Skip to content

Commit

Permalink
Adds support for BYOK end-points
Browse files Browse the repository at this point in the history
  • Loading branch information
kailash-b committed Nov 4, 2024
1 parent 7c9d625 commit 54fafa6
Show file tree
Hide file tree
Showing 17 changed files with 452 additions and 4 deletions.
46 changes: 46 additions & 0 deletions src/Auth0.ManagementApi/Clients/IKeysClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ namespace Auth0.ManagementApi.Clients
using System.Threading;
using System.Threading.Tasks;
using Models.Keys;
using Paging;

public interface IKeysClient
{
Expand Down Expand Up @@ -36,5 +37,50 @@ public interface IKeysClient
/// <param name="cancellationToken">The cancellation token to cancel operation.</param>
/// <returns>The revoked key's cert and kid.</returns>
Task<RevokeSigningKeyResponse> RevokeSigningKeyAsync(string kid, CancellationToken cancellationToken = default);

/// <summary>
/// Retrieve details of all the encryption keys associated with your tenant.
/// </summary>
/// <param name="pagination"><see cref="PaginationInfo"/></param>
/// <param name="cancellationToken">The cancellation token to cancel operation.</param>
/// <returns>Retrieve details of all the encryption keys associated with your tenant. <see cref="Auth0.ManagementApi.Models.EncryptionKey" />.</returns>
Task<IPagedList<EncryptionKey>> GetAllEncryptionKeysAsync(PaginationInfo pagination, CancellationToken cancellationToken = default);

/// <summary>
/// Create the new, pre-activated encryption key, without the key material.
/// </summary>
/// <param name="request"><see cref="EncryptionKeyCreateRequest"/></param>
/// <param name="cancellationToken">The cancellation token to cancel operation.</param>
/// <returns>Newly created pre-activated encryption key <see cref="Auth0.ManagementApi.Models.EncryptionKey" />.</returns>
Task<EncryptionKey> CreateEncryptionKeyAsync(EncryptionKeyCreateRequest request, CancellationToken cancellationToken = default);

/// <summary>
/// Retrieve details of the encryption key with the given ID.
/// </summary>
/// <param name="request"><see cref="EncryptionKeyGetRequest"/></param>
/// <param name="cancellationToken">The cancellation token to cancel operation.</param>
/// <returns>Retrieve details of the encryption key associated with the id. <see cref="Auth0.ManagementApi.Models.EncryptionKey" />.</returns>
Task<EncryptionKey> GetEncryptionKeyAsync(EncryptionKeyGetRequest request, CancellationToken cancellationToken = default);

/// <summary>
/// Delete the custom provided encryption key with the given ID and move back to using native encryption key.
/// </summary>
/// <param name="kid">Encryption key ID</param>
/// <param name="cancellationToken">The cancellation token to cancel operation.</param>
Task DeleteEncryptionKeyAsync(string kid, CancellationToken cancellationToken = default);

/// <summary>
/// Import wrapped key material and activate encryption key.
/// </summary>
/// <param name="request"><see cref="EncryptionKeyImportRequest"/></param>
/// <param name="cancellationToken">The cancellation token to cancel operation.</param>
Task<EncryptionKey> ImportEncryptionKeyAsync(EncryptionKeyImportRequest request, CancellationToken cancellationToken = default);

/// <summary>
/// Create the public wrapping key to wrap your own encryption key material.
/// </summary>
/// <param name="request"><see cref="WrappingKeyCreateRequest"/></param>
/// <param name="cancellationToken">The cancellation token to cancel operation.</param>
Task<WrappingKey> CreatePublicWrappingKeyAsync(WrappingKeyCreateRequest request, CancellationToken cancellationToken = default);
}
}
103 changes: 103 additions & 0 deletions src/Auth0.ManagementApi/Clients/KeysClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
using System.Threading;
using System.Threading.Tasks;
using Auth0.ManagementApi.Models.Keys;
using Auth0.ManagementApi.Paging;
using Newtonsoft.Json;
using EncryptionKey = Auth0.ManagementApi.Models.Keys.EncryptionKey;

namespace Auth0.ManagementApi.Clients
{
Expand All @@ -13,6 +16,7 @@ namespace Auth0.ManagementApi.Clients
/// </summary>
public class KeysClient : BaseClient, IKeysClient
{
readonly JsonConverter[] converters = new JsonConverter[] { new PagedListConverter<EncryptionKey>("keys") };
/// <summary>
/// Initializes a new instance of the <see cref="KeysClient"/> class.
/// </summary>
Expand Down Expand Up @@ -65,5 +69,104 @@ public Task<RevokeSigningKeyResponse> RevokeSigningKeyAsync(string kid, Cancella
{
return Connection.SendAsync<RevokeSigningKeyResponse>(HttpMethod.Put, BuildUri($"keys/signing/{EncodePath(kid)}/revoke"), null, DefaultHeaders, cancellationToken: cancellationToken);
}

