-
Notifications
You must be signed in to change notification settings - Fork 4.1k
Expand file tree
/
Copy pathSshCredentialFactory.cs
More file actions
90 lines (78 loc) · 3.78 KB
/
SshCredentialFactory.cs
File metadata and controls
90 lines (78 loc) · 3.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// ----------------------------------------------------------------------------------
//
// Copyright Microsoft Corporation
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// ----------------------------------------------------------------------------------
using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
using Microsoft.Azure.Commands.Common.Authentication.Abstractions.Models;
using Microsoft.Azure.Commands.Common.Authentication.Properties;
using Microsoft.Identity.Client.SSHCertificates;
using Microsoft.WindowsAzure.Commands.Utilities.Common;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;
namespace Microsoft.Azure.Commands.Common.Authentication.Factories
{
public class SshCredentialFactory : ISshCredentialFactory
{
private const string AadSshLoginForLinuxServerAppId = "ce6ff14a-7fdc-4685-bbe0-f6afdfcfa8e0";
private string CreateJwk(RSAParameters rsaKeyInfo, out string keyId)
{
string modulus = Base64UrlHelper.Encode(rsaKeyInfo.Modulus);
string exp = Base64UrlHelper.Encode(rsaKeyInfo.Exponent);
SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(modulus + exp));
StringBuilder hex = new StringBuilder(hash.Length * 2);
for (int i = 0; i < hash.Length; ++i)
{
hex.AppendFormat("{0:x2}", hash[i]);
}
keyId = hex.ToString();
Dictionary<string, object> jwk = new Dictionary<string, object>
{
{ "kty", "RSA" },
{ "kid", keyId },
{ "n", modulus },
{ "e", exp }
};
return JsonConvert.SerializeObject(jwk);
}
public SshCredential GetSshCredential(IAzureContext context, RSAParameters rsaKeyInfo)
{
if (!AzureSession.Instance.TryGetComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, out PowerShellTokenCacheProvider tokenCacheProvider))
{
throw new NullReferenceException(Resources.AuthenticationClientFactoryNotRegistered);
}
var publicClient = tokenCacheProvider.CreatePublicClient(context.Environment.ActiveDirectoryAuthority, context.Tenant.Id);
string scope = GetAuthScope();
List<string> scopes = new List<string>() { scope };
var jwk = CreateJwk(rsaKeyInfo, out string keyId);
var account = publicClient.GetAccountAsync(context.Account.ExtendedProperties["HomeAccountId"])
.ConfigureAwait(false).GetAwaiter().GetResult();
var result = publicClient.AcquireTokenSilent(scopes, account)
.WithSSHCertificateAuthenticationScheme(jwk, keyId)
.ExecuteAsync();
var accessToken = result.ConfigureAwait(false).GetAwaiter().GetResult();
var resultToken = new SshCredential()
{
Credential = accessToken.AccessToken,
ExpiresOn = accessToken.ExpiresOn,
};
return resultToken;
}
private string GetAuthScope()
{
return $"{AadSshLoginForLinuxServerAppId}/.default";
}
}
}