Skip to content

Commit 7fbebca

Browse files
committed
SecurityService: Fix parsing and loading of jwks url
1 parent 819d93e commit 7fbebca

2 files changed

Lines changed: 18 additions & 8 deletions

File tree

src/AasSecurity/SecurityService.cs

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -590,16 +590,23 @@ private string HandleBearerToken(string? bearerToken, ref string user, ref bool
590590
}
591591
if (jwksUrl.IsNullOrEmpty())
592592
{
593-
var openIdConfig = httpClient.GetStringAsync($"{iss}/.well-known/openid-configuration").Result;
594-
var openIdConfigJson = JsonDocument.Parse(openIdConfig);
593+
jwksUrl = $"{iss}/jwks";
595594

596-
string jwksUri = $"{iss}/jwks";
597-
if (openIdConfigJson.RootElement.TryGetProperty("jwks_uri", out var propJwksUri))
595+
try
596+
{
597+
var openIdConfig = httpClient.GetStringAsync($"{iss}/.well-known/openid-configuration").Result;
598+
var openIdConfigJson = JsonDocument.Parse(openIdConfig);
599+
600+
if (openIdConfigJson.RootElement.TryGetProperty("jwks_uri", out var propJwksUri))
601+
{
602+
jwksUrl = propJwksUri.GetString();
603+
}
604+
}
605+
catch (Exception ex)
598606
{
599-
jwksUri = propJwksUri.GetString();
607+
_logger.LogInformation($"Could not access well-known from {iss}");
600608
}
601609
}
602-
603610
try
604611
{
605612
var jwksJson = httpClient.GetStringAsync(jwksUrl).Result;

src/AasSecurity/SecuritySettingsForServerParser.cs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -149,7 +149,8 @@ private async static void ParseAuthenticationServer(AdminShellPackageEnv env, Su
149149
GlobalSecurityVariables.ServerCertificates.Add(null);
150150
GlobalSecurityVariables.ServerCertFileNames.Add("");
151151
GlobalSecurityVariables.ServerDomain.Add(domain);
152-
GlobalSecurityVariables.ServerJwksUrl.Add(jwks);
152+
GlobalSecurityVariables.ServerJwksUrl.Add(jwks);
153+
GlobalSecurityVariables.ServerIssuerUrl.Add("");
153154
GlobalSecurityVariables.ServerKid.Add(kid);
154155
}
155156
else if (line.Contains("BEGIN CERTIFICATE"))
@@ -166,7 +167,8 @@ private async static void ParseAuthenticationServer(AdminShellPackageEnv env, Su
166167
GlobalSecurityVariables.ServerCertificates.Add(x509);
167168
GlobalSecurityVariables.ServerCertFileNames.Add(serverName + ".cer");
168169
GlobalSecurityVariables.ServerDomain.Add(domain);
169-
GlobalSecurityVariables.ServerJwksUrl.Add("");
170+
GlobalSecurityVariables.ServerJwksUrl.Add("");
171+
GlobalSecurityVariables.ServerIssuerUrl.Add("");
170172
GlobalSecurityVariables.ServerKid.Add("");
171173
}
172174
else if (insideBas64)
@@ -336,6 +338,7 @@ private async static void ParseAuthenticationServer(AdminShellPackageEnv env, Su
336338
GlobalSecurityVariables.ServerCertFileNames.Add(serverName + ".cer");
337339
GlobalSecurityVariables.ServerDomain.Add(domain);
338340
GlobalSecurityVariables.ServerIssuerUrl.Add(issuer);
341+
GlobalSecurityVariables.ServerJwksUrl.Add("");
339342
GlobalSecurityVariables.ServerKid.Add(kid);
340343
}
341344
}

0 commit comments

Comments
 (0)