/// <inheritdoc cref="IKeysClient.GetAllEncryptionKeysAsync"/>
public Task<IPagedList<EncryptionKey>> GetAllEncryptionKeysAsync(
PaginationInfo pagination, CancellationToken cancellationToken = default)
{
var queryStrings = new Dictionary<string, string>();

if (pagination != null)
{
queryStrings["page"] = pagination.PageNo.ToString();
queryStrings["per_page"] = pagination.PerPage.ToString();
queryStrings["include_totals"] = pagination.IncludeTotals.ToString().ToLower();
}

return Connection.GetAsync<IPagedList<EncryptionKey>>(
BuildUri("keys/encryption", queryStrings), DefaultHeaders, converters, cancellationToken);
}

/// <inheritdoc cref="IKeysClient.CreateEncryptionKeyAsync"/>
public Task<EncryptionKey> CreateEncryptionKeyAsync(
EncryptionKeyCreateRequest request, CancellationToken cancellationToken = default)
{
if (request == null)
throw new ArgumentNullException(nameof(request));

if (string.IsNullOrEmpty(request.Type))
throw new ArgumentNullException(nameof(request.Type));

return Connection.SendAsync<EncryptionKey>(
HttpMethod.Post,
BuildUri("keys/encryption"),
request,
DefaultHeaders,
cancellationToken: cancellationToken);
}

/// <inheritdoc cref="IKeysClient.GetEncryptionKeyAsync"/>
public Task<EncryptionKey> GetEncryptionKeyAsync(
EncryptionKeyGetRequest request, CancellationToken cancellationToken = default)
{
if (request == null)
throw new ArgumentNullException(nameof(request));

if (string.IsNullOrEmpty(request.Kid))
throw new ArgumentNullException(nameof(request.Kid));

return Connection.GetAsync<EncryptionKey>(
BuildUri($"keys/encryption/{EncodePath(request.Kid)}"), DefaultHeaders, null, cancellationToken);
}

/// <inheritdoc cref="IKeysClient.DeleteEncryptionKeyAsync"/>
public Task DeleteEncryptionKeyAsync(string kid, CancellationToken cancellationToken = default)
{
if (kid == null)
throw new ArgumentNullException(nameof(kid));

return Connection.SendAsync<object>(
HttpMethod.Delete,
BuildUri($"keys/encryption/{EncodePath(kid)}"),
null,
DefaultHeaders,
cancellationToken: cancellationToken);
}

/// <inheritdoc cref="IKeysClient.ImportEncryptionKeyAsync"/>
public Task<EncryptionKey> ImportEncryptionKeyAsync(
EncryptionKeyImportRequest request, CancellationToken cancellationToken = default)
{
if (request == null)
throw new ArgumentNullException(nameof(request));

if (string.IsNullOrEmpty(request.Kid))
throw new ArgumentNullException(nameof(request.Kid));

return Connection.SendAsync<EncryptionKey>(
HttpMethod.Post,
BuildUri($"keys/encryption/{EncodePath(request.Kid)}"),
request,
DefaultHeaders,
cancellationToken: cancellationToken);
}

/// <inheritdoc cref="IKeysClient.CreatePublicWrappingKeyAsync"/>
public Task<WrappingKey> CreatePublicWrappingKeyAsync(
WrappingKeyCreateRequest request, CancellationToken cancellationToken = default)
{
if (request == null)
throw new ArgumentNullException(nameof(request));

if (string.IsNullOrEmpty(request.Kid))
throw new ArgumentNullException(nameof(request.Kid));

return Connection.SendAsync<WrappingKey>(
HttpMethod.Post,
BuildUri($"keys/encryption/{EncodePath(request.Kid)}/wrapping-key"),
body: null,
headers: DefaultHeaders,
cancellationToken: cancellationToken);
}
}
}
53 changes: 53 additions & 0 deletions src/Auth0.ManagementApi/Models/Keys/EncryptionKey.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
using System;
using System.Net.Security;
using Newtonsoft.Json;
using Newtonsoft.Json.Converters;

namespace Auth0.ManagementApi.Models.Keys
{
/// <summary>
/// Represents and Encryption Key
/// </summary>
public class EncryptionKey
{
/// <summary>
/// Key ID
/// </summary>
[JsonProperty("kid")]
public string Kid { get; set; }

/// <inheritdoc cref="EncryptionKeyType"/>
[JsonProperty("type")]
[JsonConverter(typeof(StringEnumConverter))]
public EncryptionKeyType Type { get; set; }

/// <inheritdoc cref="EncryptionKeyState"/>
[JsonProperty("state")]
[JsonConverter(typeof(StringEnumConverter))]
public EncryptionKeyState State { get; set; }

/// <summary>
/// Key creation timestamp
/// </summary>
[JsonProperty("created_at")]
public DateTime CreatedAt { get; set; }

