Skip to content

Imdsv2: Generate CSR and execute CSR request #5427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 32 commits into from
Aug 27, 2025
Merged

Imdsv2: Generate CSR and execute CSR request #5427

Show file tree
Hide file tree
Changes from 31 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
5498968
Initial commit. 2 TODOs
Robbie-Microsoft Aug 6, 2025
e04e408
Merge branch 'rginsburg/msiv2_feature_branch' into rginsburg/msiv2_csr
Robbie-Microsoft Aug 6, 2025
4e096b7
Merge branch 'rginsburg/msiv2_feature_branch' into rginsburg/msiv2_csr
Robbie-Microsoft Aug 6, 2025
6bc2164
Implemented CSR generator
Robbie-Microsoft Aug 6, 2025
762ccdf
first pass at improved unit tests
Robbie-Microsoft Aug 6, 2025
4ea6c09
Finished improving unit tests
Robbie-Microsoft Aug 6, 2025
009f948
Updates to CUID
Robbie-Microsoft Aug 7, 2025
21d4ef3
Unit test improvements
Robbie-Microsoft Aug 7, 2025
cd013a3
Implemented Feedback
Robbie-Microsoft Aug 7, 2025
480ae9e
renamed file
Robbie-Microsoft Aug 7, 2025
0aa8692
small improvement
Robbie-Microsoft Aug 8, 2025
621c566
added missing awaitor for async method
Robbie-Microsoft Aug 8, 2025
068461b
Fixed bugs discovered from unit testing in child branch
Robbie-Microsoft Aug 8, 2025
2034b25
undid changes to .proj
Robbie-Microsoft Aug 8, 2025
2b7486a
undid change to global.json
Robbie-Microsoft Aug 8, 2025
189ff9e
added missing sets
Robbie-Microsoft Aug 8, 2025
92b325f
Inplemented some feedback
Robbie-Microsoft Aug 11, 2025
067c83c
Implemented some feedback
Robbie-Microsoft Aug 14, 2025
f7d6f88
PKCS1 -> Pss padding
Robbie-Microsoft Aug 15, 2025
74e8e60
re-used imports
Robbie-Microsoft Aug 15, 2025
152f396
Implemented feedback
Robbie-Microsoft Aug 15, 2025
d46c853
Changes from manual testing.
Robbie-Microsoft Aug 19, 2025
3f75e3a
ImdsV2: Reworked Custom ASN1 Encoder to use System.Formats.Asn1 Nuget…
Robbie-Microsoft Aug 22, 2025
253993d
Merge branch 'rginsburg/msiv2_feature_branch' into rginsburg/msiv2_csr
Robbie-Microsoft Aug 22, 2025
3481c39
Implemented feedback
Robbie-Microsoft Aug 25, 2025
92158bb
Small rework due to spec changes
Robbie-Microsoft Aug 25, 2025
729a56a
Additional rework due to spec changes
Robbie-Microsoft Aug 25, 2025
3027392
Implemented feedback
Robbie-Microsoft Aug 25, 2025
3c3dcdf
Removed null check on vmId. Created CuidInfo.IsNullOrEmpty
Robbie-Microsoft Aug 25, 2025
f51cdf9
Implemented feedback
Robbie-Microsoft Aug 26, 2025
5e7ab07
Updated min version of imds, spec has incorrect info
Robbie-Microsoft Aug 26, 2025
362b407
Updated a comment
Robbie-Microsoft Aug 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Directory.Packages.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
<PackageVersion Include="System.ComponentModel.TypeConverter" Version="4.3.0" />
<!-- Should match Azure Functions runtime: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4456 -->
<PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="6.0.1" />
<PackageVersion Include="System.Formats.Asn1" Version="9.0.8" />
<PackageVersion Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
<PackageVersion Include="System.Net.NameResolution" Version="4.3.0" />
<PackageVersion Include="System.Runtime.Serialization.Formatters" Version="4.3.0" />
Expand Down Expand Up @@ -80,6 +81,5 @@
<PackageVersion Include="System.ValueTuple" Version="4.5.0" />
<PackageVersion Include="System.Windows.Forms" Version="4.0.0" />
<PackageVersion Include="CommandLineParser" Version="2.8.0" />
<PackageVersion Include="System.Formats.Asn1" Version="9.0.0" />
</ItemGroup>
</Project>
4 changes: 2 additions & 2 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/AbstractManagedIdentity.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ public virtual async Task<ManagedIdentityResponse> AuthenticateAsync(
// Convert the scopes to a resource string.
string resource = parameters.Resource;

ManagedIdentityRequest request = CreateRequest(resource);
ManagedIdentityRequest request = await CreateRequestAsync(resource).ConfigureAwait(false);

// Automatically add claims / capabilities if this MI source supports them
if (_sourceType.SupportsClaimsAndCapabilities())
Expand Down Expand Up @@ -149,7 +149,7 @@ protected virtual Task<ManagedIdentityResponse> HandleResponseAsync(
throw exception;
}

protected abstract ManagedIdentityRequest CreateRequest(string resource);
protected abstract Task<ManagedIdentityRequest> CreateRequestAsync(string resource);

protected ManagedIdentityResponse GetSuccessfulResponse(HttpResponse response)
{
Expand Down
8 changes: 3 additions & 5 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/AppServiceManagedIdentitySource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,10 @@
// Licensed under the MIT License.

