main changes

Author: Nirjan Chapagain

src/VirtualClient/VirtualClient.Core.UnitTests/EndpointUtilityTests.cs

@@ -854,37 +854,5 @@ public void CreateKeyVaultStoreReference_ConnectionString_ThrowsOnInvalid()
                     "InvalidConnectionString",
                     this.mockFixture.CertificateManager.Object));
         }
-
-        [Test]
-        [TestCase("https://anyvault.vault.azure.net/?cid=123456&tid=654321")]
-        [TestCase("https://anycontentstorage.blob.core.windows.net?cid=123456&tid=654321")]
-        [TestCase("https://anypackagestorage.blob.core.windows.net?tid=654321")]
-        [TestCase("https://anynamespace.servicebus.windows.net?cid=123456&tid=654321")]
-        [TestCase("https://my-keyvault.vault.azure.net/?;tid=654321")]
-        public void TryParseMicrosoftEntraTenantIdReference_Uri_WorksAsExpected(string input)
-        {
-            // Arrange
-            Uri uri = new Uri(input);
-            bool result = EndpointUtility.TryParseMicrosoftEntraTenantIdReference(uri, out string actualTenantId);
-
-            // Assert
-            Assert.True(result);
-            Assert.AreEqual("654321", actualTenantId);
-        }
-
-        [Test]
-        [TestCase("https://anycontentstorage.blob.core.windows.net?cid=123456&tenantId=654321")]
-        [TestCase("https://anypackagestorage.blob.core.windows.net?miid=654321")]
-        [TestCase("https://my-keyvault.vault.azure.net/;cid=654321")]
-        public void TryParseMicrosoftEntraTenantIdReference_Uri_ReturnFalseWhenInvalid(string input)
-        {
-            // Arrange
-            Uri uri = new Uri(input);
-            bool result = EndpointUtility.TryParseMicrosoftEntraTenantIdReference(uri, out string actualTenantId);
-
-            // Assert
-            Assert.IsFalse(result);
-            Assert.IsNull(actualTenantId);
-        }
     }
 }

src/VirtualClient/VirtualClient.Core/EndpointUtility.cs

@@ -398,26 +398,6 @@ public static bool TryParseCertificateReference(Uri uri, out string issuer, out
             return TryGetCertificateReferenceForUri(queryParameters, out issuer, out subject);
         }
 
-        /// <summary>
-        /// Tries to parse the Microsoft Entra reference information from the provided uri. If the uri does not contain the correctly formatted client ID
-        /// and tenant ID information the method will return false, and keep the two out parameters as null.
-        /// Ex. https://anystore.blob.core.windows.net?cid={clientId};tid={tenantId}
-        /// </summary>
-        /// <param name="uri">The uri to attempt to parse the values from.</param>
-        /// <param name="tenantId">The tenant ID from the Microsoft Entra reference.</param>
-        /// <returns>True/False if the method was able to successfully parse both the client ID and the tenant ID from the Microsoft Entra reference.</returns>
-        public static bool TryParseMicrosoftEntraTenantIdReference(Uri uri, out string tenantId)
-        {
-            string queryString = Uri.UnescapeDataString(uri.Query).Trim('?').Replace("&", ",,,");
-
-            IDictionary<string, string> queryParameters = TextParsingExtensions.ParseDelimitedValues(queryString)?.ToDictionary(
-                entry => entry.Key,
-                entry => entry.Value?.ToString(),
-                StringComparer.OrdinalIgnoreCase);
-
-            return TryGetMicrosoftEntraTenantId(queryParameters, out tenantId);
-        }
-
         /// <summary>
         /// Returns the endpoint by verifying package uri checks.
         /// if the endpoint is a package uri without http or https protocols then append the protocol else return the endpoint value.

src/VirtualClient/VirtualClient.Dependencies.UnitTests/KeyVaultAccessTokenTests.cs

