Ejemplo n.º 1
0
        /// <summary>
        /// Initializes a new instance of <see cref="Tailspin.Surveys.Security.CertificateCredentialService"/>.
        /// </summary>
        /// <param name="options">Configuration options for this instance."/></param>
        public CertificateCredentialService(IOptions <ConfigurationOptions> options)
        {
            var aadOptions = options.Value?.AzureAd;

            Guard.ArgumentNotNull(aadOptions, "configOptions.AzureAd");
            Guard.ArgumentNotNull(aadOptions.Asymmetric, "configOptions.AzureAd.Assymetric");

            _credential = new Lazy <Task <AdalCredential> >(() =>
            {
                X509Certificate2 cert = CertificateUtility.FindCertificateByThumbprint(
                    aadOptions.Asymmetric.StoreName,
                    aadOptions.Asymmetric.StoreLocation,
                    aadOptions.Asymmetric.CertificateThumbprint,
                    aadOptions.Asymmetric.ValidationRequired);
                string password = null;
                var certBytes   = CertificateUtility.ExportCertificateWithPrivateKey(cert, out password);
                return(Task.FromResult(new AdalCredential(new ClientAssertionCertificate(aadOptions.ClientId, new X509Certificate2(certBytes, password)))));
            });
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Loads all secrets which are delimited by : so that they can be retrieved by the config system
        /// Since KeyVault does not  allow : as delimiters in the share secret name, the actual name is not used as key for configuration.
        ///  The Tag property is used instead
        /// The tag should always be of the form "ConfigKey"="ParentKey1:Child1:.."
        /// </summary>
        /// <param name="token"></param>
        /// <returns></returns>
        private async Task LoadAsync(CancellationToken token)
        {
            string password;
            var    cert      = CertificateUtility.FindCertificateByThumbprint(_storeName, _storeLocation, _certificateThumbprint, _validateCertificate);
            var    certBytes = CertificateUtility.ExportCertificateWithPrivateKey(cert, out password);

            _assertion = new ClientAssertionCertificate(_appClientId, certBytes, password);
            Data       = new Dictionary <string, string>();

            // This returns a list of identifiers which are uris to the secret, you need to use the identifier to get the actual secrets again.
            var kvClient            = new KeyVaultClient(GetTokenAsync);
            var secretsResponseList = await kvClient.GetSecretsAsync(_vault, MaxSecrets, token);

            foreach (var secretItem in secretsResponseList.Value ?? new List <SecretItem>())
            {
                //The actual config key is stored in a tag with the Key "ConfigKey" since : is not supported in a shared secret name by KeyVault
                if (secretItem.Tags != null && secretItem.Tags.ContainsKey(ConfigKey))
                {
                    var secret = await kvClient.GetSecretAsync(secretItem.Id, token);

                    Data.Add(secret.Tags[ConfigKey], secret.Value);
                }
            }
        }