private async Task <T> Execute <T>(IKeyIdentifier id = null, string operation = null, object body = null)
{
var path = "/keys/";
if (id != null)
{
path += $"{id.KeyId}/";
}
path += operation;
HttpResponseMessage response;
if (body != null)
{
response = await client.PostAsync(path, new StringContent(body.Serialize(), Encoding.UTF8, "application/json"));
}
else
{
response = await client.GetAsync(path);
}
var content = response.EnsureSuccessStatusCode().Content;
var responseBody = await content.ReadAsStringAsync();
return(responseBody.Deserialize <T>());
}
public async Task <T> Decrypt <T>(IKeyIdentifier id, string ciphertext)
{
var key = await storage.GetKey(id);
var decrypted = await processor.Decrypt <T>(key, ciphertext);
return(decrypted);
}
public Task <IEnclaveKey> GetKey(IKeyIdentifier id)
{
if (InMemoryKeys.TryGetValue(id.KeyId, out IEnclaveKey key))
{
return(Task.FromResult(key));
}
throw new InvalidOperationException($"Key with Id {id.KeyId} not found");
}
public async Task <EncryptedResult> Encrypt(IKeyIdentifier id, object value)
{
var key = await storage.GetKey(id);
var encrypted = await processor.Encrypt(key, value);
return(new EncryptedResult {
Value = encrypted
});
}
public async Task <IEnclaveKey> GetKey(IKeyIdentifier id)
{
using (var client = KeyVault.CreateClient())
{
var keyId = Encoding.UTF8.GetString(Convert.FromBase64String(id.KeyId));
var key = await client.GetKeyAsync(keyId);
return(new KeyVaultKey(key));
}
}
public async Task <ClaimsIdentity> Authenticate(IKeyIdentifier id, string token, string scheme = null)
{
var key = await storage.GetKey(id);
var kerbKey = key.RetrieveKey <byte[]>();
var validator = new KerberosValidator(
new KeyTable(
new KerberosKey(kerbKey)
)
);
var authenticator = new KerberosAuthenticator(validator);
return(await authenticator.Authenticate(token));
}
public async Task <ClaimsIdentity> Authenticate(IKeyIdentifier id, string token, string scheme)
{
var authenticator = TryFindAuthenticator(token, scheme);
if (authenticator == null)
{
return(null);
}
if (typeof(SchemeAuthenticator) == authenticator.GetType())
{
return(null);
}
return(await authenticator.Authenticate(id, token, scheme));
}
public async Task <ClaimsIdentity> AuthenticateToken(IKeyIdentifier id, string scheme, string token)
{
return(await authenticator.Authenticate(id, token, scheme));
}
public async Task <bool> Validate(IKeyIdentifier id, string signed)
{
var key = await storage.GetKey(id);
return(await processor.Validate(key, signed));
}
public async Task <string> Sign(IKeyIdentifier id, object value)
{
var key = await storage.GetKey(id);
return(await processor.Sign(key, value));
}
public Task <EncryptedResult> Encrypt(IKeyIdentifier id, object value)
{
return(Execute <EncryptedResult>(id, "encrypt", new EncryptRequest {
Value = value
}));
}
public Task <T> Decrypt <T>(IKeyIdentifier id, string ciphertext)
{
return(Execute <T>(id, "decrypt", new { Value = ciphertext }));
}
public async Task <ClaimsIdentity> AuthenticateToken(IKeyIdentifier id, string scheme, string token)
{
var result = await Execute <AuthenticateResult>(id, "authenticate", new AuthenticateRequest { Token = token, Scheme = scheme });
return(result.Identity.Deserialize <ClaimsIdentity>());
}
public async Task <bool> Validate(IKeyIdentifier id, string signed)
{
var result = await Execute <ValidateResult>(id, "validate", new { Value = signed });
return(result.Result);
}
public async Task <string> Sign(IKeyIdentifier id, object value)
{
var response = await Execute <SignResult>(id, "sign", new SignRequest { Value = value });
return(response.Value);
}
