Esempio n. 1
0
 /// <summary>
 /// Initialize a CredHub Client with user credentials for the appropriate UAA server
 /// </summary>
 /// <param name="credHubOptions">CredHub client configuration values</param>
 /// <param name="logger">Pass in a logger if you want logs</param>
 /// <param name="httpClient">Primarily for tests, optionally provide your own http client</param>
 /// <returns>An initialized CredHub client (using UAA OAuth)</returns>
 public static Task<CredHubClient> CreateUAAClientAsync(CredHubOptions credHubOptions, ILogger logger = null, HttpClient httpClient = null)
 {
     _logger = logger;
     _baseCredHubUrl = credHubOptions.CredHubUrl;
     var client = new CredHubClient(credHubOptions.ValidateCertificates);
     _httpClientHandler = new HttpClientHandler();
     _httpClient = httpClient ?? client.InitializeHttpClient(_httpClientHandler);
     return client.InitializeAsync(credHubOptions);
 }
Esempio n. 2
0
        /// <summary>
        /// Expects CF_INSTANCE_CERT and CF_INSTANCE_KEY to be set in the environment (automatically set by DIEGO in cloud foundry)
        /// </summary>
        /// <param name="credHubOptions">CredHub client configuration values</param>
        /// <param name="logger">Pass in a logger if you want logs</param>
        /// <param name="httpClient">Optionally override the http client used to talk to credhub - added for tests only</param>
        /// <returns>An initialized CredHub client (using mTLS)</returns>
        public static async Task <CredHubClient> CreateMTLSClientAsync(CredHubOptions credHubOptions, ILogger logger = null, HttpClient httpClient = null)
        {
            _logger         = logger;
            _baseCredHubUrl = credHubOptions.CredHubUrl;

            var cfInstanceCert = Environment.GetEnvironmentVariable("CF_INSTANCE_CERT") ?? string.Empty;
            var cfInstanceKey  = Environment.GetEnvironmentVariable("CF_INSTANCE_KEY");

            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && cfInstanceCert.StartsWith("/"))
            {
                _logger?.LogTrace("Detected Windows OS and root-relative paths for application credentials: converting to app-relative paths");
                cfInstanceCert = ".." + cfInstanceCert;
                cfInstanceKey  = ".." + cfInstanceKey;
            }

            if (string.IsNullOrEmpty(cfInstanceCert) || string.IsNullOrEmpty(cfInstanceKey))
            {
                _logger?.LogCritical("Cloud Foundry application credentials not found in the environment");
                throw new ArgumentException("Application Credentials not found (Missing ENV variable for Instance Cert and/or Key)");
            }

            _logger?.LogTrace("Application certificate: " + cfInstanceCert);
            _logger?.LogTrace("Application key: " + cfInstanceKey);
            if (File.Exists(cfInstanceCert) && File.Exists(cfInstanceKey))
            {
                var client = new CredHubClient(credHubOptions.ValidateCertificates);
                _httpClientHandler = new HttpClientHandler()
                {
                    ClientCertificateOptions = ClientCertificateOption.Manual
                };
                var certBytes      = File.ReadAllBytes(cfInstanceCert);
                var keyBytes       = File.ReadAllBytes(cfInstanceKey);
                var appCredentials = CertificateHelpers.GetX509FromBytes(certBytes, keyBytes);
                if (!appCredentials.HasPrivateKey)
                {
                    throw new Exception("Private key is missing, mTLS won't work");
                }

                _httpClientHandler.ClientCertificates.Add(appCredentials);
                _httpClient = httpClient ?? client.InitializeHttpClient(_httpClientHandler);

                return(await client.InitializeAsync());
            }
            else
            {
                throw new Exception($"Application credentials not found (Failed to load Instance Cert [{cfInstanceCert}] and/or Key [{cfInstanceKey}])");
            }
        }