/// <summary> /// Creates a signature from the enqueued parts. /// </summary> /// <param name="configuration">The configuration of properties used to create the signature. /// See the documented of <see cref="AzureKeyVaultSignConfigurationSet"/> for more information.</param> public async Task <OpcSignature> SignAsync(AzureKeyVaultSignConfigurationSet configuration) { using (var azureConfiguration = await KeyVaultConfigurationDiscoverer.Materialize(configuration)) { return(await SignAsyncImpl <AzureKeyVaultMaterializedConfiguration, KeyVaultSigningContext>(azureConfiguration)); } }
/// <summary> /// Creates a signature from the enqueued parts. /// </summary> /// <param name="configuration">The configuration of properties used to create the signature. /// See the documented of <see cref="AzureKeyVaultSignConfigurationSet"/> for more information.</param> public async Task <OpcSignature> SignAsync(AzureKeyVaultSignConfigurationSet configuration) { using (var azureConfiguration = await KeyVaultConfigurationDiscoverer.Materialize(configuration)) { var fileName = azureConfiguration.PublicCertificate.GetCertHashString() + ".psdsxs"; var(allParts, signatureFile) = SignCore(fileName); using (var signingContext = new KeyVaultSigningContext(azureConfiguration)) { var fileManifest = OpcSignatureManifest.Build(signingContext, allParts); var builder = new XmlSignatureBuilder(signingContext); builder.SetFileManifest(fileManifest); var result = await builder.BuildAsync(); PublishSignature(result, signatureFile); } _package.Flush(); return(new OpcSignature(signatureFile)); } }
public static async Task <AzureKeyVaultMaterializedConfiguration> Materialize(AzureKeyVaultSignConfigurationSet configuration) { async Task <string> Authenticate(string authority, string resource, string scope) { if (!string.IsNullOrWhiteSpace(configuration.AzureAccessToken)) { return(configuration.AzureAccessToken); } var context = new AuthenticationContext(authority); ClientCredential credential = new ClientCredential(configuration.AzureClientId, configuration.AzureClientSecret); AuthenticationResult result = await context.AcquireTokenAsync(resource, credential); if (result == null) { throw new InvalidOperationException("Authentication to Azure failed."); } return(result.AccessToken); } var client = new HttpClient(); var vault = new KeyVaultClient(Authenticate, client); var azureCertificate = await vault.GetCertificateAsync(configuration.AzureKeyVaultUrl, configuration.AzureKeyVaultCertificateName); var x509Certificate = new X509Certificate2(azureCertificate.Cer); var keyId = azureCertificate.KeyIdentifier; var key = await vault.GetKeyAsync(keyId.Identifier); return(new AzureKeyVaultMaterializedConfiguration(vault, x509Certificate, key, configuration.FileDigestAlgorithm, configuration.PkcsDigestAlgorithm)); }