Exemple #1
0
        /// <summary>
        /// Decrypts a single block of encrypted data
        /// </summary>
        /// <param name="keyIdentifier">The full key identifier</param>
        /// <param name="algorithm">The algorithm. For more information on possible algorithm types, see JsonWebKeyEncryptionAlgorithm.</param>
        /// <param name="cipherText">The cipher text</param>
        /// <param name="cancellationToken">Optional cancellation token</param>
        /// <returns>The decryption result</returns>
        public static async Task <KeyOperationResult> DecryptAsync(this IKeyVaultClient operations, string keyIdentifier, string algorithm, byte[] cipherText, CancellationToken cancellationToken = default(CancellationToken))
        {
            if (string.IsNullOrEmpty(keyIdentifier))
            {
                throw new ArgumentNullException(nameof(keyIdentifier));
            }

            if (string.IsNullOrEmpty(algorithm))
            {
                throw new ArgumentNullException(nameof(algorithm));
            }

            if (cipherText == null)
            {
                throw new ArgumentNullException(nameof(cipherText));
            }

            var keyId = new KeyIdentifier(keyIdentifier);

            // TODO: should we allow or not allow in the Key Identifier the version to be empty?

            using (var _result = await operations.DecryptWithHttpMessagesAsync(keyId.Vault, keyId.Name, keyId.Version ?? string.Empty, algorithm, cipherText, null, cancellationToken).ConfigureAwait(false))
            {
                return(_result.Body);
            }
        }
 /// <summary>
 /// Creates a new Key Vault context.
 /// </summary>
 public KeyVaultContext(KeyVaultClient client, KeyIdentifier keyIdentifier, JsonWebKey key)
 {
     this.client   = client ?? throw new ArgumentNullException(nameof(client));
     KeyIdentifier = keyIdentifier ?? throw new ArgumentNullException(nameof(keyIdentifier));
     Key           = key ?? throw new ArgumentNullException(nameof(key));
     Certificate   = null;
 }
Exemple #3
0
        /// <summary>
        /// Verifies a signature using the specified key
        /// </summary>
        /// <param name="keyIdentifier"> The global key identifier of the key used for signing </param>
        /// <param name="algorithm"> The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.</param>
        /// <param name="digest"> The digest used for signing </param>
        /// <param name="signature"> The signature to be verified </param>
        /// <param name="cancellationToken">Optional cancellation token</param>
        /// <returns> true if the signature is verified, false otherwise. </returns>
        public static async Task <bool> VerifyAsync(this IKeyVaultClient operations, string keyIdentifier, string algorithm, byte[] digest, byte[] signature, CancellationToken cancellationToken = default(CancellationToken))
        {
            if (string.IsNullOrEmpty(keyIdentifier))
            {
                throw new ArgumentNullException(nameof(keyIdentifier));
            }

            if (string.IsNullOrEmpty(algorithm))
            {
                throw new ArgumentNullException(nameof(algorithm));
            }

            if (digest == null)
            {
                throw new ArgumentNullException(nameof(digest));
            }

            if (signature == null)
            {
                throw new ArgumentNullException(nameof(signature));
            }

            var keyId = new KeyIdentifier(keyIdentifier);

            using (var _result = await operations.VerifyWithHttpMessagesAsync(keyId.Vault, keyId.Name, keyId.Version ?? string.Empty, algorithm, digest, signature, null, cancellationToken).ConfigureAwait(false))
            {
                var verifyResult = _result.Body;
                return((verifyResult.Value == true) ? true : false);
            }
        }
Exemple #4
0
        /// <summary>
        /// Provides an IKey implementation for the specified key or secret identifier.
        /// </summary>
        /// <param name="kid">The key or secret identifier to resolve</param>
        /// <param name="token">Cancellation token</param>
        /// <returns>The resolved IKey implementation or null</returns>
        public async Task <IKey> ResolveKeyAsync(string kid, CancellationToken token)
        {
            if (string.IsNullOrWhiteSpace(kid))
            {
                throw new ArgumentNullException("kid");
            }

            // If the resolver has a name prefix, only handle kid that have that prefix.
            if (_name != null)
            {
                var vaultUrl = new Uri(_name);
                var keyUrl   = new Uri(kid);

                if (string.Compare(vaultUrl.Scheme, keyUrl.Scheme, true) != 0 || string.Compare(vaultUrl.Authority, keyUrl.Authority, true) != 0 || vaultUrl.Port != keyUrl.Port)
                {
                    return(null);
                }
            }

            if (KeyIdentifier.IsKeyIdentifier(kid))
            {
                return(await ResolveKeyFromKeyAsync(kid, token).ConfigureAwait(false));
            }

            if (SecretIdentifier.IsSecretIdentifier(kid))
            {
                return(await ResolveKeyFromSecretAsync(kid, token).ConfigureAwait(false));
            }

