public async Task <IEnumerable <SecurityKey> > GetValidationKeysAsync() { if (_cache.TryGetValue("ValidationKeys", out List <SecurityKey> validationKeys)) { return(validationKeys); } validationKeys = new List <SecurityKey>(); var certificateVersions = await _keyVaultClient.GetCertificateVersionsAsync(_vault, _certificateName); foreach (var certificateItem in certificateVersions) { if (certificateItem.Attributes.Enabled.HasValue && certificateItem.Attributes.Enabled.Value) { var certificateVersionBundle = await _keyVaultClient.GetCertificateAsync(certificateItem.Identifier.Identifier); var certificateVersionSecurityKey = await GetSecurityKeyFromSecretAsync(_keyVaultClient, certificateVersionBundle.SecretIdentifier.Identifier).ConfigureAwait(false); validationKeys.Add(certificateVersionSecurityKey); } } var options = new MemoryCacheEntryOptions(); options.AbsoluteExpiration = DateTime.Now.AddDays(1); _cache.Set("ValidationKeys", validationKeys, options); return(validationKeys); }
internal async Task <List <Microsoft.Azure.KeyVault.Models.CertificateItem> > GetAllEnabledCertificateVersionsAsync(string certificateName) { // Get all the certificate versions (this will also get the currect active version) var certificateVersions = await _keyVaultClient.GetCertificateVersionsAsync(_vault, certificateName); // Find all enabled versions of the certificate and sort them by creation date in decending order return(certificateVersions .Where(certVersion => certVersion.Attributes.Enabled.HasValue && certVersion.Attributes.Enabled.Value) .OrderByDescending(certVersion => certVersion.Attributes.Created) .ToList()); }
private async Task <List <CertificateItem> > GetAllEnabledCertificateVersionsAsync(KeyVaultClient keyVaultClient) { // Get all the certificate versions (this will also get the currect active version var certificateVersions = await keyVaultClient.GetCertificateVersionsAsync(_keyVaultEndpoint, _certificateName); // Find all enabled versions of the certificate and sort them by creation date in decending order return(certificateVersions .Where(certVersion => certVersion.Attributes.Enabled.HasValue && certVersion.Attributes.Enabled.Value) .OrderByDescending(certVersion => certVersion.Attributes.Created) .ToList()); }
private async Task <List <X509Certificate2> > GetAllCertificateVersions(string keyVaultUrl, string certificateName) { List <X509Certificate2> certificates = new List <X509Certificate2>(); KeyVaultClient client = KeyVaultSettings.GetClient(_keyVaultSettings.ClientId, _keyVaultSettings.ClientSecret); // Get the first page of certificates IPage <CertificateItem> certificateItemsPage = await client.GetCertificateVersionsAsync(keyVaultUrl, certificateName); while (true) { foreach (var certificateItem in certificateItemsPage) { // Ignore disabled or expired certificates if (certificateItem.Attributes.Enabled == true && (certificateItem.Attributes.Expires == null || certificateItem.Attributes.Expires > DateTime.UtcNow)) { CertificateBundle certificateVersionBundle = await client.GetCertificateAsync(certificateItem.Identifier.Identifier); SecretBundle certificatePrivateKeySecretBundle = await client.GetSecretAsync(certificateVersionBundle.SecretIdentifier.Identifier); byte[] privateKeyBytes = Convert.FromBase64String(certificatePrivateKeySecretBundle.Value); X509Certificate2 certificateWithPrivateKey = new X509Certificate2(privateKeyBytes); certificates.Add(certificateWithPrivateKey); } } if (certificateItemsPage.NextPageLink == null) { break; } certificateItemsPage = await client.GetCertificateVersionsNextAsync(certificateItemsPage.NextPageLink); } return(certificates); }
private async Task <List <X509Certificate2> > GetAllCertificateVersions() { var keyVaultClient = new KeyVaultClient(_azureKeyVaultAuthentication.KeyVaultClientAuthenticationCallback); var certificates = new List <X509Certificate2>(); // Get the first page of certificates var certificateItemsPage = await keyVaultClient.GetCertificateVersionsAsync(_keyVaultOptions.KeyVaultUrl, _keyVaultOptions.KeyIdentifier); while (true) { foreach (var certificateItem in certificateItemsPage) { // Ignored disabled or expired certificates if (certificateItem.Attributes.Enabled == true && (certificateItem.Attributes.Expires == null || certificateItem.Attributes.Expires > DateTime.UtcNow)) { var certificateVersionBundle = await keyVaultClient.GetCertificateAsync(certificateItem.Identifier.Identifier); var certificatePrivateKeySecretBundle = await keyVaultClient.GetSecretAsync(certificateVersionBundle.SecretIdentifier.Identifier); var privateKeyBytes = Convert.FromBase64String(certificatePrivateKeySecretBundle.Value); var certificateWithPrivateKey = new X509Certificate2(privateKeyBytes, (string)null, X509KeyStorageFlags.MachineKeySet); certificates.Add(certificateWithPrivateKey); } } if (certificateItemsPage.NextPageLink == null) { break; } else { // Get the next page certificateItemsPage = await keyVaultClient.GetCertificateVersionsNextAsync(certificateItemsPage.NextPageLink); } } return(certificates); }
/// <summary> /// List the versions of a certificate /// </summary> /// <param name="certificateName"> certificate name</param> private static void ListCertificateVersions(string certificateName) { var vaultAddress = inputValidator.GetVaultAddress(); certificateName = (certificateName == string.Empty) ? inputValidator.GetKeyId() : certificateName; var numKeyVersions = 0; var maxResults = 1; Console.Out.WriteLine("List certificate versions:---------------"); var results = keyVaultClient.GetCertificateVersionsAsync(vaultAddress, certificateName, maxResults).GetAwaiter().GetResult(); if (results != null) { numKeyVersions += results.Count(); foreach (var m in results) { Console.Out.WriteLine("\t{0}-{1}", m.Identifier.Name, m.Identifier.Version); } } while (results != null && !string.IsNullOrWhiteSpace(results.NextPageLink)) { results = keyVaultClient.GetCertificateVersionsNextAsync(results.NextPageLink).GetAwaiter().GetResult(); if (results != null && results != null) { numKeyVersions += results.Count(); foreach (var m in results) { Console.Out.WriteLine("\t{0}-{1}", m.Identifier.Name, m.Identifier.Version); } } } Console.Out.WriteLine("\n\tNumber of versions of certificate {0} in the vault: {1}", certificateName, numKeyVersions); }