/// <inheritdoc/> public Task <ICertificateGroup> OnBehalfOfRequest(HttpRequest request) { try { var accessToken = request.Headers["Authorization"]; var token = accessToken.First().Remove(0, "Bearer ".Length); var authority = String.IsNullOrEmpty(_clientConfig.InstanceUrl) ? _kAuthority : _clientConfig.InstanceUrl; if (!authority.EndsWith("/")) { authority += "/"; } authority += _clientConfig.TenantId; var serviceClientCredentials = new KeyVaultCredentials( token, authority, _servicesConfig.KeyVaultResourceId, _clientConfig.AppId, _clientConfig.AppSecret); var keyVaultServiceClient = new KeyVaultServiceClient(_groupSecret, _servicesConfig.KeyVaultBaseUrl, true, _log); keyVaultServiceClient.SetServiceClientCredentials(serviceClientCredentials); return(Task.FromResult <ICertificateGroup>(new KeyVaultCertificateGroup( keyVaultServiceClient, _servicesConfig, _clientConfig, _log ))); } catch (Exception ex) { // try default _log.Error("Failed to create on behalf Key Vault client. ", () => new { ex }); } return(Task.FromResult <ICertificateGroup>(this)); }
public CertificateStorageTestFixture() { var builder = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile("testsettings.json", false, true) .AddJsonFile("testsettings.Development.json", true, true) .AddFromDotEnvFile() .AddEnvironmentVariables(); var configuration = builder.Build(); _serviceConfig = new VaultConfig(configuration); _clientConfig = new ClientConfig(configuration); _vaultConfig = new KeyVaultConfig(configuration); _logger = SerilogTestLogger.Create <CertificateStorageTestFixture>(); if (!InvalidConfiguration()) { RandomGenerator = new ApplicationTestDataGenerator(); var timeid = DateTime.UtcNow.ToFileTimeUtc() / 1000 % 10000; // Create registry GroupId = "test"; Registry = new TrustGroupDatabase(new ItemContainerFactory( new CosmosDbServiceClient(_serviceConfig, _logger)), _logger); // Registry.CreateGroupAsync(new CertificateGroupCreateRequestModel { // Name = "GroupTestIssuerCA" + timeid.ToString(), // SubjectName = "CN=OPC Vault Cert Request Test CA, O=Microsoft, OU=Azure IoT", // CertificateType = CertificateType.ApplicationInstanceCertificate // }, CancellationToken.None).Result.Id // Create client var serializer = new KeyVaultKeyHandleSerializer(); var repo = new CertificateDatabase(new ItemContainerFactory( new CosmosDbServiceClient(_serviceConfig, _logger)), serializer); _keyVaultServiceClient = new KeyVaultServiceClient(_vaultConfig, new AppAuthenticationProvider(_clientConfig), repo, _logger); // Create services Services = new RequestDatabase( repo, _keyVaultServiceClient, // keystore Registry, _keyVaultServiceClient, // issuer new CertificateRevoker(repo, _keyVaultServiceClient, _keyVaultServiceClient), new EntityExtensionFactory(_keyVaultServiceClient), _serviceConfig); // Clear _keyVaultServiceClient.PurgeAsync("groups", GroupId, CancellationToken.None).Wait(); } KeyVaultInitOk = false; }
/// <inheritdoc/> public KeyVaultCertificateGroup( KeyVaultServiceClient keyVaultServiceClient, IServicesConfig servicesConfig, IClientConfig clientConfig, ILogger logger ) { _servicesConfig = servicesConfig; _clientConfig = clientConfig; _serviceHost = _servicesConfig.ServiceHost; _keyVaultServiceClient = keyVaultServiceClient; _log = logger; _log.Debug("Creating new on behalf of instance of `KeyVault` service ", () => { }); }
/// <inheritdoc/> public KeyVaultCertificateGroup( IServicesConfig servicesConfig, IClientConfig clientConfig, ILogger logger) { _servicesConfig = servicesConfig; _clientConfig = clientConfig; _serviceHost = _servicesConfig.ServiceHost; _keyVaultServiceClient = new KeyVaultServiceClient(_groupSecret, servicesConfig.KeyVaultBaseUrl, true, logger); if (clientConfig != null && clientConfig.AppId != null && clientConfig.AppSecret != null) { _keyVaultServiceClient.SetAuthenticationClientCredential(clientConfig.AppId, clientConfig.AppSecret); } else { // uses MSI or dev account _keyVaultServiceClient.SetAuthenticationTokenProvider(); } _log = logger; _log.Debug("Creating new instance of `KeyVault` service " + servicesConfig.KeyVaultBaseUrl, () => { }); }
public CertificateAuthorityTestFixture() { RandomGenerator = new ApplicationTestDataGenerator(kRandomStart); var builder = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile("testsettings.json", false, true) .AddJsonFile("testsettings.Development.json", true, true) .AddFromDotEnvFile() .AddEnvironmentVariables(); var configuration = builder.Build(); _serviceConfig = new VaultConfig(configuration); _clientConfig = new ClientConfig(configuration); _vaultConfig = new KeyVaultConfig(configuration); _logger = SerilogTestLogger.Create <CertificateAuthorityTestFixture>(); if (!InvalidConfiguration()) { ApplicationsDatabase = new ApplicationRegistry(new ApplicationDatabase( new ItemContainerFactory(new CosmosDbServiceClient(_serviceConfig, _logger)), _logger), new EndpointRegistryStub(), new EndpointRegistryStub(), new ApplicationEventBrokerStub(), _logger); var timeid = DateTime.UtcNow.ToFileTimeUtc() / 1000 % 10000; // Create group registry Registry = new TrustGroupDatabase(new ItemContainerFactory( new CosmosDbServiceClient(_serviceConfig, _logger)), _logger); _groupId = Registry.CreateGroupAsync(new Models.TrustGroupRegistrationRequestModel { Name = "CertReqConfig" + timeid.ToString(), SubjectName = "CN=OPC Vault Cert Request Test CA, O=Microsoft, OU=Azure IoT", }).Result.Id; // Create client var serializer = new KeyVaultKeyHandleSerializer(); var repo = new CertificateDatabase(new ItemContainerFactory( new CosmosDbServiceClient(_serviceConfig, _logger)), serializer); _keyVaultServiceClient = new KeyVaultServiceClient(_vaultConfig, new AppAuthenticationProvider(_clientConfig), repo, _logger); // Create services _keyVaultCertificateGroup = new RequestDatabase( repo, _keyVaultServiceClient, // keystore Registry, _keyVaultServiceClient, // issuer new CertificateRevoker(repo, _keyVaultServiceClient, _keyVaultServiceClient), new EntityExtensionFactory(_keyVaultServiceClient), _serviceConfig); _keyVaultServiceClient.PurgeAsync("groups", _groupId, CancellationToken.None).Wait(); Services = _keyVaultCertificateGroup; CertificateAuthority = new CertificateRequestManager(ApplicationsDatabase, Services, new ItemContainerFactory(new CosmosDbServiceClient(_serviceConfig, _logger)), _logger); RequestManagement = (IRequestManagement)CertificateAuthority; // create test set ApplicationTestSet = new List <ApplicationTestData>(); for (var i = 0; i < kTestSetSize; i++) { var randomApp = RandomGenerator.RandomApplicationTestData(); ApplicationTestSet.Add(randomApp); } } RegistrationOk = false; }