client_certificate_credential.hpp

Go to the documentation of this file.

// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
 
#pragma once
 
#include "azure/identity/detail/client_credential_core.hpp"
#include "azure/identity/detail/token_cache.hpp"
 
#include <azure/core/credentials/credentials.hpp>
#include <azure/core/credentials/token_credential_options.hpp>
#include <azure/core/internal/unique_handle.hpp>
#include <azure/core/url.hpp>
 
#include <memory>
#include <string>
#include <vector>
 
namespace Azure { namespace Identity {
  namespace _detail {
    class TokenCredentialImpl;
 
    void FreePrivateKeyImpl(void* pkey);
 
    template <typename> struct UniquePrivateKeyHelper;
    template <> struct UniquePrivateKeyHelper<void*>
    {
      static void FreePrivateKey(void* pkey) { FreePrivateKeyImpl(pkey); }
      using type = Azure::Core::_internal::BasicUniqueHandle<void, FreePrivateKey>;
    };
 
    using UniquePrivateKey = Azure::Core::_internal::UniqueHandle<void*, UniquePrivateKeyHelper>;
  } // namespace _detail
 
  struct ClientCertificateCredentialOptions final : public Core::Credentials::TokenCredentialOptions
  {
    std::string AuthorityHost = _detail::DefaultOptionValues::GetAuthorityHost();
 
    std::vector<std::string> AdditionallyAllowedTenants;
 
    bool SendCertificateChain = false;
  };
 
  class ClientCertificateCredential final : public Core::Credentials::TokenCredential {
  private:
    _detail::TokenCache m_tokenCache;
    _detail::ClientCredentialCore m_clientCredentialCore;
    std::unique_ptr<_detail::TokenCredentialImpl> m_tokenCredentialImpl;
    std::string m_requestBody;
    std::string m_tokenPayloadStaticPart;
    std::string m_tokenHeaderEncoded;
    _detail::UniquePrivateKey m_pkey;
 
    explicit ClientCertificateCredential(
        std::string tenantId,
        std::string const& clientId,
        std::string const& clientCertificatePath,
        std::string const& authorityHost,
        std::vector<std::string> additionallyAllowedTenants,
        bool sendCertificateChain,
        Core::Credentials::TokenCredentialOptions const& options);
 
    explicit ClientCertificateCredential(
        std::string tenantId,
        std::string const& clientId,
        std::string const& clientCertificate,
        std::string const& privateKey,
        std::string const& authorityHost,
        std::vector<std::string> additionallyAllowedTenants,
        bool sendCertificateChain,
        Core::Credentials::TokenCredentialOptions const& options);
 
  public:
    explicit ClientCertificateCredential(
        std::string tenantId,
        std::string const& clientId,
        std::string const& clientCertificatePath,
        Core::Credentials::TokenCredentialOptions const& options
        = Core::Credentials::TokenCredentialOptions());
 
    explicit ClientCertificateCredential(
        std::string tenantId,
        std::string const& clientId,
        std::string const& clientCertificate,
        std::string const& privateKey,
        ClientCertificateCredentialOptions const& options = {});
 
    explicit ClientCertificateCredential(
        std::string tenantId,
        std::string const& clientId,
        std::string const& clientCertificatePath,
        ClientCertificateCredentialOptions const& options);
 
    ~ClientCertificateCredential() override;
 
    Core::Credentials::AccessToken GetToken(
        Core::Credentials::TokenRequestContext const& tokenRequestContext,
        Core::Context const& context) const override;
  };
 
}} // namespace Azure::Identity