public AwsKmsSignature(string keyId, Func <List <string>, string> selector)
{
this.keyId = keyId;
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest()
{
KeyId = keyId
};
GetPublicKeyResponse getPublicKeyResponse = kmsClient.GetPublicKeyAsync(getPublicKeyRequest).Result;
List <string> signingAlgorithms = getPublicKeyResponse.SigningAlgorithms;
signingAlgorithm = selector.Invoke(signingAlgorithms);
switch (signingAlgorithm)
{
case "ECDSA_SHA_256":
case "ECDSA_SHA_384":
case "ECDSA_SHA_512":
case "RSASSA_PKCS1_V1_5_SHA_256":
case "RSASSA_PKCS1_V1_5_SHA_384":
case "RSASSA_PKCS1_V1_5_SHA_512":
break;
case "RSASSA_PSS_SHA_256":
case "RSASSA_PSS_SHA_384":
case "RSASSA_PSS_SHA_512":
throw new ArgumentException(String.Format("Signing algorithm {0} not supported directly by iText", signingAlgorithm));
default:
throw new ArgumentException(String.Format("Unknown signing algorithm: {0}", signingAlgorithm));
}
}
}
public async Task <ActionResult <MainResponse> > GetPublicKey(GetPublicKeyRequest request)
{
User user = HttpContext.GetUser();
if (user == null)
{
return(Unauthorized());
}
User user1;
GetPublicKeyResponse getPublicKeyResponse = new GetPublicKeyResponse()
{
PublicKeys = new List <GetPublicKeyResponseItem>()
};
for (int i = 0; i < request.UserIds.Count; i++)
{
user1 = await _context.Users.FirstOrDefaultAsync(p => p.Id == request.UserIds[i]);
if (user1 != null)
{
getPublicKeyResponse.PublicKeys.Add(new GetPublicKeyResponseItem()
{
PublicKey = user1.RSAKeyPair.PublicKey,
UserId = user1.Id,
KeyId = user1.RSAKeyPair.Id
});
}
}
return(MainResponse.GetSuccess(getPublicKeyResponse));
}
/// <summary>
/// Unmarshaller the response from the service to the response class.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context)
{
GetPublicKeyResponse response = new GetPublicKeyResponse();
context.Read();
int targetDepth = context.CurrentDepth;
while (context.ReadAtDepth(targetDepth))
{
if (context.TestExpression("CustomerMasterKeySpec", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.CustomerMasterKeySpec = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("EncryptionAlgorithms", targetDepth))
{
var unmarshaller = new ListUnmarshaller <string, StringUnmarshaller>(StringUnmarshaller.Instance);
response.EncryptionAlgorithms = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("KeyId", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.KeyId = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("KeySpec", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.KeySpec = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("KeyUsage", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.KeyUsage = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("PublicKey", targetDepth))
{
var unmarshaller = MemoryStreamUnmarshaller.Instance;
response.PublicKey = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("SigningAlgorithms", targetDepth))
{
var unmarshaller = new ListUnmarshaller <string, StringUnmarshaller>(StringUnmarshaller.Instance);
response.SigningAlgorithms = unmarshaller.Unmarshall(context);
continue;
}
}
return(response);
}
/// <summary>
/// Unmarshaller the response from the service to the response class.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context)
{
GetPublicKeyResponse response = new GetPublicKeyResponse();
UnmarshallResult(context, response);
if (context.ResponseData.IsHeaderPresent("ETag"))
{
response.ETag = context.ResponseData.GetHeaderValue("ETag");
}
return(response);
}
public static GetPublicKeyResponse Unmarshall(UnmarshallerContext _ctx)
{
GetPublicKeyResponse getPublicKeyResponse = new GetPublicKeyResponse();
getPublicKeyResponse.HttpResponse = _ctx.HttpResponse;
getPublicKeyResponse.PublicKey = _ctx.StringValue("GetPublicKey.PublicKey");
getPublicKeyResponse.KeyId = _ctx.StringValue("GetPublicKey.KeyId");
getPublicKeyResponse.RequestId = _ctx.StringValue("GetPublicKey.RequestId");
getPublicKeyResponse.KeyVersionId = _ctx.StringValue("GetPublicKey.KeyVersionId");
