Ejemplo n.º 1
0
        private IDictionary <string, string> GetMetadata(SigningCredentials credentials)
        {
            var rsaParameters = CryptographyHelpers.GetRSAParameters(credentials);

            return(new Dictionary <string, string>
            {
                [JsonWebKeyParameterNames.E] = Base64UrlEncoder.Encode(rsaParameters.Exponent),
                [JsonWebKeyParameterNames.N] = Base64UrlEncoder.Encode(rsaParameters.Modulus),
            });
        }
Ejemplo n.º 2
0
        public async Task <IEnumerable <SigningCredentialsDescriptor> > GetCredentials()
        {
            var options = _options.Value;
            var client  = new KeyVaultClient(KeyVaultCallBack, options.ClientHandler);

            var certificateBundle = await client.GetCertificateAsync(options.VaultUri, options.CertificateName);

            var secret = await client.GetSecretAsync(certificateBundle.SecretIdentifier.Identifier);

            var certificate        = new X509Certificate2(Base64UrlEncoder.DecodeBytes(secret.Value), string.Empty);
            var signingCredentials = new SigningCredentials(new X509SecurityKey(certificate), CryptographyHelpers.FindAlgorithm(certificate));
            var descriptor         = new SigningCredentialsDescriptor(
                signingCredentials,
                CryptographyHelpers.GetAlgorithm(signingCredentials),
                certificateBundle.Attributes.NotBefore.Value.ToUniversalTime(),
                certificateBundle.Attributes.Expires.Value.ToUniversalTime(),
                GetMetadata(signingCredentials));

            return(new List <SigningCredentialsDescriptor>()
            {
                descriptor
            });

            IDictionary <string, string> GetMetadata(SigningCredentials credentials)
            {
                var rsaParameters = CryptographyHelpers.GetRSAParameters(credentials);

                return(new Dictionary <string, string>
                {
                    [JsonWebKeyParameterNames.E] = Base64UrlEncoder.Encode(rsaParameters.Exponent),
                    [JsonWebKeyParameterNames.N] = Base64UrlEncoder.Encode(rsaParameters.Modulus),
                });
            }

            async Task <string> KeyVaultCallBack(string authority, string resource, string scope)
            {
                var adCredential          = new ClientCredential(options.ClientId, options.ClientSecret);
                var authenticationContext = new AuthenticationContext(authority, null);
                var tokenResponse         = await authenticationContext.AcquireTokenAsync(resource, adCredential);

                return(tokenResponse.AccessToken);
            }
        }