/// <summary>
/// Initialize a CredHub Client with user credentials for the appropriate UAA server
/// </summary>
/// <param name="credHubOptions">CredHub client configuration values</param>
/// <param name="logger">Pass in a logger if you want logs</param>
/// <param name="httpClient">Primarily for tests, optionally provide your own http client</param>
/// <returns>An initialized CredHub client (using UAA OAuth)</returns>
public static Task<CredHubClient> CreateUAAClientAsync(CredHubOptions credHubOptions, ILogger logger = null, HttpClient httpClient = null)
{
_logger = logger;
_baseCredHubUrl = credHubOptions.CredHubUrl;
var client = new CredHubClient(credHubOptions.ValidateCertificates);
_httpClientHandler = new HttpClientHandler();
_httpClient = httpClient ?? client.InitializeHttpClient(_httpClientHandler);
return client.InitializeAsync(credHubOptions);
}
/// <summary>
/// Expects CF_INSTANCE_CERT and CF_INSTANCE_KEY to be set in the environment (automatically set by DIEGO in cloud foundry)
/// </summary>
/// <param name="credHubOptions">CredHub client configuration values</param>
/// <param name="logger">Pass in a logger if you want logs</param>
/// <param name="httpClient">Optionally override the http client used to talk to credhub - added for tests only</param>
/// <returns>An initialized CredHub client (using mTLS)</returns>
public static async Task <CredHubClient> CreateMTLSClientAsync(CredHubOptions credHubOptions, ILogger logger = null, HttpClient httpClient = null)
{
_logger = logger;
_baseCredHubUrl = credHubOptions.CredHubUrl;
var cfInstanceCert = Environment.GetEnvironmentVariable("CF_INSTANCE_CERT") ?? string.Empty;
var cfInstanceKey = Environment.GetEnvironmentVariable("CF_INSTANCE_KEY");
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && cfInstanceCert.StartsWith("/"))
{
_logger?.LogTrace("Detected Windows OS and root-relative paths for application credentials: converting to app-relative paths");
cfInstanceCert = ".." + cfInstanceCert;
cfInstanceKey = ".." + cfInstanceKey;
}
if (string.IsNullOrEmpty(cfInstanceCert) || string.IsNullOrEmpty(cfInstanceKey))
{
_logger?.LogCritical("Cloud Foundry application credentials not found in the environment");
throw new ArgumentException("Application Credentials not found (Missing ENV variable for Instance Cert and/or Key)");
}
_logger?.LogTrace("Application certificate: " + cfInstanceCert);
_logger?.LogTrace("Application key: " + cfInstanceKey);
if (File.Exists(cfInstanceCert) && File.Exists(cfInstanceKey))
{
var client = new CredHubClient(credHubOptions.ValidateCertificates);
_httpClientHandler = new HttpClientHandler()
{
ClientCertificateOptions = ClientCertificateOption.Manual
};
var certBytes = File.ReadAllBytes(cfInstanceCert);
var keyBytes = File.ReadAllBytes(cfInstanceKey);
var appCredentials = CertificateHelpers.GetX509FromBytes(certBytes, keyBytes);
if (!appCredentials.HasPrivateKey)
{
throw new Exception("Private key is missing, mTLS won't work");
}
_httpClientHandler.ClientCertificates.Add(appCredentials);
_httpClient = httpClient ?? client.InitializeHttpClient(_httpClientHandler);
return(await client.InitializeAsync());
}
else
{
throw new Exception($"Application credentials not found (Failed to load Instance Cert [{cfInstanceCert}] and/or Key [{cfInstanceKey}])");
}
}
