private void OnCertRefresh(CertificateOptions cert) { if (CloudFoundryInstanceCertificate.TryParse(cert.Certificate, out var cfCert, _logger)) { _cloudFoundryCertificate = cfCert; } }
/// <summary> /// Adds Certificate authentication middleware and configuration to use platform identity certificates /// </summary> /// <param name="builder">Your <see cref="AuthenticationBuilder"/></param> /// <returns><see cref="AuthenticationBuilder"/> configured to use application identity certificates</returns> public static AuthenticationBuilder AddCloudFoundryIdentityCertificate(this AuthenticationBuilder builder) { var logger = builder.Services.BuildServiceProvider().GetService <ILogger <CloudFoundryInstanceCertificate> >(); builder.AddMutualTls(options => { options.Events = new CertificateAuthenticationEvents() { OnCertificateValidated = context => { var claims = new List <Claim>(context.Principal.Claims); if (CloudFoundryInstanceCertificate.TryParse(context.ClientCertificate, out var cfCert, logger)) { claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryInstanceId, cfCert.InstanceId, ClaimValueTypes.String, context.Options.ClaimsIssuer)); claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryAppId, cfCert.AppId, ClaimValueTypes.String, context.Options.ClaimsIssuer)); claims.Add(new Claim(ApplicationClaimTypes.CloudFoundrySpaceId, cfCert.SpaceId, ClaimValueTypes.String, context.Options.ClaimsIssuer)); claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryOrgId, cfCert.OrgId, ClaimValueTypes.String, context.Options.ClaimsIssuer)); } var identity = new ClaimsIdentity(claims, CertificateAuthenticationDefaults.AuthenticationScheme); context.Principal = new ClaimsPrincipal(identity); context.Success(); return(Task.CompletedTask); } }; }); return(builder); }
public void PostConfigure(string name, MutualTlsAuthenticationOptions options) { options.IssuerChain = _containerIdentityOptions.CurrentValue.IssuerChain; options.Events = new CertificateAuthenticationEvents() { OnCertificateValidated = context => { var claims = new List <Claim>(context.Principal.Claims); if (CloudFoundryInstanceCertificate.TryParse(context.ClientCertificate, out var cfCert, _logger)) { claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryInstanceId, cfCert.InstanceId, ClaimValueTypes.String, context.Options.ClaimsIssuer)); claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryAppId, cfCert.AppId, ClaimValueTypes.String, context.Options.ClaimsIssuer)); claims.Add(new Claim(ApplicationClaimTypes.CloudFoundrySpaceId, cfCert.SpaceId, ClaimValueTypes.String, context.Options.ClaimsIssuer)); claims.Add(new Claim(ApplicationClaimTypes.CloudFoundryOrgId, cfCert.OrgId, ClaimValueTypes.String, context.Options.ClaimsIssuer)); } var identity = new ClaimsIdentity(claims, CertificateAuthenticationDefaults.AuthenticationScheme); context.Principal = new ClaimsPrincipal(identity); context.Success(); return(Task.CompletedTask); } }; } }