Azure
diff --git a/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/CHANGELOG.md‎
Lines changed: 2 additions & 0 deletions b/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/CHANGELOG.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/api/Azure.Security.ConfidentialLedger.netstandard2.0.cs‎
Lines changed: 1 addition & 0 deletions b/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/api/Azure.Security.ConfidentialLedger.netstandard2.0.cs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/ConfidentialLedgerClient.cs‎
Lines changed: 5 additions & 3 deletions b/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/ConfidentialLedgerClient.cs‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/ConfidentialLedgerClientOptions.cs‎
Lines changed: 17 additions & 0 deletions b/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/src/ConfidentialLedgerClientOptions.cs‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/ConfidentialLedgerClientLiveTests.cs‎
Lines changed: 6 additions & 3 deletions b/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/ConfidentialLedgerClientLiveTests.cs‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/ConfidentialLedgerClientTests.cs‎
Lines changed: 31 additions & 0 deletions b/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/ConfidentialLedgerClientTests.cs‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/SessionRecords/ConfidentialLedgerClientLiveTests/CreateAndGetAndDeleteUser.json‎
Lines changed: 49 additions & 22 deletions b/‎sdk/confidentialledger/Azure.Security.ConfidentialLedger/tests/SessionRecords/ConfidentialLedgerClientLiveTests/CreateAndGetAndDeleteUser.json‎
Lines changed: 49 additions & 22 deletions
@@ -4,6 +4,8 @@
 
 ### Features Added
 
+- Added the `CertificateEndpoint` property to `ConfidentialLedgerClientOptions` to allow configuration of a custom certificate endpoint. When not configured, the current default is used.
+
 ### Breaking Changes
 
 ### Bugs Fixed
 
@@ -40,6 +40,7 @@ public ConfidentialLedgerClient(System.Uri ledgerEndpoint, System.Security.Crypt
     public partial class ConfidentialLedgerClientOptions : Azure.Core.ClientOptions
     {
         public ConfidentialLedgerClientOptions(Azure.Security.ConfidentialLedger.ConfidentialLedgerClientOptions.ServiceVersion version = Azure.Security.ConfidentialLedger.ConfidentialLedgerClientOptions.ServiceVersion.V2022_05_13) { }
+        public System.Uri CertificateEndpoint { get { throw null; } set { } }
         public enum ServiceVersion
         {
             V2022_05_13 = 1,
 
@@ -16,6 +16,8 @@ namespace Azure.Security.ConfidentialLedger
     [CodeGenSuppress("PostLedgerEntryAsync", typeof(RequestContent), typeof(string), typeof(RequestContext))]
     public partial class ConfidentialLedgerClient
     {
+        private const string Default_Certificate_Endpoint = "https://identity.confidential-ledger.core.azure.com";
+
         /// <summary> Initializes a new instance of ConfidentialLedgerClient. </summary>
         /// <param name="ledgerEndpoint"> The Confidential Ledger URL, for example https://contoso.confidentialledger.azure.com. </param>
         /// <param name="credential"> A credential used to authenticate to an Azure Service. </param>
@@ -60,7 +62,7 @@ internal ConfidentialLedgerClient(Uri ledgerEndpoint, TokenCredential credential
                     throw new ArgumentNullException(nameof(credential));
             }
             var actualOptions = ledgerOptions ?? new ConfidentialLedgerClientOptions();
-            X509Certificate2 serviceCert = identityServiceCert ?? GetIdentityServerTlsCert(ledgerEndpoint, certificateClientOptions ?? new ConfidentialLedgerCertificateClientOptions()).Cert;
+            X509Certificate2 serviceCert = identityServiceCert ?? GetIdentityServerTlsCert(ledgerEndpoint, certificateClientOptions ?? new ConfidentialLedgerCertificateClientOptions(), ledgerOptions: ledgerOptions).Cert;
 
             var transportOptions = GetIdentityServerTlsCertAndTrust(serviceCert);
             if (clientCertificate != null)
@@ -173,9 +175,9 @@ public virtual async Task<Operation> PostLedgerEntryAsync(
             }
         }
 
-        internal static (X509Certificate2 Cert, string PEM) GetIdentityServerTlsCert(Uri ledgerUri, ConfidentialLedgerCertificateClientOptions options, ConfidentialLedgerCertificateClient client = null)
+        internal static (X509Certificate2 Cert, string PEM) GetIdentityServerTlsCert(Uri ledgerUri, ConfidentialLedgerCertificateClientOptions options, ConfidentialLedgerCertificateClient client = null, ConfidentialLedgerClientOptions ledgerOptions = null)
         {
-            var identityClient = client ?? new ConfidentialLedgerCertificateClient(new Uri("https://identity.confidential-ledger.core.azure.com"), options);
+            var identityClient = client ?? new ConfidentialLedgerCertificateClient(ledgerOptions?.CertificateEndpoint ?? new Uri(Default_Certificate_Endpoint), options);
 
