public static AzureKeyVaultCertificateClient Create(ClientCertificateFromAzureKeyVaultOptions options) { if (string.IsNullOrWhiteSpace(options.AzureKeyVaultSecretIdentifier)) { throw new ArgumentException("AzureKeyVaultSecretIdentifier is required"); } if (!options.UseManagedIdentity) { if (string.IsNullOrWhiteSpace(options.AzureAdClientId)) { throw new ArgumentException("AzureAdClientId is required when not using ManagedIdentity"); } if (string.IsNullOrWhiteSpace(options.AzureAdClientSecret)) { throw new ArgumentException("AzureAdClientSecret is required when not using ManagedIdentity"); } } KeyVaultClient client; if (options.UseManagedIdentity) { var azureServiceTokenProvider = new AzureServiceTokenProvider(); client = new KeyVaultClient(new AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); } else { var clientCredential = new ClientCredential(options.AzureAdClientId, options.AzureAdClientSecret); var callback = GetCallback(clientCredential); client = new KeyVaultClient(callback); } return(new AzureKeyVaultCertificateClient(client)); }
/// <summary> /// Use client certificate for authenticating against the BankID API from Azure KeyVault. /// </summary> /// <param name="builder"></param> /// <param name="configureOptions">Callback to configure the Key Vault options.</param> /// <returns></returns> public static IBankIdBuilder UseClientCertificateFromAzureKeyVault(this IBankIdBuilder builder, Action <ClientCertificateFromAzureKeyVaultOptions> configureOptions) { var options = new ClientCertificateFromAzureKeyVaultOptions(); configureOptions(options); return(UseClientCertificateFromAzureKeyVault(builder, options)); }
/// <summary> /// Use client certificate for authenticating against the BankID API from Azure Key Vault. /// </summary> /// <param name="builder"></param> /// <param name="configurationSection">Configuration section to bind the Key Vault options from.</param> /// <returns></returns> public static IBankIdBuilder UseClientCertificateFromAzureKeyVault(this IBankIdBuilder builder, IConfigurationSection configurationSection) { var options = new ClientCertificateFromAzureKeyVaultOptions(); configurationSection.Bind(options); return(UseClientCertificateFromAzureKeyVault(builder, options)); }
/// <summary> /// Use client certificate for authenticating against the BankID API from Azure Key Vault. /// </summary> /// <param name="builder"></param> /// <param name="options">The Key Vault options.</param> /// <returns></returns> public static IBankIdBuilder UseClientCertificateFromAzureKeyVault(this IBankIdBuilder builder, ClientCertificateFromAzureKeyVaultOptions options) { if (string.IsNullOrWhiteSpace(options.AzureKeyVaultSecretName)) { throw new ArgumentException("AzureKeyVaultSecretName is required"); } builder.UseClientCertificate(() => { var keyVaultCertificateClient = AzureKeyVaultCertificateClient.Create(options); return(keyVaultCertificateClient.GetX509Certificate2(options.AzureKeyVaultSecretName)); }); return(builder); }