diff --git a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/README.md b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/README.md index 390c9d54a049..6843373453d3 100644 --- a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/README.md +++ b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/README.md @@ -54,15 +54,7 @@ var identityClient = new ConfidentialLedgerIdentityServiceClient(identityService // Get the ledger's TLS certificate for our ledger. string ledgerId = ""; // ex. "my-ledger" from "https://my-ledger.eastus.cloudapp.azure.com" Response response = identityClient.GetLedgerIdentity(ledgerId); - -// extract the ECC PEM value from the response. -var eccPem = JsonDocument.Parse(response.Content) - .RootElement - .GetProperty("ledgerTlsCertificate") - .GetString(); - -// construct an X509Certificate2 with the ECC PEM value. -X509Certificate2 ledgerTlsCert = new X509Certificate2(Encoding.UTF8.GetBytes(eccPem)); +X509Certificate2 ledgerTlsCert = ConfidentialLedgerIdentityServiceClient.ParseCertificate(response); ``` Now we can construct the `ConfidentialLedgerClient` with a transport configuration that trusts the `ledgerTlsCert`. @@ -77,6 +69,7 @@ certificateChain.ChainPolicy.VerificationTime = DateTime.Now; certificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0); certificateChain.ChainPolicy.ExtraStore.Add(ledgerTlsCert); +var f = certificateChain.Build(ledgerTlsCert); // Define a validation function to ensure that the ledger certificate is trusted by the ledger identity TLS certificate. bool CertValidationCheck(HttpRequestMessage httpRequestMessage, X509Certificate2 cert, X509Chain x509Chain, SslPolicyErrors sslPolicyErrors) { @@ -353,6 +346,7 @@ Console.WriteLine($"The latest ledger entry from the sub-ledger is {latestSubLed ##### Ranged queries Ledger entries in a sub-ledger may be retrieved over a range of transaction ids. +Note: Both ranges are optional; they can be provided individually or not at all. ```C# Snippet:RangedQuery ledgerClient.GetLedgerEntries(fromTransactionId: "2.1", toTransactionId: subLedgerTransactionId); diff --git a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/api/Azure.Security.ConfidentialLedger.netstandard2.0.cs b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/api/Azure.Security.ConfidentialLedger.netstandard2.0.cs index 3fd690026f24..f05d1fda9b4a 100644 --- a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/api/Azure.Security.ConfidentialLedger.netstandard2.0.cs +++ b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/api/Azure.Security.ConfidentialLedger.netstandard2.0.cs @@ -49,5 +49,6 @@ public ConfidentialLedgerIdentityServiceClient(System.Uri identityServiceUri, Az public virtual Azure.Core.Pipeline.HttpPipeline Pipeline { get { throw null; } } public virtual Azure.Response GetLedgerIdentity(string ledgerId, Azure.RequestOptions options = null) { throw null; } public virtual System.Threading.Tasks.Task GetLedgerIdentityAsync(string ledgerId, Azure.RequestOptions options = null) { throw null; } + public static System.Security.Cryptography.X509Certificates.X509Certificate2 ParseCertificate(Azure.Response getIdentityResponse) { throw null; } } } diff --git a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/Azure.Security.ConfidentialLedger.csproj b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/Azure.Security.ConfidentialLedger.csproj index 210f75fc1ecf..506e8a203611 100644 --- a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/Azure.Security.ConfidentialLedger.csproj +++ b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/Azure.Security.ConfidentialLedger.csproj @@ -30,6 +30,8 @@ + + diff --git a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/ConfidentialLedgerIdentityServiceClient.cs b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/ConfidentialLedgerIdentityServiceClient.cs index c96933a8b950..f4173a19c513 100644 --- a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/ConfidentialLedgerIdentityServiceClient.cs +++ b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/ConfidentialLedgerIdentityServiceClient.cs @@ -2,6 +2,8 @@ // Licensed under the MIT License. using System; +using System.Security.Cryptography.X509Certificates; +using System.Text.Json; using System.Threading.Tasks; using Azure; using Azure.Core; @@ -34,5 +36,22 @@ public ConfidentialLedgerIdentityServiceClient(Uri identityServiceUri, Confident