diff --git a/libraries/microsoft-agents-authentication-msal/microsoft_agents/authentication/msal/msal_auth.py b/libraries/microsoft-agents-authentication-msal/microsoft_agents/authentication/msal/msal_auth.py index 8c46a7f9..50d97e7b 100644 --- a/libraries/microsoft-agents-authentication-msal/microsoft_agents/authentication/msal/msal_auth.py +++ b/libraries/microsoft-agents-authentication-msal/microsoft_agents/authentication/msal/msal_auth.py @@ -17,9 +17,6 @@ TokenCache, ) from requests import Session -from cryptography.x509 import load_pem_x509_certificate -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import hashes from microsoft_agents.activity._utils import _DeferredString @@ -212,26 +209,8 @@ def _create_client_application( elif self._msal_configuration.AUTH_TYPE == AuthTypes.client_secret: self._client_credential_cache = self._msal_configuration.CLIENT_SECRET elif self._msal_configuration.AUTH_TYPE == AuthTypes.certificate: - with open(self._msal_configuration.CERT_KEY_FILE) as file: - logger.info( - "Loading certificate private key for MSAL authentication." - ) - private_key = file.read() - - with open(self._msal_configuration.CERT_PEM_FILE) as file: - logger.info("Loading public certificate for MSAL authentication.") - public_certificate = file.read() - - # Create an X509 object and calculate the thumbprint - logger.info("Calculating thumbprint for the public certificate.") - cert = load_pem_x509_certificate( - data=bytes(public_certificate, "UTF-8"), backend=default_backend() - ) - thumbprint = cert.fingerprint(hashes.SHA1()).hex() - self._client_credential_cache = { - "thumbprint": thumbprint, - "private_key": private_key, + "private_key_pfx_path": self._msal_configuration.CERT_PFX_FILE, } else: logger.error( diff --git a/libraries/microsoft-agents-authentication-msal/setup.py b/libraries/microsoft-agents-authentication-msal/setup.py index b68c2141..cc90cd35 100644 --- a/libraries/microsoft-agents-authentication-msal/setup.py +++ b/libraries/microsoft-agents-authentication-msal/setup.py @@ -15,6 +15,5 @@ f"microsoft-agents-hosting-core=={package_version}", "msal>=1.34.0", "requests>=2.32.3", - "cryptography>=44.0.0", ], ) diff --git a/libraries/microsoft-agents-hosting-core/microsoft_agents/hosting/core/authorization/agent_auth_configuration.py b/libraries/microsoft-agents-hosting-core/microsoft_agents/hosting/core/authorization/agent_auth_configuration.py index dfccfde0..abe77ea8 100644 --- a/libraries/microsoft-agents-hosting-core/microsoft_agents/hosting/core/authorization/agent_auth_configuration.py +++ b/libraries/microsoft-agents-hosting-core/microsoft_agents/hosting/core/authorization/agent_auth_configuration.py @@ -15,20 +15,18 @@ class AgentAuthConfiguration: CLIENT_ID: The client ID for the Azure AD application. AUTH_TYPE: The type of authentication to use (microsoft_agents.hosting.core.authorization.auth_types.AuthTypes). CLIENT_SECRET: The client secret for the Azure AD application (if using client secret authentication). - CERT_PEM_FILE: The path to the PEM file for certificate authentication (if using certificate authentication). - CERT_KEY_FILE: The path to the key file for certificate authentication (if using certificate authentication). + CERT_PFX_FILE: The path to the PFX certificate file (if using certificate authentication). CONNECTION_NAME: The name of the connection SCOPES: The scopes to request - AUTHORITY: The authority URL for the Azure AD (if different from the default).f + AUTHORITY: The authority URL for the Azure AD (if different from the default). ALT_BLUEPRINT_ID: An optional alternative blueprint ID used when constructing a connector client. """ TENANT_ID: Optional[str] - CLIENT_ID: