/// <inheritdoc/>
public Task <ICertificateGroup> OnBehalfOfRequest(HttpRequest request)
{
try
{
var accessToken = request.Headers["Authorization"];
var token = accessToken.First().Remove(0, "Bearer ".Length);
var authority = String.IsNullOrEmpty(_clientConfig.InstanceUrl) ? _kAuthority : _clientConfig.InstanceUrl;
if (!authority.EndsWith("/"))
{
authority += "/";
}
authority += _clientConfig.TenantId;
var serviceClientCredentials =
new KeyVaultCredentials(
token,
authority,
_servicesConfig.KeyVaultResourceId,
_clientConfig.AppId,
_clientConfig.AppSecret);
var keyVaultServiceClient = new KeyVaultServiceClient(_groupSecret, _servicesConfig.KeyVaultBaseUrl, true, _log);
keyVaultServiceClient.SetServiceClientCredentials(serviceClientCredentials);
return(Task.FromResult <ICertificateGroup>(new KeyVaultCertificateGroup(
keyVaultServiceClient,
_servicesConfig,
_clientConfig,
_log
)));
}
catch (Exception ex)
{
// try default
_log.Error("Failed to create on behalf Key Vault client. ", () => new { ex });
}
return(Task.FromResult <ICertificateGroup>(this));
}
public CertificateStorageTestFixture()
{
var builder = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("testsettings.json", false, true)
.AddJsonFile("testsettings.Development.json", true, true)
.AddFromDotEnvFile()
.AddEnvironmentVariables();
var configuration = builder.Build();
_serviceConfig = new VaultConfig(configuration);
_clientConfig = new ClientConfig(configuration);
_vaultConfig = new KeyVaultConfig(configuration);
_logger = SerilogTestLogger.Create <CertificateStorageTestFixture>();
if (!InvalidConfiguration())
{
RandomGenerator = new ApplicationTestDataGenerator();
var timeid = DateTime.UtcNow.ToFileTimeUtc() / 1000 % 10000;
// Create registry
GroupId = "test";
Registry = new TrustGroupDatabase(new ItemContainerFactory(
new CosmosDbServiceClient(_serviceConfig, _logger)), _logger);
// Registry.CreateGroupAsync(new CertificateGroupCreateRequestModel {
// Name = "GroupTestIssuerCA" + timeid.ToString(),
// SubjectName = "CN=OPC Vault Cert Request Test CA, O=Microsoft, OU=Azure IoT",
// CertificateType = CertificateType.ApplicationInstanceCertificate
// }, CancellationToken.None).Result.Id
// Create client
var serializer = new KeyVaultKeyHandleSerializer();
var repo = new CertificateDatabase(new ItemContainerFactory(
new CosmosDbServiceClient(_serviceConfig, _logger)), serializer);
_keyVaultServiceClient = new KeyVaultServiceClient(_vaultConfig,
new AppAuthenticationProvider(_clientConfig), repo, _logger);
// Create services
Services = new RequestDatabase(
repo,
_keyVaultServiceClient, // keystore
Registry,
_keyVaultServiceClient, // issuer
new CertificateRevoker(repo, _keyVaultServiceClient, _keyVaultServiceClient),
new EntityExtensionFactory(_keyVaultServiceClient),
_serviceConfig);
// Clear
_keyVaultServiceClient.PurgeAsync("groups", GroupId, CancellationToken.None).Wait();
}
KeyVaultInitOk = false;
}
/// <inheritdoc/>
public KeyVaultCertificateGroup(
KeyVaultServiceClient keyVaultServiceClient,
IServicesConfig servicesConfig,
IClientConfig clientConfig,
ILogger logger
)
{
_servicesConfig = servicesConfig;
_clientConfig = clientConfig;
_serviceHost = _servicesConfig.ServiceHost;
_keyVaultServiceClient = keyVaultServiceClient;
_log = logger;
_log.Debug("Creating new on behalf of instance of `KeyVault` service ", () => { });
