-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathCertificateExtensions.cs
More file actions
43 lines (36 loc) · 1.81 KB
/
CertificateExtensions.cs
File metadata and controls
43 lines (36 loc) · 1.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
namespace NHS.CohortManager.DemographicServices;
using System.Security.Cryptography.X509Certificates;
using Azure.Identity;
using Azure.Security.KeyVault.Certificates;
using Microsoft.Extensions.Logging;
public static class CertificateExtensions
{
/// <summary>
/// Loads the NEMS certificate from either Azure Key Vault or local file system
/// </summary>
/// <param name="config">The NEMS subscription configuration</param>
/// <param name="logger">Logger for diagnostic messages</param>
/// <returns>The loaded X509Certificate2</returns>
/// <exception cref="InvalidOperationException">Thrown when no certificate configuration is found</exception>
public static async Task<X509Certificate2> LoadNemsCertificateAsync(this ManageNemsSubscriptionConfig config, ILogger logger)
{
if (!string.IsNullOrEmpty(config.KeyVaultConnectionString))
{
logger.LogInformation("Loading NEMS certificate from Azure Key Vault");
var certClient = new CertificateClient(
new Uri(config.KeyVaultConnectionString),
new ManagedIdentityCredential()
);
var certResult = await certClient.DownloadCertificateAsync(config.NemsKeyName);
return certResult.Value;
}
if (!string.IsNullOrEmpty(config.NemsLocalCertPath))
{
logger.LogInformation("Loading NEMS certificate from local file");
return !string.IsNullOrEmpty(config.NemsLocalCertPassword)
? new X509Certificate2(config.NemsLocalCertPath, config.NemsLocalCertPassword)
: new X509Certificate2(config.NemsLocalCertPath);
}
throw new InvalidOperationException("No certificate configuration found. Please configure either KeyVaultConnectionString or NemsLocalCertPath.");
}
}