public static async Task RsaCreateLeafCertificateTestAsync()
{
using (var mock = Setup()) {
IKeyStore keys = mock.Create <KeyDatabase>();
IDigestSigner signer = mock.Create <KeyDatabase>();
ICertificateFactory factory = mock.Create <CertificateFactory>();
Key publicKey;
KeyHandle issuerKey;
Key issuerPublicKey;
using (var rsa1 = RSA.Create()) {
issuerKey = await keys.ImportKeyAsync("rsa1", rsa1.ToKey());
issuerPublicKey = rsa1.ToKey().GetPublicKey();
}
using (var rsa2 = RSA.Create()) {
await keys.ImportKeyAsync("rsa2", rsa2.ToKey());
publicKey = rsa2.ToKey().GetPublicKey();
}
var now = DateTime.UtcNow;
var leaf = await factory.CreateCertificateAsync(signer, issuerKey,
X500DistinguishedNameEx.Create("CN=leaf"), publicKey,
now, now + TimeSpan.FromMinutes(1), SignatureType.RS256, false, sn => {
return(new List <X509Extension>());
});
}
}
public ConsumerRequest(IOAuthContext context, IOAuthConsumerContext consumerContext, IToken token, ICertificateFactory clientSslCertificateFactory)
{
_context = context;
_consumerContext = consumerContext;
_token = token;
_clientSslCertificateFactory = clientSslCertificateFactory;
}
public static async Task RsaCertificateCreateSelfSignedTestAsync()
{
using (var mock = Setup()) {
IKeyStore keys = mock.Create <KeyDatabase>();
IDigestSigner signer = mock.Create <KeyDatabase>();
ICertificateFactory factory = mock.Create <CertificateFactory>();
KeyHandle issuerKey;
Key issuerPublicKey;
using (var rsa1 = RSA.Create()) {
issuerKey = await keys.ImportKeyAsync("rsa1", rsa1.ToKey(),
new KeyStoreProperties { Exportable = true });
issuerPublicKey = rsa1.ToKey().GetPublicKey();
}
var now = DateTime.UtcNow;
var cert = await factory.CreateCertificateAsync(signer, issuerKey,
X500DistinguishedNameEx.Create("CN=leaf"), issuerPublicKey,
now, now + TimeSpan.FromMinutes(1), SignatureType.RS256, false, sn => {
return(new List <X509Extension>());
});
var privateKey = await keys.ExportKeyAsync(issuerKey);
using (cert) {
var certificate = cert.ToCertificate();
Assert.True(certificate.IsSelfSigned());
Assert.Equal(certificate.GetIssuerSerialNumberAsString(), certificate.GetSerialNumberAsString());
}
}
}
public ConsumerRequest(IOAuthSession oauthSession, IOAuthContext context, IOAuthConsumerContext consumerContext, ICertificateFactory clientSslCertificateFactory)
{
_oauthSession = oauthSession;
_context = context;
_consumerContext = consumerContext;
_clientSslCertificateFactory = clientSslCertificateFactory;
}
public ConsumerRequest(IOAuthContext context, IOAuthConsumerContext consumerContext, IToken token, ICertificateFactory clientSslCertificateFactory)
{
_context = context;
_consumerContext = consumerContext;
_token = token;
_clientSslCertificateFactory = clientSslCertificateFactory;
}
public ConsumerRequest(IOAuthSession oauthSession, IOAuthContext context, IOAuthConsumerContext consumerContext,
ICertificateFactory clientSslCertificateFactory)
{
_oauthSession = oauthSession;
_context = context;
_consumerContext = consumerContext;
_clientSslCertificateFactory = clientSslCertificateFactory;
}
/// <summary>
/// Create factory
/// </summary>
/// <param name="store"></param>
/// <param name="repo"></param>
/// <param name="keys"></param>
/// <param name="factory"></param>
/// <param name="logger"></param>
public CertificateIssuer(ICertificateStore store, ICertificateRepository repo,
IKeyStore keys, ICertificateFactory factory, ILogger logger)
{
_keys = keys ?? throw new ArgumentNullException(nameof(keys));
_store = store ?? throw new ArgumentNullException(nameof(store));
_repo = repo ?? throw new ArgumentNullException(nameof(repo));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_factory = factory ?? throw new ArgumentNullException(nameof(factory));
}
/// <summary>
/// Create key vault service client
/// </summary>
/// <param name="config">Keyvault configuration.</param>
/// <param name="provider"></param>
/// <param name="certificates"></param>
/// <param name="factory"></param>
public KeyVaultServiceClient(ICertificateRepository certificates,
ICertificateFactory factory, IKeyVaultConfig config,
Auth.ITokenProvider provider) : this(certificates, factory, config,
new KeyVaultClient(async(_, resource, scope) => {
var token = await provider.GetTokenForAsync(
resource, scope.YieldReturn());
return(token.RawToken);
})) {
}
/// <summary>
/// Create key vault service client
/// </summary>
/// <param name="config">Keyvault configuration.</param>
/// <param name="client"></param>
/// <param name="certificates"></param>
