up
This commit is contained in:
StellaOps Bot
@@ -1,24 +1,26 @@
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using StellaOps.Signer.Core;
|
||||
using StellaOps.Signer.Infrastructure.Auditing;
|
||||
using StellaOps.Signer.Infrastructure.ProofOfEntitlement;
|
||||
using StellaOps.Signer.Infrastructure.Quotas;
|
||||
using StellaOps.Signer.Infrastructure.ReleaseVerification;
|
||||
using StellaOps.Signer.Infrastructure.Signing;
|
||||
|
||||
namespace StellaOps.Signer.Infrastructure;
|
||||
|
||||
public static class ServiceCollectionExtensions
|
||||
{
|
||||
public static IServiceCollection AddSignerPipeline(this IServiceCollection services)
|
||||
{
|
||||
services.AddSingleton<ISignerPipeline, SignerPipeline>();
|
||||
services.AddSingleton<IProofOfEntitlementIntrospector, InMemoryProofOfEntitlementIntrospector>();
|
||||
services.AddSingleton<IReleaseIntegrityVerifier, DefaultReleaseIntegrityVerifier>();
|
||||
services.AddSingleton<ISignerQuotaService, InMemoryQuotaService>();
|
||||
services.AddSingleton<IDsseSigner, HmacDsseSigner>();
|
||||
services.AddSingleton<ISignerAuditSink, InMemorySignerAuditSink>();
|
||||
services.AddSingleton(TimeProvider.System);
|
||||
return services;
|
||||
}
|
||||
}
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using StellaOps.Cryptography;
|
||||
using StellaOps.Signer.Core;
|
||||
using StellaOps.Signer.Infrastructure.Auditing;
|
||||
using StellaOps.Signer.Infrastructure.ProofOfEntitlement;
|
||||
using StellaOps.Signer.Infrastructure.Quotas;
|
||||
using StellaOps.Signer.Infrastructure.ReleaseVerification;
|
||||
using StellaOps.Signer.Infrastructure.Signing;
|
||||
|
||||
namespace StellaOps.Signer.Infrastructure;
|
||||
|
||||
public static class ServiceCollectionExtensions
|
||||
{
|
||||
public static IServiceCollection AddSignerPipeline(this IServiceCollection services)
|
||||
{
|
||||
services.AddSingleton<ISignerPipeline, SignerPipeline>();
|
||||
services.AddSingleton<IProofOfEntitlementIntrospector, InMemoryProofOfEntitlementIntrospector>();
|
||||
services.AddSingleton<IReleaseIntegrityVerifier, DefaultReleaseIntegrityVerifier>();
|
||||
services.AddSingleton<ISignerQuotaService, InMemoryQuotaService>();
|
||||
services.AddSingleton<IDsseSigner, HmacDsseSigner>();
|
||||
services.AddSingleton<ISignerAuditSink, InMemorySignerAuditSink>();
|
||||
services.AddSingleton(TimeProvider.System);
|
||||
services.AddSingleton<ICryptoHmac, DefaultCryptoHmac>();
|
||||
return services;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@ using System;
|
||||
using System.Collections.Generic;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Org.BouncyCastle.Asn1.Pkcs;
|
||||
using Org.BouncyCastle.Pkcs;
|
||||
using Org.BouncyCastle.Crypto.Generators;
|
||||
using Org.BouncyCastle.Crypto.Parameters;
|
||||
using Org.BouncyCastle.Security;
|
||||
@@ -31,9 +31,18 @@ public static partial class TestCryptoFactory
|
||||
var registry = provider.GetRequiredService<ICryptoProviderRegistry>();
|
||||
|
||||
// Seed a test key
|
||||
var smProvider = (SmSoftCryptoProvider)provider.GetRequiredService<ICryptoProvider>();
|
||||
var key = Sm2TestKeyFactory.Create("sm2-key");
|
||||
smProvider.UpsertSigningKey(key);
|
||||
var previousGate = Environment.GetEnvironmentVariable("SM_SOFT_ALLOWED");
|
||||
Environment.SetEnvironmentVariable("SM_SOFT_ALLOWED", "1");
|
||||
try
|
||||
{
|
||||
var smProvider = (SmSoftCryptoProvider)provider.GetRequiredService<ICryptoProvider>();
|
||||
var key = Sm2TestKeyFactory.Create("sm2-key");
|
||||
smProvider.UpsertSigningKey(key);
|
||||
}
|
||||
finally
|
||||
{
|
||||
Environment.SetEnvironmentVariable("SM_SOFT_ALLOWED", previousGate);
|
||||
}
|
||||
|
||||
return registry;
|
||||
}
|
||||
@@ -48,7 +57,7 @@ internal static class Sm2TestKeyFactory
|
