public static AzureKeyVaultCertificateClient Create(ClientCertificateFromAzureKeyVaultOptions options)
{
if (string.IsNullOrWhiteSpace(options.AzureKeyVaultSecretIdentifier))
{
throw new ArgumentException("AzureKeyVaultSecretIdentifier is required");
}
if (!options.UseManagedIdentity)
{
if (string.IsNullOrWhiteSpace(options.AzureAdClientId))
{
throw new ArgumentException("AzureAdClientId is required when not using ManagedIdentity");
}
if (string.IsNullOrWhiteSpace(options.AzureAdClientSecret))
{
throw new ArgumentException("AzureAdClientSecret is required when not using ManagedIdentity");
}
}
KeyVaultClient client;
if (options.UseManagedIdentity)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
client = new KeyVaultClient(new AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
}
else
{
var clientCredential = new ClientCredential(options.AzureAdClientId, options.AzureAdClientSecret);
var callback = GetCallback(clientCredential);
client = new KeyVaultClient(callback);
}
return(new AzureKeyVaultCertificateClient(client));
}
/// <summary>
/// Use client certificate for authenticating against the BankID API from Azure KeyVault.
/// </summary>
/// <param name="builder"></param>
/// <param name="configureOptions">Callback to configure the Key Vault options.</param>
/// <returns></returns>
public static IBankIdBuilder UseClientCertificateFromAzureKeyVault(this IBankIdBuilder builder, Action <ClientCertificateFromAzureKeyVaultOptions> configureOptions)
{
var options = new ClientCertificateFromAzureKeyVaultOptions();
configureOptions(options);
return(UseClientCertificateFromAzureKeyVault(builder, options));
}
/// <summary>
/// Use client certificate for authenticating against the BankID API from Azure Key Vault.
/// </summary>
/// <param name="builder"></param>
/// <param name="configurationSection">Configuration section to bind the Key Vault options from.</param>
/// <returns></returns>
public static IBankIdBuilder UseClientCertificateFromAzureKeyVault(this IBankIdBuilder builder, IConfigurationSection configurationSection)
{
var options = new ClientCertificateFromAzureKeyVaultOptions();
configurationSection.Bind(options);
return(UseClientCertificateFromAzureKeyVault(builder, options));
}
/// <summary>
/// Use client certificate for authenticating against the BankID API from Azure Key Vault.
/// </summary>
/// <param name="builder"></param>
/// <param name="options">The Key Vault options.</param>
/// <returns></returns>
public static IBankIdBuilder UseClientCertificateFromAzureKeyVault(this IBankIdBuilder builder, ClientCertificateFromAzureKeyVaultOptions options)
{
if (string.IsNullOrWhiteSpace(options.AzureKeyVaultSecretName))
{
throw new ArgumentException("AzureKeyVaultSecretName is required");
}
builder.UseClientCertificate(() =>
{
var keyVaultCertificateClient = AzureKeyVaultCertificateClient.Create(options);
return(keyVaultCertificateClient.GetX509Certificate2(options.AzureKeyVaultSecretName));
});
return(builder);
}
