public SignedCmsTest()
{
var creds = TestAzureCredentials.Credentials;
if (creds == null)
{
return;
}
certificateConfiguration = new AzureKeyVaultSignConfigurationSet
{
AzureClientId = creds.ClientId,
AzureClientSecret = creds.ClientSecret,
AzureKeyVaultUrl = creds.AzureKeyVaultUrl,
AzureKeyVaultKeyName = creds.AzureKeyVaultCertificateName,
Mode = KeyVaultMode.Certificate
};
}
public static async Task <AzureKeyVaultMaterializedConfiguration> Materialize(AzureKeyVaultSignConfigurationSet configuration)
{
async Task <string> Authenticate(string authority, string resource, string scope)
{
if (!string.IsNullOrWhiteSpace(configuration.AzureAccessToken))
{
return(configuration.AzureAccessToken);
}
var context = new AuthenticationContext(authority);
ClientCredential credential = new ClientCredential(configuration.AzureClientId, configuration.AzureClientSecret);
AuthenticationResult result = await context.AcquireTokenAsync(resource, credential).ConfigureAwait(false);
if (result == null)
{
throw new InvalidOperationException("Authentication to Azure failed.");
}
return(result.AccessToken);
}
var client = new HttpClient();
var vault = new KeyVaultClient(Authenticate, client);
if (configuration.Mode == KeyVaultMode.Certificate)
{
var azureCertificate = await vault.GetCertificateAsync(configuration.AzureKeyVaultUrl, configuration.AzureKeyVaultKeyName).ConfigureAwait(false);
var x509Certificate = new X509Certificate2(azureCertificate.Cer);
var keyId = azureCertificate.KeyIdentifier;
return(new AzureKeyVaultMaterializedConfiguration(vault, keyId, publicCertificate: x509Certificate));
}
else if (configuration.Mode == KeyVaultMode.Key)
{
var bundle = await vault.GetKeyAsync(configuration.AzureKeyVaultUrl, configuration.AzureKeyVaultKeyName).ConfigureAwait(false);
return(new AzureKeyVaultMaterializedConfiguration(vault, bundle.KeyIdentifier, bundle.Key));
}
throw new ArgumentOutOfRangeException(nameof(configuration));
}