@@ -288,11 +288,6 @@ public Task InitializeAsyncInternal(EventContext context, CancellationToken toke
 
             public TokenRequestContext GetTokenRequestContextInternal()
             {
-                if (this.Parameters.ContainsKey(nameof(this.KeyVaultUri)))
-                {
-                    this.KeyVaultUri = this.Parameters[nameof(this.KeyVaultUri)].ToString();
-                }
-
                 return this.GetTokenRequestContext();
             }
 

src/VirtualClient/VirtualClient.Dependencies/CertificateInstallation.cs

@@ -81,6 +81,17 @@ public bool WithPrivateKey
             }
         }
 
+        /// <summary>
+        /// 
+        /// </summary>
+        public string CertificateDownloadDir
+        {
+            get
+            {
+                return this.Parameters.GetValue<string>(nameof(this.CertificateDownloadDir), string.Empty);
+            }
+        }
+
         /// <summary>
         /// Gets the access token used to authenticate with Azure services.
         /// </summary>
@@ -126,6 +137,26 @@ protected override async Task ExecuteAsync(EventContext telemetryContext, Cancel
                 {
                     throw new PlatformNotSupportedException($"The '{nameof(CertificateInstallation)}' component is not supported on platform '{this.Platform}'.");
                 }
+
+                // If a download directory is specified, we will also export the certificate to that location.
+                if (!string.IsNullOrEmpty(this.CertificateDownloadDir))
+                {
+                    string certificateFileName = this.WithPrivateKey 
+                        ? $"{this.CertificateName}.pfx"
+                        : $"{this.CertificateName}.cer";
+
+                    string certificatePath = this.Combine(this.CertificateDownloadDir, certificateFileName);
+
+                    // Delete existing certificate file
+                    if (!this.fileSystem.File.Exists(certificatePath))
+                    {
+                        this.fileSystem.File.Delete(certificatePath);
+                    }
+
+                    // Export the new certificate
+                    await this.fileSystem.File.WriteAllBytesAsync(certificatePath, certificate.Export(X509ContentType.Pfx));
+                    Console.WriteLine($"Certificate exported to {certificatePath}");
+                }
             }
             catch (Exception exc)
             {

src/VirtualClient/VirtualClient.Dependencies/KeyVaultAccessToken.cs

@@ -41,12 +41,24 @@ public KeyVaultAccessToken(IServiceCollection dependencies, IDictionary<string,
         /// Gets the Azure Key Vault URI for which the access token will be requested.
         /// Example: https://anyvault.vault.azure.net/
         /// </summary>
-        protected string KeyVaultUri { get; set; }
+        public string KeyVaultUri
+        {
+            get
+            {
+                return this.Parameters.GetValue<string>(nameof(this.KeyVaultUri));
+            }
+        }
 
         /// <summary>
         /// Gets the Azure tenant ID used to acquire an access token.
         /// </summary>
-        protected string TenantId { get; set; }
+        protected string TenantId
+        {
+            get
+            {
+                return this.Parameters.GetValue<string>(nameof(this.TenantId));
+            }
+        }
 
         /// <summary>
         /// Gets or sets the full file path where the acquired access token will be written when file logging is enabled.
@@ -84,16 +96,8 @@ protected override async Task InitializeAsync(EventContext telemetryContext, Can
         /// </summary>
         protected override async Task ExecuteAsync(EventContext telemetryContext, CancellationToken cancellationToken)
         {
-            this.KeyVaultUri = this.Parameters.GetValue<string>(nameof(this.KeyVaultUri));
             this.KeyVaultUri.ThrowIfNullOrWhiteSpace(nameof(this.KeyVaultUri));
-
-            string tenantId = this.Parameters.GetValue<string>(nameof(this.TenantId));
-            if (string.IsNullOrWhiteSpace(tenantId))
-            {
-                EndpointUtility.TryParseMicrosoftEntraTenantIdReference(new Uri(this.KeyVaultUri), out tenantId);
-            }
-
-            tenantId.ThrowIfNullOrWhiteSpace(nameof(tenantId));
+            this.TenantId.ThrowIfNullOrWhiteSpace(nameof(this.TenantId));
 
             string accessToken = null;
             if (!cancellationToken.IsCancellationRequested)
@@ -108,7 +112,7 @@ protected override async Task ExecuteAsync(EventContext telemetryContext, Cancel
                     InteractiveBrowserCredential credential = new InteractiveBrowserCredential(
                         new InteractiveBrowserCredentialOptions
                         {
-                            TenantId = tenantId
+                            TenantId = this.TenantId
                         });
 
                     accessToken = await this.AcquireInteractiveTokenAsync(credential, requestContext, cancellationToken);
@@ -119,7 +123,7 @@ protected override async Task ExecuteAsync(EventContext telemetryContext, Cancel
                     // the user with a code and URL to complete authentication from another device.
                     DeviceCodeCredential credential = new DeviceCodeCredential(new DeviceCodeCredentialOptions
                     {
-                        TenantId = tenantId,
+                        TenantId = this.TenantId,
                         DeviceCodeCallback = (codeInfo, token) =>
                         {
                             Console.WriteLine(string.Empty);

src/VirtualClient/VirtualClient.Main/BootstrapCommand.cs

@@ -53,6 +53,14 @@ internal class BootstrapCommand : ExecuteProfileCommand
         /// </summary>
         public string TenantId { get; set; }
 