using System;
using System.Collections.Generic;
using System.Globalization;
using Microsoft.Identity.Client.ApiConfig.Parameters;
using System.Threading.Tasks;
using Microsoft.Identity.Client.Core;
using Microsoft.Identity.Client.Internal;
using Microsoft.Identity.Client.Utils;

namespace Microsoft.Identity.Client.ManagedIdentity
{
Expand Down Expand Up @@ -66,7 +64,7 @@ private static bool TryValidateEnvVars(string msiEndpoint, ILoggerAdapter logger
return true;
}

protected override ManagedIdentityRequest CreateRequest(string resource)
protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
{
ManagedIdentityRequest request = new(System.Net.Http.HttpMethod.Get, _endpoint);

Expand All @@ -92,7 +90,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
break;
}

return request;
return Task.FromResult(request);
}
}
}
6 changes: 3 additions & 3 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/AzureArcManagedIdentitySource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,15 +79,15 @@ private AzureArcManagedIdentitySource(Uri endpoint, RequestContext requestContex
}
}

protected override ManagedIdentityRequest CreateRequest(string resource)
protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
{
ManagedIdentityRequest request = new ManagedIdentityRequest(System.Net.Http.HttpMethod.Get, _endpoint);

request.Headers.Add("Metadata", "true");
request.QueryParameters["api-version"] = ArcApiVersion;
request.QueryParameters["resource"] = resource;

return request;
return Task.FromResult(request);
}

protected override async Task<ManagedIdentityResponse> HandleResponseAsync(
Expand Down Expand Up @@ -119,7 +119,7 @@ protected override async Task<ManagedIdentityResponse> HandleResponseAsync(

var authHeaderValue = "Basic " + File.ReadAllText(splitChallenge[1]);

ManagedIdentityRequest request = CreateRequest(parameters.Resource);
ManagedIdentityRequest request = await CreateRequestAsync(parameters.Resource).ConfigureAwait(false);

_requestContext.Logger.Verbose(() => "[Managed Identity] Adding authorization header to the request.");
request.Headers.Add("Authorization", authHeaderValue);
Expand Down
6 changes: 3 additions & 3 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/CloudShellManagedIdentitySource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
using System;
using System.Globalization;
using System.Net.Http;
using Microsoft.Identity.Client.ApiConfig.Parameters;
using System.Threading.Tasks;
using Microsoft.Identity.Client.Core;
using Microsoft.Identity.Client.Internal;

Expand Down Expand Up @@ -74,7 +74,7 @@ private CloudShellManagedIdentitySource(Uri endpoint, RequestContext requestCont
}
}

protected override ManagedIdentityRequest CreateRequest(string resource)
protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
{
ManagedIdentityRequest request = new ManagedIdentityRequest(HttpMethod.Post, _endpoint);

Expand All @@ -83,7 +83,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)

request.BodyParameters.Add("resource", resource);

return request;
return Task.FromResult(request);
}
}
}
4 changes: 2 additions & 2 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/ImdsManagedIdentitySource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ internal ImdsManagedIdentitySource(RequestContext requestContext) :
requestContext.Logger.Verbose(() => "[Managed Identity] Creating IMDS managed identity source. Endpoint URI: " + _imdsEndpoint);
}

protected override ManagedIdentityRequest CreateRequest(string resource)
protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
{
ManagedIdentityRequest request = new(HttpMethod.Get, _imdsEndpoint);

Expand Down Expand Up @@ -80,7 +80,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)

request.RequestType = RequestType.Imds;

return request;
return Task.FromResult(request);
}

public static KeyValuePair<string, string>? GetUserAssignedIdQueryParam(
Expand Down
6 changes: 3 additions & 3 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/MachineLearningManagedIdentitySource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

using System;
using System.Globalization;
using Microsoft.Identity.Client.ApiConfig.Parameters;
using System.Threading.Tasks;
using Microsoft.Identity.Client.Core;
using Microsoft.Identity.Client.Internal;

Expand Down Expand Up @@ -64,7 +64,7 @@ private static bool TryValidateEnvVars(string msiEndpoint, ILoggerAdapter logger
return true;
}

protected override ManagedIdentityRequest CreateRequest(string resource)
protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
{
ManagedIdentityRequest request = new(System.Net.Http.HttpMethod.Get, _endpoint);

Expand Down Expand Up @@ -108,7 +108,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
null); // statusCode is null in this case
}

return request;
return Task.FromResult(request);
}
}
}
1 change: 1 addition & 0 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/ManagedIdentityClient.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
using Microsoft.Identity.Client.PlatformsCommon.Shared;
using System.IO;
using Microsoft.Identity.Client.Core;
using Microsoft.Identity.Client.ManagedIdentity.V2;

namespace Microsoft.Identity.Client.ManagedIdentity
{
Expand Down
6 changes: 3 additions & 3 deletions src/client/Microsoft.Identity.Client/ManagedIdentity/ServiceFabricManagedIdentitySource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
using System.Net.Http;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Identity.Client.ApiConfig.Parameters;
using System.Threading.Tasks;
using Microsoft.Identity.Client.Core;
using Microsoft.Identity.Client.Internal;

Expand Down Expand Up @@ -75,7 +75,7 @@ private ServiceFabricManagedIdentitySource(RequestContext requestContext, Uri en
}
}

protected override ManagedIdentityRequest CreateRequest(string resource)
protected override Task<ManagedIdentityRequest> CreateRequestAsync(string resource)
{
ManagedIdentityRequest request = new ManagedIdentityRequest(HttpMethod.Get, _endpoint);

Expand All @@ -102,7 +102,7 @@ protected override ManagedIdentityRequest CreateRequest(string resource)
break;
}

return request;
return Task.FromResult(request);
}
}
}
Loading