-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expired token for secure map is not properly renewed #16
Comments
I think I see the issue, though at the moment I don't have an ArcGIS Server readily available to test out a fix. In the public class RsaEncrypterCustom : ICryptoProvider
{
public Operation.GenerateToken Encrypt(Operation.GenerateToken tokenRequest, byte[] exponent, byte[] modulus)
{
LiteGuard.Guard.AgainstNullArgument(nameof(tokenRequest), tokenRequest);
LiteGuard.Guard.AgainstNullArgument(nameof(exponent), exponent);
LiteGuard.Guard.AgainstNullArgument(nameof(modulus), modulus);
// this is the fix (hopefully)
if (tokenRequest.Encrypted == true)
{
return tokenRequest;
}
using (var rsa = new System.Security.Cryptography.RSACryptoServiceProvider(512))
{
var rsaParms = new System.Security.Cryptography.RSAParameters
{
Exponent = exponent,
Modulus = modulus
};
rsa.ImportParameters(rsaParms);
var encryptedUsername = rsa.Encrypt(Encoding.UTF8.GetBytes(tokenRequest.Username), false).BytesToHex();
var encryptedPassword = rsa.Encrypt(Encoding.UTF8.GetBytes(tokenRequest.Password), false).BytesToHex();
var encryptedClient = string.IsNullOrWhiteSpace(tokenRequest.Client) ? "" : rsa.Encrypt(Encoding.UTF8.GetBytes(tokenRequest.Client), false).BytesToHex();
var encryptedExpiration = rsa.Encrypt(Encoding.UTF8.GetBytes(tokenRequest.ExpirationInMinutes.ToString()), false).BytesToHex();
var encryptedReferer = string.IsNullOrWhiteSpace(tokenRequest.Referer) ? "" : rsa.Encrypt(Encoding.UTF8.GetBytes(tokenRequest.Referer), false).BytesToHex();
tokenRequest.Encrypt(encryptedUsername, encryptedPassword, encryptedExpiration, encryptedClient, encryptedReferer);
return tokenRequest;
}
}
} then somewhere at the start of your app where you enable the encryption CryptoProviderFactory.Enabled = true;
CryptoProviderFactory.Get = () => new RsaEncrypterCustom(); |
Yep, that should do it. Thank you as always! |
If that fixes it can you let me know and I'll do a new release with the fix. |
Thank you, Dave. We have a developer assigned to this task. We should have an answer today or Monday. |
Thanks for your help, Dave. The suggested fix worked. |
When a token expires and it needs to be renewed, a cryptographic exception is thrown with text of Bad Length. The code below reproduces the issue. The actual issue is that GenerateToken gets double encrypted on renewal because the TokenRequest property is replaced inside Token Provider
Anywhere.ArcGIS/src/Anywhere.ArcGIS/TokenProvider.cs
Line 182 in cc29fbf
Thank you!
GenerateToken t = new GenerateToken("user", "password");
var publicKey = new PublicKeyResponse
{
PublicKey = "10001",
Mod = "a92d33f398ef1d71c616730807b5722312ed42b94f0891299281abcc4fb7350b5eab970a6e52953fc695295735b9fd347b8b3fa7aa2f12c4a3ed423875aa276d"
};
GenerateToken e = new RsaEncrypter().Encrypt(t, publicKey.Exponent, publicKey.Modulus);
The text was updated successfully, but these errors were encountered: