fixes #133

give role to cert auth
rajanadar · Apr 28, 2020 · e4f5736 · e4f5736
1 parent 0bb2b49
commit e4f5736
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.4.0001 (April 27, 2020)
+
+**IMPROVEMENTS:**
+
+  * [GH-133] Add support for the optional ```CertificateRoleName``` while doing Cert based Auth.
+
 ## 1.4.0 (April 25, 2020)
 
 **FEATURES:**

diff --git a/README.md b/README.md
@@ -402,6 +402,10 @@ IVaultClient vaultClient = new VaultClient(vaultClientSettings);
 var certificate = new X509Certificate2(your-p12-bytes, your-pass);
 
 IAuthMethodInfo authMethod = new CertAuthMethodInfo(certificate);
+
+// Optionally, you can also provide a Certificate Role Name during Auth.
+// IAuthMethodInfo authMethod = new CertAuthMethodInfo(certificate, certificateRoleName);
+
 var vaultClientSettings = new VaultClientSettings("https://MY_VAULT_SERVER:8200", authMethod);
 
 IVaultClient vaultClient = new VaultClient(vaultClientSettings);

diff --git a/src/VaultSharp/V1/AuthMethods/Cert/CertAuthMethodInfo.cs b/src/VaultSharp/V1/AuthMethods/Cert/CertAuthMethodInfo.cs
@@ -35,11 +35,17 @@ public class CertAuthMethodInfo : AbstractAuthMethodInfo
         /// </value>
         public X509Certificate2 ClientCertificate { get; }
 
+        /// <summary>
+        /// Optionally, you may specify a single certificate role to authenticate against.
+        /// </summary>
+        public string RoleName { get; }
+
         /// <summary>
         /// Initializes a new instance of the <see cref="CertAuthMethodInfo" /> class.
         /// </summary>
         /// <param name="clientCertificate">The client certificate.</param>
-        public CertAuthMethodInfo(X509Certificate2 clientCertificate) : this(AuthMethodType.Cert.Type, clientCertificate)
+        /// <param name="roleName">A single certificate role to authenticate against.</param>
+        public CertAuthMethodInfo(X509Certificate2 clientCertificate, string roleName = null) : this(AuthMethodType.Cert.Type, clientCertificate, roleName)
         {
         }
 
@@ -48,7 +54,8 @@ public CertAuthMethodInfo(X509Certificate2 clientCertificate) : this(AuthMethodT
         /// </summary>
         /// <param name="mountPoint">The mount point.</param>
         /// <param name="clientCertificate">The client certificate.</param>
-        public CertAuthMethodInfo(string mountPoint, X509Certificate2 clientCertificate)
+        /// <param name="roleName">A single certificate role to authenticate against.</param>
+        public CertAuthMethodInfo(string mountPoint, X509Certificate2 clientCertificate, string roleName = null)
         {
             Checker.NotNull(mountPoint, "mountPoint");
             Checker.NotNull(clientCertificate, "clientCertificate");
@@ -60,6 +67,7 @@ public CertAuthMethodInfo(string mountPoint, X509Certificate2 clientCertificate)
 
             MountPoint = mountPoint;
             ClientCertificate = clientCertificate;
+            RoleName = roleName;
         }
     }
 }
diff --git a/src/VaultSharp/V1/AuthMethods/Cert/CertAuthMethodLoginProvider.cs b/src/VaultSharp/V1/AuthMethods/Cert/CertAuthMethodLoginProvider.cs
@@ -1,5 +1,4 @@
 using System;
-using System.Collections.Generic;
 using System.Globalization;
 using System.Net.Http;
 using System.Threading.Tasks;
@@ -22,8 +21,14 @@ public CertAuthMethodLoginProvider(CertAuthMethodInfo certAuthMethodInfo, Polyma
 
         public async Task<string> GetVaultTokenAsync()
         {
-            // make an unauthenticated call to Vault, since this is the call to get the token. It shouldn't need a token.
-            var response = await _polymath.MakeVaultApiRequest<Secret<JToken>>(LoginResourcePath, HttpMethod.Post, unauthenticated: true).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
+            // Make an unauthenticated call to Vault, since this is the call to get the token. 
+            // It shouldn't need a token.
+            var response = string.IsNullOrWhiteSpace(_certAuthMethodInfo.RoleName) ? 
+
+                (await _polymath.MakeVaultApiRequest<Secret<JToken>>(LoginResourcePath, HttpMethod.Post, unauthenticated: true).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext)) : 
+
+                (await _polymath.MakeVaultApiRequest<Secret<JToken>>(LoginResourcePath, HttpMethod.Post, new { name = _certAuthMethodInfo.RoleName }, unauthenticated: true).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
+
             _certAuthMethodInfo.ReturnedLoginAuthInfo = response?.AuthInfo;
 
             if (response?.AuthInfo != null && !string.IsNullOrWhiteSpace(response.AuthInfo.ClientToken))

diff --git a/src/VaultSharp/VaultSharp.csproj b/src/VaultSharp/VaultSharp.csproj
@@ -5,7 +5,7 @@
     <SignAssembly>true</SignAssembly>
     <DelaySign>false</DelaySign>
     <AssemblyOriginatorKeyFile>VaultSharp.snk</AssemblyOriginatorKeyFile>
-    <Version>1.4.0</Version>
+    <Version>1.4.0001</Version>
     <Authors>Raja Nadar</Authors>
     <Copyright>Copyright ©  2020 Raja Nadar. All rights reserved.</Copyright>
     <PackageProjectUrl>https://github.com/rajanadar/VaultSharp</PackageProjectUrl>
@@ -20,8 +20,8 @@
  * This library is built with .NET Standard 1.3 &amp; .NET 4.5 and hence is cross-platform across .NET Core 1.0, .NET 4.5 and more, Xamarin iOS, Android, Mac, UWP etc.</Description>
     <RepositoryType>Github</RepositoryType>
     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
-    <AssemblyVersion>1.4.0.0</AssemblyVersion>
-    <FileVersion>1.4.0.0</FileVersion>
+    <AssemblyVersion>1.4.0001.0</AssemblyVersion>
+    <FileVersion>1.4.0002.0</FileVersion>
     <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
     <PackageIcon>icon.png</PackageIcon>
   </PropertyGroup>