/// <summary> /// Initializes the Authentication Provider /// </summary> /// <param name="options">The options to use</param> internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options) { // We need the OnBehalfOf options if (options.OnBehalfOf == null) { throw new ConfigurationErrorsException( PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidConfiguration); } // We need the certificate thumbprint if (string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret) && string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint)) { throw new ConfigurationErrorsException(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidClientSecretOrCertificate); } ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId; TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId; if (!string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint)) { // We prioritize the X.509 certificate, if any Certificate = X509CertificateUtility.LoadCertificate( options.OnBehalfOf.StoreName, options.OnBehalfOf.StoreLocation, options.OnBehalfOf.Thumbprint); } else if (!string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret)) { // Otherwise we fallback to the client secret ClientSecret = options.OnBehalfOf.ClientSecret.ToSecureString(); } if (Certificate != null) { confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(ClientId) .WithCertificate(Certificate) .WithPnPAdditionalAuthenticationSettings( options.OnBehalfOf.AuthorityUri, options.OnBehalfOf.RedirectUri, TenantId) .Build(); } else { confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(ClientId) .WithClientSecret(ClientSecret.ToInsecureString()) .WithPnPAdditionalAuthenticationSettings( options.OnBehalfOf.AuthorityUri, options.OnBehalfOf.RedirectUri, TenantId) .Build(); } // Log the initialization information Log?.LogInformation(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_LogInit); }
/// <summary> /// Encrypt a piece of text based on a given certificate /// </summary> /// <param name="stringToEncrypt">Text to encrypt</param> /// <param name="thumbPrint">Thumbprint of the certificate to use</param> /// <returns>Encrypted text</returns> internal static string Encrypt(this string stringToEncrypt, string thumbPrint) { X509Certificate2 certificate = X509CertificateUtility.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbPrint); if (certificate == null) { return(string.Empty); } byte[] encoded = Encoding.UTF8.GetBytes(stringToEncrypt); byte[] encrypted; encrypted = X509CertificateUtility.Encrypt(encoded, certificate); string encryptedString = Convert.ToBase64String(encrypted); return(encryptedString); }
/// <summary> /// Decrypt a piece of text based on a given certificate /// </summary> /// <param name="stringToDecrypt">Text to decrypt</param> /// <param name="thumbPrint">Thumbprint of the certificate to use</param> /// <returns>Decrypted text</returns> internal static string Decrypt(this string stringToDecrypt, string thumbPrint) { X509Certificate2 certificate = X509CertificateUtility.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbPrint); if (certificate == null) { return(string.Empty); } byte[] encrypted; byte[] decrypted; encrypted = Convert.FromBase64String(stringToDecrypt); decrypted = X509CertificateUtility.Decrypt(encrypted, certificate); string decryptedString = Encoding.UTF8.GetString(decrypted); return(decryptedString); }
/// <summary> /// Initializes the X509Certificate Authentication Provider /// </summary> /// <param name="options">The options to use</param> internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options) { // We need the X509Certificate options if (options.X509Certificate == null) { throw new ConfigurationErrorsException( PnPCoreAuthResources.X509CertificateAuthenticationProvider_InvalidConfiguration); } // We need the certificate thumbprint if (options.X509Certificate.Certificate == null && string.IsNullOrEmpty(options.X509Certificate.Thumbprint)) { throw new ConfigurationErrorsException(PnPCoreAuthResources.X509CertificateAuthenticationProvider_InvalidCertificateOrThumbprint); } ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId; TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId; Certificate = options.X509Certificate.Certificate ?? X509CertificateUtility.LoadCertificate( options.X509Certificate.StoreName, options.X509Certificate.StoreLocation, options.X509Certificate.Thumbprint); confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(ClientId) .WithCertificate(Certificate) .WithHttpClientFactory(msalHttpClientFactory) .WithPnPAdditionalAuthenticationSettings( options.X509Certificate.AuthorityUri, options.X509Certificate.RedirectUri, TenantId, options.Environment) .Build(); // Log the initialization information Log?.LogInformation(PnPCoreAuthResources.X509CertificateAuthenticationProvider_LogInit, options.X509Certificate.Thumbprint, options.X509Certificate.StoreName, options.X509Certificate.StoreLocation); }