private static async Task StartAsync(Options o) { var keyVaultServiceClient = new KeyVaultServiceClient($"https://{o.KeyVaultName}.vault.azure.net/"); keyVaultServiceClient.SetAuthenticationClientCredential(o.AppId, o.Secret); var kvCertProvider = new KeyVaultCertificateProvider(keyVaultServiceClient); if (o.IsRootCA) { if (string.IsNullOrEmpty(o.Subject)) { throw new ArgumentException("Subject is not provided."); } // Generate issuing certificate in KeyVault await kvCertProvider.CreateCACertificateAsync(o.IssuerCertName, o.Subject); } else { if (string.IsNullOrEmpty(o.PathToCsr) || string.IsNullOrEmpty(o.OutputFileName)) { throw new ArgumentException("Path to CSR or the Output Filename is not provided."); } // Issue device certificate var csr = File.ReadAllBytes(o.PathToCsr); var cert = await kvCertProvider.SigningRequestAsync(csr, o.IssuerCertName); File.WriteAllBytes(o.OutputFileName, cert.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert)); } }
/// <summary> /// Create the KeyVault signature generator. /// </summary> /// <param name="keyVaultServiceClient">The KeyVault service client to use</param> /// <param name="signingKey">The KeyVault signing key</param> /// <param name="issuerCertificate">The issuer certificate used for signing</param> public KeyVaultSignatureGenerator( KeyVaultServiceClient keyVaultServiceClient, string signingKey, X509Certificate2 issuerCertificate) { _issuerCert = issuerCertificate; _keyVaultServiceClient = keyVaultServiceClient; _signingKey = signingKey; }
internal KeyVaultCertificateProvider(KeyVaultServiceClient keyVaultServiceClient) { _keyVaultServiceClient = keyVaultServiceClient; }