steeltoe.Security.Authentication.CloudFoundry.Wcf.Test
26 |
27 |
28 |
29 | stylecop.json
30 | Always
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.DataProtection.CredHubBase.Test/CredentialJsonConverterTests.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Newtonsoft.Json;
16 | using Xunit;
17 |
18 | namespace Steeltoe.Security.DataProtection.CredHub.Test
19 | {
20 | public class CredentialJsonConverterTests
21 | {
22 | [Fact]
23 | public void ValueConverter_SerializesClass_AsStringProperty()
24 | {
25 | // arrange
26 | var passwordCredential = new PasswordCredential("thisIsAPassword");
27 |
28 | // act
29 | var serialized = JsonConvert.SerializeObject(passwordCredential);
30 |
31 | // assert
32 | Assert.Equal("\"thisIsAPassword\"", serialized);
33 | }
34 |
35 | [Fact]
36 | public void ValueConverter_Deserializes_StringProperty_AsClass()
37 | {
38 | // arrange
39 | var serialized = "\"thisIsAValue\"";
40 |
41 | // act
42 | var valueCredential = JsonConvert.DeserializeObject(serialized);
43 |
44 | // assert
45 | Assert.NotNull(valueCredential);
46 | Assert.Equal("thisIsAValue", valueCredential.ToString());
47 | }
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.DataProtection.CredHubBase.Test/Steeltoe.Security.DataProtection.CredHubBase.Test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netcoreapp2.0;netcoreapp2.1;netcoreapp2.2;net461
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
24 |
25 |
26 |
27 | stylecop.json
28 | Always
29 |
30 |
31 |
32 |
33 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.DataProtection.CredHubCore.Test/CredHubHostBuilderExtensionsTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using System;
16 | using System.Collections.Generic;
17 | using System.Text;
18 |
19 | namespace Steeltoe.Security.DataProtection.CredHubCore.Test
20 | {
21 | public class CredHubHostBuilderExtensionsTest
22 | {
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.DataProtection.CredHubCore.Test/CredHubServiceCollectionExtensionsTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.Extensions.Configuration;
16 | using Microsoft.Extensions.DependencyInjection;
17 | using Steeltoe.Security.DataProtection.CredHub;
18 | using System;
19 | using System.Collections.Generic;
20 | using System.Text;
21 | using Xunit;
22 |
23 | namespace Steeltoe.Security.DataProtection.CredHubCore.Test
24 | {
25 | public class CredHubServiceCollectionExtensionsTest
26 | {
27 | ////[Fact(Skip = "This test is incomplete, would require a mocked server to return the token")]
28 | ////public void AddCredHubClient_WithUAACreds_UsesUAACreds()
29 | ////{
30 | //// // Arrange
31 | //// IServiceCollection services = new ServiceCollection();
32 | //// var appsettings = new Dictionary()
33 | //// {
34 | //// ["CredHubClient:CredHubUser"] = "credhub_client",
35 | //// ["CredHubClient:CredHubPassword"] = "secret",
36 | //// };
37 |
38 | //// ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
39 | //// configurationBuilder.AddInMemoryCollection(appsettings);
40 | //// var config = configurationBuilder.Build();
41 |
42 | //// // Act and Assert
43 | //// services.AddCredHubClient(config);
44 | //// Assert.True(services.Contains(new ServiceDescriptor(typeof(ICredHubClient), null)));
45 | ////}
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.DataProtection.CredHubCore.Test/Steeltoe.Security.DataProtection.CredHubCore.Test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netcoreapp2.0;netcoreapp2.1;netcoreapp2.2;net461
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
19 |
20 |
21 |
22 | stylecop.json
23 | Always
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.DataProtection.RedisCore.Test/RedisDataProtectionBuilderExtensionsTest.cs:
--------------------------------------------------------------------------------
1 | // Copyright 2017 the original author or authors.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // https://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | using Microsoft.AspNetCore.DataProtection;
16 | using System;
17 | using Xunit;
18 |
19 | namespace Steeltoe.Security.DataProtection.Redis.Test
20 | {
21 | public class RedisDataProtectionBuilderExtensionsTest
22 | {
23 | [Fact]
24 | public void PersistKeysToRedis_ThowsForNulls()
25 | {
26 | // Arrange
27 | IDataProtectionBuilder builder = null;
28 |
29 | // Act and Assert
30 | var ex = Assert.Throws(() => RedisDataProtectionBuilderExtensions.PersistKeysToRedis(builder));
31 | Assert.Contains(nameof(builder), ex.Message);
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/test/Steeltoe.Security.DataProtection.RedisCore.Test/Steeltoe.Security.DataProtection.RedisCore.Test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netcoreapp2.0;netcoreapp2.1;netcoreapp2.2;net461
5 |
6 |
7 |
8 |
9 |
10 | PreserveNewest
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 | All
26 |
27 |
28 |
29 |
30 | SA1101;SA1124;SA1201;SA1309;SA1310;SA1401;SA1600;SA1652;1591
31 |
32 |
33 |
34 | stylecop.json
35 | Always
36 |
37 |
38 |
--------------------------------------------------------------------------------
/versions.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------