public async Task Restore(byte[] backup) { var keyBundle = await Client.RestoreKeyAsync(Identifier.Vault, backup); SetFromRetrievedObject(keyBundle); Identifier = new KeyIdentifier(keyBundle.KeyIdentifier.Identifier); }
public KeyBundle UpdateKey(string vaultName, string keyName, string keyVersion, KeyAttributes keyAttributes) { if (string.IsNullOrEmpty(vaultName)) { throw new ArgumentNullException("vaultName"); } if (string.IsNullOrEmpty(keyName)) { throw new ArgumentNullException("keyName"); } if (keyAttributes == null) { throw new ArgumentNullException("keyAttributes"); } var attributes = (Azure.KeyVault.Models.KeyAttributes)keyAttributes; var keyIdentifier = new KeyIdentifier(this.vaultUriHelper.CreateVaultAddress(vaultName), keyName, keyVersion); Azure.KeyVault.Models.KeyBundle keyBundle; try { keyBundle = this.keyVaultClient.UpdateKeyAsync( keyIdentifier.Identifier, keyAttributes.KeyOps, attributes: attributes, tags: keyAttributes.TagsDirectionary).GetAwaiter().GetResult(); } catch (Exception ex) { throw GetInnerException(ex); } return(new KeyBundle(keyBundle, this.vaultUriHelper)); }
static async Task Main(string[] args) { var keyIdentifier = new KeyIdentifier("https://nosecrets-vault05.vault.azure.net:443/keys/EncryptionCertificate02/5cc49b815ea349c5bda9d08366ea780f"); var secretIdentifier = new SecretIdentifier("https://nosecrets-vault05.vault.azure.net:443/secrets/EncryptionCertificate02/5cc49b815ea349c5bda9d08366ea780f"); var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); var secret = await keyVaultClient.GetSecretAsync(secretIdentifier.Identifier); var publicCertificate = new X509Certificate2(Convert.FromBase64String(secret.Value), string.Empty, X509KeyStorageFlags.Exportable); var rsa = keyVaultClient.ToRSA(keyIdentifier, publicCertificate); var plainText = "Hello World"; var encryptedData = Encrypt(rsa, plainText); Console.WriteLine("-------------encrypted string------------"); Console.WriteLine(Convert.ToBase64String(encryptedData)); var decryptedData = Decrypt(rsa, encryptedData); Console.WriteLine("-------------decrypted string------------"); Console.WriteLine(decryptedData); Console.WriteLine("Press any key to continue"); Console.Read(); }
//[Fact] public void KeyVaultImportHsmByoKeyTest() { using (var undoContext = UndoContext.Current) { undoContext.Start(); var client = GetKeyVaultClient(); var request = GetImportKeyBundle(keyType: JsonWebKeyType.RsaHsm, keyToken: Resource.Key); var importedKey = client.ImportKeyAsync(_vaultAddress, "ImportHsmKeyTest", request).GetAwaiter().GetResult(); VerifyKeyAttributesAreEqual(request.Attributes, importedKey.Attributes); Assert.Equal(request.Key.Kty, importedKey.Key.Kty); var retrievedKey = client.GetKeyAsync(importedKey.Key.Kid).GetAwaiter().GetResult(); // Delete the key var identifier = new KeyIdentifier(importedKey.Key.Kid); client.DeleteKeyAsync(identifier.Vault, identifier.Name).Wait(); VerifyKeyAttributesAreEqual(importedKey.Attributes, retrievedKey.Attributes); VerifyWebKeysAreEqual(importedKey.Key, retrievedKey.Key); } }
public void SetFixture(KeyVaultTestFixture data) { data.Initialize(TestUtilities.GetCallingClass()); if (HttpMockServer.Mode == HttpRecorderMode.Record) { // SECURITY: DO NOT USE IN PRODUCTION CODE; FOR TEST PURPOSES ONLY ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; this._credential = data._ClientCredential; this._tokenCache = new TokenCache(); this._vaultAddress = data.vaultAddress; //Create one key to use for testing. Key creation is expensive. var myClient = CreateKeyVaultClient(); var keyName = "sdktestkey"; var attributes = new KeyAttributes(); var createdKey = myClient.CreateKeyAsync(_vaultAddress, keyName, JsonWebKeyType.Rsa, 2048, JsonWebKeyOperation.AllOperations, attributes).GetAwaiter().GetResult(); var keyIdentifier = new KeyIdentifier(createdKey.Key.Kid); _keyName = keyIdentifier.Name; _keyVersion = keyIdentifier.Version; _keyIdentifier = new KeyIdentifier(_vaultAddress, _keyName, _keyVersion); } }
