Example #1
0
        /// <inheritsdoc />
        public override SymmetricJwk WrapKey(Jwk?staticKey, JwtHeader header, Span <byte> destination)
        {
            Debug.Assert(header != null);

            var partyUInfo   = GetPartyInfo(header, JwtHeaderParameterNames.Apu);
            var partyVInfo   = GetPartyInfo(header, JwtHeaderParameterNames.Apv);
            var secretAppend = BuildSecretAppend(partyUInfo, partyVInfo);
            ReadOnlySpan <byte> exchangeHash;
            var             ecKey         = _key;
            var             otherPartyKey = ecKey.CreateEcdhKey();
            ECDiffieHellman ephemeralKey  = (staticKey is null) ? ECDiffieHellman.Create(ecKey.Crv.CurveParameters) : ((ECJwk)staticKey).CreateEcdhKey();

            try
            {
                exchangeHash = new ReadOnlySpan <byte>(ephemeralKey.DeriveKeyFromHash(otherPartyKey.PublicKey, _hashAlgorithm, _secretPreprend, secretAppend), 0, _keySizeInBytes);
                var epk = ECJwk.FromParameters(ephemeralKey.ExportParameters(false));
                header.Add(JwtHeaderParameterNames.Epk, epk);
            }
            finally
            {
                if (staticKey is null)
                {
                    ephemeralKey.Dispose();
                }
            }

            SymmetricJwk contentEncryptionKey;

            if (Algorithm.ProduceEncryptionKey)
            {
                using var keyWrapper = new AesKeyWrapper(exchangeHash, EncryptionAlgorithm, _keyManagementAlgorithm !);
                contentEncryptionKey = keyWrapper.WrapKey(null, header, destination);
            }
            else
            {
                exchangeHash.CopyTo(destination);
                contentEncryptionKey = SymmetricJwk.FromSpan(exchangeHash, false);
            }

            return(contentEncryptionKey);
        }
Example #2
0
        private async Task <Jwk[]> GetKeysAsync()
        {
            var keys = new List <Jwk>();

            await foreach (var keyProperties in _client.GetPropertiesOfKeysAsync())
            {
                var kvKey = await _client.GetKeyAsync(keyProperties.Name);

                Jwk?key = null;
                if (kvKey.Value.KeyType == KeyType.Oct)
                {
                    key = SymmetricJwk.FromByteArray(kvKey.Value.Key.K, false);
                }
                else if (kvKey.Value.KeyType == KeyType.Rsa || kvKey.Value.KeyType == KeyType.RsaHsm)
                {
                    key = RsaJwk.FromParameters(kvKey.Value.Key.ToRSA(true).ExportParameters(true), false);
                }
#if !NETFRAMEWORK
                else if (kvKey.Value.KeyType == KeyType.Ec || kvKey.Value.KeyType == KeyType.EcHsm)
                {
                    ECJwk.FromParameters(ConvertToECParameters(kvKey.Value), computeThumbprint: false);
                }
#endif

                if (!(key is null))
                {
                    key.Kid = JsonEncodedText.Encode(kvKey.Value.Key.Id);
                    if (kvKey.Value.Key.KeyOps != null)
                    {
                        foreach (var operation in kvKey.Value.Key.KeyOps)
                        {
                            key.KeyOps.Add(JsonEncodedText.Encode(operation.ToString()));
                        }
                    }

                    keys.Add(key);
                }
            }

            return(keys.ToArray());
        }
Example #3
0
        protected override Jwks GetKeysFromSource()
        {
            var keys = new List <Jwk>();

            foreach (var keyProperties in _client.GetPropertiesOfKeys())
            {
                var kvKey = _client.GetKey(keyProperties.Name);
                Jwk?key   = null;
                if (kvKey.Value.KeyType == KeyType.Oct)
                {
                    key = SymmetricJwk.FromByteArray(kvKey.Value.Key.K, false);
                }
                else if (kvKey.Value.KeyType == KeyType.Rsa || kvKey.Value.KeyType == KeyType.RsaHsm)
                {
                    key = RsaJwk.FromParameters(kvKey.Value.Key.ToRSA(true).ExportParameters(true), false);
                }
#if !NETFRAMEWORK
                else if (kvKey.Value.KeyType == KeyType.Ec || kvKey.Value.KeyType == KeyType.EcHsm)
                {
                    ECJwk.FromParameters(ConvertToECParameters(kvKey.Value), computeThumbprint: false);
                }
#endif

                if (!(key is null))
                {
                    key.Kid = JsonEncodedText.Encode(kvKey.Value.Key.Id);
                    if (kvKey.Value.Key.KeyOps != null)
                    {
                        foreach (var operation in kvKey.Value.Key.KeyOps)
                        {
                            key.KeyOps.Add(JsonEncodedText.Encode(operation.ToString()));
                        }
                    }

                    keys.Add(key);
                }
            }

            return(new Jwks(_client.VaultUri.ToString(), keys));
        }
Example #4
0
        private async Task <Jwk[]> GetKeysAsync()
        {
            var keys           = new List <Jwk>();
            var keyIdentifiers = await _client.GetKeysAsync(_vaultBaseUrl, MaxResults);

            foreach (var keyIdentifier in keyIdentifiers)
            {
                var kvKey = await _client.GetKeyAsync(keyIdentifier.Identifier.Identifier);

                Jwk?key = kvKey.Key.Kty switch
                {
                    JsonWebKeyType.Octet => new SymmetricJwk(kvKey.Key.K),
                    JsonWebKeyType.Rsa => new RsaJwk(kvKey.Key.ToRSAParameters()),
                    JsonWebKeyType.RsaHsm => new RsaJwk(kvKey.Key.ToRSAParameters()),
#if !NETFRAMEWORK
                    JsonWebKeyType.EllipticCurve => ECJwk.FromParameters(ConvertToECParameters(kvKey.Key.ToEcParameters())),
                    JsonWebKeyType.EllipticCurveHsm => ECJwk.FromParameters(ConvertToECParameters(kvKey.Key.ToEcParameters())),
#endif
                    _ => null
                };

                if (!(key is null))
                {
                    key.Kid = kvKey.Key.Kid;
                    if (kvKey.Key.KeyOps != null)
                    {
                        for (int i = 0; i < kvKey.Key.KeyOps.Count; i++)
                        {
                            key.KeyOps.Add(kvKey.Key.KeyOps[i]);
                        }
                    }

                    keys.Add(key);
                }
            }

            return(keys.ToArray());
        }