public RSAKeyVaultProviderTests() { var creds = TestAzureCredentials.Credentials; if (creds == null) { return; } certificateConfiguration = new AzureKeyVaultSignConfigurationSet { AzureClientId = creds.ClientId, AzureClientSecret = creds.ClientSecret, AzureKeyVaultUrl = creds.AzureKeyVaultUrl, AzureKeyVaultKeyName = creds.AzureKeyVaultCertificateName, Mode = KeyVaultMode.Certificate }; keyConfiguration = new AzureKeyVaultSignConfigurationSet { AzureClientId = creds.ClientId, AzureClientSecret = creds.ClientSecret, AzureKeyVaultUrl = creds.AzureKeyVaultUrl, AzureKeyVaultKeyName = creds.AzureKeyVaultKeyName, Mode = KeyVaultMode.Key }; }
public KeyVaultSigningContextTests() { var creds = TestAzureCredentials.Credentials; if (creds == null) { return; } _configuration = new AzureKeyVaultSignConfigurationSet { AzureClientId = creds.ClientId, AzureClientSecret = creds.ClientSecret, AzureKeyVaultUrl = creds.AzureKeyVaultUrl, AzureKeyVaultKeyName = creds.AzureKeyVaultCertificateName, Mode = KeyVaultMode.Certificate }; }
public ECDsaKeyVaultProviderTests() { var creds = TestAzureCredentials.Credentials; if (creds is null) { return; } certificateConfiguration = new AzureKeyVaultSignConfigurationSet { AzureClientId = creds.ClientId, AzureClientSecret = creds.ClientSecret, AzureTenantId = creds.TenantId, AzureKeyVaultUrl = new Uri(creds.AzureKeyVaultUrl), AzureKeyVaultKeyName = creds.AzureKeyVaultECDsaCertificateName, Mode = KeyVaultMode.Certificate }; keyConfiguration = new AzureKeyVaultSignConfigurationSet { AzureClientId = creds.ClientId, AzureClientSecret = creds.ClientSecret, AzureTenantId = creds.TenantId, AzureKeyVaultUrl = new Uri(creds.AzureKeyVaultUrl), AzureKeyVaultKeyName = creds.AzureKeyVaultECDsaKeyName, Mode = KeyVaultMode.Key }; certificateWithMSIConfiguration = new AzureKeyVaultSignConfigurationSet { ManagedIdentity = true, AzureKeyVaultUrl = new Uri(creds.AzureKeyVaultUrl), AzureKeyVaultKeyName = creds.AzureKeyVaultECDsaCertificateName, Mode = KeyVaultMode.Certificate }; }
public static async Task <AzureKeyVaultMaterializedConfiguration> Materialize(AzureKeyVaultSignConfigurationSet configuration, CryptographyClientOptions options = null) { TokenCredential credential = configuration.ManagedIdentity switch { true => new DefaultAzureCredential(), false => new ClientSecretCredential(configuration.AzureTenantId, configuration.AzureClientId, configuration.AzureClientSecret) }; if (configuration.Mode == KeyVaultMode.Certificate) { var certificateClient = new CertificateClient(configuration.AzureKeyVaultUrl, credential); var cert = await certificateClient.GetCertificateAsync(configuration.AzureKeyVaultKeyName).ConfigureAwait(false); var x509Certificate = new X509Certificate2(cert.Value.Cer); var keyId = cert.Value.KeyId; return(new AzureKeyVaultMaterializedConfiguration(credential, keyId, publicCertificate: x509Certificate, options: options)); } else if (configuration.Mode == KeyVaultMode.Key) { var keyClient = new KeyClient(configuration.AzureKeyVaultUrl, credential); var key = await keyClient.GetKeyAsync(configuration.AzureKeyVaultKeyName).ConfigureAwait(false); return(new AzureKeyVaultMaterializedConfiguration(credential, key.Value.Id, key.Value.Key, options: options)); } throw new ArgumentOutOfRangeException(nameof(configuration)); } }
public static async Task <AzureKeyVaultMaterializedConfiguration> Materialize(AzureKeyVaultSignConfigurationSet configuration) { async Task <string> Authenticate(string authority, string resource, string scope) { if (!string.IsNullOrWhiteSpace(configuration.AzureAccessToken)) { return(configuration.AzureAccessToken); } var context = new AuthenticationContext(authority); var credential = new ClientCredential(configuration.AzureClientId, configuration.AzureClientSecret); var result = await context.AcquireTokenAsync(resource, credential).ConfigureAwait(false); if (result == null) { throw new InvalidOperationException("Authentication to Azure failed."); } return(result.AccessToken); } var vault = new KeyVaultClient(Authenticate); if (configuration.Mode == KeyVaultMode.Certificate) { var azureCertificate = await vault.GetCertificateAsync(configuration.AzureKeyVaultUrl, configuration.AzureKeyVaultKeyName).ConfigureAwait(false); var x509Certificate = new X509Certificate2(azureCertificate.Cer); var keyId = azureCertificate.KeyIdentifier; return(new AzureKeyVaultMaterializedConfiguration(vault, keyId, publicCertificate: x509Certificate)); } else if (configuration.Mode == KeyVaultMode.Key) { var bundle = await vault.GetKeyAsync(configuration.AzureKeyVaultUrl, configuration.AzureKeyVaultKeyName).ConfigureAwait(false); return(new AzureKeyVaultMaterializedConfiguration(vault, bundle.KeyIdentifier, bundle.Key)); } throw new ArgumentOutOfRangeException(nameof(configuration)); }