From 931ef6a1d857cb911ecb165aec7cd163056dab5c Mon Sep 17 00:00:00 2001
From: George Krechar <dokrecar@microsoft.com>
Date: Fri, 26 Jan 2024 17:42:02 -0800
Subject: [PATCH] Add client certificates collection to HttpRequestData

---
 .../HttpRequestData.cs                        | 11 ++++++++
 .../HttpRequestDataTests.cs                   | 27 +++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 test/Microsoft.IdentityModel.Protocols.Tests/HttpRequestDataTests.cs

diff --git a/src/Microsoft.IdentityModel.Protocols/HttpRequestData.cs b/src/Microsoft.IdentityModel.Protocols/HttpRequestData.cs
index cc717125a9..2954a8926b 100644
--- a/src/Microsoft.IdentityModel.Protocols/HttpRequestData.cs
+++ b/src/Microsoft.IdentityModel.Protocols/HttpRequestData.cs
@@ -5,6 +5,8 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http.Headers;
+using System.Security.Cryptography.X509Certificates;
+using System.Threading;
 
 namespace Microsoft.IdentityModel.Protocols
 {
@@ -14,6 +16,7 @@ namespace Microsoft.IdentityModel.Protocols
     public class HttpRequestData
     {
         private IDictionary<string, IEnumerable<string>> _headers = new Dictionary<string, IEnumerable<string>>(StringComparer.OrdinalIgnoreCase);
+        private X509Certificate2Collection _clientCertificates;
 
         /// <summary>
         /// Gets or sets the http request URI. 
@@ -44,6 +47,14 @@ public IDictionary<string, IEnumerable<string>> Headers
                 _headers = value ?? throw new ArgumentNullException(nameof(Headers));
             }
         }
+
+        /// <summary>
+        /// Gets the certificate collection involved in authenticating the client against the server.
+        /// </summary>
+        public X509Certificate2Collection ClientCertificates => _clientCertificates ??
+            Interlocked.CompareExchange(ref _clientCertificates, [], null) ??
+            _clientCertificates;
+
         /// <summary>
         /// Gets or sets an <see cref="IDictionary{String, Object}"/> that enables custom extensibility scenarios.
         /// </summary>
diff --git a/test/Microsoft.IdentityModel.Protocols.Tests/HttpRequestDataTests.cs b/test/Microsoft.IdentityModel.Protocols.Tests/HttpRequestDataTests.cs
new file mode 100644
index 0000000000..13a069ec00
--- /dev/null
+++ b/test/Microsoft.IdentityModel.Protocols.Tests/HttpRequestDataTests.cs
@@ -0,0 +1,27 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Security.Cryptography.X509Certificates;
+using Microsoft.IdentityModel.TestUtils;
+using Xunit;
+
+namespace Microsoft.IdentityModel.Protocols.Tests
+{
+    public class HttpRequestDataTests
+    {
+        [Fact]
+        public void ClientCertificates()
+        {
+            var httpRequestData = new HttpRequestData();
+            Assert.NotNull(httpRequestData.ClientCertificates);
+            Assert.Empty(httpRequestData.ClientCertificates);
+
+            var cert = new X509Certificate2(Convert.FromBase64String(KeyingMaterial.AADCertData));
+            httpRequestData.ClientCertificates.Add(cert);
+
+            Assert.Single(httpRequestData.ClientCertificates);
+            Assert.Equal(cert, httpRequestData.ClientCertificates[0]);
+        }
+    }
+}