            // Return null rather than throw an exception here
            return(null);
        }
Exemple #5
0
        /// <summary>
        /// Provides an IKey implementation for the specified key or secret identifier.
        /// </summary>
        /// <param name="kid">The key or secret identifier to resolve</param>
        /// <param name="token">Cancellation token</param>
        /// <returns>The resolved IKey implementation or null</returns>
        public async Task <IKey> ResolveKeyAsync(string kid, CancellationToken token)
        {
            if (string.IsNullOrWhiteSpace(kid))
            {
                throw new ArgumentNullException("kid");
            }

            // If the resolver has a name prefix, only handle kid that have that prefix
            if (!string.IsNullOrEmpty(_name) && !kid.StartsWith(_name, StringComparison.OrdinalIgnoreCase))
            {
                return(null);
            }

            if (KeyIdentifier.IsKeyIdentifier(kid))
            {
                return(await ResolveKeyFromKeyAsync(kid, token).ConfigureAwait(false));
            }

            if (SecretIdentifier.IsSecretIdentifier(kid))
            {
                return(await ResolveKeyFromSecretAsync(kid, token).ConfigureAwait(false));
            }

            // Return null rather than throw an exception here
            return(null);
        }
 /// <summary>
 /// Creates a new Key Vault context.
 /// </summary>
 public KeyVaultContext(KeyVaultClient client, KeyIdentifier keyIdentifier, X509Certificate2 publicCertificate)
 {
     Certificate   = publicCertificate ?? throw new ArgumentNullException(nameof(publicCertificate));
     this.client   = client ?? throw new ArgumentNullException(nameof(client));
     KeyIdentifier = keyIdentifier ?? throw new ArgumentNullException(nameof(keyIdentifier));
     using (var rsa = publicCertificate.GetRSAPublicKey())
     {
         Key = new JsonWebKey(rsa.ExportParameters(false));
     }
 }
Exemple #7
0
        /// <summary>
        /// Updates the Key Attributes associated with the specified key
        /// </summary>
        /// <param name="keyIdentifier">The key identifier</param>
        /// <param name="keyOps">Json web key operations. For more information, see JsonWebKeyOperation.</param>
        /// <param name="attributes">The new attributes for the key. For more information on key attributes, see KeyAttributes.</param>
        /// <param name="tags">Application-specific metadata in the form of key-value pairs</param>
        /// <param name="cancellationToken">Optional cancellation token</param>
        /// <returns> The updated key </returns>
        public static async Task <KeyBundle> UpdateKeyAsync(this IKeyVaultClient operations, string keyIdentifier, string[] keyOps = null, KeyAttributes attributes = null, Dictionary <string, string> tags = null, CancellationToken cancellationToken = default(CancellationToken))
        {
            if (string.IsNullOrEmpty(keyIdentifier))
            {
                throw new ArgumentNullException(nameof(keyIdentifier));
            }

            var keyId = new KeyIdentifier(keyIdentifier);

            using (var _result = await operations.UpdateKeyWithHttpMessagesAsync(keyId.Vault, keyId.Name, keyId.Version ?? string.Empty, keyOps, attributes, tags, null, cancellationToken).ConfigureAwait(false))
            {
                return(_result.Body);
            }
        }
Exemple #8
0
        /// <summary>
        /// Retrieves the public portion of a key plus its attributes
        /// </summary>
        /// <param name="keyIdentifier">The key identifier</param>
        /// <param name="cancellationToken">Optional cancellation token</param>
        /// <returns>A KeyBundle of the key and its attributes</returns>
        public static async Task <KeyBundle> GetKeyAsync(this IKeyVaultClient operations, string keyIdentifier, CancellationToken cancellationToken = default(CancellationToken))
        {
            if (string.IsNullOrEmpty(keyIdentifier))
            {
                throw new ArgumentNullException(nameof(keyIdentifier));
            }

            var keyId = new KeyIdentifier(keyIdentifier);

            using (var _result = await operations.GetKeyWithHttpMessagesAsync(keyId.Vault, keyId.Name, keyId.Version ?? string.Empty, null, cancellationToken).ConfigureAwait(false))
            {
                return(_result.Body);
            }
        }
Exemple #9
0
        /// <summary>
        /// Creates an RSA object
        /// </summary>
        /// <param name="client"></param>
        /// <param name="keyIdentifier"></param>
        /// <param name="publicCertificate"></param>
        /// <returns></returns>
        public static RSA ToRSA(this KeyVaultClient client, KeyIdentifier keyIdentifier, X509Certificate2 publicCertificate)
        {
            if (client == null)
            {
                throw new ArgumentNullException(nameof(client));
            }

            if (keyIdentifier == null)
            {
                throw new ArgumentNullException(nameof(keyIdentifier));
            }

            if (publicCertificate == null)
            {
                throw new ArgumentNullException(nameof(publicCertificate));
            }