void Keyboard_KeyPressed(KeyboardButtonCode keyCode, uint keyChar) { KeyIdentifier key = InputMap.GetKey(keyCode); repeatTimeout = REPEAT_INTERVAL_START; context.ProcessKeyDown(key, buildModifier()); if (key == KeyIdentifier.KI_BACK || key == KeyIdentifier.KI_DELETE) { holdChar = 0; holdKey = key; } else if (keyChar >= 32) { holdKey = key; holdChar = (ushort)keyChar; context.ProcessTextInput(holdChar); } else if (key == KeyIdentifier.KI_RETURN) { holdKey = key; holdChar = (ushort)'\n'; context.ProcessTextInput(holdChar); } else if (key == KeyIdentifier.KI_LEFT || key == KeyIdentifier.KI_RIGHT || key == KeyIdentifier.KI_UP || key == KeyIdentifier.KI_DOWN) { holdKey = key; holdChar = 0; } else { holdChar = 0; holdKey = KeyIdentifier.KI_UNKNOWN; } }
/// <summary> /// Creates a signature and verifies it /// </summary> /// <param name="keyIdentifier"> key identifier </param> /// <param name="algorithm"> sign algorithm </param> /// <param name="digest"> digest hash </param> private void SignVerify(KeyVaultClient client, KeyIdentifier keyIdentifier, string algorithm, byte[] digest) { var signResult = client.SignAsync(keyIdentifier.BaseIdentifier, algorithm, digest).GetAwaiter().GetResult(); var verifyResult = client.VerifyAsync(signResult.Kid, algorithm, digest, signResult.Result).GetAwaiter().GetResult(); Assert.True(verifyResult, "Signature was not verified"); }
public async Task <Dictionary <string, (byte[] V, byte[] R, byte[] S)> > SignTransactionsAsync( string address, Dictionary <string, byte[]> rawTxHashes) { var result = new Dictionary <string, (byte[] V, byte[] R, byte[] S)>(); var keyIdentifier = new KeyIdentifier ( vaultBaseUrl: _vaultBaseUrl, name: address ); var publicKey = await _walletRepository.GetPublicKeyAsync(address); var batches = rawTxHashes.Batch(_batchSize); foreach (var batch in batches) { var tasks = new List <Task <(string, byte[], byte[], byte[])> >(); tasks.AddRange( batch.Select(b => SignTransactionAsync( keyIdentifier, b.Key, b.Value, publicKey))); await Task.WhenAll(tasks); foreach (var task in tasks) { var signedData = task.Result; result.Add(signedData.Item1, (signedData.Item2, signedData.Item3, signedData.Item4)); } } return(result); }
void Keyboard_KeyReleased(KeyboardButtonCode keyCode) { KeyIdentifier key = InputMap.GetKey(keyCode); context.ProcessKeyUp(key, buildModifier()); if (holdKey == key) { holdKey = KeyIdentifier.KI_UNKNOWN; } }
public async Task <X509Certificate2> GetCertificateAsync() { if (certificate == null) { var cert = await client.GetCertificateAsync(CertificateInfo.KeyVaultUrl, CertificateInfo.CertificateName).ConfigureAwait(false); certificate = new X509Certificate2(cert.Cer); keyIdentifier = cert.KeyIdentifier; } return(certificate); }
void imageBox_KeyButtonPressed(Widget source, EventArgs e) { context.addReference(); //Keep context alive even if this widget is disposed during this event try { KeyEventArgs ke = (KeyEventArgs)e; KeyIdentifier key = InputMap.GetKey(ke.Key); char keyChar = ke.Char; context.ProcessKeyDown(key, buildModifier()); switch (key) { case KeyIdentifier.KI_DELETE: keyChar = (char)0; break; case KeyIdentifier.KI_RETURN: keyChar = (char)0; context.ProcessTextInput('\n'); break; case KeyIdentifier.KI_LEFT: keyChar = (char)0; break; case KeyIdentifier.KI_RIGHT: keyChar = (char)0; break; case KeyIdentifier.KI_UP: keyChar = (char)0; break; case KeyIdentifier.KI_DOWN: keyChar = (char)0; break; case KeyIdentifier.KI_BACK: keyChar = (char)0; break; } if (keyChar >= 32) { context.ProcessTextInput(keyChar); } } finally { context.removeReference(); } }
