public async Task <ActionResult <MainResponse> > GetPublicKey(GetPublicKeyRequest request)
{
User user = HttpContext.GetUser();
if (user == null)
{
return(Unauthorized());
}
User user1;
GetPublicKeyResponse getPublicKeyResponse = new GetPublicKeyResponse()
{
PublicKeys = new List <GetPublicKeyResponseItem>()
};
for (int i = 0; i < request.UserIds.Count; i++)
{
user1 = await _context.Users.FirstOrDefaultAsync(p => p.Id == request.UserIds[i]);
if (user1 != null)
{
getPublicKeyResponse.PublicKeys.Add(new GetPublicKeyResponseItem()
{
PublicKey = user1.RSAKeyPair.PublicKey,
UserId = user1.Id,
KeyId = user1.RSAKeyPair.Id
});
}
}
return(MainResponse.GetSuccess(getPublicKeyResponse));
}
public AwsKmsSignature(string keyId, Func <List <string>, string> selector)
{
this.keyId = keyId;
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest()
{
KeyId = keyId
};
GetPublicKeyResponse getPublicKeyResponse = kmsClient.GetPublicKeyAsync(getPublicKeyRequest).Result;
List <string> signingAlgorithms = getPublicKeyResponse.SigningAlgorithms;
signingAlgorithm = selector.Invoke(signingAlgorithms);
switch (signingAlgorithm)
{
case "ECDSA_SHA_256":
case "ECDSA_SHA_384":
case "ECDSA_SHA_512":
case "RSASSA_PKCS1_V1_5_SHA_256":
case "RSASSA_PKCS1_V1_5_SHA_384":
case "RSASSA_PKCS1_V1_5_SHA_512":
break;
case "RSASSA_PSS_SHA_256":
case "RSASSA_PSS_SHA_384":
case "RSASSA_PSS_SHA_512":
throw new ArgumentException(String.Format("Signing algorithm {0} not supported directly by iText", signingAlgorithm));
default:
throw new ArgumentException(String.Format("Unknown signing algorithm: {0}", signingAlgorithm));
}
}
}
/// <summary>
/// 该接口用户获取 KeyUsage为ASYMMETRIC_DECRYPT_RSA_2048 和 ASYMMETRIC_DECRYPT_SM2 的非对称密钥的公钥信息,使用该公钥用户可在本地进行数据加密,使用该公钥加密的数据只能通过KMS使用对应的私钥进行解密。只有处于Enabled状态的非对称密钥才可能获取公钥。
/// </summary>
/// <param name="req"><see cref="GetPublicKeyRequest"/></param>
/// <returns><see cref="GetPublicKeyResponse"/></returns>
public GetPublicKeyResponse GetPublicKeySync(GetPublicKeyRequest req)
{
JsonResponseModel <GetPublicKeyResponse> rsp = null;
try
{
var strResp = this.InternalRequestSync(req, "GetPublicKey");
rsp = JsonConvert.DeserializeObject <JsonResponseModel <GetPublicKeyResponse> >(strResp);
}
catch (JsonSerializationException e)
{
throw new TencentCloudSDKException(e.Message);
}
return(rsp.Response);
}
public static X509Certificate2 generateSelfSignedCertificate(string keyId, string subjectDN, Func <List <string>, string> selector)
{
string signingAlgorithm = null;
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest()
{
KeyId = keyId
};
GetPublicKeyResponse getPublicKeyResponse = kmsClient.GetPublicKeyAsync(getPublicKeyRequest).Result;
List <string> signingAlgorithms = getPublicKeyResponse.SigningAlgorithms;
signingAlgorithm = selector.Invoke(signingAlgorithms);
byte[] spkiBytes = getPublicKeyResponse.PublicKey.ToArray();
CertificateRequest certificateRequest = null;
X509SignatureGenerator simpleGenerator = null;
string keySpecString = getPublicKeyResponse.CustomerMasterKeySpec.ToString();
if (keySpecString.StartsWith("ECC"))
{
ECDsa ecdsa = ECDsa.Create();
int bytesRead = 0;
ecdsa.ImportSubjectPublicKeyInfo(new ReadOnlySpan <byte>(spkiBytes), out bytesRead);
certificateRequest = new CertificateRequest(subjectDN, ecdsa, getHashAlgorithmName(signingAlgorithm));
simpleGenerator = X509SignatureGenerator.CreateForECDsa(ecdsa);
}
else if (keySpecString.StartsWith("RSA"))
{
RSA rsa = RSA.Create();
int bytesRead = 0;
rsa.ImportSubjectPublicKeyInfo(new ReadOnlySpan <byte>(spkiBytes), out bytesRead);
RSASignaturePadding rsaSignaturePadding = getSignaturePadding(signingAlgorithm);
certificateRequest = new CertificateRequest(subjectDN, rsa, getHashAlgorithmName(signingAlgorithm), rsaSignaturePadding);
simpleGenerator = X509SignatureGenerator.CreateForRSA(rsa, rsaSignaturePadding);
}
else
{
throw new ArgumentException("Cannot determine encryption algorithm for " + keySpecString, nameof(keyId));
}
X509SignatureGenerator generator = new SignatureGenerator(keyId, signingAlgorithm, simpleGenerator);
X509Certificate2 certificate = certificateRequest.Create(new X500DistinguishedName(subjectDN), generator, System.DateTimeOffset.Now, System.DateTimeOffset.Now.AddYears(2), new byte[] { 17 });
return(certificate);
}
}
public AwsKmsSignatureContainer(X509Certificate x509Certificate, string keyId, Func <List <string>, string> selector)
{
this.x509Certificate = x509Certificate;
this.keyId = keyId;
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest()
{
KeyId = keyId
};
GetPublicKeyResponse getPublicKeyResponse = kmsClient.GetPublicKeyAsync(getPublicKeyRequest).Result;
List <string> signingAlgorithms = getPublicKeyResponse.SigningAlgorithms;
this.signingAlgorithm = selector.Invoke(signingAlgorithms);
if (signingAlgorithm == null)
{
throw new ArgumentException("KMS key has no signing algorithms", nameof(keyId));
}
signatureFactory = new AwsKmsSignatureFactory(keyId, signingAlgorithm);
}
}
/// <summary>
/// 获取非对称密钥的公钥
/// </summary>
/// <param name="request">请求参数信息</param>
/// <returns>请求结果信息</returns>
public async Task <GetPublicKeyResponse> GetPublicKey(GetPublicKeyRequest request)
{
return(await new GetPublicKeyExecutor().Client(this).Execute <GetPublicKeyResponse, GetPublicKeyResult, GetPublicKeyRequest>(request).ConfigureAwait(false));
}
/// <summary>
/// 获取非对称密钥的公钥
/// </summary>
/// <param name="request">请求参数信息</param>
/// <returns>请求结果信息</returns>
public GetPublicKeyResponse GetPublicKey(GetPublicKeyRequest request)
{
return(new GetPublicKeyExecutor().Client(this).Execute <GetPublicKeyResponse, GetPublicKeyResult, GetPublicKeyRequest>(request));
}
public Task <PublicKeyResponse> GetPublicKeyAsync(GetPublicKeyRequest Address) => GetSimpleJsonAsync <PublicKeyResponse, GetPublicKeyRequest>(Address, Api.GetAccountPublickey);
public PublicKeyResponse GetPublicKey(GetPublicKeyRequest Address) => GetPublicKeyAsync(Address).ConfigureAwait(false).GetAwaiter().GetResult();
