microsoft · darjoo · Feb 9, 2024 · Jan 8, 2024 · Jan 8, 2024 · Jan 8, 2024
@@ -465,7 +465,7 @@ codeunit 7772 "Azure OpenAI Impl"
     var
         AzureKeyVault: Codeunit "Azure Key Vault";
         EnvironmentInformation: Codeunit "Environment Information";
-        KVSecret: Text;
+        KVSecret: SecretText;
     begin
         if not EnvironmentInformation.IsSaaSInfrastructure() then
             exit;

@@ -14,6 +14,7 @@ codeunit 7800 "Azure Functions Authentication"
     InherentEntitlements = X;
     InherentPermissions = X;
 
+#if not CLEAN24
     /// <summary>
     /// Creates OAuth2 authentication instance of Azure function interface.
     /// </summary>
@@ -26,13 +27,35 @@ codeunit 7800 "Azure Functions Authentication"
     /// <param name="ResourceURL">The Application ID URI</param>
     /// <returns>Instance of Azure function response object.</returns>
     [NonDebuggable]
+    [Obsolete('Use CreateOAuth2 with SecretText data type for ClientSecret.', '24.0')]
     procedure CreateOAuth2(Endpoint: Text; AuthenticationCode: Text; ClientId: Text; ClientSecret: Text; OAuthAuthorityUrl: Text; RedirectURL: Text; ResourceURL: Text): Interface "Azure Functions Authentication"
     var
         AzureFunctionsOAuth2: Codeunit "Azure Functions OAuth2";
     begin
         AzureFunctionsOAuth2.SetAuthParameters(Endpoint, AuthenticationCode, ClientId, ClientSecret, OAuthAuthorityUrl, RedirectURL, ResourceURL);
         exit(AzureFunctionsOAuth2);
     end;
+#endif
+
+    /// <summary>
+    /// Creates OAuth2 authentication instance of Azure function interface.
+    /// </summary>
+    /// <param name="Endpoint">Azure function endpoint</param>
+    /// <param name="AuthenticationCode">Azure function authentication code, empty if anonymous.</param>
+    /// <param name="ClientId">The Application (client) ID that the Azure portal – App registrations experience assigned to your app.</param>
+    /// <param name="ClientSecret">The Application (client) secret configured in the Azure Portal.</param>
+    /// <param name="OAuthAuthorityUrl">The identity authorization provider URL.</param>
+    /// <param name="RedirectURL">The redirectURL of your app, for azure function this could be empty</param>
+    /// <param name="ResourceURL">The Application ID URI</param>
+    /// <returns>Instance of Azure function response object.</returns>
+    [NonDebuggable]
+    procedure CreateOAuth2(Endpoint: Text; AuthenticationCode: Text; ClientId: Text; ClientSecret: SecretText; OAuthAuthorityUrl: Text; RedirectURL: Text; ResourceURL: Text): Interface "Azure Functions Authentication"
+    var
+        AzureFunctionsOAuth2: Codeunit "Azure Functions OAuth2";
+    begin
+        AzureFunctionsOAuth2.SetAuthParameters(Endpoint, AuthenticationCode, ClientId, ClientSecret, OAuthAuthorityUrl, RedirectURL, ResourceURL);
+        exit(AzureFunctionsOAuth2);
+    end;
 
     /// <summary>
     /// Creates code authentication instance of Azure function interface.

@@ -19,7 +19,10 @@ codeunit 7802 "Azure Functions OAuth2" implements "Azure Functions Authenticatio
         [NonDebuggable]
         AuthenticationCodeGlobal, EndpointGlobal : Text;
         [NonDebuggable]
-        ClientIdGlobal, ClientSecretGlobal, OAuthAuthorityUrlGlobal, RedirectURLGlobal, ResourceURLGlobal, AccessToken : Text;
+        ClientIdGlobal, OAuthAuthorityUrlGlobal, RedirectURLGlobal, ResourceURLGlobal : Text;
+        ClientSecretGlobal: SecretText;
+        AccessToken: SecretText;
+        BearerLbl: Label 'Bearer %1', Comment = '%1 is the access token', Locked = true;
         FailedToGetTokenErr: Label 'Authorization failed to Azure function: %1', Locked = true;
         AzureFunctionCategoryLbl: Label 'Connect to Azure Functions', Locked = true;
 
@@ -37,7 +40,7 @@ codeunit 7802 "Azure Functions OAuth2" implements "Azure Functions Authenticatio
 
         OAuth2.AcquireTokenWithClientCredentials(ClientIdGlobal, ClientSecretGlobal, OAuthAuthorityUrlGlobal, RedirectURLGlobal, ResourceURLGlobal, AccessToken);
 