private async Task <(string, byte[], byte[], byte[])> SignTransactionAsync( KeyIdentifier keyIdentifier, string txHash, byte[] rawTxHash, byte[] publicKey) { using (_log.BeginScope($"{nameof(SignTransactionAsync)}-{Guid.NewGuid()}")) { try { var rs = await _keyVaultClient.SignAsync ( keyIdentifier : keyIdentifier.Identifier, algorithm : "ECDSA256", digest : rawTxHash ); var ecdsaSignature = ECDSASignatureFactory.FromComponents(rs.Result).MakeCanonical(); var recId = CalculateRecId(ecdsaSignature, rawTxHash, publicKey); var r = ecdsaSignature.R.ToByteArray(); var s = ecdsaSignature.S.ToByteArray(); var v = new[] { (byte)(recId + 27) }; #region Logging _log.Info ( "Transaction has been signed.", new { address = keyIdentifier.Name, rawTxHash = rawTxHash.ToHex(true) } ); #endregion return(txHash, v, r, s); } catch (Exception e) { #region Logging _log.Error ( e, "Transaction signing failed.", new { address = keyIdentifier.Name, rawTxHash = rawTxHash.ToHex(true) } ); #endregion throw; } } }
public async Task <JsonWebKey> GetAsync() { if (_jwk == null) { var keyBundle = await GetSigningKeyAsync(); _keyBundle = keyBundle; _keyIdentifier = keyBundle.KeyIdentifier; _jwk = new JsonWebKey(keyBundle.Key.ToString()); } return(_jwk); }
public async Task <IActionResult> Authenticate(string id, [FromBody] AuthenticateRequest request) { var identity = await enclave.AuthenticateToken(KeyIdentifier.Parse(id), request.Scheme, request.Token); if (identity == null) { return(Unauthorized()); } return(Ok(new AuthenticateResult { Identity = identity.Serialize() })); }
public override SecurityTokenReference CreateReference() { var keyIdentifier = new KeyIdentifier(_token.Id) { ValueType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID", }; var reference = new SecurityTokenReference(keyIdentifier) { TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" }; return(reference); }
/// <summary> /// Wraps and unwraps symmetric key /// </summary> /// <param name="algorithm"> the wrao and unwrap algorithm </param> private void WrapAndUnwrap(KeyVaultClient client, KeyIdentifier keyIdentifier, string algorithm, byte[] symmetricKeyBytes) { var wrapResult = client.WrapKeyAsync(keyIdentifier.BaseIdentifier, algorithm, symmetricKeyBytes).GetAwaiter().GetResult(); Assert.NotNull(wrapResult); Assert.NotNull(wrapResult.Kid); Assert.NotNull(wrapResult.Result); var unwrapResult = client.UnwrapKeyAsync(wrapResult.Kid, algorithm, wrapResult.Result).GetAwaiter().GetResult(); Assert.NotNull(unwrapResult); Assert.NotNull(unwrapResult.Kid); Assert.True(unwrapResult.Result.SequenceEqual(symmetricKeyBytes), "the symmetric key after unwrap should match the initial key"); }
public void EncryptDecrypt(KeyVaultClient client, KeyIdentifier keyIdentifier, string algorithm) { var plainText = RandomBytes(10); var encryptResult = client.EncryptAsync(keyIdentifier.BaseIdentifier, algorithm, plainText).GetAwaiter().GetResult(); Assert.NotNull(encryptResult); Assert.NotNull(encryptResult.Kid); var decryptResult = client.DecryptAsync(encryptResult.Kid, algorithm, encryptResult.Result).GetAwaiter().GetResult(); Assert.NotNull(decryptResult); Assert.NotNull(decryptResult.Kid); Assert.True(plainText.SequenceEqual(decryptResult.Result)); }
public AzureKeyVaultMaterializedConfiguration(KeyVaultClient client, KeyIdentifier keyIdentifier, JsonWebKey key = null, X509Certificate2 publicCertificate = null) { PublicCertificate = publicCertificate; Client = client ?? throw new ArgumentNullException(nameof(client)); KeyIdentifier = keyIdentifier ?? throw new ArgumentNullException(nameof(keyIdentifier)); if (publicCertificate == null && key == null) { throw new ArgumentNullException(nameof(key), "Either key or publicCertificate must be set"); } Key = key; }
