use option from context

2022-04-14 00:29:47 -07:00 · 2022-04-14 00:29:47 -07:00 · 8b03735e83
commit 8b03735e83
parent 9acec4dce9
3 changed files with 62 additions and 4 deletions
--- a/sdk/attestation/azure-security-attestation/src/attestation_client.cpp
+++ b/sdk/attestation/azure-security-attestation/src/attestation_client.cpp
@ -26,6 +26,28 @@ using namespace Azure::Core::Http::Policies;
 using namespace Azure::Core::Http::Policies::_internal;
 using namespace Azure::Core::Http::_internal;

+#if defined(BUILD_TRANSPORT_WINHTTP_ADAPTER)
+// Whenever winHTTP transport is built, create a policy to make request with no client certificate for attestation requests
+#include "azure/core/http/win_http_transport.hpp"
+
+namespace {
+  class SetNoClientCertificatePolicy : public Azure::Core::Http::Policies::HttpPolicy {
+  public:
+    std::unique_ptr<Azure::Core::Http::Policies::HttpPolicy> Clone() const override
+    {
+      return std::make_unique<SetNoClientCertificatePolicy>();
+    }
+
+    std::unique_ptr<Azure::Core::Http::RawResponse> Send(
+        Azure::Core::Http::Request& request,
+        Azure::Core::Http::Policies::NextHttpPolicy nextHttpPolicy,
+        const Azure::Core::Context& ctx) const override {
+          return nextHttpPolicy.Send(request, Azure::Core::Http::_internal::WinHttpTransportContextProvider::GetNoClientCertificateContext(ctx));
+        }
+  };
+}
+#endif
+
 AttestationClient::AttestationClient(
    std::string const& endpoint,
    std::shared_ptr<Core::Credentials::TokenCredential const> credential,
@ -45,6 +67,11 @@ AttestationClient::AttestationClient(
  }
  m_apiVersion = options.Version.ToString();
  std::vector<std::unique_ptr<HttpPolicy>> perCallpolicies;
+  
+  #if defined(BUILD_TRANSPORT_WINHTTP_ADAPTER)
+  // This configuration will make winHTTP to disable client certificate for all attestation requests
+  perCallpolicies.emplace_back(std::make_unique<SetNoClientCertificatePolicy>());
+  #endif

  m_pipeline = std::make_shared<Azure::Core::Http::_internal::HttpPipeline>(
      options,
--- a/sdk/core/azure-core/inc/azure/core/http/win_http_transport.hpp
+++ b/sdk/core/azure-core/inc/azure/core/http/win_http_transport.hpp
@ -150,10 +150,9 @@ namespace Azure { namespace Core { namespace Http {
        WinHttpTransportContextProvider() = delete;

        // Creates a set up token to make 
-        Azure::Core::Context GetNoClientCertContext(Azure::Core::Context const& parent){
-          return parent
-        }
-    }
+        static Azure::Core::Context GetNoClientCertificateContext(Azure::Core::Context const& parent);
+        static bool HasNoClientCertificateConfiguration(Azure::Core::Context const& context);
+    };
  } // namespace _internal

  /**
--- a/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp
+++ b/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp
@ -196,8 +196,20 @@ std::string GetHeadersAsString(Azure::Core::Http::Request const& request)
  return requestHeaderString;
 }

+Azure::Core::Context::Key NoClientCertificateConfiguration;
+
 } // namespace

+Azure::Core::Context Azure::Core::Http::_internal::WinHttpTransportContextProvider::GetNoClientCertificateContext(Azure::Core::Context const& parent) {
+  return parent.WithValue(NoClientCertificateConfiguration, true);
+}
+
+bool Azure::Core::Http::_internal::WinHttpTransportContextProvider::HasNoClientCertificateConfiguration(Azure::Core::Context const& context) {
+  bool value = false;
+  context.TryGetValue<bool>(NoClientCertificateConfiguration, value);
+  return value;
+}
+
 void GetErrorAndThrow(const std::string& exceptionMessage)
 {
  DWORD error = GetLastError();
@ -342,6 +354,23 @@ void WinHttpTransport::CreateRequestHandle(std::unique_ptr<_detail::HandleManage
    GetErrorAndThrow("Error while getting a request handle.");
  }

+  // Option is set up by context settings only and is only available for SDK clients
+  if(m_noClientCert) {
+    // If the service requests TLS client certificates, we want to let the WinHTTP APIs know that
+    // it's ok to initiate the request without a client certificate.
+    //
+    // Note: If/When TLS client certificate support is added to the pipeline, this line may need to
+    // be revisited.
+    if (!WinHttpSetOption(
+            handleManager->m_requestHandle,
+            WINHTTP_OPTION_CLIENT_CERT_CONTEXT,
+            WINHTTP_NO_CLIENT_CERT_CONTEXT,
+            0))
+    {
+      GetErrorAndThrow("Error while setting client cert context to ignore..");
+    }
+  }
+
  if (m_options.IgnoreUnknownCertificateAuthority)
  {
    auto option = SECURITY_FLAG_IGNORE_UNKNOWN_CA;
@ -637,6 +666,9 @@ std::unique_ptr<RawResponse> WinHttpTransport::SendRequestAndGetResponse(

 std::unique_ptr<RawResponse> WinHttpTransport::Send(Request& request, Context const& context)
 {
+  using namespace Azure::Core::Http::_internal;
+  m_noClientCert = WinHttpTransportContextProvider::HasNoClientCertificateConfiguration(context);
+
  auto handleManager = std::make_unique<_detail::HandleManager>(request, context);

  CreateSessionHandle(handleManager);