             // Get the ledger's  TLS certificate for our ledger.
             var ledgerId = ledgerUri.Host.Substring(0, ledgerUri.Host.IndexOf('.'));
 
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using Azure.Core;
+
+namespace Azure.Security.ConfidentialLedger
+{
+    public partial class ConfidentialLedgerClientOptions : ClientOptions
+    {
+        /// <summary>
+        /// The Identity Service URL. If not provided, the default endpoint "https://identity.confidential-ledger.core.azure.com" will be used.
+        /// </summary>
+        /// <value></value>
+        public Uri CertificateEndpoint { get; set; }
+    }
+}
@@ -16,7 +16,6 @@
 
 namespace Azure.Security.ConfidentialLedger.Tests
 {
-    [LiveOnly]
     public class ConfidentialLedgerClientLiveTests : RecordedTestBase<ConfidentialLedgerEnvironment>
     {
         private TokenCredential Credential;
@@ -37,10 +36,13 @@ public async Task Setup()
             Credential = TestEnvironment.Credential;
             IdentityClient = new ConfidentialLedgerCertificateClient(
                     TestEnvironment.ConfidentialLedgerIdentityUrl,
-                    new());
+                   InstrumentClientOptions(new ConfidentialLedgerCertificateClientOptions()));
 
             serviceCert = ConfidentialLedgerClient.GetIdentityServerTlsCert(TestEnvironment.ConfidentialLedgerUrl, new(), IdentityClient);
-            await SetProxyOptionsAsync(new ProxyOptions { Transport = new ProxyOptionsTransport { TLSValidationCert = serviceCert.PEM, AllowAutoRedirect = true } });
+
+            if (Mode != RecordedTestMode.Playback)
+                await SetProxyOptionsAsync(new ProxyOptions { Transport = new ProxyOptionsTransport { TLSValidationCert = serviceCert.PEM, AllowAutoRedirect = true } });
+
             Client = InstrumentClient(
                 new ConfidentialLedgerClient(
                     TestEnvironment.ConfidentialLedgerUrl,
@@ -212,6 +214,7 @@ public async Task CreateAndGetAndDeleteUser()
         }
 
         [RecordedTest]
+        [LiveOnly]
         public async Task GetLedgerIdentity()
         {
             var ledgerId = TestEnvironment.ConfidentialLedgerUrl.Host;
 
