using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.AspNetCore.DataProtection.KeyManagement;
using Microsoft.Extensions.DependencyInjection;
using VaultSharpDataProtection;
using VaultSharp;
using VaultSharp.V1.AuthMethods.Token;
namespace Microsoft.AspNetCore.DataProtection
{
///
/// Provides registration methods for VaultSharp data protection key repository.
///
public static class VaultSharpDataProtectionBuilderExtensions
{
const string _defaultPath = "data-protection-keys";
const string _defaultMountPoint = "kv";
///
/// Configures the data protection system to persist keys to Vault
/// using the default path and mount point.
///
/// The builder instance to modify.
/// The client to use.
///
/// A reference to the .
///
public static IDataProtectionBuilder PersistKeysToVault(
this IDataProtectionBuilder builder,
IVaultClient vaultClient) => builder.PersistKeysToVault(vaultClient, null, null);
///
/// Configures the data protection system to persist keys to Vault.
///
/// The builder instance to modify.
/// The client to use.
/// The path to store keys to.
/// The Vault key/value mount point.
///
/// A reference to the .
///
public static IDataProtectionBuilder PersistKeysToVault(
this IDataProtectionBuilder builder,
IVaultClient vaultClient,
string path,
string mountPoint)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (vaultClient == null)
{
throw new ArgumentNullException(nameof(vaultClient));
}
builder.Services.Configure(o =>
{
o.XmlRepository = new VaultSharpXmlRepository(vaultClient, path ?? _defaultPath, mountPoint ?? _defaultMountPoint);
});
return builder;
}
///
/// Configures the data protection system to persist keys to Vault
/// using the default path and mount point.
///
/// The builder instance to modify.
/// The client builder.
///
/// A reference to the .
///
public static IDataProtectionBuilder PersistKeysToVault(
this IDataProtectionBuilder builder,
Func clientBuilder) => builder.PersistKeysToVault(clientBuilder, null, null);
///
/// Configures the data protection system to persist keys to Vault.
///
/// The builder instance to modify.
/// The client builder.
/// The path to store keys to.
/// The Vault key/value mount point.
///
/// A reference to the .
///
public static IDataProtectionBuilder PersistKeysToVault(
this IDataProtectionBuilder builder,
Func clientBuilder,
string path,
string mountPoint)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (clientBuilder == null)
{
throw new ArgumentNullException(nameof(clientBuilder));
}
return PersistKeysToVault(builder, clientBuilder(), path, mountPoint);
}
///
/// Configures the data protection system to persist keys to Vault.
///
/// The builder instance to modify.
/// The Vault URI.
/// The Vault access token.
/// The path to store keys to.
/// The Vault key/value mount point.
///
/// A reference to the .
///
public static IDataProtectionBuilder PersistKeysToVault(
this IDataProtectionBuilder builder,
Uri vaultUri,
string token,
string path,
string mountPoint)
{
var client = new VaultClient(new VaultClientSettings(vaultUri.ToString(), new TokenAuthMethodInfo(token)));
return builder.PersistKeysToVault(client, path, mountPoint);
}
///
/// Configures the data protection system to persist keys to Vault
/// using the default path and mount point.
///
/// The builder instance to modify.
/// The Vault URI.
/// The Vault access token.
///
/// A reference to the .
///
public static IDataProtectionBuilder PersistKeysToVault(
this IDataProtectionBuilder builder,
Uri vaultUri,
string token) => builder.PersistKeysToVault(vaultUri, token, null, null);
}
}