Restructure solution layout by module

2025-10-28 15:10:40 +02:00
parent 95daa159c4
commit d870da18ce
4103 changed files with 192899 additions and 187024 deletions
--- a/src/Signer/StellaOps.Signer/StellaOps.Signer.Infrastructure/Signing/HmacDsseSigner.cs
+++ b/src/Signer/StellaOps.Signer/StellaOps.Signer.Infrastructure/Signing/HmacDsseSigner.cs
@@ -0,0 +1,64 @@
+using System;
+using System.Collections.Generic;
+using System.Security.Cryptography;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Options;
+using StellaOps.Signer.Core;
+using StellaOps.Signer.Infrastructure.Options;
+
+namespace StellaOps.Signer.Infrastructure.Signing;
+
+public sealed class HmacDsseSigner : IDsseSigner
+{
+    private readonly IOptionsMonitor<SignerCryptoOptions> _options;
+    private readonly TimeProvider _timeProvider;
+
+    public HmacDsseSigner(IOptionsMonitor<SignerCryptoOptions> options, TimeProvider timeProvider)
+    {
+        _options = options ?? throw new ArgumentNullException(nameof(options));
+        _timeProvider = timeProvider ?? TimeProvider.System;
+    }
+
+    public ValueTask<SigningBundle> SignAsync(
+        SigningRequest request,
+        ProofOfEntitlementResult entitlement,
+        CallerContext caller,
+        CancellationToken cancellationToken)
+    {
+        ArgumentNullException.ThrowIfNull(request);
+        ArgumentNullException.ThrowIfNull(entitlement);
+        ArgumentNullException.ThrowIfNull(caller);
+
+        var options = _options.CurrentValue;
+        var payloadBytes = SignerStatementBuilder.BuildStatementPayload(request);
+
+        var secretBytes = Convert.FromBase64String(options.Secret);
+        using var hmac = new HMACSHA256(secretBytes);
+        var signatureBytes = hmac.ComputeHash(payloadBytes);
+        var signature = Convert.ToBase64String(signatureBytes);
+        var payloadBase64 = Convert.ToBase64String(payloadBytes);
+
+        var envelope = new DsseEnvelope(
+            payloadBase64,
+            "application/vnd.in-toto+json",
+            new[]
+            {
+                new DsseSignature(signature, options.KeyId),
+            });
+
+        var metadata = new SigningMetadata(
+            new SigningIdentity(
+                options.Mode,
+                caller.Subject,
+                caller.Subject,
+                _timeProvider.GetUtcNow().AddMinutes(10)),
+            Array.Empty<string>(),
+            options.ProviderName,
+            options.AlgorithmId);
+
+        var bundle = new SigningBundle(envelope, metadata);
+        return ValueTask.FromResult(bundle);
+    }
+}