keyVaultFactory.ts 4.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. // Copyright (c) Microsoft Corporation. All rights reserved.
  2. // Licensed under the MIT License. See License.txt in the project root for license information.
  3. import { ApplicationTokenCredentials } from "./applicationTokenCredentials";
  4. import { ApplicationTokenCertificateCredentials } from "./applicationTokenCertificateCredentials";
  5. import { DeviceTokenCredentials } from "./deviceTokenCredentials";
  6. import { MSIAppServiceTokenCredentials } from "./msiAppServiceTokenCredentials";
  7. import { MSITokenCredentials } from "./msiTokenCredentials";
  8. import { MSIVmTokenCredentials } from "./msiVmTokenCredentials";
  9. import { TokenCredentialsBase } from "./tokenCredentialsBase";
  10. import { UserTokenCredentials } from "./userTokenCredentials";
  11. import { AuthenticationContext, TokenResponse, ErrorResponse } from "adal-node";
  12. import { Authenticator } from "@azure/ms-rest-js";
  13. export function createAuthenticator(credentials: MSITokenCredentials): Authenticator {
  14. const convertedCredentials = _convert(credentials);
  15. const authenticator = _createAuthenticatorMapper(convertedCredentials);
  16. return authenticator;
  17. }
  18. function _convert(credentials: MSITokenCredentials): MSITokenCredentials {
  19. if (credentials instanceof MSIAppServiceTokenCredentials) {
  20. return new MSIAppServiceTokenCredentials({
  21. msiEndpoint: credentials.msiEndpoint,
  22. msiSecret: credentials.msiSecret,
  23. msiApiVersion: credentials.msiApiVersion,
  24. resource: credentials.resource
  25. });
  26. } else if (credentials instanceof MSIVmTokenCredentials) {
  27. return new MSIVmTokenCredentials({
  28. resource: credentials.resource,
  29. msiEndpoint: credentials.msiEndpoint
  30. });
  31. } else if (credentials instanceof MSITokenCredentials) {
  32. throw new Error("MSI-credentials not one of: MSIVmTokenCredentials, MSIAppServiceTokenCredentials");
  33. } else {
  34. return credentials;
  35. }
  36. }
  37. function _createAuthenticatorMapper(credentials: MSITokenCredentials): Authenticator {
  38. return (challenge: any) => new Promise((resolve, reject) => {
  39. // Function to take token Response and format a authorization value
  40. const _formAuthorizationValue = (err: Error, tokenResponse: TokenResponse | ErrorResponse) => {
  41. if (err) {
  42. return reject(err);
  43. }
  44. if (tokenResponse.error) {
  45. return reject(tokenResponse.error);
  46. }
  47. tokenResponse = tokenResponse as TokenResponse;
  48. // Calculate the value to be set in the request's Authorization header and resume the call.
  49. const authorizationValue = tokenResponse.tokenType + " " + tokenResponse.accessToken;
  50. return resolve(authorizationValue);
  51. };
  52. // Create a new authentication context.
  53. if (credentials instanceof TokenCredentialsBase) {
  54. const context = new AuthenticationContext(challenge.authorization, true, credentials.authContext && credentials.authContext.cache);
  55. if (credentials instanceof ApplicationTokenCredentials) {
  56. return context.acquireTokenWithClientCredentials(
  57. challenge.resource, credentials.clientId, credentials.secret, _formAuthorizationValue);
  58. } else if (credentials instanceof ApplicationTokenCertificateCredentials) {
  59. return context.acquireTokenWithClientCertificate(
  60. challenge.resource, credentials.clientId, credentials.certificate, credentials.thumbprint, _formAuthorizationValue);
  61. } else if (credentials instanceof UserTokenCredentials) {
  62. return context.acquireTokenWithUsernamePassword(
  63. challenge.resource, credentials.username, credentials.password, credentials.clientId, _formAuthorizationValue);
  64. } else if (credentials instanceof DeviceTokenCredentials) {
  65. return context.acquireToken(
  66. challenge.resource, credentials.username, credentials.clientId, _formAuthorizationValue);
  67. }
  68. } else if (credentials instanceof MSITokenCredentials) {
  69. return credentials.getToken();
  70. } else {
  71. return reject(new Error("credentials must be one of: ApplicationTokenCredentials, UserTokenCredentials, " +
  72. "DeviceTokenCredentials, MSITokenCredentials"));
  73. }
  74. });
  75. }