private static async Task StartAsync(Options o)
{
var keyVaultServiceClient = new KeyVaultServiceClient($"https://{o.KeyVaultName}.vault.azure.net/");
keyVaultServiceClient.SetAuthenticationClientCredential(o.AppId, o.Secret);
var kvCertProvider = new KeyVaultCertificateProvider(keyVaultServiceClient);
if (o.IsRootCA)
{
if (string.IsNullOrEmpty(o.Subject))
{
throw new ArgumentException("Subject is not provided.");
}
// Generate issuing certificate in KeyVault
await kvCertProvider.CreateCACertificateAsync(o.IssuerCertName, o.Subject);
}
else
{
if (string.IsNullOrEmpty(o.PathToCsr) || string.IsNullOrEmpty(o.OutputFileName))
{
throw new ArgumentException("Path to CSR or the Output Filename is not provided.");
}
// Issue device certificate
var csr = File.ReadAllBytes(o.PathToCsr);
var cert = await kvCertProvider.SigningRequestAsync(csr, o.IssuerCertName);
File.WriteAllBytes(o.OutputFileName, cert.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert));
}
}
/// <summary>
/// Create the KeyVault signature generator.
/// </summary>
/// <param name="keyVaultServiceClient">The KeyVault service client to use</param>
/// <param name="signingKey">The KeyVault signing key</param>
/// <param name="issuerCertificate">The issuer certificate used for signing</param>
public KeyVaultSignatureGenerator(
KeyVaultServiceClient keyVaultServiceClient,
string signingKey,
X509Certificate2 issuerCertificate)
{
_issuerCert = issuerCertificate;
_keyVaultServiceClient = keyVaultServiceClient;
_signingKey = signingKey;
}
internal KeyVaultCertificateProvider(KeyVaultServiceClient keyVaultServiceClient)
{
_keyVaultServiceClient = keyVaultServiceClient;
}
