Imdsv2: Generate CSR and execute CSR request (#5427)

Author: Robbie-Microsoft

Directory.Packages.props

@@ -17,6 +17,7 @@
     <PackageVersion Include="System.ComponentModel.TypeConverter" Version="4.3.0" />
     <!-- Should match Azure Functions runtime: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4456 -->
     <PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="6.0.1" />
+    <PackageVersion Include="System.Formats.Asn1" Version="9.0.8" />
     <PackageVersion Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
     <PackageVersion Include="System.Net.NameResolution" Version="4.3.0" />
     <PackageVersion Include="System.Runtime.Serialization.Formatters" Version="4.3.0" />
@@ -80,6 +81,5 @@
     <PackageVersion Include="System.ValueTuple" Version="4.5.0" />
     <PackageVersion Include="System.Windows.Forms" Version="4.0.0" />
     <PackageVersion Include="CommandLineParser" Version="2.8.0" />
-    <PackageVersion Include="System.Formats.Asn1" Version="9.0.0" />
   </ItemGroup>
 </Project>

src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs

@@ -55,7 +55,7 @@ public virtual async Task<ManagedIdentityResponse> AuthenticateAsync(
             // Convert the scopes to a resource string.
             string resource = parameters.Resource;
 
-            ManagedIdentityRequest request = CreateRequest(resource);
+            ManagedIdentityRequest request = await CreateRequestAsync(resource).ConfigureAwait(false);
 
             // Automatically add claims / capabilities if this MI source supports them
             if (_sourceType.SupportsClaimsAndCapabilities())
@@ -149,7 +149,7 @@ protected virtual Task<ManagedIdentityResponse> HandleResponseAsync(
             throw exception;
         }
 
-        protected abstract ManagedIdentityRequest CreateRequest(string resource);
+        protected abstract Task<ManagedIdentityRequest> CreateRequestAsync(string resource);
 
         protected ManagedIdentityResponse GetSuccessfulResponse(HttpResponse response)
         {

src/client/Microsoft.Identity.Client/ManagedIdentity/AppServiceManagedIdentitySource.cs

@@ -2,12 +2,10 @@
 // Licensed under the MIT License.
 
 using System;
-using System.Collections.Generic;
 using System.Globalization;
-using Microsoft.Identity.Client.ApiConfig.Parameters;
+using System.Threading.Tasks;
 using Microsoft.Identity.Client.Core;
 using Microsoft.Identity.Client.Internal;
-using Microsoft.Identity.Client.Utils;
 
 namespace Microsoft.Identity.Client.ManagedIdentity
 {
@@ -66,7 +64,7 @@ private static bool TryValidateEnvVars(string msiEndpoint, ILoggerAdapter logger
             return true;
         }
 
-        protected override ManagedIdentityRequest CreateRequest(string resource)
+        protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
         {
             ManagedIdentityRequest request = new(System.Net.Http.HttpMethod.Get, _endpoint);
 
@@ -92,7 +90,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
                     break;
             }
 
-            return request;
+            return Task.FromResult(request);
         }
     }
 }

src/client/Microsoft.Identity.Client/ManagedIdentity/AzureArcManagedIdentitySource.cs

@@ -79,15 +79,15 @@ private AzureArcManagedIdentitySource(Uri endpoint, RequestContext requestContex
             }
         }
 
-        protected override ManagedIdentityRequest CreateRequest(string resource)
+        protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
         {
             ManagedIdentityRequest request = new ManagedIdentityRequest(System.Net.Http.HttpMethod.Get, _endpoint);
 
             request.Headers.Add("Metadata", "true");
             request.QueryParameters["api-version"] = ArcApiVersion;
             request.QueryParameters["resource"] = resource;
 
-            return request;
+            return Task.FromResult(request);
         }
 
         protected override async Task<ManagedIdentityResponse> HandleResponseAsync(
@@ -119,7 +119,7 @@ protected override async Task<ManagedIdentityResponse> HandleResponseAsync(
 
                 var authHeaderValue = "Basic " + File.ReadAllText(splitChallenge[1]);
 
