-
Notifications
You must be signed in to change notification settings - Fork 260
Expand file tree
/
Copy pathCertificateDescription.cs
More file actions
202 lines (187 loc) · 8.62 KB
/
CertificateDescription.cs
File metadata and controls
202 lines (187 loc) · 8.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
using System;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Identity.Abstractions;
namespace Microsoft.Identity.Web
{
/// <summary>
/// Description of a certificate.
/// </summary>
public class CertificateDescription : CredentialDescription
{
/// <summary>
/// Default constructor.
/// </summary>
public CertificateDescription()
{
}
/// <summary>
/// Creates a certificate description from a credential description.
/// </summary>
/// <param name="credentialDescription"></param>
public CertificateDescription(CredentialDescription credentialDescription)
: base(credentialDescription)
{
_ = Throws.IfNull(credentialDescription);
// TODO: Check credentialDescription is really a cert
SourceType = (CertificateSource)credentialDescription.SourceType;
}
/// <summary>
/// Creates a certificate description from a certificate (by code).
/// </summary>
/// <param name="x509certificate2">Certificate.</param>
/// <returns>A certificate description.</returns>
public static CertificateDescription FromCertificate(X509Certificate2 x509certificate2)
{
return new CertificateDescription
{
SourceType = CertificateSource.Certificate,
Certificate = x509certificate2,
};
}
/// <summary>
/// Creates a certificate description from Key Vault.
/// </summary>
/// <param name="keyVaultUrl">The Key Vault URL.</param>
/// <param name="keyVaultCertificateName">The name of the certificate in Key Vault.</param>
/// <returns>A certificate description.</returns>
public static CertificateDescription FromKeyVault(
string keyVaultUrl,
string keyVaultCertificateName)
{
return new CertificateDescription
{
SourceType = CertificateSource.KeyVault,
KeyVaultUrl = keyVaultUrl,
KeyVaultCertificateName = keyVaultCertificateName,
};
}
/// <summary>
/// Creates a certificate description from a Base64 encoded value.
/// </summary>
/// <param name="base64EncodedValue">Base64 encoded certificate value.</param>
/// <returns>A certificate description.</returns>
public static CertificateDescription FromBase64Encoded(string base64EncodedValue)
{
return new CertificateDescription
{
SourceType = CertificateSource.Base64Encoded,
Base64EncodedValue = base64EncodedValue,
};
}
/// <summary>
/// Creates a certificate description from a Base64 encoded value.
/// </summary>
/// <param name="base64EncodedValue">Base64 encoded certificate value.</param>
/// <param name="password">The password to use when decoding the certificate.</param>
/// <returns>A certificate description.</returns>
public static CertificateDescription FromBase64Encoded(string base64EncodedValue, string password)
{
return new CertificateDescription
{
SourceType = CertificateSource.Base64Encoded,
Base64EncodedValue = base64EncodedValue,
CertificatePassword = password
};
}
/// <summary>
/// Creates a certificate description from path on disk.
/// </summary>
/// <param name="path">Path where to find the certificate file.</param>
/// <param name="password">Certificate password.</param>
/// <returns>A certificate description.</returns>
public static CertificateDescription FromPath(string path, string? password = null)
{
return new CertificateDescription
{
SourceType = CertificateSource.Path,
CertificateDiskPath = path,
CertificatePassword = password,
};
}
/// <summary>
/// Creates a certificate description from a thumbprint and store location (Certificate Manager on Windows, for instance).
/// </summary>
/// <param name="certificateThumbprint">Certificate thumbprint.</param>
/// <param name="certificateStoreLocation">Store location where to find the certificate.</param>
/// <param name="certificateStoreName">Store name where to find the certificate.</param>
/// <returns>A certificate description.</returns>
public static CertificateDescription FromStoreWithThumbprint(
string certificateThumbprint,
StoreLocation certificateStoreLocation = StoreLocation.CurrentUser,
StoreName certificateStoreName = StoreName.My)
{
return new CertificateDescription
{
SourceType = CertificateSource.StoreWithThumbprint,
CertificateStorePath = $"{certificateStoreLocation}/{certificateStoreName}",
CertificateThumbprint = certificateThumbprint,
};
}
/// <summary>
/// Creates a certificate description from a certificate distinguished name (such as CN=name)
/// and store location (Certificate Manager on Windows, for instance).
/// </summary>
/// <param name="certificateDistinguishedName">Certificate distinguished named.</param>
/// <param name="certificateStoreLocation">Store location where to find the certificate.</param>
/// <param name="certificateStoreName">Store name where to find the certificate.</param>
/// <returns>A certificate description.</returns>
public static CertificateDescription FromStoreWithDistinguishedName(
string certificateDistinguishedName,
StoreLocation certificateStoreLocation = StoreLocation.CurrentUser,
StoreName certificateStoreName = StoreName.My)
{
return new CertificateDescription
{
SourceType = CertificateSource.StoreWithDistinguishedName,
CertificateStorePath = $"{certificateStoreLocation}/{certificateStoreName}",
CertificateDistinguishedName = certificateDistinguishedName,
};
}
/// <summary>
/// Creates a certificate description from a certificate subject name (such as "MyCert")
/// and store location (Certificate Manager on Windows, for instance).
/// The provided subject name is matched as a substring against the Subject field of each
/// certificate in the store; the most recently issued matching certificate is selected.
/// </summary>
/// <param name="certificateSubjectName">Certificate subject name (or substring of the subject) to search for in the store.</param>
/// <param name="certificateStoreLocation">Store location where to find the certificate.</param>
/// <param name="certificateStoreName">Store name where to find the certificate.</param>
/// <returns>A certificate description.</returns>
public static CertificateDescription FromStoreWithSubjectName(
string certificateSubjectName,
StoreLocation certificateStoreLocation = StoreLocation.CurrentUser,
StoreName certificateStoreName = StoreName.My)
{
return new CertificateDescription
{
SourceType = CertificateSource.StoreWithSubjectName,
CertificateStorePath = $"{certificateStoreLocation}/{certificateStoreName}",
CertificateSubjectName = certificateSubjectName,
};
}
/// <summary>
/// Defines where and how to import the private key of an X.509 certificate.
/// </summary>
public X509KeyStorageFlags X509KeyStorageFlags { get; set; } = CertificateLoaderHelper.DetermineX509KeyStorageFlag();
// Should Container and ReferenceOrValue be moved to
// the tests (As extension methods)
/// <summary>
/// <inheritdoc/>.
/// </summary>
public new X509Certificate2? Certificate
{
get { return base.Certificate; }
protected internal set { base.Certificate = value; }
}
/// <summary>
/// <inheritdoc/>.
/// </summary>
public new CertificateSource SourceType
{
get { return (CertificateSource)base.SourceType; }
set { base.SourceType = (CredentialSource)value; }
}
}
}