public void LoadCertificateSettings() { string certSettingFile = HostContext.GetConfigFile(WellKnownConfigFile.Certificates); if (File.Exists(certSettingFile)) { Trace.Info($"Load agent certificate setting from '{certSettingFile}'"); var certSetting = IOUtil.LoadObject <AgentCertificateSetting>(certSettingFile); ArgUtil.NotNull(certSetting, nameof(AgentCertificateSetting)); if (certSetting.SkipServerCertValidation) { Trace.Info("Ignore SSL server certificate validation error"); SkipServerCertificateValidation = true; VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } if (!string.IsNullOrEmpty(certSetting.CACert)) { // make sure all settings file exist ArgUtil.File(certSetting.CACert, nameof(certSetting.CACert)); Trace.Info($"CA '{certSetting.CACert}'"); CACertificateFile = certSetting.CACert; } if (!string.IsNullOrEmpty(certSetting.ClientCert)) { // make sure all settings file exist ArgUtil.File(certSetting.ClientCert, nameof(certSetting.ClientCert)); ArgUtil.File(certSetting.ClientCertPrivatekey, nameof(certSetting.ClientCertPrivatekey)); ArgUtil.File(certSetting.ClientCertArchive, nameof(certSetting.ClientCertArchive)); Trace.Info($"Client cert '{certSetting.ClientCert}'"); Trace.Info($"Client cert private key '{certSetting.ClientCertPrivatekey}'"); Trace.Info($"Client cert archive '{certSetting.ClientCertArchive}'"); ClientCertificateFile = certSetting.ClientCert; ClientCertificatePrivateKeyFile = certSetting.ClientCertPrivatekey; ClientCertificateArchiveFile = certSetting.ClientCertArchive; if (!string.IsNullOrEmpty(certSetting.ClientCertPasswordLookupKey)) { var cerdStore = HostContext.GetService <IAgentCredentialStore>(); ClientCertificatePassword = cerdStore.Read($"VSTS_AGENT_CLIENT_CERT_PASSWORD_{certSetting.ClientCertPasswordLookupKey}").Password; HostContext.SecretMasker.AddValue(ClientCertificatePassword); } VssClientCertificateManager = new AgentClientCertificateManager(ClientCertificateArchiveFile, ClientCertificatePassword); } } else { Trace.Info("No certificate setting found."); } }
// This should only be called from config public void SetupCertificate(bool skipCertValidation, string caCert, string clientCert, string clientCertPrivateKey, string clientCertArchive, string clientCertPassword) { Trace.Info("Setup agent certificate setting base on configuration inputs."); if (skipCertValidation) { Trace.Info("Ignore SSL server certificate validation error"); SkipServerCertificateValidation = true; VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } if (!string.IsNullOrEmpty(caCert)) { ArgUtil.File(caCert, nameof(caCert)); Trace.Info($"Self-Signed CA '{caCert}'"); } if (!string.IsNullOrEmpty(clientCert)) { ArgUtil.File(clientCert, nameof(clientCert)); ArgUtil.File(clientCertPrivateKey, nameof(clientCertPrivateKey)); ArgUtil.File(clientCertArchive, nameof(clientCertArchive)); Trace.Info($"Client cert '{clientCert}'"); Trace.Info($"Client cert private key '{clientCertPrivateKey}'"); Trace.Info($"Client cert archive '{clientCertArchive}'"); } CACertificateFile = caCert; ClientCertificateFile = clientCert; ClientCertificatePrivateKeyFile = clientCertPrivateKey; ClientCertificateArchiveFile = clientCertArchive; ClientCertificatePassword = clientCertPassword; VssClientCertificateManager = new AgentClientCertificateManager(ClientCertificateArchiveFile, ClientCertificatePassword); }