-                ManagedIdentityRequest request = CreateRequest(parameters.Resource);
+                ManagedIdentityRequest request = await CreateRequestAsync(parameters.Resource).ConfigureAwait(false);
 
                 _requestContext.Logger.Verbose(() => "[Managed Identity] Adding authorization header to the request.");
                 request.Headers.Add("Authorization", authHeaderValue);

src/client/Microsoft.Identity.Client/ManagedIdentity/CloudShellManagedIdentitySource.cs

@@ -4,7 +4,7 @@
 using System;
 using System.Globalization;
 using System.Net.Http;
-using Microsoft.Identity.Client.ApiConfig.Parameters;
+using System.Threading.Tasks;
 using Microsoft.Identity.Client.Core;
 using Microsoft.Identity.Client.Internal;
 
@@ -74,7 +74,7 @@ private CloudShellManagedIdentitySource(Uri endpoint, RequestContext requestCont
             }
         }
 
-        protected override ManagedIdentityRequest CreateRequest(string resource)
+        protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
         {
             ManagedIdentityRequest request = new ManagedIdentityRequest(HttpMethod.Post, _endpoint);
 
@@ -83,7 +83,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
 
             request.BodyParameters.Add("resource", resource);
 
-            return request;
+            return Task.FromResult(request);
         }
     }
 }

src/client/Microsoft.Identity.Client/ManagedIdentity/ImdsManagedIdentitySource.cs

@@ -43,7 +43,7 @@ internal ImdsManagedIdentitySource(RequestContext requestContext) :
             requestContext.Logger.Verbose(() => "[Managed Identity] Creating IMDS managed identity source. Endpoint URI: " + _imdsEndpoint);
         }
 
-        protected override ManagedIdentityRequest CreateRequest(string resource)
+        protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
         {
             ManagedIdentityRequest request = new(HttpMethod.Get, _imdsEndpoint);
 
@@ -80,7 +80,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
 
             request.RequestType = RequestType.Imds;
 
-            return request;
+            return Task.FromResult(request);
         }
 
         public static KeyValuePair<string, string>? GetUserAssignedIdQueryParam(

src/client/Microsoft.Identity.Client/ManagedIdentity/MachineLearningManagedIdentitySource.cs

@@ -3,7 +3,7 @@
 
 using System;
 using System.Globalization;
-using Microsoft.Identity.Client.ApiConfig.Parameters;
+using System.Threading.Tasks;
 using Microsoft.Identity.Client.Core;
 using Microsoft.Identity.Client.Internal;
 
@@ -64,7 +64,7 @@ private static bool TryValidateEnvVars(string msiEndpoint, ILoggerAdapter logger
             return true;
         }
 
-        protected override ManagedIdentityRequest CreateRequest(string resource)
+        protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
         {
             ManagedIdentityRequest request = new(System.Net.Http.HttpMethod.Get, _endpoint);
 
@@ -108,7 +108,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
                         null); // statusCode is null in this case
             }
 
-            return request;
+            return Task.FromResult(request);
         }
     }
 }

src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs

@@ -9,6 +9,7 @@
 using Microsoft.Identity.Client.PlatformsCommon.Shared;
 using System.IO;
 using Microsoft.Identity.Client.Core;
+using Microsoft.Identity.Client.ManagedIdentity.V2;
 
 namespace Microsoft.Identity.Client.ManagedIdentity
 {

src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs

@@ -6,7 +6,7 @@
 using System.Net.Http;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
-using Microsoft.Identity.Client.ApiConfig.Parameters;
+using System.Threading.Tasks;
 using Microsoft.Identity.Client.Core;
 using Microsoft.Identity.Client.Internal;
 
@@ -75,7 +75,7 @@ private ServiceFabricManagedIdentitySource(RequestContext requestContext, Uri en
             }
         }
 
-        protected override ManagedIdentityRequest CreateRequest(string resource)
+        protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
         {
             ManagedIdentityRequest request = new ManagedIdentityRequest(HttpMethod.Get, _endpoint);
 
@@ -102,7 +102,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
                     break;
             }
 
-            return request;
+            return Task.FromResult(request);
         }
     }
 }