diff --git a/src/Altinn.Dan.Plugin.Pensjon/Config/ApplicationSettings.cs b/src/Altinn.Dan.Plugin.Pensjon/Config/ApplicationSettings.cs index 6fdce05..85d84b2 100644 --- a/src/Altinn.Dan.Plugin.Pensjon/Config/ApplicationSettings.cs +++ b/src/Altinn.Dan.Plugin.Pensjon/Config/ApplicationSettings.cs @@ -14,6 +14,13 @@ public class ApplicationSettings public string KeyVaultName { get; set; } public string CertificateName { get; set; } + //for production we need to use proxy + public bool UseProxy { get; set; } + + public string ProxyUrl { get; set; } + + public string CustomCertificateHeaderName { get; set; } + public X509Certificate2 Certificate { get @@ -23,7 +30,7 @@ public X509Certificate2 Certificate var secretClient = new SecretClient(new Uri($"https://{KeyVaultName}.vault.azure.net/"), new DefaultAzureCredential()); var certWithPrivateKey = secretClient.GetSecret(CertificateName).Value; - _cert = new X509Certificate2(Convert.FromBase64String(certWithPrivateKey.Value), string.Empty, X509KeyStorageFlags.MachineKeySet); + _cert = new X509Certificate2(Convert.FromBase64String(certWithPrivateKey.Value), string.Empty, X509KeyStorageFlags.Exportable); } return _cert; } diff --git a/src/Altinn.Dan.Plugin.Pensjon/Main.cs b/src/Altinn.Dan.Plugin.Pensjon/Main.cs index 5a9f7f9..d410997 100644 --- a/src/Altinn.Dan.Plugin.Pensjon/Main.cs +++ b/src/Altinn.Dan.Plugin.Pensjon/Main.cs @@ -17,6 +17,10 @@ using Dan.Common.Models; using Dan.Common.Util; using System; +using System.Security.Policy; +using System.Runtime.ConstrainedExecution; +using System.Security.Cryptography.X509Certificates; +using System.Linq; namespace Altinn.Dan.Plugin.Pensjon { @@ -26,6 +30,8 @@ public class Main private readonly HttpClient _client; private readonly ApplicationSettings _settings; + private const string CertificateHeaderName = "x-nadobe-cert"; + public Main(IHttpClientFactory httpClientFactory, IOptions settings) { _client = httpClientFactory.CreateClient("ECHttpClient"); @@ -63,10 +69,17 @@ private async Task MakeRequest(string target, Party subject) { fodselsnummer = subject.NorwegianSocialSecurityNumber }; - + try { var request = new HttpRequestMessage(HttpMethod.Post, target); + + if (_settings.UseProxy) + { + request.RequestUri = new Uri(string.Format(_settings.ProxyUrl, Uri.EscapeDataString(target.Replace("https://", "").Replace("http://", "")))); + request.Headers.TryAddWithoutValidation(CertificateHeaderName, Convert.ToBase64String(_settings.Certificate.Export(X509ContentType.Pkcs12))); + } + request.Content = new StringContent(JsonConvert.SerializeObject(requestBody), Encoding.UTF8, "application/json"); result = await _client.SendAsync(request); switch (result.StatusCode) diff --git a/src/Altinn.Dan.Plugin.Pensjon/local.settings.json.template b/src/Altinn.Dan.Plugin.Pensjon/local.settings.json.template index 448010d..3cd8d94 100644 --- a/src/Altinn.Dan.Plugin.Pensjon/local.settings.json.template +++ b/src/Altinn.Dan.Plugin.Pensjon/local.settings.json.template @@ -8,6 +8,7 @@ "BreakerRetryWaitTime": "", "Certificate": "", "KeyVaultName": "", - "CertificateName": "" + "CertificateName": "", + "CustomCertificateHeaderName": "" } }