private async Task <TrackKey> CreateX509KeyAsync()
{
var certificate = await settings.MasterTenant.CreateSelfSignedCertificateAsync();
var trackKey = new TrackKey()
{
Type = TrackKeyType.Contained,
Key = await certificate.ToJsonWebKeyAsync(true)
};
return(trackKey);
}
private void ValidateTrackKey(TrackKey trackKey)
{
var nowLocal = DateTime.Now;
var certificate = trackKey.Key.ToX509Certificate();
if (certificate.NotBefore > nowLocal)
{
throw new Exception($"Track certificate not valid yet. NotBefore {certificate.NotBefore.ToUniversalTime().ToString("u")}.");
}
if (certificate.NotAfter < nowLocal)
{
throw new Exception($"Track certificate is expired. NotAfter {certificate.NotAfter.ToUniversalTime().ToString("u")}.");
}
}
private async Task <TrackKey> CreateX509KeyAsync(string tenantName, string trackName)
{
var certificate = await(tenantName, trackName).CreateSelfSignedCertificateBySubjectAsync();
var trackKey = new TrackKey()
{
Type = TrackKeyType.Contained,
Keys = new List <TrackKeyItem> {
new TrackKeyItem {
Key = await certificate.ToFTJsonWebKeyAsync(true)
}
}
};
return(trackKey);
}
public Saml2X509Certificate GetSaml2X509Certificate(TrackKey trackKey)
{
ValidateTrackKey(trackKey);
switch (trackKey.Type)
{
case TrackKeyType.Contained:
return(trackKey.Key.ToSaml2X509Certificate(true));
case TrackKeyType.KeyVault:
return(new Saml2X509Certificate(trackKey.Key.ToX509Certificate(), GetRSAKeyVault(trackKey)));
default:
throw new NotSupportedException($"Track key type '{trackKey.Type}' not supported.");
}
}
public SecurityKey GetSecurityKey(TrackKey trackKey)
{
ValidateTrackKey(trackKey);
switch (trackKey.Type)
{
case TrackKeyType.Contained:
return(trackKey.Key);
case TrackKeyType.KeyVault:
return(new RsaSecurityKey(GetRSAKeyVault(trackKey)));
default:
throw new NotSupportedException($"Track key type '{trackKey.Type}' not supported.");
}
}
private async Task DefaultLoadAsync()
{
certificateLoadError = null;
try
{
trackKey = await TrackService.GetTrackKeyTypeAsync();
if (trackKey.Type == TrackKeyType.Contained)
{
SetGeneralCertificates(await TrackService.GetTrackKeyContainedAsync());
}
}
catch (TokenUnavailableException)
{
await(OpenidConnectPkce as TenantOpenidConnectPkce).TenantLoginAsync();
}
catch (Exception ex)
{
certificateLoadError = ex.Message;
}
}
public async Task UpdateTrackKeyTypeAsync(TrackKey trackKeyRequest) => await PutAsync(keyTypeApiUri, trackKeyRequest);
public static JsonWebKey GetPublicKey(this TrackKey trackKey)
{
return(trackKey.Key.GetPublicKey());
}
private RSA GetRSAKeyVault(TrackKey trackKey)
{
return(keyVaultClient.ToRSA(new KeyIdentifier(settings.KeyVault.EndpointUri, trackKey.ExternalName), new Microsoft.Azure.KeyVault.WebKey.JsonWebKey(trackKey.Key.ToRsaParameters())));
}
public void LoadData()
{
//default values
m_aTrackKeys = new List<TrackKey>();
BitConverter.IsLittleEndian = true;
List<PropertyReader.Property> props = PropertyReader.getPropList(pcc, pcc.Exports[index].Data);
foreach (PropertyReader.Property p in props)
{
if (pcc.getNameEntry(p.Name) == "m_aTrackKeys")
{
int pos = 28;
int count = BitConverter.ToInt32(p.raw, 24);
for (int j = 0; j < count; j++)
{
List<PropertyReader.Property> p2 = PropertyReader.ReadProp(pcc, p.raw, pos);
TrackKey key = new TrackKey();
for (int i = 0; i < p2.Count(); i++)
{
if (pcc.getNameEntry(p2[i].Name) == "KeyName")
key.KeyName = p2[i].Value.NameValue;
else if (pcc.getNameEntry(p2[i].Name) == "fTime")
key.fTime = BitConverter.ToSingle(p2[i].raw, 24);
pos += p2[i].raw.Length;
}
m_aTrackKeys.Add(key);
}
}
}
}
