/// <inheritdoc/>
public async Task <StartSigningRequestResultModel> StartSigningRequestAsync(
StartSigningRequestModel request, VaultOperationContextModel context,
CancellationToken ct)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (string.IsNullOrEmpty(request.EntityId))
{
throw new ArgumentNullException(nameof(request.EntityId));
}
if (string.IsNullOrEmpty(request.GroupId))
{
throw new ArgumentNullException(nameof(request.GroupId));
}
var entity = await _entities.FindEntityAsync(request.EntityId);
if (entity == null)
{
throw new ResourceNotFoundException("Entity not found");
}
// Validate signing request and update entity information
var signingRequest = request.ToRawData();
var info = signingRequest.ToCertificationRequest();
var altNames = info.Extensions?
.OfType <X509SubjectAltNameExtension>()
.SingleOrDefault();
if (!(entity.Uris?.All(
u => altNames?.Uris?.Any(x => u.EqualsIgnoreCase(x)) ?? false)
?? true))
{
throw new ArgumentException(
"Signing Request's alternative names does not include entity's uris");
}
var domainNames = new HashSet <string>(entity.Addresses ?? new List <string>());
if (altNames?.DomainNames != null)
{
foreach (var name in altNames.DomainNames)
{
domainNames.Add(name);
}
}
if (altNames?.IPAddresses != null)
{
foreach (var name in altNames.IPAddresses)
{
domainNames.Add(name);
}
}
var uris = new HashSet <string>(entity.Uris ?? new List <string>());
if (altNames?.Uris != null)
{
foreach (var name in altNames.Uris)
{
uris.Add(name);
}
}
entity.Addresses = domainNames.ToList();
entity.Uris = uris.ToList();
entity.SubjectName = info.Subject.Name;
var result = await _repo.AddAsync(new CertificateRequestModel {
Record = new CertificateRequestRecordModel {
Type = CertificateRequestType.KeyPairRequest,
EntityId = entity.Id,
GroupId = request.GroupId,
Submitted = context.Validate(),
},
Entity = entity.Validate(),
SigningRequest = signingRequest
}, ct);
await _broker.NotifyAllAsync(
l => l.OnCertificateRequestSubmittedAsync(result));
_logger.Information("New signing request submitted.");
return(new StartSigningRequestResultModel {
RequestId = result.Record.RequestId
});
}
/// <summary>
/// Create signing request
/// </summary>
/// <param name="model"></param>
public StartSigningRequestApiModel(StartSigningRequestModel model)
{
EntityId = model.EntityId;
GroupId = model.GroupId;
CertificateRequest = model.CertificateRequest;
}