Merge pull request #26 from telerik/mvelikov/cloud-integration

chore: Cloud Integration (Azure & AWS) demos

Author: dessyordanova

.gitignore

@@ -107,34 +107,4 @@ Generated_Code #added for RIA/Silverlight projects
 _UpgradeReport_Files/
 Backup*/
 UpgradeLog*.XML
-/ZipLibrary/.vs
-/WordsProcessing/.vs
-/SpreadStreamProcessing/.vs
-/SpreadProcessing/.vs
-/PdfProcessing/.vs
-/PdfProcessing/AddWatermark/.vs
-/PdfProcessing/CreateDocumentWithImages/.vs
-/PdfProcessing/CreateInteractiveForms/.vs
-/PdfProcessing/CreatePdfUsingRadFixedDocumentEditor/.vs
-/PdfProcessing/DrawHeaderFooter/.vs
-/PdfProcessing/ExportUIElement/.vs
-/PdfProcessing/GenerateDocument/.vs
-/PdfProcessing/ManipulatePages/.vs
-/PdfProcessing/ModifyBookmarks/.vs
-/PdfProcessing/ModifyForms/.vs
-/PdfProcessing/PdfStreamWriterPerformance/.vs
-/PdfProcessing/PdfViewerIntegration/.vs
-/SpreadProcessing/ConvertDocuments/.vs
-/SpreadProcessing/CreateModifyExport/.vs
-/SpreadProcessing/ExportChart/.vs
-/SpreadProcessing/GenerateDocuments/.vs
-/SpreadStreamProcessing/AppendWorksheetToExistingWorkbook/.vs
-/SpreadStreamProcessing/GenerateDocument/.vs
-/WordsProcessing/ContentControls/.vs
-/WordsProcessing/ConvertDocuments/.vs
-/WordsProcessing/GenerateDocument/.vs
-/WordsProcessing/HtmlGenerator/.vs
-/WordsProcessing/MailMerge/.vs
-/ZipLibrary/CreateZipArchive/.vs
-/ZipLibrary/ExtractZipArchiveToDirectory/.vs
-/PdfProcessing/TesseractOcrProviderDemo/.vs
+.vs

CloudIntegration/AWS/ExternalSignFunction/ExternalSignAWSFunction/Dockerfile

@@ -0,0 +1,13 @@
+FROM public.ecr.aws/lambda/dotnet:8
+
+WORKDIR /var/task
+
+# This COPY command copies the .NET Lambda project's build artifacts from the host machine into the image. 
+# The source of the COPY should match where the .NET Lambda project publishes its build artifacts. If the Lambda function is being built 
+# with the AWS .NET Lambda Tooling, the `--docker-host-build-output-dir` switch controls where the .NET Lambda project
+# will be built. The .NET Lambda project templates default to having `--docker-host-build-output-dir`
+# set in the aws-lambda-tools-defaults.json file to "bin/Release/lambda-publish".
+#
+# Alternatively Docker multi-stage build could be used to build the .NET Lambda project inside the image.
+# For more information on this approach checkout the project's README.md file.
+COPY "bin/Release/lambda-publish"  .

CloudIntegration/AWS/ExternalSignFunction/ExternalSignAWSFunction/ExternalSignAWSFunction.csproj

@@ -0,0 +1,22 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <GenerateRuntimeConfigurationFiles>true</GenerateRuntimeConfigurationFiles>
+    <AWSProjectType>Lambda</AWSProjectType>
+    <!-- This property makes the build directory similar to a publish directory and helps the AWS .NET Lambda Mock Test Tool find project dependencies. -->
+    <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+    <!-- Generate ready to run images during publishing to improve cold start time. -->
+    <PublishReadyToRun>true</PublishReadyToRun>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Amazon.Lambda.Core" Version="*" />
+    <PackageReference Include="Amazon.Lambda.Serialization.SystemTextJson" Version="*" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Update="Resources\**\*">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
+</Project>