            return(new RSAKeyVault(new KeyVaultContext(client, keyIdentifier, publicCertificate)));
        }
Exemple #10
0
        /// <summary>
        /// Creates an RSA object
        /// </summary>
        /// <param name="client"></param>
        /// <param name="keyIdentifier"></param>
        /// <param name="key"></param>
        /// <returns></returns>
        public static RSA ToRSA(this KeyVaultClient client, KeyIdentifier keyIdentifier, JsonWebKey key)
        {
            if (client == null)
            {
                throw new ArgumentNullException(nameof(client));
            }

            if (keyIdentifier == null)
            {
                throw new ArgumentNullException(nameof(keyIdentifier));
            }

            if (key == null)
            {
                throw new ArgumentNullException(nameof(key));
            }

            return(new RSAKeyVault(new KeyVaultContext(client, keyIdentifier, key)));
        }
Exemple #11
0
        /// <summary>
        /// Creates a signature from a digest using the specified key in the vault
        /// </summary>
        /// <param name="keyIdentifier"> The global key identifier of the signing key </param>
        /// <param name="algorithm">The signing algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. </param>
        /// <param name="digest">The digest value to sign</param>
        /// <param name="cancellationToken">Optional cancellation token</param>
        /// <returns>The signature value</returns>
        public static async Task <KeyOperationResult> SignAsync(this IKeyVaultClient operations, string keyIdentifier, string algorithm, byte[] digest, CancellationToken cancellationToken = default(CancellationToken))
        {
            if (string.IsNullOrEmpty(keyIdentifier))
            {
                throw new ArgumentNullException(nameof(keyIdentifier));
            }

            if (string.IsNullOrEmpty(algorithm))
            {
                throw new ArgumentNullException(nameof(algorithm));
            }

            if (digest == null)
            {
                throw new ArgumentNullException(nameof(digest));
            }

            var keyId = new KeyIdentifier(keyIdentifier);

            using (var _result = await operations.SignWithHttpMessagesAsync(keyId.Vault, keyId.Name, keyId.Version ?? string.Empty, algorithm, digest, null, cancellationToken).ConfigureAwait(false))
            {
                return(_result.Body);
            }
        }
Exemple #12
0
        /// <summary>
        /// Unwraps a symmetric key using the specified key in the vault
        ///     that has initially been used for wrapping the key.
        /// </summary>
        /// <param name="keyIdentifier"> The global key identifier of the wrapping/unwrapping key </param>
        /// <param name="algorithm">The unwrap algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.</param>
        /// <param name="wrappedKey">The wrapped symmetric key</param>
        /// <param name="cancellationToken">Optional cancellation token</param>
        /// <returns>The unwrapped symmetric key</returns>
        public static async Task <KeyOperationResult> UnwrapKeyAsync(this IKeyVaultClient operations, string keyIdentifier, string algorithm, byte[] wrappedKey, CancellationToken cancellationToken = default(CancellationToken))
        {
            if (string.IsNullOrEmpty(keyIdentifier))
            {
                throw new ArgumentNullException("keyIdentifier");
            }

            if (string.IsNullOrEmpty(algorithm))
            {
                throw new ArgumentNullException("algorithm");
            }

            if (wrappedKey == null)
            {
                throw new ArgumentNullException("wrappedKey");
            }

            var keyId = new KeyIdentifier(keyIdentifier);

            using (var _result = await operations.UnwrapKeyWithHttpMessagesAsync(keyId.Vault, keyId.Name, keyId.Version ?? string.Empty, algorithm, wrappedKey, null, cancellationToken).ConfigureAwait(false))
            {
                return(_result.Body);
            }
        }
        public KeyBundle UpdateKey(string vaultName, string keyName, string keyVersion, KeyAttributes keyAttributes)
        {
            if (string.IsNullOrEmpty(vaultName))
                throw new ArgumentNullException("vaultName");
            if (string.IsNullOrEmpty(keyName))
                throw new ArgumentNullException("keyName");
            if (keyAttributes == null)
                throw new ArgumentNullException("keyAttributes");
            
            var attributes = (Azure.KeyVault.Models.KeyAttributes)keyAttributes;
            var keyIdentifier = new KeyIdentifier(this.vaultUriHelper.CreateVaultAddress(vaultName), keyName, keyVersion);

            Azure.KeyVault.Models.KeyBundle keyBundle;
            try
            {
                keyBundle = this.keyVaultClient.UpdateKeyAsync(
                    keyIdentifier.Identifier, keyAttributes.KeyOps, attributes: attributes, tags: keyAttributes.TagsDirectionary).GetAwaiter().GetResult();
            }
            catch (Exception ex)
            {
                throw GetInnerException(ex);
            }

            return new KeyBundle(keyBundle, this.vaultUriHelper);
        }