/// <summary>
/// Creates a signature from the enqueued parts.
/// </summary>
/// <param name="configuration">The configuration of properties used to create the signature.
/// See the documented of <see cref="AzureKeyVaultSignConfigurationSet"/> for more information.</param>
public async Task <OpcSignature> SignAsync(AzureKeyVaultSignConfigurationSet configuration)
{
using (var azureConfiguration = await KeyVaultConfigurationDiscoverer.Materialize(configuration))
{
return(await SignAsyncImpl <AzureKeyVaultMaterializedConfiguration, KeyVaultSigningContext>(azureConfiguration));
}
}
/// <summary>
/// Creates a signature from the enqueued parts.
/// </summary>
/// <param name="configuration">The configuration of properties used to create the signature.
/// See the documented of <see cref="AzureKeyVaultSignConfigurationSet"/> for more information.</param>
public async Task <OpcSignature> SignAsync(AzureKeyVaultSignConfigurationSet configuration)
{
using (var azureConfiguration = await KeyVaultConfigurationDiscoverer.Materialize(configuration))
{
var fileName = azureConfiguration.PublicCertificate.GetCertHashString() + ".psdsxs";
var(allParts, signatureFile) = SignCore(fileName);
using (var signingContext = new KeyVaultSigningContext(azureConfiguration))
{
var fileManifest = OpcSignatureManifest.Build(signingContext, allParts);
var builder = new XmlSignatureBuilder(signingContext);
builder.SetFileManifest(fileManifest);
var result = await builder.BuildAsync();
PublishSignature(result, signatureFile);
}
_package.Flush();
return(new OpcSignature(signatureFile));
}
}
public static async Task <AzureKeyVaultMaterializedConfiguration> Materialize(AzureKeyVaultSignConfigurationSet configuration)
{
async Task <string> Authenticate(string authority, string resource, string scope)
{
if (!string.IsNullOrWhiteSpace(configuration.AzureAccessToken))
{
return(configuration.AzureAccessToken);
}
var context = new AuthenticationContext(authority);
ClientCredential credential = new ClientCredential(configuration.AzureClientId, configuration.AzureClientSecret);
AuthenticationResult result = await context.AcquireTokenAsync(resource, credential);
if (result == null)
{
throw new InvalidOperationException("Authentication to Azure failed.");
}
return(result.AccessToken);
}
var client = new HttpClient();
var vault = new KeyVaultClient(Authenticate, client);
var azureCertificate = await vault.GetCertificateAsync(configuration.AzureKeyVaultUrl, configuration.AzureKeyVaultCertificateName);
var x509Certificate = new X509Certificate2(azureCertificate.Cer);
var keyId = azureCertificate.KeyIdentifier;
var key = await vault.GetKeyAsync(keyId.Identifier);
return(new AzureKeyVaultMaterializedConfiguration(vault, x509Certificate, key, configuration.FileDigestAlgorithm, configuration.PkcsDigestAlgorithm));
}