return(getPublicKeyResponse);
}
public static GetPublicKeyResponse Unmarshall(UnmarshallerContext context)
{
GetPublicKeyResponse getPublicKeyResponse = new GetPublicKeyResponse();
getPublicKeyResponse.HttpResponse = context.HttpResponse;
getPublicKeyResponse.RequestId = context.StringValue("GetPublicKey.RequestId");
GetPublicKeyResponse.GetPublicKey_PublicKey publicKey = new GetPublicKeyResponse.GetPublicKey_PublicKey();
publicKey.PublicKeyId = context.StringValue("GetPublicKey.PublicKey.PublicKeyId");
publicKey.PublicKeySpec = context.StringValue("GetPublicKey.PublicKey.PublicKeySpec");
publicKey.Status = context.StringValue("GetPublicKey.PublicKey.Status");
publicKey.CreateDate = context.StringValue("GetPublicKey.PublicKey.CreateDate");
getPublicKeyResponse.PublicKey = publicKey;
return(getPublicKeyResponse);
}
public static X509Certificate2 generateSelfSignedCertificate(string keyId, string subjectDN, Func <List <string>, string> selector)
{
string signingAlgorithm = null;
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest()
{
KeyId = keyId
};
GetPublicKeyResponse getPublicKeyResponse = kmsClient.GetPublicKeyAsync(getPublicKeyRequest).Result;
List <string> signingAlgorithms = getPublicKeyResponse.SigningAlgorithms;
signingAlgorithm = selector.Invoke(signingAlgorithms);
byte[] spkiBytes = getPublicKeyResponse.PublicKey.ToArray();
CertificateRequest certificateRequest = null;
X509SignatureGenerator simpleGenerator = null;
string keySpecString = getPublicKeyResponse.CustomerMasterKeySpec.ToString();
if (keySpecString.StartsWith("ECC"))
{
ECDsa ecdsa = ECDsa.Create();
int bytesRead = 0;
ecdsa.ImportSubjectPublicKeyInfo(new ReadOnlySpan <byte>(spkiBytes), out bytesRead);
certificateRequest = new CertificateRequest(subjectDN, ecdsa, getHashAlgorithmName(signingAlgorithm));
simpleGenerator = X509SignatureGenerator.CreateForECDsa(ecdsa);
}
else if (keySpecString.StartsWith("RSA"))
{
RSA rsa = RSA.Create();
int bytesRead = 0;
rsa.ImportSubjectPublicKeyInfo(new ReadOnlySpan <byte>(spkiBytes), out bytesRead);
RSASignaturePadding rsaSignaturePadding = getSignaturePadding(signingAlgorithm);
certificateRequest = new CertificateRequest(subjectDN, rsa, getHashAlgorithmName(signingAlgorithm), rsaSignaturePadding);
simpleGenerator = X509SignatureGenerator.CreateForRSA(rsa, rsaSignaturePadding);
}
else
{
throw new ArgumentException("Cannot determine encryption algorithm for " + keySpecString, nameof(keyId));
}
X509SignatureGenerator generator = new SignatureGenerator(keyId, signingAlgorithm, simpleGenerator);
X509Certificate2 certificate = certificateRequest.Create(new X500DistinguishedName(subjectDN), generator, System.DateTimeOffset.Now, System.DateTimeOffset.Now.AddYears(2), new byte[] { 17 });
return(certificate);
}
}
public AwsKmsSignatureContainer(X509Certificate x509Certificate, string keyId, Func <List <string>, string> selector)
{
this.x509Certificate = x509Certificate;
this.keyId = keyId;
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest()
{
KeyId = keyId
};
GetPublicKeyResponse getPublicKeyResponse = kmsClient.GetPublicKeyAsync(getPublicKeyRequest).Result;
List <string> signingAlgorithms = getPublicKeyResponse.SigningAlgorithms;
this.signingAlgorithm = selector.Invoke(signingAlgorithms);
if (signingAlgorithm == null)
{
throw new ArgumentException("KMS key has no signing algorithms", nameof(keyId));
}
signatureFactory = new AwsKmsSignatureFactory(keyId, signingAlgorithm);
}
}
private static void UnmarshallResult(XmlUnmarshallerContext context, GetPublicKeyResponse response)
{
int originalDepth = context.CurrentDepth;
int targetDepth = originalDepth + 1;
while (context.Read())
{
if (context.IsStartElement || context.IsAttribute)
{
if (context.TestExpression("PublicKey", targetDepth))
{
var unmarshaller = PublicKeyUnmarshaller.Instance;
response.PublicKey = unmarshaller.Unmarshall(context);
continue;
}
}
else if (context.IsEndElement && context.CurrentDepth < originalDepth)
{
return;
}
}
return;
}