CloudIntegration/AWS/ExternalSignFunction/ExternalSignAWSFunction/Function.cs

@@ -0,0 +1,98 @@
+using Amazon.Lambda.Core;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+// Assembly attribute to enable the Lambda function's JSON input to be converted into a .NET class.
+[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]
+
+namespace ExternalSignAWSFunctionApp;
+
+/// <summary>
+/// AWS Lambda function that performs digital signature operations for PDF documents.
+/// </summary>
+public class Function
+{
+    /// <summary>
+    /// Handler for Lambda function invocations.
+    /// This method receives data to be signed, signs it using a private key certificate,
+    /// and returns the Base64-encoded signature.
+    /// </summary>
+    /// <param name="input">The input containing the data to sign and digest algorithm.</param>
+    /// <param name="context">The Lambda execution context.</param>
+    /// <returns>A Base64-encoded string representing the digital signature.</returns>
+    /// <exception cref="InvalidOperationException">Thrown when signing operation fails.</exception>
+    public async Task<string> FunctionHandler(Input input, ILambdaContext context)
+    {
+        // Decode the Base64-encoded data back to bytes
+        byte[] dataToSign = Convert.FromBase64String(input.DataToSign);
+
+        byte[]? result = SignData(dataToSign, input.DigestAlgorithm);
+
+        if (result != null)
+        {
+            return Convert.ToBase64String(result);
+        }
+        else
+        {
+            throw new InvalidOperationException("Signing operation failed");
+        }
+    }
+    
+    /// <summary>
+    /// Signs the provided data using RSA private key from a certificate.
+    /// </summary>
+    /// <param name="dataToSign">The byte array containing the data to be signed.</param>
+    /// <param name="digestAlgorithm">The hash algorithm to use (Sha256, Sha384, or Sha512).</param>
+    /// <returns>The signed data as a byte array.</returns>
+    /// <exception cref="InvalidOperationException">Thrown when certificate does not contain an RSA private key.</exception>
+    static byte[]? SignData(byte[] dataToSign, string? digestAlgorithm)
+    {
+        string certificateFilePassword = "johndoe";
+        string certificateFilePath = "Resources/JohnDoe.pfx";
+
+        using (Stream stream = File.OpenRead(certificateFilePath))
+        {
+            byte[] certRawData = new byte[stream.Length];
+            stream.ReadExactly(certRawData, 0, (int)stream.Length);
+
+            using (X509Certificate2 fullCert = new X509Certificate2(certRawData, certificateFilePassword))
+            {
+                using (RSA? rsa = fullCert.GetRSAPrivateKey())
+                {
+                    if (rsa == null)
+                    {
+                        throw new InvalidOperationException("Certificate does not contain an RSA private key");
+                    }
+
+                    // Map the digest algorithm string to HashAlgorithmName
+                    HashAlgorithmName algorithmName = HashAlgorithmName.SHA256;
+                    algorithmName = digestAlgorithm switch
+                    {
+                        "Sha384" => HashAlgorithmName.SHA384,
+                        "Sha512" => HashAlgorithmName.SHA512,
+                        _ => HashAlgorithmName.SHA256,
+                    };
+
+                    byte[]? bytes = rsa.SignData(dataToSign, algorithmName, RSASignaturePadding.Pkcs1);
+                    return bytes;
+                }
+            }
+        }
+    }
+
+    /// <summary>
+    /// Input model for the Lambda function containing data to sign and algorithm selection.
+    /// </summary>
+    public class Input
+    {
+        /// <summary>
+        /// Gets or sets the Base64-encoded data to be signed.
+        /// </summary>
+        public string DataToSign { get; set; } = string.Empty;
+
+        /// <summary>
+        /// Gets or sets the digest algorithm to use for signing (e.g., "Sha256", "Sha384", "Sha512").
+        /// </summary>
+        public string? DigestAlgorithm { get; set; }
+    }
+}

CloudIntegration/AWS/ExternalSignFunction/ExternalSignAWSFunction/Properties/launchSettings.json

@@ -0,0 +1,10 @@
+{
+  "profiles": {
+    "Mock Lambda Test Tool": {
+      "commandName": "Executable",
+      "commandLineArgs": "--port 5050",
+      "workingDirectory": ".\\bin\\$(Configuration)\\net8.0",
+      "executablePath": "%USERPROFILE%\\.dotnet\\tools\\dotnet-lambda-test-tool-8.0.exe"
+    }
+  }
+}

