56 lines
1.8 KiB
C#
56 lines
1.8 KiB
C#
using System.Security.Cryptography;
|
|
using System.Threading;
|
|
using System.Threading.Tasks;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using StellaOps.Cryptography;
|
|
|
|
namespace StellaOps.Cryptography.Kms;
|
|
|
|
internal sealed class KmsSigner : ICryptoSigner
|
|
{
|
|
private readonly IKmsClient _client;
|
|
private readonly string _keyId;
|
|
private readonly string _versionId;
|
|
private readonly string _algorithm;
|
|
|
|
public KmsSigner(IKmsClient client, KmsSigningRegistration registration)
|
|
{
|
|
_client = client;
|
|
_keyId = registration.KeyId;
|
|
_versionId = registration.VersionId;
|
|
_algorithm = registration.Algorithm;
|
|
}
|
|
|
|
public string KeyId => _keyId;
|
|
|
|
public string AlgorithmId => _algorithm;
|
|
|
|
public async ValueTask<byte[]> SignAsync(ReadOnlyMemory<byte> data, CancellationToken cancellationToken = default)
|
|
{
|
|
var result = await _client.SignAsync(_keyId, _versionId, data, cancellationToken).ConfigureAwait(false);
|
|
return result.Signature;
|
|
}
|
|
|
|
public ValueTask<bool> VerifyAsync(ReadOnlyMemory<byte> data, ReadOnlyMemory<byte> signature, CancellationToken cancellationToken = default)
|
|
=> new(_client.VerifyAsync(_keyId, _versionId, data, signature, cancellationToken));
|
|
|
|
public JsonWebKey ExportPublicJsonWebKey()
|
|
{
|
|
var material = _client.ExportAsync(_keyId, _versionId).GetAwaiter().GetResult();
|
|
var jwk = new JsonWebKey
|
|
{
|
|
Kid = material.KeyId,
|
|
Alg = material.Algorithm,
|
|
Kty = JsonWebAlgorithmsKeyTypes.EllipticCurve,
|
|
Use = JsonWebKeyUseNames.Sig,
|
|
Crv = JsonWebKeyECTypes.P256,
|
|
};
|
|
|
|
jwk.KeyOps.Add("sign");
|
|
jwk.KeyOps.Add("verify");
|
|
jwk.X = Base64UrlEncoder.Encode(material.Qx);
|
|
jwk.Y = Base64UrlEncoder.Encode(material.Qy);
|
|
return jwk;
|
|
}
|
|
}
|