-        if AccessToken = '' then begin
+        if AccessToken.IsEmpty() then begin
             UriBuilder.GetUri(Uri);
             Dimensions.Add('FunctionHost', Format(Uri.GetHost()));
             FeatureTelemetry.LogError('0000I75', AzureFunctionCategoryLbl, 'Acquiring token', StrSubstNo(FailedToGetTokenErr, Uri.GetHost()), '', Dimensions);
@@ -46,7 +49,7 @@ codeunit 7802 "Azure Functions OAuth2" implements "Azure Functions Authenticatio
 
         RequestMessage.GetHeaders(Headers);
         Headers.Remove('Authorization');
-        Headers.Add('Authorization', 'Bearer ' + AccessToken);
+        Headers.Add('Authorization', SecretStrSubstNo(BearerLbl, AccessToken));
 
 
         if AuthenticationCodeGlobal <> '' then
@@ -58,7 +61,7 @@ codeunit 7802 "Azure Functions OAuth2" implements "Azure Functions Authenticatio
     end;
 
     [NonDebuggable]
-    procedure SetAuthParameters(Endpoint: Text; AuthenticationCode: Text; ClientId: Text; ClientSecret: Text; OAuthAuthorityUrl: Text; RedirectURL: Text; ResourceURL: Text)
+    procedure SetAuthParameters(Endpoint: Text; AuthenticationCode: Text; ClientId: Text; ClientSecret: SecretText; OAuthAuthorityUrl: Text; RedirectURL: Text; ResourceURL: Text)
     begin
         EndpointGlobal := Endpoint;
         AuthenticationCodeGlobal := AuthenticationCode;

@@ -123,6 +123,7 @@ codeunit 2202 "Azure Key Vault Impl."
         X509Certificate2: Codeunit X509Certificate2;
         EnvironmentInformation: Codeunit "Environment Information";
         CertificateThumbprint: Text;
+        EmptySecretText: SecretText;
     begin
         if CachedCertificatesDictionary.ContainsKey(CertificateName) then begin
             Certificate := CachedCertificatesDictionary.Get(CertificateName);
@@ -136,7 +137,7 @@ codeunit 2202 "Azure Key Vault Impl."
         end;
         Certificate := NavAzureKeyVaultClient.GetAzureKeyVaultCertificate(CertificateName);
         if EnvironmentInformation.IsSaaS() then begin
-            X509Certificate2.GetCertificateThumbprint(Certificate, '', CertificateThumbprint);
+            X509Certificate2.GetCertificateThumbprint(Certificate, EmptySecretText, CertificateThumbprint);
             if CertificateThumbprint <> '' then
                 Session.LogMessage('0000C17', StrSubstNo(CertificateInfoTxt, CertificateName, CertificateThumbprint), Verbosity::Normal, DataClassification::SystemMetadata, TelemetryScope::ExtensionPublisher, 'Category', AzureKeyVaultTxt);
         end;

@@ -42,7 +42,7 @@ codeunit 9060 "Auth. Format Helper"
     end;
 
     [NonDebuggable]
-    procedure GetAccessKeyHashCode(StringToSign: Text; AccessKey: Text): Text;
+    procedure GetAccessKeyHashCode(StringToSign: Text; AccessKey: SecretText): Text;
     var
         CryptographyManagement: Codeunit "Cryptography Management";
         HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512;

@@ -46,7 +46,7 @@ codeunit 9061 "Stor. Serv. Auth. SAS" implements "Storage Service Authorization"
     end;
 
     [NonDebuggable]
-    procedure SetSigningKey(NewSigningKey: Text)
+    procedure SetSigningKey(NewSigningKey: SecretText)
     begin
         SigningKey := NewSigningKey;
     end;
@@ -241,8 +241,7 @@ codeunit 9061 "Stor. Serv. Auth. SAS" implements "Storage Service Authorization"
         AuthFormatHelper: Codeunit "Auth. Format Helper";
         [NonDebuggable]
         StorageAccountName: Text;
-        [NonDebuggable]
-        SigningKey: Text;
+        SigningKey: SecretText;
         SignedEncryptionScope: Text;
         StartDate: DateTime;
         EndDate: DateTime;

@@ -29,7 +29,7 @@ codeunit 9064 "Stor. Serv. Auth. Shared Key" implements "Storage Service Authori
     end;
 
     [NonDebuggable]
-    procedure SetSharedKey(SharedKey: Text)
+    procedure SetSharedKey(SharedKey: SecretText)
     begin
         Secret := SharedKey;
     end;
@@ -47,7 +47,7 @@ codeunit 9064 "Stor. Serv. Auth. Shared Key" implements "Storage Service Authori
         SignaturePlaceHolderLbl: Label 'SharedKey %1:%2', Comment = '%1 = Account Name; %2 = Calculated Signature', Locked = true;
         SecretCanNotBeEmptyErr: Label 'Secret (Access Key) must be provided';
     begin
-        if Secret = '' then
+        if Secret.IsEmpty() then
             Error(SecretCanNotBeEmptyErr);
 
