Skip to content

Commit

Permalink
Merge pull request #352 from bartdesmet/dev/bartde/enable_msal_logging
Browse files Browse the repository at this point in the history
  • Loading branch information
clairernovotny authored Feb 28, 2021
2 parents 0413bfc + d03e0f1 commit a49a3b1
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 7 deletions.
3 changes: 2 additions & 1 deletion src/SignClient/Program.cs
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,12 @@ public static int Main(string[] args)
var description = cfg.Option("-d | --description", "Description", CommandOptionType.SingleValue);
var descUrl = cfg.Option("-u | --descriptionUrl", "Description Url", CommandOptionType.SingleValue);
var maxConcurrency = cfg.Option("-m | --maxConcurrency", "Maximum concurrency (default is 4)", CommandOptionType.SingleValue);
var loggingLevel = cfg.Option("-l | --logLevel", "Logging level (default is warn)", CommandOptionType.SingleValue);

cfg.OnExecute(() =>
{
var sign = new SignCommand(application);
return sign.Sign(configFile, inputFile, baseDirectory, outputFile, fileList, secret, user, name, description, descUrl, maxConcurrency);
return sign.Sign(configFile, inputFile, baseDirectory, outputFile, fileList, secret, user, name, description, descUrl, maxConcurrency, loggingLevel);
});
});

Expand Down
45 changes: 39 additions & 6 deletions src/SignClient/SignCommand.cs
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ public int Sign
CommandOption name,
CommandOption description,
CommandOption descriptionUrl,
CommandOption maxConcurrency
CommandOption maxConcurrency,
CommandOption loggingLevel
)
{
try
Expand Down Expand Up @@ -89,6 +90,28 @@ CommandOption maxConcurrency
baseDirectory.Values.Add(Environment.CurrentDirectory);
}

var logLevel = LogLevel.Warning;

if (loggingLevel.HasValue())
{
if (!Enum.TryParse(typeof(LogLevel), loggingLevel.Value(), ignoreCase: true, out var logLevelObj))
{
signCommandLineApplication.Error.WriteLine("--logLevel parameter invalid. Valid options are: error, warning, info, verbose");
return EXIT_CODES.INVALID_OPTIONS;
}

logLevel = (LogLevel)logLevelObj;
}

void Log(string facility, LogLevel level, string message)
{
if (level <= logLevel)
{
var writer = level == LogLevel.Error ? signCommandLineApplication.Error : signCommandLineApplication.Out;
writer.WriteLine($"[{facility}][{level}] {message}");
}
}

List<FileInfo> inputFiles;
// If we're going to glob, we can't be fully rooted currently (fix me later)

Expand Down Expand Up @@ -130,35 +153,47 @@ CommandOption maxConcurrency
var clientId = configuration["SignClient:AzureAd:ClientId"];
var resourceId = configuration["SignClient:Service:ResourceId"];

var logMsal = new LogCallback((LogLevel level, string message, bool containsPii) => Log("MSAL", level, message));

// See if we have a Username option
if (username.HasValue())
{
// ROPC flow
var pca = PublicClientApplicationBuilder.Create(clientId)
.WithLogging(logMsal, logLevel, enablePiiLogging: false, enableDefaultPlatformLogging: true)
.WithAuthority(authority)
.Build();

var secret = new NetworkCredential("", clientSecret.Value()).SecurePassword;

getAccessToken = async () =>
{
Log("RESTCLIENT", LogLevel.Info, "Obtaining access token for PublicClientApplication.");

var tokenResult = await pca.AcquireTokenByUsernamePassword(new[] { $"{resourceId}/user_impersonation" }, username.Value(), secret).ExecuteAsync();

Log("RESTCLIENT", LogLevel.Info, $"Obtained access token for PublicClientApplication. Correlation ID = {tokenResult.CorrelationId}; Expires on = {tokenResult.ExpiresOn}.");

return tokenResult.AccessToken;
};
}
else
{
var context = ConfidentialClientApplicationBuilder.Create(clientId)
.WithLogging(logMsal, logLevel, enablePiiLogging: false, enableDefaultPlatformLogging: true)
.WithAuthority(authority)
.WithClientSecret(clientSecret.Value())
.Build();

getAccessToken = async () =>
{
// Client credential flow
var res = await context.AcquireTokenForClient(new[] { $"{resourceId}/.default" }).ExecuteAsync();
return res.AccessToken;
Log("RESTCLIENT", LogLevel.Info, "Obtaining access token for ConfidentialClientApplication.");

var tokenResult = await context.AcquireTokenForClient(new[] { $"{resourceId}/.default" }).ExecuteAsync();

Log("RESTCLIENT", LogLevel.Info, $"Obtained access token for PublicClientApplication. Correlation ID = {tokenResult.CorrelationId}; Expires on = {tokenResult.ExpiresOn}.");

return tokenResult.AccessToken;
};
}

Expand Down Expand Up @@ -284,7 +319,5 @@ string ExpandFilePath(string file)
return file;
}
}


}
}

0 comments on commit a49a3b1

Please sign in to comment.