/// <inheritsdoc />
public override SymmetricJwk WrapKey(Jwk?staticKey, JwtHeader header, Span <byte> destination)
{
Debug.Assert(header != null);
var partyUInfo = GetPartyInfo(header, JwtHeaderParameterNames.Apu);
var partyVInfo = GetPartyInfo(header, JwtHeaderParameterNames.Apv);
var secretAppend = BuildSecretAppend(partyUInfo, partyVInfo);
ReadOnlySpan <byte> exchangeHash;
var ecKey = _key;
var otherPartyKey = ecKey.CreateEcdhKey();
ECDiffieHellman ephemeralKey = (staticKey is null) ? ECDiffieHellman.Create(ecKey.Crv.CurveParameters) : ((ECJwk)staticKey).CreateEcdhKey();
try
{
exchangeHash = new ReadOnlySpan <byte>(ephemeralKey.DeriveKeyFromHash(otherPartyKey.PublicKey, _hashAlgorithm, _secretPreprend, secretAppend), 0, _keySizeInBytes);
var epk = ECJwk.FromParameters(ephemeralKey.ExportParameters(false));
header.Add(JwtHeaderParameterNames.Epk, epk);
}
finally
{
if (staticKey is null)
{
ephemeralKey.Dispose();
}
}
SymmetricJwk contentEncryptionKey;
if (Algorithm.ProduceEncryptionKey)
{
using var keyWrapper = new AesKeyWrapper(exchangeHash, EncryptionAlgorithm, _keyManagementAlgorithm !);
contentEncryptionKey = keyWrapper.WrapKey(null, header, destination);
}
else
{
exchangeHash.CopyTo(destination);
contentEncryptionKey = SymmetricJwk.FromSpan(exchangeHash, false);
}
return(contentEncryptionKey);
}
private async Task <Jwk[]> GetKeysAsync()
{
var keys = new List <Jwk>();
await foreach (var keyProperties in _client.GetPropertiesOfKeysAsync())
{
var kvKey = await _client.GetKeyAsync(keyProperties.Name);
Jwk?key = null;
if (kvKey.Value.KeyType == KeyType.Oct)
{
key = SymmetricJwk.FromByteArray(kvKey.Value.Key.K, false);
}
else if (kvKey.Value.KeyType == KeyType.Rsa || kvKey.Value.KeyType == KeyType.RsaHsm)
{
key = RsaJwk.FromParameters(kvKey.Value.Key.ToRSA(true).ExportParameters(true), false);
}
#if !NETFRAMEWORK
else if (kvKey.Value.KeyType == KeyType.Ec || kvKey.Value.KeyType == KeyType.EcHsm)
{
ECJwk.FromParameters(ConvertToECParameters(kvKey.Value), computeThumbprint: false);
}
#endif
if (!(key is null))
{
key.Kid = JsonEncodedText.Encode(kvKey.Value.Key.Id);
if (kvKey.Value.Key.KeyOps != null)
{
foreach (var operation in kvKey.Value.Key.KeyOps)
{
key.KeyOps.Add(JsonEncodedText.Encode(operation.ToString()));
}
}
keys.Add(key);
}
}
return(keys.ToArray());
}
protected override Jwks GetKeysFromSource()
{
var keys = new List <Jwk>();
foreach (var keyProperties in _client.GetPropertiesOfKeys())
{
var kvKey = _client.GetKey(keyProperties.Name);
Jwk?key = null;
if (kvKey.Value.KeyType == KeyType.Oct)
{
key = SymmetricJwk.FromByteArray(kvKey.Value.Key.K, false);
}
else if (kvKey.Value.KeyType == KeyType.Rsa || kvKey.Value.KeyType == KeyType.RsaHsm)
{
key = RsaJwk.FromParameters(kvKey.Value.Key.ToRSA(true).ExportParameters(true), false);
}
#if !NETFRAMEWORK
else if (kvKey.Value.KeyType == KeyType.Ec || kvKey.Value.KeyType == KeyType.EcHsm)
{
ECJwk.FromParameters(ConvertToECParameters(kvKey.Value), computeThumbprint: false);
}
#endif
if (!(key is null))
{
key.Kid = JsonEncodedText.Encode(kvKey.Value.Key.Id);
if (kvKey.Value.Key.KeyOps != null)
{
foreach (var operation in kvKey.Value.Key.KeyOps)
{
key.KeyOps.Add(JsonEncodedText.Encode(operation.ToString()));
}
}
keys.Add(key);
}
}
return(new Jwks(_client.VaultUri.ToString(), keys));
}
private async Task <Jwk[]> GetKeysAsync()
{
var keys = new List <Jwk>();
var keyIdentifiers = await _client.GetKeysAsync(_vaultBaseUrl, MaxResults);
foreach (var keyIdentifier in keyIdentifiers)
{
var kvKey = await _client.GetKeyAsync(keyIdentifier.Identifier.Identifier);
Jwk?key = kvKey.Key.Kty switch
{
JsonWebKeyType.Octet => new SymmetricJwk(kvKey.Key.K),
JsonWebKeyType.Rsa => new RsaJwk(kvKey.Key.ToRSAParameters()),
JsonWebKeyType.RsaHsm => new RsaJwk(kvKey.Key.ToRSAParameters()),
#if !NETFRAMEWORK
JsonWebKeyType.EllipticCurve => ECJwk.FromParameters(ConvertToECParameters(kvKey.Key.ToEcParameters())),
JsonWebKeyType.EllipticCurveHsm => ECJwk.FromParameters(ConvertToECParameters(kvKey.Key.ToEcParameters())),
#endif
_ => null
};
if (!(key is null))
{
key.Kid = kvKey.Key.Kid;
if (kvKey.Key.KeyOps != null)
{
for (int i = 0; i < kvKey.Key.KeyOps.Count; i++)
{
key.KeyOps.Add(kvKey.Key.KeyOps[i]);
}
}
keys.Add(key);
}
}
return(keys.ToArray());
}
