public KSPKeyStore(IConfiguration configuration)
{
configuration.ThrowIfNull(nameof(configuration));
var keysSection = configuration.GetSection("Keys");
IAuthorizer keyAuth = null;
if (!keysSection.Exists())
{
throw new System.ArgumentException("Keys section does not exist");
}
foreach (var testKey in keysSection.GetChildren())
{
List <string> roles = new List <string>();
var validRoles = testKey.GetSection("AuthorizedRoles");
var validEmails = testKey.GetSection("AuthorizedEmailAddress");
if (validRoles != null && validRoles.Exists() &&
validEmails != null && validEmails.Exists())
{
throw new System.ArgumentException("Both role and email authorizers cannot be used on the same test key");
}
if (validRoles != null && validRoles.Exists())
{
RoleAuthorizer roleAuth = new RoleAuthorizer(configuration);
keyAuth = roleAuth;
foreach (var role in validRoles.GetChildren())
{
roleAuth.AddRole(role.Value);
}
}
else if (validEmails != null && validEmails.Exists())
{
EmailAuthorizer emailAuth = new EmailAuthorizer();
keyAuth = emailAuth;
foreach (var email in validEmails.GetChildren())
{
emailAuth.AddEmail(email.Value);
}
}
int?expirationTimeInDays = null;
var cacheTime = testKey["CacheExpirationInDays"];
if (cacheTime != null)
{
expirationTimeInDays = Convert.ToInt32(cacheTime, sg.CultureInfo.InvariantCulture);
}
var name = testKey["Name"];
var id = testKey["Id"];
var ksp = testKey["KSP"];
if (name == null)
{
throw new System.ArgumentException("The key must have a name");
}
if (id == null)
{
throw new System.ArgumentException("The key must have an id");
}
if (ksp == null)
{
throw new System.ArgumentException("The key must have a KSP");
}
CreateTestKey(
name,
id,
ksp,
KeyType,
Algorithm,
keyAuth,
expirationTimeInDays);
}
}
public TestKeyStore(IConfiguration configuration, ILogger <TestKeyStore> logger)
{
_logger = logger;
configuration.ThrowIfNull(nameof(configuration));
var testKeysSection = configuration.GetSection("TestKeys");
IAuthorizer keyAuth = null;
if (!testKeysSection.Exists())
{
throw new System.ArgumentException("TestKeys section does not exist");
}
foreach (var testKey in testKeysSection.GetChildren())
{
List <string> roles = new List <string>();
var validRoles = testKey.GetSection("AuthorizedRoles");
var validEmails = testKey.GetSection("AuthorizedEmailAddress");
if (validRoles != null && validRoles.Exists() &&
validEmails != null && validEmails.Exists())
{
throw new System.ArgumentException("Both role and email authorizers cannot be used on the same test key");
}
if (validRoles != null && validRoles.Exists())
{
RoleAuthorizer roleAuth = new RoleAuthorizer(configuration);
keyAuth = roleAuth;
foreach (var role in validRoles.GetChildren())
{
roleAuth.AddRole(role.Value);
}
}
else if (validEmails != null && validEmails.Exists())
{
EmailAuthorizer emailAuth = new EmailAuthorizer();
keyAuth = emailAuth;
foreach (var email in validEmails.GetChildren())
{
emailAuth.AddEmail(email.Value);
}
}
int?expirationTimeInDays = null;
var cacheTime = testKey["CacheExpirationInDays"];
if (cacheTime != null)
{
expirationTimeInDays = Convert.ToInt32(cacheTime, sg.CultureInfo.InvariantCulture);
}
var name = testKey["Name"];
var id = testKey["Id"];
var publicPem = testKey["PublicPem"];
var privatePem = testKey["PrivatePem"];
if (name == null)
{
throw new System.ArgumentException("The key must have a name");
}
if (id == null)
{
throw new System.ArgumentException("The key must have an id");
}
if (publicPem == null)
{
throw new System.ArgumentException("The key must have a publicPem");
}
if (privatePem == null)
{
throw new System.ArgumentException("The key must have a privatePem");
}
_logger.LogInformation("testStore constructe will createTestKey with following params:name=" + name + " and id=" + id);
CreateTestKey(
name,
id,
publicPem,
privatePem,
KeyType,
Algorithm,
keyAuth,
expirationTimeInDays);
}
// //use ukc as keystore - add also the key from ukc
// byte[] keyNameBytes = Encoding.UTF8.GetBytes(ukcKeyName);
// Library.C_Initialize();
// CK_SLOT_ID[] slots = Library.C_GetSlotList(true);
// CK_SLOT_ID slot = slots[0];
// CK_SESSION_HANDLE session = Library.C_OpenSession(slot);
// Library.C_FindObjectsInit(session, new CK_ATTRIBUTE[]
// {
// new CK_ATTRIBUTE(CK.CKA_TOKEN, true),
// new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PRIVATE_KEY),
// new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_RSA),
// new CK_ATTRIBUTE(CK.CKA_ID, keyNameBytes),
// //new CK_ATTRIBUTE(CK.DYCKA_UID , keyUID)
// });
// CK_OBJECT_HANDLE[] foundKeyHandles = Library.C_FindObjects(session, 1);
// Library.C_FindObjectsFinal(session);
// CK_ATTRIBUTE n = new CK_ATTRIBUTE(CK.CKA_MODULUS);
// CK_ATTRIBUTE e = new CK_ATTRIBUTE(CK.CKA_PUBLIC_EXPONENT);
// CK_ATTRIBUTE privateKeyUid = new CK_ATTRIBUTE(CK.DYCKA_UID);
// if(foundKeyHandles.Length > 0)
// {
// //get public key
// Library.C_GetAttributeValue(session, foundKeyHandles[0],new CK_ATTRIBUTE[]
// {
// n,
// e,
// privateKeyUid
// });
// string nStrBase64 = Convert.ToBase64String((byte[])n.pValue);
// string uid = ukcKeyUid;
// //string vOut = (UInt64)privateKeyUid.pValue;
// //build the public key obj
// var publicKeyFromUkc = new PublicKey(nStrBase64,65537);
// //publicKeyFromUkc.KeyId = ((UInt64)privateKeyUid.pValue).ToString();
// publicKeyFromUkc.KeyType = "RSA";
// publicKeyFromUkc.Algorithm = "RS256";
// CreateTestKey(
// ukcKeyName,
// uid,
// nStrBase64,
// nStrBase64,
// publicKeyFromUkc.KeyType,
// publicKeyFromUkc.Algorithm,
// keyAuth,
// null);
// }
}