/// <summary>
/// Key update timestamp
/// </summary>
[JsonProperty("updated_at")]
public DateTime UpdatedAt { get; set; }

/// <summary>
/// ID of the parent wrapping key.
/// </summary>
[JsonProperty("parent_kid")]
public string ParentKid { get; set; }

/// <summary>
/// Public key in PEM format
/// </summary>
[JsonProperty("public_key")]
public string PublicKey { get; set; }
}
}
17 changes: 17 additions & 0 deletions src/Auth0.ManagementApi/Models/Keys/EncryptionKeyCreateRequest.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
using Newtonsoft.Json;

namespace Auth0.ManagementApi.Models.Keys
{
/// <summary>
/// Contains information required for creating an encryption key.
/// </summary>
public class EncryptionKeyCreateRequest
{
/// <summary>
/// Type of the encryption key to be created.
/// Possible values: [customer-provided-root-key, tenant-encryption-key]
/// </summary>
[JsonProperty("type")]
public string Type { get; set; }
}
}
13 changes: 13 additions & 0 deletions src/Auth0.ManagementApi/Models/Keys/EncryptionKeyGetRequest.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
namespace Auth0.ManagementApi.Models.Keys
{
/// <summary>
/// Contains information required for getting an encryption key.
/// </summary>
public class EncryptionKeyGetRequest
{
/// <summary>
/// Encryption key ID.
/// </summary>
public string Kid { get; set; }
}
}
21 changes: 21 additions & 0 deletions src/Auth0.ManagementApi/Models/Keys/EncryptionKeyImportRequest.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
using Newtonsoft.Json;

namespace Auth0.ManagementApi.Models.Keys
{
/// <summary>
/// Contains information required for importing an encryption key.
/// </summary>
public class EncryptionKeyImportRequest
{
/// <summary>
/// Encryption key ID
/// </summary>
public string Kid { get; set; }

/// <summary>
/// Base64 encoded ciphertext of key material wrapped by public wrapping key.
/// </summary>
[JsonProperty("wrapped_key")]
public string WrappedKey { get; set; }
}
}
22 changes: 22 additions & 0 deletions src/Auth0.ManagementApi/Models/Keys/EncryptionKeyState.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
using System.Runtime.Serialization;

namespace Auth0.ManagementApi.Models.Keys
{
/// <summary>
/// Encryption Key State
/// </summary>
public enum EncryptionKeyState
{
[EnumMember(Value = "pre-activation")]
PreActivation,

[EnumMember(Value = "active")]
Active,

[EnumMember(Value = "deactivated")]
Deactivated,

[EnumMember(Value = "destroyed")]
Destroyed,
}
}
22 changes: 22 additions & 0 deletions src/Auth0.ManagementApi/Models/Keys/EncryptionKeyType.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
using System.Runtime.Serialization;

namespace Auth0.ManagementApi.Models.Keys
{
/// <summary>
/// Encryption Key Type
/// </summary>
public enum EncryptionKeyType
{
[EnumMember(Value = "customer-provided-root-key")]
CustomerProvidedRootKey,

[EnumMember(Value = "environment-root-key")]
EnvironmentRootKey,

[EnumMember(Value = "tenant-master-key")]
TenantMasterKey,

[EnumMember(Value = "tenant-encryption-key")]
TenantEncryptionKey,
}
}
22 changes: 22 additions & 0 deletions src/Auth0.ManagementApi/Models/Keys/WrappingKey.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
using Newtonsoft.Json;

namespace Auth0.ManagementApi.Models.Keys
{
/// <summary>
/// Represents the WrappingKey
/// </summary>
public class WrappingKey
{
/// <summary>
/// Public wrapping key in PEM format
/// </summary>
[JsonProperty("public_key")]
public string PublicKey { get; set; }

/// <summary>
/// Encryption Algorithm that shall be used to wrap your key material
/// </summary>
[JsonProperty("algorithm")]
public string Algorithm { get; set; }
}
}
13 changes: 13 additions & 0 deletions src/Auth0.ManagementApi/Models/Keys/WrappingKeyCreateRequest.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
namespace Auth0.ManagementApi.Models.Keys
{
/// <summary>
/// Contains information required for creating a wrapping key.
/// </summary>
public class WrappingKeyCreateRequest
{
/// <summary>
/// Encryption key ID
/// </summary>
public string Kid { get; set; }
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ public static async Task CleanupAsync(ManagementApiClient client, CleanUpType ty
new UsersCleanUpStrategy(client),
new RulesCleanUpStrategy(client),
new LogStreamsCleanUpStrategy(client),
new RolesCleanUpStrategy(client)
new RolesCleanUpStrategy(client),
new EncryptionKeysCleanupStrategy(client)
};

var cleanUpStrategy = strategies.Single(s => s.Type == type);
Expand Down
Loading

0 comments on commit 54fafa6

Please sign in to comment.