CloudIntegration/AWS/ExternalSignFunction/ExternalSignAWSFunction/README.md

@@ -0,0 +1,39 @@
+# ExternalSignAWSFunction
+
+An AWS Lambda function that receives data to be signed, performs RSA signing with a private key certificate, and returns the signature bytes.
+
+## Overview
+
+This Lambda function serves as a secure signing service that keeps private keys in the AWS cloud environment. It is designed to work with PDF signing applications that use Telerik Document Processing or similar libraries for external signing scenarios.
+
+## Features
+
+- **Secure Key Storage**: Private keys remain in AWS Lambda, never exposed to clients
+- **RSA Signing**: Supports RSA signature generation with PKCS#1 padding
+- **Multiple Hash Algorithms**: Supports SHA256, SHA384, and SHA512
+- **Synchronous Invocation**: RequestResponse invocation for immediate results
+- **JSON Serialization**: Uses System.Text.Json for efficient serialization
+
+## Prerequisites
+
+- AWS Account with appropriate permissions
+- .NET 8.0 runtime
+- Valid X.509 certificate with private key (.pfx format)
+- AWS Lambda deployment tools (AWS CLI, SAM CLI, or Visual Studio AWS Toolkit)
+
+## Dependencies
+
+- [.NET 8.0 SDK](https://dotnet.microsoft.com/download/dotnet/8.0)
+- [Amazon.Lambda.Core](https://www.nuget.org/packages/Amazon.Lambda.Core/)
+
+- ## Related Projects
+
+- **SigningApp**: Client application that invokes this Lambda function for PDF signing
+
+- - [AWS Lambda .NET Documentation](https://docs.aws.amazon.com/lambda/latest/dg/lambda-csharp.html)
+- [RSA Cryptography Documentation](https://docs.microsoft.com/dotnet/api/system.security.cryptography.rsa)
+
+## License
+
+This project is provided as a sample/demo. Please ensure you have appropriate licenses for:
+- Telerik Document Processing Library. Check the [Pricing and Licensing FAQ](https://www.telerik.com/faqs/pricing-and-licensing).

CloudIntegration/AWS/ExternalSignFunction/ExternalSignAWSFunction/Resources/JohnDoe.pfx

@@ -0,0 +1,26 @@
+{
+  "Information": [
+    "This file provides default values for the deployment wizard inside Visual Studio and the AWS Lambda commands added to the .NET Core CLI.",
+    "To learn more about the Lambda commands with the .NET Core CLI execute the following command at the command line in the project root directory.",
+    "dotnet lambda help",
+    "All the command line options for the Lambda command can be specified in this file."
+  ],
+  "profile": "telerik-dpl",
+  "region": "eu-north-1",
+  "configuration": "Release",
+  "package-type": "Image",
+  "function-memory-size": 512,
+  "function-timeout": 30,
+  "image-command": "ExternalSignAWSFunctionApp::ExternalSignAWSFunctionApp.Function::FunctionHandler",
+  "docker-host-build-output-dir": "./bin/Release/lambda-publish",
+  "function-name": "ExternalSignPdfAWSFunction",
+  "function-role": "",
+  "function-architecture": "x86_64",
+  "function-subnets": "",
+  "function-security-groups": "",
+  "tracing-mode": "PassThrough",
+  "environment-variables": "",
+  "dockerfile": "Dockerfile",
+  "image-tag": "telerik/dpl:latest",
+  "function-description": ""
+}

CloudIntegration/AWS/ExternalSignFunction/ExternalSignAWSFunction/aws-lambda-tools-defaults.json

@@ -0,0 +1,4 @@
+<Solution>
+  <Project Path="ExternalSignAWSFunction/ExternalSignAWSFunction.csproj" />
+  <Project Path="SigningApp/SigningApp.csproj" />
+</Solution>

CloudIntegration/AWS/ExternalSignFunction/ExternalSignAWSFunctionApp.slnx

@@ -0,0 +1,32 @@
+# External PDF Signing with AWS Lambda
+
+A solution for digitally signing PDF documents using AWS Lambda with Telerik Document Processing, where the private key remains secure in AWS Lambda, separated from the document processing client application.
+
+## Solution Overview
+
+This solution demonstrates a secure architecture for PDF digital signatures where the private signing key remains in AWS Lambda, providing enhanced security by keeping sensitive keys in the cloud rather than on client machines.
+
+### Architecture
+
+```
+???????????????????         ????????????????????????
+?   SigningApp    ???????????  AWS Lambda          ?
+?   (Client)      ? HTTPS   ?  (Signing Service)   ?
+?                 ???????????                      ?
+? - Telerik DPL   ?         ? - Private Key (.pfx) ?
+? - Public Key    ?         ? - RSA Signing        ?
+???????????????????         ????????????????????????
+```
+
+## Included Projects
+
+- **ExternalSignAWSFunction** - AWS Lambda function that performs cryptographic signing
+- **SigningApp** - Client application that creates and signs PDF documents
+
+## Dependencies
+
+- [.NET 8.0 SDK](https://dotnet.microsoft.com/download/dotnet/8.0)
+- [AWS SDK for .NET](https://aws.amazon.com/sdk-for-net/)
+- [Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/) - Check the [Pricing and Licensing FAQ](https://www.telerik.com/faqs/pricing-and-licensing)
+- [AWS Lambda Documentation](https://docs.aws.amazon.com/lambda/)
+- [Telerik Digital Signatures Documentation](https://docs.telerik.com/devtools/document-processing/libraries/radpdfprocessing/features/digital-signature)