/// <param name="factory"></param>
public KeyVaultServiceClient(ICertificateRepository certificates,
ICertificateFactory factory, IKeyVaultConfig config,
IKeyVaultClient client)
{
if (config == null)
{
throw new ArgumentNullException(nameof(config));
}
_vaultBaseUrl = config.KeyVaultBaseUrl;
_keyStoreIsHsm = config.KeyVaultIsHsm;
_factory = factory ?? throw new ArgumentNullException(nameof(factory));
_certificates = certificates ?? throw new ArgumentNullException(nameof(certificates));
_keyVaultClient = client ?? throw new ArgumentNullException(nameof(client));
}
public SigningCredentialCertificateStorage(
IConfiguration configuration,
ICertificateFactory certificateFactory,
ICertificateSerializer certificateSerializer = null)
{
_validationKeyStoragePath = configuration["SigningCredential:Storage"];
_certificateFactory = certificateFactory;
_certificateSerializer = certificateSerializer ?? new SimpleCertificateSerializer(configuration);
var di = new DirectoryInfo(_validationKeyStoragePath);
if (!di.Exists)
{
di.Create();
}
}
/// <summary>
/// Create key vault service client
/// </summary>
/// <param name="config">Keyvault configuration.</param>
/// <param name="serializer"></param>
/// <param name="certificates"></param>
/// <param name="factory"></param>
/// <param name="provider"></param>
public KeyVaultServiceClient(ICertificateRepository certificates,
ICertificateFactory factory, IKeyVaultConfig config, IJsonSerializer serializer,
ITokenProvider provider) : this(certificates, factory, config, serializer,
new KeyVaultClient(async(_, resource, scope) => {
if (resource != "https://vault.azure.net")
{
// Tunnels the resource through to the provider
scope = resource + "/" + scope;
}
var token = await provider.GetTokenForAsync(
Resource.KeyVault, scope.YieldReturn());
return(token.RawToken);
})) {
if (provider?.Supports(Resource.KeyVault) != true)
{
throw new ArgumentNullException(nameof(provider));
}
}
public DefaultConsumerRequestFactory(ICertificateFactory clientSslCertificateFactory)
{
CertificateFactory = clientSslCertificateFactory;
}
/// <summary>
/// Initializes a new instance of the <see cref="ClientCertEnabledConsumerRequestFactory"/> class.
/// </summary>
/// <param name="certificateFactory">The certificate factory.</param>
public ClientCertEnabledConsumerRequestFactory(ICertificateFactory certificateFactory)
{
_certificateFactory = certificateFactory;
}
/// <summary>
/// Initializes a new instance of the <see cref="ClientCertEnabledConsumerRequest"/> class.
/// </summary>
/// <param name="certificateFactory">The certificate factory.</param>
/// <param name="context">The context.</param>
/// <param name="consumerContext">The consumer context.</param>
/// <param name="token">The token.</param>
public ClientCertEnabledConsumerRequest(ICertificateFactory certificateFactory, IOAuthContext context, IOAuthConsumerContext consumerContext, IToken token)
: base(context, consumerContext, token)
{
_certificateFactory = certificateFactory;
}
/// <summary>
/// Initializes a new instance of the <see cref="ClientCertEnabledConsumerRequestFactory"/> class.
/// </summary>
/// <param name="certificateFactory">The certificate factory.</param>
public ClientCertEnabledConsumerRequestFactory(ICertificateFactory certificateFactory)
{
_certificateFactory = certificateFactory;
}
/// <summary>
/// Initializes a new instance of the <see cref="ClientCertEnabledConsumerRequest"/> class.
/// </summary>
/// <param name="certificateFactory">The certificate factory.</param>
/// <param name="context">The context.</param>
/// <param name="consumerContext">The consumer context.</param>
/// <param name="token">The token.</param>
public ClientCertEnabledConsumerRequest(ICertificateFactory certificateFactory, IOAuthContext context, IOAuthConsumerContext consumerContext, IToken token)
: base(context, consumerContext, token)
{
_certificateFactory = certificateFactory;
}
public static X509Certificate2 GetClientSslCertificate()
{
ICertificateFactory clientSslCertificateFactory = GetClientSslCertificateFactory();
return(clientSslCertificateFactory.CreateCertificate());
}
public DefaultConsumerRequestFactory(ICertificateFactory clientSslCertificateFactory)
{
_clientSslCertificateFactory = clientSslCertificateFactory;
}
internal static RemoteCertificateValidationCallback GetValidatorWithPredefinedCertificates(ICertificateFactory certificateFactory) => GetValidatorWithPredefinedCertificates(certificateFactory.GetCertificates());