||||
var generator = new ECKeyPairGenerator("EC");
|
||||
generator.Init(new ECKeyGenerationParameters(domain, new SecureRandom()));
|
||||
var pair = generator.GenerateKeyPair();
|
||||
var privateDer = Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private).GetDerEncoded();
|
||||
var privateDer = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private).GetDerEncoded();
|
||||
var reference = new CryptoKeyReference(keyId, "cn.sm.soft");
|
||||
return new CryptoSigningKey(reference, SignatureAlgorithms.Sm2, privateDer, DateTimeOffset.UtcNow);
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using System.Text.Json;
|
||||
using FluentAssertions;
|
||||
using Microsoft.Extensions.Logging.Abstractions;
|
||||
using Microsoft.Extensions.Options;
|
||||
@@ -33,13 +34,29 @@ public class DualSignTests
|
||||
var signer = new CryptoDsseSigner(registry, resolver, options, NullLogger<CryptoDsseSigner>.Instance);
|
||||
|
||||
var request = new SigningRequest(
|
||||
Options: new SigningOptions(SigningMode.Keyless),
|
||||
Payload: Array.Empty<byte>(),
|
||||
Subjects: Array.Empty<SigningSubject>(),
|
||||
PredicateType: "demo");
|
||||
PredicateType: "demo",
|
||||
Predicate: JsonDocument.Parse("{}"),
|
||||
ScannerImageDigest: "sha256:dummydigest",
|
||||
ProofOfEntitlement: new ProofOfEntitlement(SignerPoEFormat.Jwt, "ok"),
|
||||
Options: new SigningOptions(SigningMode.Keyless, ExpirySeconds: null, ReturnBundle: "full"));
|
||||
|
||||
var entitlement = new ProofOfEntitlementResult(true, "entitled", Array.Empty<string>());
|
||||
var caller = new CallerContext("tenant", "subject", "plan", "scanner-digest");
|
||||
var entitlement = new ProofOfEntitlementResult(
|
||||
LicenseId: "lic",
|
||||
CustomerId: "cust",
|
||||
Plan: "plan",
|
||||
MaxArtifactBytes: 1024 * 1024,
|
||||
QpsLimit: 10,
|
||||
QpsRemaining: 10,
|
||||
ExpiresAtUtc: DateTimeOffset.UtcNow.AddMinutes(5));
|
||||
|
||||
var caller = new CallerContext(
|
||||
Subject: "subject",
|
||||
Tenant: "tenant",
|
||||
Scopes: Array.Empty<string>(),
|
||||
Audiences: Array.Empty<string>(),
|
||||
SenderBinding: null,
|
||||
ClientCertificateThumbprint: null);
|
||||
|
||||
var bundle = await signer.SignAsync(request, entitlement, caller, CancellationToken.None);
|
||||
|
||||
@@ -104,15 +121,15 @@ public class DualSignTests
|
||||
this.provider = provider;
|
||||
}
|
||||
|
||||
public Task<SigningKeyResolution> ResolveKeyAsync(SigningMode mode, string tenant, CancellationToken cancellationToken)
|
||||
public ValueTask<SigningKeyResolution> ResolveKeyAsync(SigningMode mode, string tenant, CancellationToken cancellationToken)
|
||||
{
|
||||
return Task.FromResult(new SigningKeyResolution(
|
||||
return ValueTask.FromResult(new SigningKeyResolution(
|
||||
keyId,
|
||||
provider,
|
||||
issuer: null,
|
||||
subject: null,
|
||||
expiresAtUtc: null,
|
||||
certificateChain: Array.Empty<string>()));
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
Array.Empty<string>()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -108,7 +108,7 @@ public class Sm2SigningTests : IDisposable
|
||||
JsonDocument.Parse("{}"),
|
||||
"sha256:00",
|
||||
new ProofOfEntitlement(SignerPoEFormat.Jwt, "stub"),
|
||||
new SigningOptions(SigningMode.Keyless, null, null));
|
||||
new SigningOptions(SigningMode.Keyless, null, "dsse"));
|
||||
}
|
||||
|
||||
private static CallerContext BuildCaller() => new(
|
||||
@@ -116,6 +116,6 @@ public class Sm2SigningTests : IDisposable
|
||||
Tenant: "tenant-1",
|
||||
Scopes: Array.Empty<string>(),
|
||||
Audiences: Array.Empty<string>(),
|
||||
SenderBinding: null,
|
||||
ClientCertificateThumbprint: null);
|
||||
SenderBinding: string.Empty,
|
||||
ClientCertificateThumbprint: string.Empty);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user