Skip to content
This repository has been archived by the owner on Jan 19, 2021. It is now read-only.

Commit

Permalink
#2101 Cleanup private key only for file or pem based certificate login
Browse files Browse the repository at this point in the history
  • Loading branch information
@wobba
wobba committed Jun 3, 2019
1 parent 29061fe commit dde1f7a
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 21 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).

## [Unreleased]

### Changed
- Cleanup private key only for file or pem based certificate login (#2101)

## [3.9.1905.3 - May 2019 Intermediate Release 3]

### Changed
Expand Down
35 changes: 14 additions & 21 deletions Commands/Base/SPOnlineConnectionHelper.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,23 +365,11 @@ internal static SPOnlineConnection InitiateAzureADNativeApplicationConnection(Ur

internal static SPOnlineConnection InitiateAzureADAppOnlyConnection(Uri url, string clientId, string tenant, string certificatePath, SecureString certificatePassword, int minimalHealthScore, int retryCount, int retryWait, int requestTimeout, string tenantAdminUrl, PSHost host, bool disableTelemetry, bool skipAdminCheck = false, AzureEnvironment azureEnvironment = AzureEnvironment.Production)
{
var authManager = new OfficeDevPnP.Core.AuthenticationManager();
var context = PnPClientContext.ConvertFrom(authManager.GetAzureADAppOnlyAuthenticatedContext(url.ToString(), clientId, tenant, certificatePath, certificatePassword, azureEnvironment), retryCount, retryWait * 1000);
var connectionType = ConnectionType.OnPrem;
if (url.Host.ToUpperInvariant().EndsWith("SHAREPOINT.COM"))
{
connectionType = ConnectionType.O365;
}
if (skipAdminCheck == false)
{
if (IsTenantAdminSite(context))
{
connectionType = ConnectionType.TenantAdmin;
}
}
var spoConnection = new SPOnlineConnection(context, connectionType, minimalHealthScore, retryCount, retryWait, null, url.ToString(), tenantAdminUrl, PnPPSVersionTag, host, disableTelemetry, InitializationType.AADAppOnly);
spoConnection.ConnectionMethod = Model.ConnectionMethod.AzureADAppOnly;
return spoConnection;
X509Certificate2 certificate = CertificateHelper.GetCertificateFromPath(certificatePath, certificatePassword);

return InitiateAzureAdAppOnlyConnectionWithCert(url, clientId, tenant, minimalHealthScore, retryCount,
retryWait, requestTimeout, tenantAdminUrl, host, disableTelemetry, skipAdminCheck, azureEnvironment,
certificate, true);
}

internal static SPOnlineConnection InitiateAzureADAppOnlyConnection(Uri url, string clientId, string tenant,
Expand All @@ -391,20 +379,21 @@ internal static SPOnlineConnection InitiateAzureADAppOnlyConnection(Uri url, str
AzureEnvironment azureEnvironment = AzureEnvironment.Production)
{
X509Certificate2 certificate = CertificateHelper.GetCertificatFromStore(thumbprint);
return InitiateAzureAdAppOnlyConnectionWithCert(url, clientId, tenant, minimalHealthScore, retryCount, retryWait, requestTimeout, tenantAdminUrl, host, disableTelemetry, skipAdminCheck, azureEnvironment, certificate);

return InitiateAzureAdAppOnlyConnectionWithCert(url, clientId, tenant, minimalHealthScore, retryCount, retryWait, requestTimeout, tenantAdminUrl, host, disableTelemetry, skipAdminCheck, azureEnvironment, certificate, false);
}

internal static SPOnlineConnection InitiateAzureADAppOnlyConnection(Uri url, string clientId, string tenant, string certificatePEM, string privateKeyPEM, SecureString certificatePassword, int minimalHealthScore, int retryCount, int retryWait, int requestTimeout, string tenantAdminUrl, PSHost host, bool disableTelemetry, bool skipAdminCheck = false, AzureEnvironment azureEnvironment = AzureEnvironment.Production)
{
string password = new System.Net.NetworkCredential(string.Empty, certificatePassword).Password;
X509Certificate2 certificate = CertificateHelper.GetCertificateFromPEMstring(certificatePEM, privateKeyPEM, password);

return InitiateAzureAdAppOnlyConnectionWithCert(url, clientId, tenant, minimalHealthScore, retryCount, retryWait, requestTimeout, tenantAdminUrl, host, disableTelemetry, skipAdminCheck, azureEnvironment, certificate);
return InitiateAzureAdAppOnlyConnectionWithCert(url, clientId, tenant, minimalHealthScore, retryCount, retryWait, requestTimeout, tenantAdminUrl, host, disableTelemetry, skipAdminCheck, azureEnvironment, certificate, true);
}

private static SPOnlineConnection InitiateAzureAdAppOnlyConnectionWithCert(Uri url, string clientId, string tenant,
int minimalHealthScore, int retryCount, int retryWait, int requestTimeout, string tenantAdminUrl, PSHost host, bool disableTelemetry,
bool skipAdminCheck, AzureEnvironment azureEnvironment, X509Certificate2 certificate)
bool skipAdminCheck, AzureEnvironment azureEnvironment, X509Certificate2 certificate, bool certificateFromFile)
{
var authManager = new OfficeDevPnP.Core.AuthenticationManager();
var clientContext =
Expand All @@ -426,11 +415,15 @@ private static SPOnlineConnection InitiateAzureAdAppOnlyConnectionWithCert(Uri u
}
}

CleanupCryptoMachineKey(certificate);
if (certificateFromFile)
{
CleanupCryptoMachineKey(certificate);
}

var spoConnection = new SPOnlineConnection(context, connectionType, minimalHealthScore, retryCount, retryWait, null,
url.ToString(), tenantAdminUrl, PnPPSVersionTag, host, disableTelemetry, InitializationType.AADAppOnly);
spoConnection.ConnectionMethod = ConnectionMethod.AzureADAppOnly;

return spoConnection;
}

Expand Down
14 changes: 14 additions & 0 deletions Commands/Utilities/CertificateHelper.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,20 @@ internal static X509Certificate2 GetCertificateFromPEMstring(string publicCert,
return certificate;
}

internal static X509Certificate2 GetCertificateFromPath(string certificatePath, SecureString certificatePassword)
{
var certFile = System.IO.File.OpenRead(certificatePath);
var certificateBytes = new byte[certFile.Length];
certFile.Read(certificateBytes, 0, (int)certFile.Length);
var certificate = new X509Certificate2(
certificateBytes,
certificatePassword,
X509KeyStorageFlags.Exportable |
X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet);
return certificate;
}

#region certificate manipulation
private static void EncodeLength(BinaryWriter stream, int length)
{
Expand Down

0 comments on commit dde1f7a

Please sign in to comment.