Skip to content

Commit

Permalink
Remove hardcoded Metadata Service BLOB url to allow users to override…
Browse files Browse the repository at this point in the history
… it (#444)

* Remove hardcoded Metadata Service BLOB url to allow users to override it

* mds => mds3
  • Loading branch information
joegoldman2 authored Nov 3, 2023
1 parent 1e32b9b commit bfc2f5b
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 19 deletions.
9 changes: 6 additions & 3 deletions Src/Fido2.AspNet/Fido2NetLibBuilderExtensions.cs
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ public static IFido2MetadataServiceBuilder AddFileSystemMetadataRepository(this

public static IFido2MetadataServiceBuilder AddConformanceMetadataRepository(
this IFido2MetadataServiceBuilder builder,
HttpClient client = null,
HttpClient client = null,
string origin = "")
{
builder.Services.AddTransient<IMetadataRepository>(provider =>
Expand All @@ -75,9 +75,12 @@ public static IFido2MetadataServiceBuilder AddConformanceMetadataRepository(

public static IFido2MetadataServiceBuilder AddFidoMetadataRepository(this IFido2MetadataServiceBuilder builder, Action<IHttpClientBuilder> clientBuilder = null)
{
var httpClientBuilder = builder.Services.AddHttpClient(nameof(Fido2MetadataServiceRepository));
var httpClientBuilder = builder.Services.AddHttpClient(nameof(Fido2MetadataServiceRepository), client =>
{
client.BaseAddress = new Uri("https://mds3.fidoalliance.org/");
});

if (clientBuilder != null)
if (clientBuilder != null)
clientBuilder(httpClientBuilder);

builder.Services.AddTransient<IMetadataRepository, Fido2MetadataServiceRepository>();
Expand Down
19 changes: 3 additions & 16 deletions Src/Fido2/Metadata/Fido2MetadataServiceRepository.cs
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ public sealed class Fido2MetadataServiceRepository : IMetadataRepository
"Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH"u8 +
"WD9f"u8;

private readonly string _blobUrl = "https://mds3.fidoalliance.org/";
private readonly IHttpClientFactory _httpClientFactory;

public Fido2MetadataServiceRepository(IHttpClientFactory httpClientFactory)
Expand All @@ -57,23 +56,10 @@ public async Task<MetadataBLOBPayload> GetBLOBAsync(CancellationToken cancellati
}

private async Task<string> GetRawBlobAsync(CancellationToken cancellationToken)
{
var url = _blobUrl;
return await DownloadStringAsync(url, cancellationToken);
}

private async Task<string> DownloadStringAsync(string url, CancellationToken cancellationToken)
{
return await _httpClientFactory
.CreateClient(nameof(Fido2MetadataServiceRepository))
.GetStringAsync(url, cancellationToken);
}

private async Task<byte[]> DownloadDataAsync(string url, CancellationToken cancellationToken)
{
return await _httpClientFactory
.CreateClient(nameof(Fido2MetadataServiceRepository))
.GetByteArrayAsync(url, cancellationToken);
.GetStringAsync("/", cancellationToken);
}

private async Task<MetadataBLOBPayload> DeserializeAndValidateBlobAsync(string rawBLOBJwt, CancellationToken cancellationToken)
Expand Down Expand Up @@ -174,7 +160,8 @@ private async Task<MetadataBLOBPayload> DeserializeAndValidateBlobAsync(string r
if (element.Certificate.Issuer != element.Certificate.Subject)
{
var cdp = CryptoUtils.CDPFromCertificateExts(element.Certificate.Extensions);
var crlFile = await DownloadDataAsync(cdp, cancellationToken);
using var client = _httpClientFactory.CreateClient();
var crlFile = await client.GetByteArrayAsync(cdp, cancellationToken);
if (CryptoUtils.IsCertInCRL(crlFile, element.Certificate))
throw new Fido2VerificationException($"Cert {element.Certificate.Subject} found in CRL {cdp}");
}
Expand Down

0 comments on commit bfc2f5b

Please sign in to comment.