+        /// <summary>
+        /// Directory path where downloaded certificates can be stored.
+        /// </summary>
+        /// <remarks>Set this property to a valid directory path to ensure that certificates can be
+        /// downloaded and saved.
+        /// </remarks>
+        public string CertificateDownloadDir { get; set; }
+
         /// <summary>
         /// Executes the bootstrap command.
         /// Supports:
@@ -142,6 +150,7 @@ protected void SetupCertificateInstallation()
             // Set certificate-related parameters
             this.Parameters["KeyVaultUri"] = this.KeyVault;
             this.Parameters["CertificateName"] = this.CertificateName;
+            this.Parameters["CertificateDownloadDir"] = this.CertificateDownloadDir;
         }
 
         protected void SetupPackageInstallation()

src/VirtualClient/VirtualClient.Main/OptionFactory.cs

@@ -655,6 +655,25 @@ public static Option CreateTenantIdOption(bool required = false, object defaultV
             return option;
         }
 
+        /// <summary>
+        /// Command line option defines the directory to which certificates downloaded from Key Vault can be saved.
+        /// </summary>
+        /// <param name="required">Sets this option as required.</param>
+        /// <param name="defaultValue">Sets the default value when none is provided.</param>
+        public static Option CreateCertificateDownloadDirectoryOption(bool required = false, object defaultValue = null)
+        {
+            Option<string> option = new Option<string>(new string[] { "--certificateDownloadDir", "--certDownloadDir" })
+            {
+                Name = "CertificateDownloadDir",
+                Description = "Set (optional) directory path which certificates downloaded from Key Vault can be saved.",
+                ArgumentHelpName = "tid",
+                AllowMultipleArgumentsPerToken = false
+            };
+
+            OptionFactory.SetOptionRequirements(option, required, defaultValue);
+            return option;
+        }
+
         /// <summary>
         /// Command line option defines the path to the environment layout file.
         /// </summary>

src/VirtualClient/VirtualClient.Main/Program.cs

@@ -313,7 +313,13 @@ internal static CommandLineBuilder SetupCommandLine(string[] args, CancellationT
                 OptionFactory.CreateVerboseFlag(required: false, false),
 
                 // --token
-                OptionFactory.CreateTokenOption(required: false)
+                OptionFactory.CreateTokenOption(required: false),
+
+                // --CertificateDownloadDir
+                OptionFactory.CreateCertificateDownloadDirectoryOption(required: false),
+                
+                // --tenant-id
+                OptionFactory.CreateTenantIdOption(required: false),
             };
 
             // Single command execution is also supported. Behind the scenes this uses a
@@ -474,6 +480,9 @@ private static Command CreateBootstrapSubcommand(DefaultSettings settings)
 
                 // --token
                 OptionFactory.CreateTokenOption(required: false),
+
+                // --CertificateDownloadDir
+                OptionFactory.CreateCertificateDownloadDirectoryOption(required: false),
 
                 // --tenant-id
                 OptionFactory.CreateTenantIdOption(required: false),

src/VirtualClient/VirtualClient.Main/profiles/BOOTSTRAP-CERTIFICATE.json

@@ -4,7 +4,8 @@
     "KeyVaultUri": null,
     "CertificateName": null,
     "AccessToken": null,
-    "LogFileName": null
+    "LogFileName": null,
+    "CertificateDownloadDir": null
   },
   "Actions": [
     {
@@ -14,9 +15,9 @@
         "KeyVaultUri": "$.Parameters.KeyVaultUri",
         "CertificateName": "$.Parameters.CertificateName",
         "AccessToken": "$.Parameters.AccessToken",
-        "AccessTokenPath": "$.Parameters.LogFileName"
+        "AccessTokenPath": "$.Parameters.LogFileName",
+        "CertificateDownloadDir": "$.Parameters.CertificateDownloadDir"
       }
     }
   ]
-}
-  
+}