}
/// <inheritdoc/>
public KeyVaultCertificateGroup(
IServicesConfig servicesConfig,
IClientConfig clientConfig,
ILogger logger)
{
_servicesConfig = servicesConfig;
_clientConfig = clientConfig;
_serviceHost = _servicesConfig.ServiceHost;
_keyVaultServiceClient = new KeyVaultServiceClient(_groupSecret, servicesConfig.KeyVaultBaseUrl, true, logger);
if (clientConfig != null &&
clientConfig.AppId != null && clientConfig.AppSecret != null)
{
_keyVaultServiceClient.SetAuthenticationClientCredential(clientConfig.AppId, clientConfig.AppSecret);
}
else
{
// uses MSI or dev account
_keyVaultServiceClient.SetAuthenticationTokenProvider();
}
_log = logger;
_log.Debug("Creating new instance of `KeyVault` service " + servicesConfig.KeyVaultBaseUrl, () => { });
}
public CertificateAuthorityTestFixture()
{
RandomGenerator = new ApplicationTestDataGenerator(kRandomStart);
var builder = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("testsettings.json", false, true)
.AddJsonFile("testsettings.Development.json", true, true)
.AddFromDotEnvFile()
.AddEnvironmentVariables();
var configuration = builder.Build();
_serviceConfig = new VaultConfig(configuration);
_clientConfig = new ClientConfig(configuration);
_vaultConfig = new KeyVaultConfig(configuration);
_logger = SerilogTestLogger.Create <CertificateAuthorityTestFixture>();
if (!InvalidConfiguration())
{
ApplicationsDatabase = new ApplicationRegistry(new ApplicationDatabase(
new ItemContainerFactory(new CosmosDbServiceClient(_serviceConfig, _logger)), _logger),
new EndpointRegistryStub(), new EndpointRegistryStub(),
new ApplicationEventBrokerStub(), _logger);
var timeid = DateTime.UtcNow.ToFileTimeUtc() / 1000 % 10000;
// Create group registry
Registry = new TrustGroupDatabase(new ItemContainerFactory(
new CosmosDbServiceClient(_serviceConfig, _logger)), _logger);
_groupId = Registry.CreateGroupAsync(new Models.TrustGroupRegistrationRequestModel {
Name = "CertReqConfig" + timeid.ToString(),
SubjectName = "CN=OPC Vault Cert Request Test CA, O=Microsoft, OU=Azure IoT",
}).Result.Id;
// Create client
var serializer = new KeyVaultKeyHandleSerializer();
var repo = new CertificateDatabase(new ItemContainerFactory(
new CosmosDbServiceClient(_serviceConfig, _logger)), serializer);
_keyVaultServiceClient = new KeyVaultServiceClient(_vaultConfig,
new AppAuthenticationProvider(_clientConfig), repo, _logger);
// Create services
_keyVaultCertificateGroup = new RequestDatabase(
repo,
_keyVaultServiceClient, // keystore
Registry,
_keyVaultServiceClient, // issuer
new CertificateRevoker(repo, _keyVaultServiceClient, _keyVaultServiceClient),
new EntityExtensionFactory(_keyVaultServiceClient),
_serviceConfig);
_keyVaultServiceClient.PurgeAsync("groups", _groupId, CancellationToken.None).Wait();
Services = _keyVaultCertificateGroup;
CertificateAuthority = new CertificateRequestManager(ApplicationsDatabase, Services,
new ItemContainerFactory(new CosmosDbServiceClient(_serviceConfig, _logger)), _logger);
RequestManagement = (IRequestManagement)CertificateAuthority;
// create test set
ApplicationTestSet = new List <ApplicationTestData>();
for (var i = 0; i < kTestSetSize; i++)
{
var randomApp = RandomGenerator.RandomApplicationTestData();
ApplicationTestSet.Add(randomApp);
}
}
RegistrationOk = false;
}