@@ -60,5 +60,36 @@ public async Task FailedTransaction()
                 async () => await operation.WaitForCompletionResponseAsync());
             Assert.That(ex.Message, Does.Contain(transactionId));
         }
+
+        [Test]
+        public void CustomCertUri()
+        {
+            Uri customUri = new Uri("http://my-custom-uri.com");
+
+            var client = InstrumentClient(
+                new ConfidentialLedgerClient(
+                    new("https://client.name"),
+                    new MockCredential(),
+                    ledgerOptions: new ConfidentialLedgerClientOptions
+                    {
+                        CertificateEndpoint = customUri,
+                    },
+                    certificateClientOptions: new ConfidentialLedgerCertificateClientOptions
+                    {
+                        Retry = { Delay = TimeSpan.Zero, MaxRetries = 0 },
+                        Transport = new MockTransport(
+                            req =>
+                            {
+                                Assert.AreEqual(customUri.Host, req.Uri.Host);
+                                var cert = new MockResponse(200);
+                                cert.SetContent(
+                                    @" {
+                                    ""ledgerTlsCertificate"": ""-----BEGIN CERTIFICATE-----\nMIIBejCCASGgAwIBAgIRANPpW17pcDYr1KnqsJH5yC8wCgYIKoZIzj0EAwIwFjEU\nMBIGA1UEAwwLQ0NGIE5ldHdvcmswHhcNMjEwMzExMDAwMDAwWhcNMjMwNjExMjM1\nOTU5WjAWMRQwEgYDVQQDDAtDQ0YgTmV0d29yazBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABOCPGnfcmfm5Vyax3bvg5Xqg6RUZtda0U5qpmxqGgLfL3LYJd3heTPd\u002B\n51o29pMtKJGG4cWeZ3\u002BYbhZzHnetf8WjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0O\nBBYEFFxq\u002BImyEVh4u4BfynwnEAsbvRJBMB8GA1UdIwQYMBaAFFxq\u002BImyEVh4u4Bf\nynwnEAsbvRJBMAoGCCqGSM49BAMCA0cAMEQCIC597R3C89/IzfqjkO31XKy4Rnfy\nXauWszBChtH1v2CoAiAS0tmFNjD3fweHH8O2ySXK/tPCBTq877pIjFGwvuj2uw==\n-----END CERTIFICATE-----\n\u0000"",
+                                    ""ledgerId"": ""chrissconfidentialledger""}");
+                                return cert;
+                            })
+                    }
+                ));
+        }
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ public ConfidentialLedgerClient(System.Uri ledgerEndpoint, System.Security.Crypt`
`40`	`40`	`public partial class ConfidentialLedgerClientOptions : Azure.Core.ClientOptions`
`41`	`41`	`{`
`42`	`42`	`public ConfidentialLedgerClientOptions(Azure.Security.ConfidentialLedger.ConfidentialLedgerClientOptions.ServiceVersion version = Azure.Security.ConfidentialLedger.ConfidentialLedgerClientOptions.ServiceVersion.V2022_05_13) { }`
	`43`	`+ public System.Uri CertificateEndpoint { get { throw null; } set { } }`
`43`	`44`	`public enum ServiceVersion`
`44`	`45`	`{`
`45`	`46`	`V2022_05_13 = 1,`
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,8 @@ namespace Azure.Security.ConfidentialLedger`
`16`	`16`	`[CodeGenSuppress("PostLedgerEntryAsync", typeof(RequestContent), typeof(string), typeof(RequestContext))]`
`17`	`17`	`public partial class ConfidentialLedgerClient`
`18`	`18`	`{`
	`19`	`+ private const string Default_Certificate_Endpoint = "https://identity.confidential-ledger.core.azure.com";`
	`20`	`+`
`19`	`21`	`/// <summary> Initializes a new instance of ConfidentialLedgerClient. </summary>`
`20`	`22`	`/// <param name="ledgerEndpoint"> The Confidential Ledger URL, for example https://contoso.confidentialledger.azure.com. </param>`
`21`	`23`	`/// <param name="credential"> A credential used to authenticate to an Azure Service. </param>`
`@@ -60,7 +62,7 @@ internal ConfidentialLedgerClient(Uri ledgerEndpoint, TokenCredential credential`
`60`	`62`	`throw new ArgumentNullException(nameof(credential));`
`61`	`63`	`}`
`62`	`64`	`var actualOptions = ledgerOptions ?? new ConfidentialLedgerClientOptions();`
`63`		`- X509Certificate2 serviceCert = identityServiceCert ?? GetIdentityServerTlsCert(ledgerEndpoint, certificateClientOptions ?? new ConfidentialLedgerCertificateClientOptions()).Cert;`
	`65`	`+ X509Certificate2 serviceCert = identityServiceCert ?? GetIdentityServerTlsCert(ledgerEndpoint, certificateClientOptions ?? new ConfidentialLedgerCertificateClientOptions(), ledgerOptions: ledgerOptions).Cert;`
`64`	`66`
`65`	`67`	`var transportOptions = GetIdentityServerTlsCertAndTrust(serviceCert);`
`66`	`68`	`if (clientCertificate != null)`
`@@ -173,9 +175,9 @@ public virtual async Task<Operation> PostLedgerEntryAsync(`
`173`	`175`	`}`
`174`	`176`	`}`
`175`	`177`
`176`		`- internal static (X509Certificate2 Cert, string PEM) GetIdentityServerTlsCert(Uri ledgerUri, ConfidentialLedgerCertificateClientOptions options, ConfidentialLedgerCertificateClient client = null)`
	`178`	`+ internal static (X509Certificate2 Cert, string PEM) GetIdentityServerTlsCert(Uri ledgerUri, ConfidentialLedgerCertificateClientOptions options, ConfidentialLedgerCertificateClient client = null, ConfidentialLedgerClientOptions ledgerOptions = null)`
`177`	`179`	`{`
`178`		`- var identityClient = client ?? new ConfidentialLedgerCertificateClient(new Uri("https://identity.confidential-ledger.core.azure.com"), options);`
	`180`	`+ var identityClient = client ?? new ConfidentialLedgerCertificateClient(ledgerOptions?.CertificateEndpoint ?? new Uri(Default_Certificate_Endpoint), options);`
`179`	`181`
`180`	`182`	`// Get the ledger's TLS certificate for our ledger.`
`181`	`183`	`var ledgerId = ledgerUri.Host.Substring(0, ledgerUri.Host.IndexOf('.'));`