Optional[str] AUTH_TYPE: AuthTypes + CLIENT_ID: Optional[str] CLIENT_SECRET: Optional[str] - CERT_PEM_FILE: Optional[str] - CERT_KEY_FILE: Optional[str] + CERT_PFX_FILE: Optional[str] CONNECTION_NAME: Optional[str] SCOPES: Optional[list[str]] AUTHORITY: Optional[str] @@ -46,17 +44,16 @@ class AgentAuthConfiguration: def __init__( self, - auth_type: AuthTypes = None, - client_id: str = None, - tenant_id: Optional[str] = None, - client_secret: Optional[str] = None, - cert_pem_file: Optional[str] = None, - cert_key_file: Optional[str] = None, - connection_name: Optional[str] = None, - authority: Optional[str] = None, - scopes: Optional[list[str]] = None, + auth_type: AuthTypes | None = None, + client_id: str | None = None, + tenant_id: str | None = None, + client_secret: str | None = None, + cert_pfx_file: str | None = None, + connection_name: str | None = None, + authority: str | None = None, + scopes: list[str] | None = None, anonymous_allowed: bool = False, - **kwargs: Optional[dict[str, str]], + **kwargs: str, ): self.AUTH_TYPE = auth_type or kwargs.get("AUTHTYPE", AuthTypes.client_secret) @@ -64,8 +61,7 @@ def __init__( self.AUTHORITY = authority or kwargs.get("AUTHORITY", None) self.TENANT_ID = tenant_id or kwargs.get("TENANTID", None) self.CLIENT_SECRET = client_secret or kwargs.get("CLIENTSECRET", None) - self.CERT_PEM_FILE = cert_pem_file or kwargs.get("CERTPEMFILE", None) - self.CERT_KEY_FILE = cert_key_file or kwargs.get("CERTKEYFILE", None) + self.CERT_PFX_FILE = cert_pfx_file or kwargs.get("CERTPFXFILE", None) self.CONNECTION_NAME = connection_name or kwargs.get("CONNECTIONNAME", None) self.SCOPES = scopes or kwargs.get("SCOPES", None) self.ALT_BLUEPRINT_ID = kwargs.get("ALT_BLUEPRINT_NAME", None) diff --git a/tests/hosting_core/test_auth_configuration.py b/tests/hosting_core/test_auth_configuration.py index 59cf9804..aadf7193 100644 --- a/tests/hosting_core/test_auth_configuration.py +++ b/tests/hosting_core/test_auth_configuration.py @@ -16,8 +16,7 @@ def test_auth_configuration_basic(self): tenant_id="test-tenant-id", client_id="test-client-id", client_secret="test-client-secret", - cert_pem_file="test-cert.pem", - cert_key_file="test-cert.key", + cert_pfx_file="test-cert.pfx", connection_name="test-connection", authority="https://login.microsoftonline.com", scopes=["test-scope-1", "test-scope-2"], @@ -27,8 +26,7 @@ def test_auth_configuration_basic(self): assert auth_config.TENANT_ID == "test-tenant-id" assert auth_config.CLIENT_ID == "test-client-id" assert auth_config.CLIENT_SECRET == "test-client-secret" - assert auth_config.CERT_PEM_FILE == "test-cert.pem" - assert auth_config.CERT_KEY_FILE == "test-cert.key" + assert auth_config.CERT_PFX_FILE == "test-cert.pfx" assert auth_config.CONNECTION_NAME == "test-connection" assert auth_config.AUTHORITY == "https://login.microsoftonline.com" assert auth_config.SCOPES == ["test-scope-1", "test-scope-2"] @@ -69,11 +67,10 @@ def test_load_configuration_from_env(self): def test_empty_settings(self): auth_config = AgentAuthConfiguration() assert auth_config.AUTH_TYPE == AuthTypes.client_secret - assert auth_config.TENANT_ID == None - assert auth_config.CLIENT_ID == None - assert auth_config.CLIENT_SECRET == None - assert auth_config.CERT_PEM_FILE == None - assert auth_config.CERT_KEY_FILE == None - assert auth_config.CONNECTION_NAME == None - assert auth_config.AUTHORITY == None - assert auth_config.SCOPES == None + assert auth_config.TENANT_ID is None + assert auth_config.CLIENT_ID is None + assert auth_config.CLIENT_SECRET is None + assert auth_config.CERT_PFX_FILE is None + assert auth_config.CONNECTION_NAME is None + assert auth_config.AUTHORITY is None + assert auth_config.SCOPES is None