jarig/auth_kv.cs

## auth_kv.cs
public class CertificateHelper
{
    public static X509Certificate2 FindCertificateByThumbprint(string thumbrint)
    {
        X509Certificate2 cert;
        cert = FindCertificateByThumbprint(thumbrint, StoreName.My, StoreLocation.CurrentUser);
        if (cert == null)
        {
            cert = FindCertificateByThumbprint(thumbrint, StoreName.My, StoreLocation.LocalMachine);
        }
        return cert;
    }

    private static X509Certificate2 FindCertificateByThumbprint(string thumbrint, StoreName storeName, StoreLocation storeLocation)
    {
        using (X509Store store = new X509Store(storeName, storeLocation))
        {
            store.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint,
                thumbrint, false); // Don't validate certs, since the test root isn't installed.
            if (certs == null || certs.Count == 0)
                return null;
            return certs.OfType<X509Certificate2>().Single();
        }
    }
}

private static IKeyVaultClient CreateKeyVaultClientWithCertificate(string clientId, string certificateThumbrint)
{
    X509Certificate2 clientCertificate = CertificateHelper.FindCertificateByThumbprint(certificateThumbrint);
    if (clientCertificate == null)
    {
        throw new Exception($"Failed to find certificate with thumbprint {certificateThumbrint}");
    }
    var clientCredential = new ClientAssertionCertificate(clientId, clientCertificate);
    return CreateKeyVaultClient(async (AuthenticationContext authenticationContext, string resource) =>
    { return await authenticationContext.AcquireTokenAsync(resource, clientCredential); });
}

private static IKeyVaultClient CreateKeyVaultClientWithSecret(string clientId, string clientSecret)
{
    ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);

    return CreateKeyVaultClient(async (AuthenticationContext authenticationContext, string resource) =>
        { return await authenticationContext.AcquireTokenAsync(resource, clientCredential); });
}

private static IKeyVaultClient CreateKeyVaultClient(TokenAcquireDelegateAsync tokenAcquireDelegateAsync)
{
    var tokenCache = new TokenCache();
    IKeyVaultClient keyVaultClient = new KeyVaultClient(async (authority, resource, scope) =>
    {
        AuthenticationContext authenticationContext = new AuthenticationContext(new Uri(authority).AbsoluteUri, false, tokenCache);
        AuthenticationResult result = await tokenAcquireDelegateAsync(authenticationContext, resource).ConfigureAwait(false);
        string token = result.AccessToken;
        return token;
    });
    return keyVaultClient;
}
	public class CertificateHelper
	{
	public static X509Certificate2 FindCertificateByThumbprint(string thumbrint)
	{
	X509Certificate2 cert;
	cert = FindCertificateByThumbprint(thumbrint, StoreName.My, StoreLocation.CurrentUser);
	if (cert == null)
	{
	cert = FindCertificateByThumbprint(thumbrint, StoreName.My, StoreLocation.LocalMachine);
	}
	return cert;
	}

	private static X509Certificate2 FindCertificateByThumbprint(string thumbrint, StoreName storeName, StoreLocation storeLocation)
	{
	using (X509Store store = new X509Store(storeName, storeLocation))
	{
	store.Open(OpenFlags.ReadOnly);
	X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint,
	thumbrint, false); // Don't validate certs, since the test root isn't installed.
	if (certs == null \|\| certs.Count == 0)
	return null;
	return certs.OfType<X509Certificate2>().Single();
	}
	}
	}

	private static IKeyVaultClient CreateKeyVaultClientWithCertificate(string clientId, string certificateThumbrint)
	{
	X509Certificate2 clientCertificate = CertificateHelper.FindCertificateByThumbprint(certificateThumbrint);
	if (clientCertificate == null)
	{
	throw new Exception($"Failed to find certificate with thumbprint {certificateThumbrint}");
	}
	var clientCredential = new ClientAssertionCertificate(clientId, clientCertificate);
	return CreateKeyVaultClient(async (AuthenticationContext authenticationContext, string resource) =>
	{ return await authenticationContext.AcquireTokenAsync(resource, clientCredential); });
	}

	private static IKeyVaultClient CreateKeyVaultClientWithSecret(string clientId, string clientSecret)
	{
	ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);

	return CreateKeyVaultClient(async (AuthenticationContext authenticationContext, string resource) =>
	{ return await authenticationContext.AcquireTokenAsync(resource, clientCredential); });
	}

	private static IKeyVaultClient CreateKeyVaultClient(TokenAcquireDelegateAsync tokenAcquireDelegateAsync)
	{
	var tokenCache = new TokenCache();
	IKeyVaultClient keyVaultClient = new KeyVaultClient(async (authority, resource, scope) =>
	{
	AuthenticationContext authenticationContext = new AuthenticationContext(new Uri(authority).AbsoluteUri, false, tokenCache);
	AuthenticationResult result = await tokenAcquireDelegateAsync(authenticationContext, resource).ConfigureAwait(false);
	string token = result.AccessToken;
	return token;
	});
	return keyVaultClient;
	}