public async Task <IAmazonKeyManagementService> GetClientAsync(KmsSettings settings)
{
using (await _listLock.LockAsync())
{
return(GetKmsClient(settings));
}
}
public static KmsSettings Load(NameValueCollection nvc)
{
// Parse
var settings = new KmsSettings
{
Region = nvc["region"] ?? string.Empty,
AccessKey = nvc["access_key"] ?? string.Empty,
SecretKey = nvc["secret_key"] ?? string.Empty,
};
// Handle defaults
if (string.IsNullOrWhiteSpace(settings.Region) == true)
{
settings.Region = Defaults.Region;
}
// Calculate and assign signature
var data = Encoding.UTF8.GetBytes($"{settings.Region}-{settings.SecretKey}-{settings.AccessKey}");
using (var sha = SHA512.Create())
{
settings.Signature = Convert.ToBase64String(sha.ComputeHash(data));
}
return(settings);
}
public IAmazonKeyManagementService GetClient(KmsSettings settings)
{
lock (_syncLock)
{
return(GetKmsClient(settings));
}
}
private async Task <KmsSettings> GetTenantSettingsAsync(string tenantId)
{
var nvc = await _config.GetTenantConfigurationAsNameValueCollectionAsync(tenantId, Constants.DataEncryptionSection, Constants.DataEncryptionKey);
var settings = KmsSettings.Load(nvc ?? new NameValueCollection());
return(settings);
}
private async Task <KmsSettings> GetGlobalSettingsAsync()
{
var nvc = await _config.GetGlobalConfigurationAsNameValueCollectionAsync(Constants.DataEncryptionSection, Constants.DataEncryptionKey);
var settings = KmsSettings.Load(nvc ?? new NameValueCollection());
return(settings);
}
private KmsSettings GetGlobalSettings()
{
var nvc = _config.GetGlobalConfigurationAsNameValueCollection(Constants.DataEncryptionSection, Constants.DataEncryptionKey);
var settings = KmsSettings.Load(nvc ?? new NameValueCollection());
return(settings);
}
private IAmazonKeyManagementService CreateKmsClient(KmsSettings settings)
{
var region = RegionEndpoint.GetBySystemName(settings.Region);
if (settings.HasKeys == true)
{
var credentials = new BasicAWSCredentials(settings.AccessKey, settings.SecretKey);
return(new AmazonKeyManagementServiceClient(credentials, region));
}
else
{
return(new AmazonKeyManagementServiceClient(region));
}
}
private IAmazonKeyManagementService GetKmsClient(KmsSettings settings)
{
var clientData = _clients.FirstOrDefault(x => x.Key.Equals(settings.Signature));
if (clientData.Key != null && clientData.Value != null && clientData.Value.Item1 != null && clientData.Value.Item2 != null)
{
return(clientData.Value.Item1);
}
else
{
var client = CreateKmsClient(settings);
_clients.TryAdd(settings.Signature, new Tuple <IAmazonKeyManagementService, List <string> >(client, new List <string>()));
return(client);
}
}
private IAmazonKeyManagementService GetKmsClient(string tenantId, KmsSettings settings)
{
lock (_syncLock)
{
var clientData = _clients.FirstOrDefault(x => x.Key.Equals(settings.Signature));
if (clientData.Key != null && clientData.Value != null && clientData.Value.Item1 != null && clientData.Value.Item2 != null)
{
clientData.Value.Item2.Add(tenantId);
_tenantSpecificClients[tenantId] = clientData.Value.Item1;
return(clientData.Value.Item1);
}
else
{
var client = CreateKmsClient(settings);
_clients.TryAdd(settings.Signature, new Tuple <IAmazonKeyManagementService, List <string> >(client, new List <string>()
{
tenantId
}));
_tenantSpecificClients[tenantId] = client;
return(client);
}
}
}