this.identityServiceUri = identityServiceUri; apiVersion = options.Version; } + + /// + /// Parses the response from or . + /// + /// The response from or . + /// The . + public static X509Certificate2 ParseCertificate(Response getIdentityResponse) + { + var eccPem = JsonDocument.Parse(getIdentityResponse.Content) + .RootElement + .GetProperty("ledgerTlsCertificate") + .GetString(); + + // construct an X509Certificate2 with the ECC PEM value. + var span = new ReadOnlySpan(eccPem.ToCharArray()); + return PemReader.LoadCertificate(span, null, PemReader.KeyType.Auto, true); + } } } diff --git a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/Azure.Security.ConfidentialLedger.Tests.csproj b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/Azure.Security.ConfidentialLedger.Tests.csproj index b305396697fe..f9bd0edc1aac 100644 --- a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/Azure.Security.ConfidentialLedger.Tests.csproj +++ b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/Azure.Security.ConfidentialLedger.Tests.csproj @@ -21,4 +21,5 @@ + diff --git a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/ConfidentialLedgerIdentityServiceTests.cs b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/ConfidentialLedgerIdentityServiceTests.cs new file mode 100644 index 000000000000..8df0db93aded --- /dev/null +++ b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/ConfidentialLedgerIdentityServiceTests.cs @@ -0,0 +1,35 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +using Azure.Core.TestFramework; +using NUnit.Framework; + +namespace Azure.Security.ConfidentialLedger.Tests +{ + public class ConfidentialLedgerIdentityServiceTests + { + [Test] + public void ParseCertificate() + { + var ledgerCert = + new LedgerIdentityResponse + { + ledgerTlsCertificate = + "-----BEGIN CERTIFICATE-----\nMIIBezCCASGgAwIBAgIRAJm8lmSE26KV0eDDXrRD6LQwCgYIKoZIzj0EAwIwFjEU\nMBIGA1UEAwwLQ0NGIE5ldHdvcmswHhcNMjEwMzExMDAwMDAwWhcNMjMwNjExMjM1\nOTU5WjAWMRQwEgYDVQQDDAtDQ0YgTmV0d29yazBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABJDsxegT33aucCNaiHPK2YNPqwRg1Y2xxVVkII9yUCs6QyNJoCWI4Zfv\nj7iCOpaaBFxDBOuXcqyzXix\u002Be0r3rZyjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0O\nBBYEFLmINpd7X6PFiqD3z0FsjUgDyHtDMB8GA1UdIwQYMBaAFLmINpd7X6PFiqD3\nz0FsjUgDyHtDMAoGCCqGSM49BAMCA0gAMEUCIQD13yI1tEd9m0CtyfSqUnN80wYr\n6QRh9JO3tuSMA10b2gIgGZTs\u002BkowdDjP//U5fgCBovlcGIhdiBBF2wuHnLfqAkI=\n-----END CERTIFICATE-----\n\u0000" + }; + + var response = new MockResponse(200); + response.SetContent(System.Text.Json.JsonSerializer.Serialize(ledgerCert)); + + var cert = ConfidentialLedgerIdentityServiceClient.ParseCertificate(response); + + Assert.AreEqual("5D2E98B216B73220C960EE2978E56EEFEEACA30D", cert.Thumbprint); + } + + public class LedgerIdentityResponse + { + public string ledgerTlsCertificate { get; set; } + public string ledgerId { get; set; } + } + } +} diff --git a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/samples/HelloWorldSamples.cs b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/samples/HelloWorldSamples.cs index 84e36b758cc2..8fd43786753a 100644 --- a/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/samples/HelloWorldSamples.cs +++ b/sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/samples/HelloWorldSamples.cs @@ -38,16 +38,7 @@ public void HelloWorld() ledgerId = ledgerId.Substring(0, ledgerId.IndexOf('.')); #endif Response response = identityClient.GetLedgerIdentity(ledgerId); - - // extract the ECC PEM value from the response. - var eccPem = JsonDocument.Parse(response.Content) - .RootElement - .GetProperty("ledgerTlsCertificate") - .GetString(); - - // construct an X509Certificate2 with the ECC PEM value. - X509Certificate2 ledgerTlsCert = new X509Certificate2(Encoding.UTF8.GetBytes(eccPem)); - + X509Certificate2 ledgerTlsCert = ConfidentialLedgerIdentityServiceClient.ParseCertificate(response); #endregion #region Snippet:CreateClient @@ -61,6 +52,7 @@ public void HelloWorld() certificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0); certificateChain.ChainPolicy.ExtraStore.Add(ledgerTlsCert); + var f = certificateChain.Build(ledgerTlsCert); // Define a validation function to ensure that the ledger certificate is trusted by the ledger identity TLS certificate. bool CertValidationCheck(HttpRequestMessage httpRequestMessage, X509Certificate2 cert, X509Chain x509Chain, SslPolicyErrors sslPolicyErrors) {