Skip to content

Commit

Permalink
Adding pem certificate support for dotnet 6 or higher (#518)
Browse files Browse the repository at this point in the history
Adding support for .pem certificates to address [artifacts-keyring
issue](microsoft/artifacts-keyring#60). Note
this is only targeting .net 6 or greater versions of the cred provider,
since the `CreateFromPemFile` is only available in .net 5 or greater.
Otherwise, we have to implement reading the pem ourselves.

Additional Considerations:
- Add certificate passwords for pfx files.
  • Loading branch information
embetten authored Sep 19, 2024
1 parent c195c87 commit d6adc53
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
6 changes: 6 additions & 0 deletions CredentialProvider.Microsoft/Resources.resx
Original file line number Diff line number Diff line change
Expand Up @@ -506,6 +506,12 @@ Provide MSAL Cache Location
<data name="UsingCertificate" xml:space="preserve">
<value>Using certificate: {0}.</value>
</data>
<data name="ClientCertificateFileTypeNotSupported" xml:space="preserve">
<value>Certificate file type not supported. Only .pfx and .pem certificates are accepted.</value>
</data>
<data name="ClientCertificatePemFilesNotSupported" xml:space="preserve">
<value>Certificate file type .pem are only supported on versions of the credential provider built on .Net 6 or greater.</value>
</data>
<data name="UsingTenant" xml:space="preserve">
<value>Using Entra tenant: {0}.</value>
</data>
Expand Down
18 changes: 17 additions & 1 deletion CredentialProvider.Microsoft/Util/CertificateUtil.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using ILogger = NuGetCredentialProvider.Logging.ILogger;

Expand Down Expand Up @@ -54,7 +55,22 @@ public static X509Certificate2 GetCertificateByFilePath(ILogger logger, string f

try
{
var certificate = new X509Certificate2(filePath);
var fileType = Path.GetExtension(filePath);
X509Certificate2 certificate;
switch (fileType)
{
case ".pfx":
certificate = new X509Certificate2(filePath);
break;
case ".pem":
#if NET6_0_OR_GREATER
certificate= X509Certificate2.CreateFromPemFile(filePath);
break;
#endif
throw new NotSupportedException(Resources.ClientCertificatePemFilesNotSupported);
default:
throw new NotSupportedException(Resources.ClientCertificateFileTypeNotSupported);
}

if (certificate == null)
{
Expand Down

0 comments on commit d6adc53

Please sign in to comment.