         StringToSign := CreateSharedKeyStringToSign(HttpRequestMessage, StorageAccount);
@@ -209,6 +209,5 @@ codeunit 9064 "Stor. Serv. Auth. Shared Key" implements "Storage Service Authori
     var
         AuthFormatHelper: Codeunit "Auth. Format Helper";
         ApiVersion: Enum "Storage Service API Version";
-        [NonDebuggable]
-        Secret: Text;
+        Secret: SecretText;
 }
@@ -12,7 +12,7 @@ codeunit 9063 "Stor. Serv. Auth. Impl."
     InherentPermissions = X;
 
     [NonDebuggable]
-    procedure CreateSAS(SigningKey: Text; SignedVersion: Enum "Storage Service API Version"; SignedServices: List of [Enum "SAS Service Type"]; SignedResources: List of [Enum "SAS Resource Type"]; SignedPermissions: List of [Enum "SAS Permission"]; SignedExpiry: DateTime): Interface "Storage Service Authorization"
+    procedure CreateSAS(SigningKey: SecretText; SignedVersion: Enum "Storage Service API Version"; SignedServices: List of [Enum "SAS Service Type"]; SignedResources: List of [Enum "SAS Resource Type"]; SignedPermissions: List of [Enum "SAS Permission"]; SignedExpiry: DateTime): Interface "Storage Service Authorization"
     var
         OptionalParams: Record "SAS Parameters";
     begin
@@ -21,7 +21,7 @@ codeunit 9063 "Stor. Serv. Auth. Impl."
     end;
 
     [NonDebuggable]
-    procedure CreateSAS(SigningKey: Text; SignedVersion: Enum "Storage Service API Version"; SignedServices: List of [Enum "SAS Service Type"]; SignedResources: List of [Enum "SAS Resource Type"]; SignedPermissions: List of [Enum "SAS Permission"]; SignedExpiry: DateTime; OptionalParams: Record "SAS Parameters"): Interface "Storage Service Authorization"
+    procedure CreateSAS(SigningKey: SecretText; SignedVersion: Enum "Storage Service API Version"; SignedServices: List of [Enum "SAS Service Type"]; SignedResources: List of [Enum "SAS Resource Type"]; SignedPermissions: List of [Enum "SAS Permission"]; SignedExpiry: DateTime; OptionalParams: Record "SAS Parameters"): Interface "Storage Service Authorization"
     var
         StorServAuthSAS: Codeunit "Stor. Serv. Auth. SAS";
     begin
@@ -42,7 +42,7 @@ codeunit 9063 "Stor. Serv. Auth. Impl."
     end;
 
     [NonDebuggable]
-    procedure SharedKey(SharedKeyToUse: Text; ApiVersion: Enum "Storage Service API Version"): Interface "Storage Service Authorization"
+    procedure SharedKey(SharedKeyToUse: SecretText; ApiVersion: Enum "Storage Service API Version"): Interface "Storage Service Authorization"
     var
         StorServAuthSharedKey: Codeunit "Stor. Serv. Auth. Shared Key";
     begin

@@ -55,13 +55,15 @@ codeunit 9062 "Storage Service Authorization"
         exit(StorServAuthImpl.CreateSAS(SigningKey, SignedVersion, SignedServices, SignedResources, SignedPermissions, SignedExpiry, OptionalSASParameters));
     end;
 
