Exemplo n.º 1
0
        public SignedCmsTest()
        {
            var creds = TestAzureCredentials.Credentials;

            if (creds == null)
            {
                return;
            }
            certificateConfiguration = new AzureKeyVaultSignConfigurationSet
            {
                AzureClientId        = creds.ClientId,
                AzureClientSecret    = creds.ClientSecret,
                AzureKeyVaultUrl     = creds.AzureKeyVaultUrl,
                AzureKeyVaultKeyName = creds.AzureKeyVaultCertificateName,
                Mode = KeyVaultMode.Certificate
            };
        }
Exemplo n.º 2
0
        public static async Task <AzureKeyVaultMaterializedConfiguration> Materialize(AzureKeyVaultSignConfigurationSet configuration)
        {
            async Task <string> Authenticate(string authority, string resource, string scope)
            {
                if (!string.IsNullOrWhiteSpace(configuration.AzureAccessToken))
                {
                    return(configuration.AzureAccessToken);
                }

                var context = new AuthenticationContext(authority);
                ClientCredential credential = new ClientCredential(configuration.AzureClientId, configuration.AzureClientSecret);

                AuthenticationResult result = await context.AcquireTokenAsync(resource, credential).ConfigureAwait(false);

                if (result == null)
                {
                    throw new InvalidOperationException("Authentication to Azure failed.");
                }
                return(result.AccessToken);
            }

            var client = new HttpClient();
            var vault  = new KeyVaultClient(Authenticate, client);

            if (configuration.Mode == KeyVaultMode.Certificate)
            {
                var azureCertificate = await vault.GetCertificateAsync(configuration.AzureKeyVaultUrl, configuration.AzureKeyVaultKeyName).ConfigureAwait(false);

                var x509Certificate = new X509Certificate2(azureCertificate.Cer);
                var keyId           = azureCertificate.KeyIdentifier;

                return(new AzureKeyVaultMaterializedConfiguration(vault, keyId, publicCertificate: x509Certificate));
            }
            else if (configuration.Mode == KeyVaultMode.Key)
            {
                var bundle = await vault.GetKeyAsync(configuration.AzureKeyVaultUrl, configuration.AzureKeyVaultKeyName).ConfigureAwait(false);

                return(new AzureKeyVaultMaterializedConfiguration(vault, bundle.KeyIdentifier, bundle.Key));
            }
            throw new ArgumentOutOfRangeException(nameof(configuration));
        }