public override string ToString() { var sb = new StringBuilder(); if (ValueIdentifier == null) { sb.Append($"for {KeyIdentifier.ToString()}"); } else { sb.Append($"for {KeyIdentifier.ToString()}, {ValueIdentifier.ToString()}"); } sb.Append($" in {Collection.ToString()} {{\n{Body.ToString()}\n}}"); return(sb.ToString()); }
private KeyVaultClient GetKeyVaultClient() { if (HttpMockServer.Mode == HttpRecorderMode.Record) { HttpMockServer.Variables["VaultAddress"] = _vaultAddress; HttpMockServer.Variables["KeyName"] = _keyName; HttpMockServer.Variables["KeyVersion"] = _keyVersion; } else { _vaultAddress = HttpMockServer.Variables["VaultAddress"]; _keyName = HttpMockServer.Variables["KeyName"]; _keyVersion = HttpMockServer.Variables["KeyVersion"]; } _keyIdentifier = new KeyIdentifier(_vaultAddress, _keyName, _keyVersion); return(CreateKeyVaultClient()); }
public async Task <(byte[] V, byte[] R, byte[] S)> SignTransactionAsync(string address, byte[] rawTxHash) { var keyIdentifier = new KeyIdentifier ( vaultBaseUrl: _vaultBaseUrl, name: address ); var publicKey = await _walletRepository.GetPublicKeyAsync(address); var signedData = await SignTransactionAsync( keyIdentifier, null, rawTxHash, publicKey); return(signedData.Item2, signedData.Item3, signedData.Item4); }
public KeyVaultTestFixture() { Initialize(string.Empty); if (vaultAddress != null && HttpMockServer.Mode == HttpRecorderMode.Record) { //Create one key to use for testing. Key creation is expensive. var myClient = new KeyVaultClient(new TestKeyVaultCredential(GetAccessToken), GetHandlers()); keyName = "sdktestkey"; var attributes = new KeyAttributes(); var createdKey = myClient.CreateKeyAsync(vaultAddress, keyName, JsonWebKeyType.Rsa, 2048, JsonWebKeyOperation.AllOperations, attributes).GetAwaiter().GetResult(); keyIdentifier = new KeyIdentifier(createdKey.Key.Kid); keyName = keyIdentifier.Name; keyVersion = keyIdentifier.Version; tokenCache = new TokenCache(); } }
static async Task Main(string[] args) { var keyIdentifier = new KeyIdentifier("https://nosecrets-vault02.vault.azure.net/keys/Document-Signing01/797aef42588b4a7a8638edc7de08b400"); var secretIdentifier = new SecretIdentifier("https://nosecrets-vault02.vault.azure.net/secrets/Document-Signing01/797aef42588b4a7a8638edc7de08b400"); var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); var secret = await keyVaultClient.GetSecretAsync(secretIdentifier.Identifier); var publicCertificate = new X509Certificate2(Convert.FromBase64String(secret.Value), string.Empty, X509KeyStorageFlags.Exportable); var rsa = keyVaultClient.ToRSA(keyIdentifier, publicCertificate); var xml = GetXml(); var signedXml = SignXml(rsa, xml); Console.WriteLine("-------------signed xml------------"); Console.WriteLine(signedXml); Console.WriteLine("Press any key to continue"); Console.Read(); }
static async Task Main(string[] args) { var keyIdentifier = new KeyIdentifier("https://nosecrets-vault05.vault.azure.net:443/keys/SigningCertificate01/2c86727652f14814b77018601a2e5ed4"); var secretIdentifier = new SecretIdentifier("https://nosecrets-vault05.vault.azure.net:443/secrets/SigningCertificate01/2c86727652f14814b77018601a2e5ed4"); var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); var secret = await keyVaultClient.GetSecretAsync(secretIdentifier.Identifier); var publicCertificate = new X509Certificate2(Convert.FromBase64String(secret.Value), string.Empty, X509KeyStorageFlags.Exportable); var rsa = keyVaultClient.ToRSA(keyIdentifier, publicCertificate); var xml = GetXml(); var signedXml = SignXml(rsa, xml); Console.WriteLine("-------------signed xml------------"); Console.WriteLine(signedXml); Console.WriteLine("Press any key to continue"); Console.Read(); }
