Skip to content

Commit

Permalink
Support SN+I authentication with AAD for CertificateServiceClientCred…
Browse files Browse the repository at this point in the history
…entialsFactory
  • Loading branch information
mihanzlk committed Oct 4, 2023
1 parent c2f3aea commit b302fb7
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,8 @@ namespace Microsoft.Bot.Connector.Authentication
/// </summary>
public class CertificateServiceClientCredentialsFactory : ServiceClientCredentialsFactory
{
private readonly X509Certificate2 _certificate;
private readonly CertificateAppCredentials _certificateAppCredentials;
private readonly string _appId;
private readonly string _tenantId;
private readonly HttpClient _httpClient;
private readonly ILogger _logger;

/// <summary>
/// Initializes a new instance of the <see cref="CertificateServiceClientCredentialsFactory"/> class.
Expand All @@ -30,19 +27,33 @@ public class CertificateServiceClientCredentialsFactory : ServiceClientCredentia
/// <param name="tenantId">The oauth token tenant.</param>
/// <param name="httpClient">A custom httpClient to use.</param>
/// <param name="logger">A logger instance to use.</param>
public CertificateServiceClientCredentialsFactory(X509Certificate2 certificate, string appId, string tenantId = null, HttpClient httpClient = null, ILogger logger = null)
/// <param name="sendX5c">A flag if CertificateAppCredentials should send certificate chains in the request.
/// It enables authentication with AAD using certificate subject name (not CNAME) and issuer instead of a thumbprint.
/// </param>
public CertificateServiceClientCredentialsFactory(
X509Certificate2 certificate,
string appId,
string tenantId = null,
HttpClient httpClient = null,
ILogger logger = null,
bool sendX5c = false)
: base()
{
if (string.IsNullOrWhiteSpace(appId))
{
throw new ArgumentNullException(nameof(appId));
}

_certificate = certificate ?? throw new ArgumentNullException(nameof(certificate));
_appId = appId;
_tenantId = tenantId;
_httpClient = httpClient;
_logger = logger;

// Instance must be reused otherwise it will cause throttling on AAD.
_certificateAppCredentials = new CertificateAppCredentials(
certificate ?? throw new ArgumentNullException(nameof(certificate)),
sendX5c,
appId,
tenantId,
httpClient,
logger);
}

/// <inheritdoc />
Expand All @@ -67,8 +78,7 @@ public override Task<ServiceClientCredentials> CreateCredentialsAsync(
throw new InvalidOperationException("Invalid Managed ID.");
}

return Task.FromResult<ServiceClientCredentials>(
new CertificateAppCredentials(_certificate, _appId, _tenantId, _httpClient, _logger));
return Task.FromResult<ServiceClientCredentials>(_certificateAppCredentials);
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ public void ConstructorTests()
_ = new CertificateServiceClientCredentialsFactory(certificate.Object, TestAppId, tenantId: TestTenantId);
_ = new CertificateServiceClientCredentialsFactory(certificate.Object, TestAppId, logger: logger.Object);
_ = new CertificateServiceClientCredentialsFactory(certificate.Object, TestAppId, httpClient: new HttpClient());
_ = new CertificateServiceClientCredentialsFactory(certificate.Object, TestAppId, httpClient: new HttpClient(), sendX5c: true);
}

[Fact]
Expand Down

0 comments on commit b302fb7

Please sign in to comment.