stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Details
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Details
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-13 00:20:26 +02:00
parent e1f1bef4c1
commit 564df71bfb
2376 changed files with 334389 additions and 328032 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
src/Signer/StellaOps.Signer/StellaOps.Signer.Infrastructure/Signing/HmacDsseSigner.cs
View File

@@ -1,67 +1,67 @@
using System;
using System.Collections.Generic;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Options;
using StellaOps.Cryptography;
using StellaOps.Signer.Core;
using StellaOps.Signer.Infrastructure.Options;
namespace StellaOps.Signer.Infrastructure.Signing;
public sealed class HmacDsseSigner : IDsseSigner
{
private readonly IOptionsMonitor<SignerCryptoOptions> _options;
private readonly ICryptoHmac _cryptoHmac;
private readonly TimeProvider _timeProvider;
public HmacDsseSigner(
IOptionsMonitor<SignerCryptoOptions> options,
ICryptoHmac cryptoHmac,
TimeProvider timeProvider)
{
_options = options ?? throw new ArgumentNullException(nameof(options));
_cryptoHmac = cryptoHmac ?? throw new ArgumentNullException(nameof(cryptoHmac));
_timeProvider = timeProvider ?? TimeProvider.System;
}
public ValueTask<SigningBundle> SignAsync(
SigningRequest request,
ProofOfEntitlementResult entitlement,
CallerContext caller,
CancellationToken cancellationToken)
{
ArgumentNullException.ThrowIfNull(request);
ArgumentNullException.ThrowIfNull(entitlement);
ArgumentNullException.ThrowIfNull(caller);
var options = _options.CurrentValue;
var payloadBytes = SignerStatementBuilder.BuildStatementPayload(request);
var secretBytes = Convert.FromBase64String(options.Secret);
var signature = _cryptoHmac.ComputeHmacBase64ForPurpose(secretBytes, payloadBytes, HmacPurpose.Signing);
var payloadBase64 = Convert.ToBase64String(payloadBytes);
var envelope = new DsseEnvelope(
payloadBase64,
"application/vnd.in-toto+json",
new[]
{
new DsseSignature(signature, options.KeyId),
});
var metadata = new SigningMetadata(
new SigningIdentity(
options.Mode,
caller.Subject,
caller.Subject,
_timeProvider.GetUtcNow().AddMinutes(10)),
Array.Empty<string>(),
options.ProviderName,
options.AlgorithmId);
var bundle = new SigningBundle(envelope, metadata);
return ValueTask.FromResult(bundle);
}
}
using System;
using System.Collections.Generic;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Options;
using StellaOps.Cryptography;
using StellaOps.Signer.Core;
using StellaOps.Signer.Infrastructure.Options;
namespace StellaOps.Signer.Infrastructure.Signing;
public sealed class HmacDsseSigner : IDsseSigner
{
private readonly IOptionsMonitor<SignerCryptoOptions> _options;
private readonly ICryptoHmac _cryptoHmac;
private readonly TimeProvider _timeProvider;
public HmacDsseSigner(
IOptionsMonitor<SignerCryptoOptions> options,
ICryptoHmac cryptoHmac,
TimeProvider timeProvider)
{
_options = options ?? throw new ArgumentNullException(nameof(options));
_cryptoHmac = cryptoHmac ?? throw new ArgumentNullException(nameof(cryptoHmac));
_timeProvider = timeProvider ?? TimeProvider.System;
}
public ValueTask<SigningBundle> SignAsync(
SigningRequest request,
ProofOfEntitlementResult entitlement,
CallerContext caller,
CancellationToken cancellationToken)
{
ArgumentNullException.ThrowIfNull(request);
ArgumentNullException.ThrowIfNull(entitlement);
ArgumentNullException.ThrowIfNull(caller);
var options = _options.CurrentValue;
var payloadBytes = SignerStatementBuilder.BuildStatementPayload(request);
var secretBytes = Convert.FromBase64String(options.Secret);
var signature = _cryptoHmac.ComputeHmacBase64ForPurpose(secretBytes, payloadBytes, HmacPurpose.Signing);
var payloadBase64 = Convert.ToBase64String(payloadBytes);
var envelope = new DsseEnvelope(
payloadBase64,
"application/vnd.in-toto+json",
new[]
{
new DsseSignature(signature, options.KeyId),
});
var metadata = new SigningMetadata(
new SigningIdentity(
options.Mode,
caller.Subject,
caller.Subject,
_timeProvider.GetUtcNow().AddMinutes(10)),
Array.Empty<string>(),
options.ProviderName,
options.AlgorithmId);
var bundle = new SigningBundle(envelope, metadata);
return ValueTask.FromResult(bundle);
}
}