Support SubjectName/Issuer (SendX5c) auth (#36)

microsoft · Apr 22, 2024 · b4b1ccb · b4b1ccb
1 parent a257b11
commit b4b1ccb
Show file tree

Hide file tree

Showing 11 changed files with 367 additions and 104 deletions.
diff --git a/SyncKusto/Kusto/AuthenticationMode.cs b/SyncKusto/Kusto/AuthenticationMode.cs
@@ -4,11 +4,12 @@
 namespace SyncKusto.Kusto
 {
     /// <summary>
-    /// When connecting to a Kusto cluster, this enum contains the multiple methods of authentication are supported. 
+    /// When connecting to a Kusto cluster, this enum contains the multiple methods of authentication are supported.
     /// </summary>
     public enum AuthenticationMode
     {
         AadFederated,
-        AadApplication
+        AadApplication,
+        AadApplicationSni
     };
 }
diff --git a/SyncKusto/Kusto/QueryEngine.cs b/SyncKusto/Kusto/QueryEngine.cs
@@ -10,6 +10,7 @@
 using Kusto.Data.Common;
 using Kusto.Data.Net.Client;
 using Newtonsoft.Json;
+using SyncKusto.Utilities;
 
 namespace SyncKusto.Kusto
 {
@@ -222,33 +223,70 @@ public void Dispose()
         /// <param name="database">The name of the database to connect to</param>
         /// <param name="aadClientId">Optionally connect with AAD client app</param>
         /// <param name="aadClientKey">Optional key for AAD client app</param>
+        /// <param name="certificateThumbprint">Optional thumbprint of a certificate to use for Subject Name Issuer authentication</param>
         /// <returns>A connection string for accessing Kusto</returns>
-        public static KustoConnectionStringBuilder GetKustoConnectionStringBuilder(string cluster, string database, string aadClientId = null, string aadClientKey = null)
+        public static KustoConnectionStringBuilder GetKustoConnectionStringBuilder(
+            string cluster,
+            string database,
+            string aadClientId = null,
+            string aadClientKey = null,
+            string certificateThumbprint = null)
         {
-            if (string.IsNullOrEmpty(aadClientId) != string.IsNullOrEmpty(aadClientKey))
+            if (string.IsNullOrEmpty(aadClientId) != string.IsNullOrEmpty(aadClientKey) &&
+                string.IsNullOrEmpty(aadClientId) != string.IsNullOrEmpty(certificateThumbprint))
             {
                 throw new ArgumentException("If either aadClientId or aadClientKey are specified, they must both be specified.");
             }
 
+            if (string.IsNullOrWhiteSpace(SettingsWrapper.AADAuthority))
+            {
+                throw new Exception("Authority value must be specified in the Settings dialog.");
+            }
+
             cluster = NormalizeClusterName(cluster);
 
-            var kcsb = new KustoConnectionStringBuilder(cluster)
+            // User auth
+            if (string.IsNullOrWhiteSpace(aadClientId))
             {
-                FederatedSecurity = true,
-                InitialCatalog = database,
-                Authority = SettingsWrapper.AADAuthority
-            };
+                return new KustoConnectionStringBuilder(cluster)
+                {
+                    FederatedSecurity = true,
+                    InitialCatalog = database,
+                    Authority = SettingsWrapper.AADAuthority
+                };
+            }
+
+            // App Key auth
             if (!string.IsNullOrWhiteSpace(aadClientId) && !string.IsNullOrWhiteSpace(aadClientKey))
             {
-                kcsb.ApplicationKey = aadClientKey;
-                kcsb.ApplicationClientId = aadClientId;
+                return new KustoConnectionStringBuilder(cluster)
+                {
+                    FederatedSecurity = true,
+                    InitialCatalog = database,
+                    Authority = SettingsWrapper.AADAuthority,
+                    ApplicationKey = aadClientKey,
+                    ApplicationClientId = aadClientId
+                };
+            }
+
+            // App SNI auth
+            if (!string.IsNullOrWhiteSpace(aadClientId) && !string.IsNullOrWhiteSpace(certificateThumbprint))
+            {
+                return new KustoConnectionStringBuilder(cluster)
+                {
+                    InitialCatalog = database,
+                }.WithAadApplicationCertificateAuthentication(
+                    aadClientId,
+                    CertificateStore.GetCertificate(certificateThumbprint),
+                    SettingsWrapper.AADAuthority,
+                    true);
             }
 
-            return kcsb;
+            throw new Exception("Could not determine how to create a connection string from provided parameters.");
         }
 
         /// <summary>
-        /// Allow users to specify cluster.eastus2, cluster.eastus2.kusto.windows.net, or https://cluster.eastus2.kusto.windows.net 
+        /// Allow users to specify cluster.eastus2, cluster.eastus2.kusto.windows.net, or https://cluster.eastus2.kusto.windows.net
         /// </summary>
         /// <param name="cluster">Input cluster name</param>
         /// <returns>Normalized cluster name e.g. https://cluster.eastus2.kusto.windows.net</returns>
@@ -280,4 +318,4 @@ public static string NormalizeClusterName(string cluster)
             }
         }
     }
-}
+}
diff --git a/SyncKusto/MainForm.Designer.cs b/SyncKusto/MainForm.Designer.cs