updated summarys and the docs to mention this functionality addition.

thomas-hammond · Jun 16, 2022 · f4811bb · f4811bb
1 parent 7234f9d
commit f4811bb
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/docs/ClientLibraryUsage.md b/docs/ClientLibraryUsage.md
@@ -48,6 +48,9 @@ Func<CancellationToken, Task<SecuritySettings>> GetSecurityCredentials = (ct) =>
 };
 ```
 
+#### Handling multiple issuer thumbprints
+You can specify a comma delimited list as the issuerCertThumbprint for a RemoteX509SecuritySettings object to check against multiple issuers.
+
 ### Connecting to cluster secured with Azure Active Directory
 There are different ways to connect to the cluster secured with Azure Active Directory depending on if you have the AAD metadata(authority, resource, clientId) to get the token from Azure Active Directory. If you have the AAD metadata, use the option 1 below, if you don't have the AAD metadata, use the option 2 below.
 #### 1. You have the AAD metadata to get the token from Azure Active Directory.

diff --git a/src/Microsoft.ServiceFabric.Client/ServerCertificateValidator.cs b/src/Microsoft.ServiceFabric.Client/ServerCertificateValidator.cs
@@ -153,9 +153,9 @@ private bool ValidateServerCertificateX509Name(X509Certificate2 cert, X509Chain
             return false;
         }
 
-        private bool IsServerCertIssuerThumbprintValid(X509Chain chain, string expectedIssuerThumbprint)
+        private bool IsServerCertIssuerThumbprintValid(X509Chain chain, string expectedIssuerThumbprints)
         {
-                var issuers = expectedIssuerThumbprint.ToLower().Split(',');
+                var issuers = expectedIssuerThumbprints.ToLower().Split(',');
 
                 // SelfSigned cert matches with index 0, CA signed matches with index 1.
                 var thumbprint = chain.ChainElements[0].Certificate.Thumbprint.ToLower();

diff --git a/src/Microsoft.ServiceFabric.Common/Security/X509Name.cs b/src/Microsoft.ServiceFabric.Common/Security/X509Name.cs
@@ -20,7 +20,7 @@ public class X509Name
         /// </param>
         /// <param name="issuerCertThumbprint">
         ///   <para>Certificate thumbprint to identify issuer. Default value is null which means that issuer thumbprint will not be verified.
-        ///   for the certificate found with the common name.</para>
+        ///   for the certificate found with the common name. A Comma delimited string can be used to verify against multiple certificate issuer thumbprints</para>
         /// </param>
         public X509Name(string name, string issuerCertThumbprint = null)
         {
@@ -42,7 +42,7 @@ public X509Name(string name, string issuerCertThumbprint = null)
         public string Name { get; }
 
         /// <summary>
-        /// Gets the certificate thumbprint to identify issuer.
+        /// Gets the certificate thumbprint to identify issuer. This can additionally be a comma delimited string of multiple issuer certificate thumbprints
         /// </summary>
         /// <value>
         ///   <para>Certificate thumbprint to identify issuer</para>