add proxy support

data-altinn-no · Jan 15, 2025 · 70877f4 · 70877f4
1 parent f280d53
commit 70877f4
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 3 deletions.
diff --git a/src/Altinn.Dan.Plugin.Pensjon/Config/ApplicationSettings.cs b/src/Altinn.Dan.Plugin.Pensjon/Config/ApplicationSettings.cs
@@ -14,6 +14,13 @@ public class ApplicationSettings
         public string KeyVaultName { get; set; }
         public string CertificateName { get; set; }
 
+        //for production we need to use proxy
+        public bool UseProxy { get; set; }
+
+        public string ProxyUrl { get; set; }
+
+        public string CustomCertificateHeaderName { get; set; }
+
         public X509Certificate2 Certificate
         {
             get
@@ -23,7 +30,7 @@ public X509Certificate2 Certificate
                     var secretClient = new SecretClient(new Uri($"https://{KeyVaultName}.vault.azure.net/"),
                         new DefaultAzureCredential());
                     var certWithPrivateKey = secretClient.GetSecret(CertificateName).Value;
-                    _cert = new X509Certificate2(Convert.FromBase64String(certWithPrivateKey.Value), string.Empty, X509KeyStorageFlags.MachineKeySet);
+                    _cert = new X509Certificate2(Convert.FromBase64String(certWithPrivateKey.Value), string.Empty, X509KeyStorageFlags.Exportable);
                 }
                 return _cert;
             }

diff --git a/src/Altinn.Dan.Plugin.Pensjon/Main.cs b/src/Altinn.Dan.Plugin.Pensjon/Main.cs
@@ -17,6 +17,10 @@
 using Dan.Common.Models;
 using Dan.Common.Util;
 using System;
+using System.Security.Policy;
+using System.Runtime.ConstrainedExecution;
+using System.Security.Cryptography.X509Certificates;
+using System.Linq;
 
 namespace Altinn.Dan.Plugin.Pensjon
 {
@@ -26,6 +30,8 @@ public class Main
         private readonly HttpClient _client;
         private readonly ApplicationSettings _settings;
 
+        private const string CertificateHeaderName = "x-nadobe-cert";
+
         public Main(IHttpClientFactory httpClientFactory, IOptions<ApplicationSettings> settings)
         {
             _client = httpClientFactory.CreateClient("ECHttpClient");
@@ -63,10 +69,17 @@ private async Task<PensionModel> MakeRequest(string target, Party subject)
             {
                 fodselsnummer = subject.NorwegianSocialSecurityNumber
             };
-
+           
             try
             {
                 var request = new HttpRequestMessage(HttpMethod.Post, target);
+
+                if (_settings.UseProxy)
+                {
+                    request.RequestUri = new Uri(string.Format(_settings.ProxyUrl, Uri.EscapeDataString(target.Replace("https://", "").Replace("http://", ""))));
+                    request.Headers.TryAddWithoutValidation(CertificateHeaderName, Convert.ToBase64String(_settings.Certificate.Export(X509ContentType.Pkcs12)));
+                }                
+
                 request.Content = new StringContent(JsonConvert.SerializeObject(requestBody), Encoding.UTF8, "application/json");
                 result = await _client.SendAsync(request);
                 switch (result.StatusCode)

diff --git a/src/Altinn.Dan.Plugin.Pensjon/local.settings.json.template b/src/Altinn.Dan.Plugin.Pensjon/local.settings.json.template
@@ -8,6 +8,7 @@
     "BreakerRetryWaitTime": "",
     "Certificate": "",
     "KeyVaultName": "",
-    "CertificateName": ""
+    "CertificateName": "",
+    "CustomCertificateHeaderName": ""
   }
 }