+#if not CLEAN24
     /// <summary>
     /// Creates a Shared Key authorization mechanism for HTTP requests to Azure Storage Services.
     /// See: https://go.microsoft.com/fwlink/?linkid=2210396
     /// </summary>
     /// <param name="SharedKey">The shared key to use.</param>
     /// <returns>A Shared Key authorization.</returns>
     [NonDebuggable]
+    [Obsolete('Use CreateSharedKey with SecretText data type for SharedKey.', '24.0')]
     procedure CreateSharedKey(SharedKey: Text): Interface "Storage Service Authorization"
     var
         StorServAuthImpl: Codeunit "Stor. Serv. Auth. Impl.";
@@ -77,12 +79,43 @@ codeunit 9062 "Storage Service Authorization"
     /// <param name="ApiVersion">The API version to use.</param>
     /// <returns>A Shared Key authorization.</returns>
     [NonDebuggable]
+    [Obsolete('Use CreateSharedKey with SecretText data type for SharedKey.', '24.0')]
     procedure CreateSharedKey(SharedKey: Text; ApiVersion: Enum "Storage Service API Version"): Interface "Storage Service Authorization"
     var
         StorServAuthImpl: Codeunit "Stor. Serv. Auth. Impl.";
     begin
         exit(StorServAuthImpl.SharedKey(SharedKey, ApiVersion));
     end;
+#endif
+
+    /// <summary>
+    /// Creates a Shared Key authorization mechanism for HTTP requests to Azure Storage Services.
+    /// See: https://go.microsoft.com/fwlink/?linkid=2210396
+    /// </summary>
+    /// <param name="SharedKey">The shared key to use.</param>
+    /// <returns>A Shared Key authorization.</returns>
+    [NonDebuggable]
+    procedure CreateSharedKey(SharedKey: SecretText): Interface "Storage Service Authorization"
+    var
+        StorServAuthImpl: Codeunit "Stor. Serv. Auth. Impl.";
+    begin
+        exit(StorServAuthImpl.SharedKey(SharedKey, GetDefaultAPIVersion()));
+    end;
+
+    /// <summary>
+    /// Creates a Shared Key authorization mechanism for HTTP requests to Azure Storage Services.
+    /// See: https://go.microsoft.com/fwlink/?linkid=2210396
+    /// </summary>
+    /// <param name="SharedKey">The shared key to use.</param>
+    /// <param name="ApiVersion">The API version to use.</param>
+    /// <returns>A Shared Key authorization.</returns>
+    [NonDebuggable]
+    procedure CreateSharedKey(SharedKey: SecretText; ApiVersion: Enum "Storage Service API Version"): Interface "Storage Service Authorization"
+    var
+        StorServAuthImpl: Codeunit "Stor. Serv. Auth. Impl.";
+    begin
+        exit(StorServAuthImpl.SharedKey(SharedKey, ApiVersion));
+    end;
 
     /// <summary>
     /// Uses a pre-generated account SAS (Shared Access Signature) for authorizing HTTP request to Azure Storage Services.

@@ -23,11 +23,23 @@ codeunit 1463 CertificateRequest
     /// <param name="KeySize">The size of the key in bits.</param>
     /// <param name="IncludePrivateParameters">True to include a public and private RSA key in KeyAsXmlString. False to include only the public key.</param>
     /// <param name="KeyAsXmlString">Returns an XML string that contains the key of the RSA object that was created.</param>
+    [NonDebuggable]
     procedure InitializeRSA(KeySize: Integer; IncludePrivateParameters: Boolean; var KeyAsXmlString: Text)
     begin
         CertSigningRequestImpl.InitializeRSA(KeySize, IncludePrivateParameters, KeyAsXmlString);
     end;
 
+    /// <summary>
+    /// Initializes a new instance of RSACryptoServiceProvider with the specified key size and returns the key as an XML string.
+    /// </summary>
+    /// <param name="KeySize">The size of the key in bits.</param>
+    /// <param name="IncludePrivateParameters">True to include a public and private RSA key in KeyAsXmlString. False to include only the public key.</param>
+    /// <param name="KeyAsXmlString">Returns an XML string that contains the key of the RSA object that was created.</param>
+    procedure InitializeRSA(KeySize: Integer; IncludePrivateParameters: Boolean; var KeyAsXmlString: SecretText)
+    begin
+        CertSigningRequestImpl.InitializeRSA(KeySize, IncludePrivateParameters, KeyAsXmlString);
+    end;
+
     /// <summary>
     /// Initializes a new instance of the CertificateRequest with the specified parameters and the initialized RSA key.
     /// </summary>

@@ -22,13 +22,23 @@ codeunit 1464 "CertificateRequest Impl."
         EndCertReqTok: Label '-----END CERTIFICATE REQUEST-----', Locked = true;
         DepricatedHashAlgorithmsMsg: Label 'In compliance with the Microsoft Secure Hash Algorithm deprecation policy SHA1 and MD5 hash alghoritms have been deprecated.';
 
+    [NonDebuggable]
     procedure InitializeRSA(KeySize: Integer; IncludePrivateParameters: Boolean; var KeyAsXmlString: Text)
     begin
         DotNetRSACryptoServiceProvider := DotNetRSACryptoServiceProvider.RSACryptoServiceProvider(KeySize);
         DotNetRSACryptoServiceProvider.PersistKeyInCsp(false);
         KeyAsXmlString := DotNetRSACryptoServiceProvider.ToXmlString(IncludePrivateParameters);
     end;
 
+    procedure InitializeRSA(KeySize: Integer; IncludePrivateParameters: Boolean; var KeyAsXmlString: SecretText)
+    var
+        [NonDebuggable]
+        KeyAsXml: Text;
+    begin
+        InitializeRSA(KeySize, IncludePrivateParameters, KeyAsXml);
+        KeyAsXmlString := KeyAsXml;
+    end;
+
     procedure InitializeCertificateRequestUsingRSA(SubjectName: Text; HashAlgorithm: Enum "Hash Algorithm"; RSASignaturePaddingMode: Enum "RSA Signature Padding")
     var
         DotNetHashAlgorithmName: DotNet HashAlgorithmName;