private void OnCertRefresh(CertificateOptions cert)
{
if (CloudFoundryInstanceCertificate.TryParse(cert.Certificate, out var cfCert, _logger))
{
_cloudFoundryCertificate = cfCert;
}
}
/// <summary>
/// Adds Certificate authentication middleware and configuration to use platform identity certificates
/// </summary>
/// <param name="builder">Your <see cref="AuthenticationBuilder"/></param>
/// <returns><see cref="AuthenticationBuilder"/> configured to use application identity certificates</returns>
public static AuthenticationBuilder AddCloudFoundryIdentityCertificate(this AuthenticationBuilder builder)
{
var logger = builder.Services.BuildServiceProvider().GetService <ILogger <CloudFoundryInstanceCertificate> >();
builder.AddMutualTls(options =>
{
options.Events = new CertificateAuthenticationEvents()
{
OnCertificateValidated = context =>
{
var claims = new List <Claim>(context.Principal.Claims);
if (CloudFoundryInstanceCertificate.TryParse(context.ClientCertificate, out var cfCert, logger))
{
claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryInstanceId, cfCert.InstanceId, ClaimValueTypes.String, context.Options.ClaimsIssuer));
claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryAppId, cfCert.AppId, ClaimValueTypes.String, context.Options.ClaimsIssuer));
claims.Add(new Claim(ApplicationClaimTypes.CloudFoundrySpaceId, cfCert.SpaceId, ClaimValueTypes.String, context.Options.ClaimsIssuer));
claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryOrgId, cfCert.OrgId, ClaimValueTypes.String, context.Options.ClaimsIssuer));
}
var identity = new ClaimsIdentity(claims, CertificateAuthenticationDefaults.AuthenticationScheme);
context.Principal = new ClaimsPrincipal(identity);
context.Success();
return(Task.CompletedTask);
}
};
});
return(builder);
}
public void PostConfigure(string name, MutualTlsAuthenticationOptions options)
{
options.IssuerChain = _containerIdentityOptions.CurrentValue.IssuerChain;
options.Events = new CertificateAuthenticationEvents()
{
OnCertificateValidated = context =>
{
var claims = new List <Claim>(context.Principal.Claims);
if (CloudFoundryInstanceCertificate.TryParse(context.ClientCertificate, out var cfCert, _logger))
{
claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryInstanceId, cfCert.InstanceId, ClaimValueTypes.String, context.Options.ClaimsIssuer));
claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryAppId, cfCert.AppId, ClaimValueTypes.String, context.Options.ClaimsIssuer));
claims.Add(new Claim(ApplicationClaimTypes.CloudFoundrySpaceId, cfCert.SpaceId, ClaimValueTypes.String, context.Options.ClaimsIssuer));
claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryOrgId, cfCert.OrgId, ClaimValueTypes.String, context.Options.ClaimsIssuer));
}
var identity = new ClaimsIdentity(claims, CertificateAuthenticationDefaults.AuthenticationScheme);
context.Principal = new ClaimsPrincipal(identity);
context.Success();
return(Task.CompletedTask);
}
};
}
}