public async Task <Response <BlobContentInfo> > UploadEncryptedAsync(string blobName, Stream stream, BlobHttpHeaders headers) { using var all = new MemoryStream(); await stream.CopyToAsync(all); using var aes = new AesManaged(); aes.GenerateKey(); aes.GenerateIV(); var keyIdentifier = new KeyIdentifier($"https://{Configuration["KeyVaultName"].ToLower()}.vault.azure.net", EncryptionKeyName).ToString(); var keyVersion = (await KeyVault.GetKeyAsync(keyIdentifier)).KeyIdentifier.Version; var envelope = new Envelope() { Key = await WrapKey(aes.Key, keyIdentifier), IV = await WrapKey(aes.IV, keyIdentifier), Content = Convert.ToBase64String(PerformCryptography(all.ToArray(), aes.CreateEncryptor())) }; using var upstream = new MemoryStream(); var serializedEnvelope = JsonSerializer.SerializeAsync(upstream, envelope); upstream.Position = 0; var blob = Container.GetBlobClient(blobName); var result = await blob.UploadAsync(upstream, metadata : new Dictionary <string, string>() { { "EBP_KeyName", EncryptionKeyName }, { "EBP_KeyVersion", keyVersion }, { "EBP_WrapAlgorithm", JsonWebKeyEncryptionAlgorithm.RSAOAEP256 }, { "EBP_ContentType", headers.ContentType } }); return(result); }
private KeyVaultClient GetKeyVaultClient() { if (HttpMockServer.Mode == HttpRecorderMode.Record) { HttpMockServer.Variables["VaultAddress"] = _vaultAddress; HttpMockServer.Variables["KeyName"] = _keyName; HttpMockServer.Variables["KeyVersion"] = _keyVersion; HttpMockServer.Variables["SoftDeleteEnabled"] = _softDeleteEnabled.ToString( ); } else { _vaultAddress = HttpMockServer.Variables["VaultAddress"]; _keyName = HttpMockServer.Variables["KeyName"]; _keyVersion = HttpMockServer.Variables["KeyVersion"]; string softDeleteSetting = String.Empty; if (HttpMockServer.Variables.TryGetValue("SoftDeleteEnabled", out softDeleteSetting)) { Boolean.TryParse(softDeleteSetting, out _softDeleteEnabled); } } _keyIdentifier = new KeyIdentifier(_vaultAddress, _keyName, _keyVersion); return(fixture.CreateKeyVaultClient()); }
public void KeyIdentifierTest() { string baseId = string.Format("{0}/keys/{1}", vault, name); string versionedId = string.Format("{0}/{1}", baseId, version); //unversioned var id = new KeyIdentifier(baseId); Assert.Equal(baseId, id.BaseIdentifier); Assert.Equal(baseId, id.Identifier); Assert.Equal(vault, id.Vault); Assert.Equal(name, id.Name); Assert.Equal(string.Empty, id.Version); Assert.True(KeyIdentifier.IsKeyIdentifier(baseId)); //versioned id = new KeyIdentifier(versionedId); Assert.Equal(baseId, id.BaseIdentifier); Assert.Equal(versionedId, id.Identifier); Assert.Equal(vault, id.Vault); Assert.Equal(name, id.Name); Assert.Equal(version, id.Version); Assert.True(KeyIdentifier.IsKeyIdentifier(versionedId)); }
public KeyVaultTestFixture() { Initialize(string.Empty); if (vaultAddress != null && HttpMockServer.Mode == HttpRecorderMode.Record) { //Create one key to use for testing. Key creation is expensive. var myClient = new KeyVaultClient(new TestKeyVaultCredential(GetAccessToken), GetHandlers()); keyName = "sdktestkey"; var attributes = new KeyAttributes(); var createdKey = myClient.CreateKeyAsync(vaultAddress, keyName, JsonWebKeyType.Rsa, 2048, JsonWebKeyOperation.AllOperations, attributes).GetAwaiter().GetResult(); keyIdentifier = new KeyIdentifier(createdKey.Key.Kid); keyName = keyIdentifier.Name; keyVersion = keyIdentifier.Version; tokenCache = new TokenCache(); _deviceCodeForStorageTests = null; retryExecutor = new RetryPolicy <SoftDeleteErrorDetectionStrategy>(new ExponentialBackoffRetryStrategy(8, TimeSpan.FromSeconds(1), TimeSpan.FromSeconds(60), TimeSpan.FromSeconds(5))); } else { retryExecutor = new RetryPolicy <SoftDeleteErrorDetectionStrategy>(new FixedIntervalRetryStrategy(5, TimeSpan.FromSeconds(5.0))); } }
public WsSecurityTokenReference(KeyIdentifier keyIdentifier) : base(keyIdentifier) { }
public string GetPassphraseForPrivateKey(KeyIdentifier keyIdentifier) { return(Passphrase); }