forked from tmds/Tmds.Ssh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAzureRsaKey.cs
59 lines (50 loc) · 1.9 KB
/
AzureRsaKey.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
using Azure.Security.KeyVault.Keys.Cryptography;
using System;
using System.Security.Cryptography;
using System.Threading;
using AzureSignatureAlgorithm = Azure.Security.KeyVault.Keys.Cryptography.SignatureAlgorithm;
namespace Tmds.Ssh.AzureKeyExample;
sealed class AzureRsaKey : RSA
{
private readonly CryptographyClient _cryptoClient;
private readonly RSAParameters _publicParameters;
private readonly CancellationToken _cancellationToken;
public AzureRsaKey(
CryptographyClient client,
RSAParameters publicParameters,
CancellationToken cancellationToken)
{
KeySizeValue = publicParameters.Modulus!.Length * 8;
_cryptoClient = client;
_publicParameters = publicParameters;
_cancellationToken = cancellationToken;
}
public override RSAParameters ExportParameters(bool includePrivateParameters)
{
if (includePrivateParameters)
{
throw new CryptographicException("Cannot export private parameters");
}
return _publicParameters;
}
public override void ImportParameters(RSAParameters parameters)
=> throw new NotImplementedException();
public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
{
if (padding != RSASignaturePadding.Pkcs1)
{
throw new CryptographicException($"Unsupported padding {padding}");
}
AzureSignatureAlgorithm sigAlgo = hashAlgorithm.Name switch
{
"SHA256" => AzureSignatureAlgorithm.RS256,
"SHA512" => AzureSignatureAlgorithm.RS512,
_ => throw new CryptographicException($"Unsupported hash algorithm {hashAlgorithm.Name}"),
};
SignResult res = _cryptoClient.SignAsync(
sigAlgo,
hash,
_cancellationToken).GetAwaiter().GetResult();
return res.Signature;
}
}