/// <summary>
/// Initializes the Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
// We need the OnBehalfOf options
if (options.OnBehalfOf == null)
{
throw new ConfigurationErrorsException(
PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidConfiguration);
}
// We need the certificate thumbprint
if (string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret) && string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint))
{
throw new ConfigurationErrorsException(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidClientSecretOrCertificate);
}
ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
if (!string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint))
{
// We prioritize the X.509 certificate, if any
Certificate = X509CertificateUtility.LoadCertificate(
options.OnBehalfOf.StoreName,
options.OnBehalfOf.StoreLocation,
options.OnBehalfOf.Thumbprint);
}
else if (!string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret))
{
// Otherwise we fallback to the client secret
ClientSecret = options.OnBehalfOf.ClientSecret.ToSecureString();
}
if (Certificate != null)
{
confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ClientId)
.WithCertificate(Certificate)
.WithPnPAdditionalAuthenticationSettings(
options.OnBehalfOf.AuthorityUri,
options.OnBehalfOf.RedirectUri,
TenantId)
.Build();
}
else
{
confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ClientId)
.WithClientSecret(ClientSecret.ToInsecureString())
.WithPnPAdditionalAuthenticationSettings(
options.OnBehalfOf.AuthorityUri,
options.OnBehalfOf.RedirectUri,
TenantId)
.Build();
}
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_LogInit);
}
/// <summary>
/// Encrypt a piece of text based on a given certificate
/// </summary>
/// <param name="stringToEncrypt">Text to encrypt</param>
/// <param name="thumbPrint">Thumbprint of the certificate to use</param>
/// <returns>Encrypted text</returns>
internal static string Encrypt(this string stringToEncrypt, string thumbPrint)
{
X509Certificate2 certificate = X509CertificateUtility.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbPrint);
if (certificate == null)
{
return(string.Empty);
}
byte[] encoded = Encoding.UTF8.GetBytes(stringToEncrypt);
byte[] encrypted;
encrypted = X509CertificateUtility.Encrypt(encoded, certificate);
string encryptedString = Convert.ToBase64String(encrypted);
return(encryptedString);
}
/// <summary>
/// Decrypt a piece of text based on a given certificate
/// </summary>
/// <param name="stringToDecrypt">Text to decrypt</param>
/// <param name="thumbPrint">Thumbprint of the certificate to use</param>
/// <returns>Decrypted text</returns>
internal static string Decrypt(this string stringToDecrypt, string thumbPrint)
{
X509Certificate2 certificate = X509CertificateUtility.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbPrint);
if (certificate == null)
{
return(string.Empty);
}
byte[] encrypted;
byte[] decrypted;
encrypted = Convert.FromBase64String(stringToDecrypt);
decrypted = X509CertificateUtility.Decrypt(encrypted, certificate);
string decryptedString = Encoding.UTF8.GetString(decrypted);
return(decryptedString);
}
/// <summary>
/// Initializes the X509Certificate Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
// We need the X509Certificate options
if (options.X509Certificate == null)
{
throw new ConfigurationErrorsException(
PnPCoreAuthResources.X509CertificateAuthenticationProvider_InvalidConfiguration);
}
// We need the certificate thumbprint
if (options.X509Certificate.Certificate == null && string.IsNullOrEmpty(options.X509Certificate.Thumbprint))
{
throw new ConfigurationErrorsException(PnPCoreAuthResources.X509CertificateAuthenticationProvider_InvalidCertificateOrThumbprint);
}
ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
Certificate = options.X509Certificate.Certificate ?? X509CertificateUtility.LoadCertificate(
options.X509Certificate.StoreName,
options.X509Certificate.StoreLocation,
options.X509Certificate.Thumbprint);
confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ClientId)
.WithCertificate(Certificate)
.WithHttpClientFactory(msalHttpClientFactory)
.WithPnPAdditionalAuthenticationSettings(
options.X509Certificate.AuthorityUri,
options.X509Certificate.RedirectUri,
TenantId,
options.Environment)
.Build();
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.X509CertificateAuthenticationProvider_LogInit,
options.X509Certificate.Thumbprint,
options.X509Certificate.StoreName,
options.X509Certificate.StoreLocation);
}
