private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyAttributes keyAttributes, int?size, string curveName)
{
CreateKeyOptions options;
bool isHsm = keyAttributes.KeyType == KeyType.RsaHsm || keyAttributes.KeyType == KeyType.EcHsm;
if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm)
{
options = new CreateRsaKeyOptions(keyName, isHsm)
{
KeySize = size
};
}
else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm)
{
options = new CreateEcKeyOptions(keyName, isHsm)
{
CurveName = string.IsNullOrEmpty(curveName) ? (KeyCurveName?)null : new KeyCurveName(curveName)
};
}
else
{
// oct (AES) is only supported by managed HSM
throw new NotSupportedException($"{keyAttributes.KeyType} is not supported");
}
options.NotBefore = keyAttributes.NotBefore;
options.ExpiresOn = keyAttributes.Expires;
options.Enabled = keyAttributes.Enabled;
options.Exportable = keyAttributes.Exportable;
options.ReleasePolicy = keyAttributes.ReleasePolicy?.ToKeyReleasePolicy();;
if (keyAttributes.KeyOps != null)
{
foreach (var keyOp in keyAttributes.KeyOps)
{
options.KeyOperations.Add(new KeyOperation(keyOp));
}
}
if (keyAttributes.Tags != null)
{
foreach (DictionaryEntry entry in keyAttributes.Tags)
{
options.Tags.Add(entry.Key.ToString(), entry.Value.ToString());
}
}
if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm)
{
return(new PSKeyVaultKey(client.CreateRsaKey(options as CreateRsaKeyOptions).Value, _vaultUriHelper, false));
}
else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm)
{
return(new PSKeyVaultKey(client.CreateEcKey(options as CreateEcKeyOptions).Value, _vaultUriHelper, false));
}
else
{
throw new NotSupportedException($"{keyAttributes.KeyType} is not supported");
}
}
public RemoveKeyVaultKeyTests()
{
base.SetupTest();
cmdlet = new RemoveAzureKeyVaultKey()
{
CommandRuntime = commandRuntimeMock.Object,
DataServiceClient = keyVaultClientMock.Object,
VaultName = VaultName
};
keyAttributes = new PSKeyVaultKeyAttributes(true, DateTime.Now, DateTime.Now, "HSM", new string[] { "All" }, null);
webKey = new WebKey.JsonWebKey();
keyBundle = new PSDeletedKeyVaultKey()
{
Attributes = keyAttributes, Key = webKey, Name = KeyName, VaultName = VaultName
};
}
public SetKeyVaultKeyAttributeTests()
{
base.SetupTest();
keyAttributes = new PSKeyVaultKeyAttributes(true, DateTime.Now, DateTime.Now, null, null, null);
webKey = new WebKey.JsonWebKey();
keyBundle = new PSKeyVaultKey()
{
Attributes = keyAttributes, Key = webKey, Name = KeyName, VaultName = VaultName, Version = KeyVersion
};
cmdlet = new UpdateAzureKeyVaultKey()
{
CommandRuntime = commandRuntimeMock.Object,
DataServiceClient = keyVaultClientMock.Object,
VaultName = VaultName,
Enable = (bool)keyAttributes.Enabled,
Expires = keyAttributes.Expires,
NotBefore = keyAttributes.NotBefore,
Name = KeyName,
PassThru = true
};
}
private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyAttributes keyAttributes, int?size, string curveName)
{
// todo duplicated code with Track2VaultClient.CreateKey
CreateKeyOptions options;
bool isHsm = keyAttributes.KeyType == KeyType.RsaHsm || keyAttributes.KeyType == KeyType.EcHsm;
if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm)
{
options = new CreateRsaKeyOptions(keyName, isHsm)
{
KeySize = size
};
}
else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm)
{
options = new CreateEcKeyOptions(keyName, isHsm);
if (string.IsNullOrEmpty(curveName))
{
(options as CreateEcKeyOptions).CurveName = null;
}
else
{
(options as CreateEcKeyOptions).CurveName = new KeyCurveName(curveName);
}
}
else
{
options = new CreateKeyOptions();
}
// Common key attributes
options.NotBefore = keyAttributes.NotBefore;
options.ExpiresOn = keyAttributes.Expires;
options.Enabled = keyAttributes.Enabled;
options.Exportable = keyAttributes.Exportable;
options.ReleasePolicy = keyAttributes.ReleasePolicy?.ToKeyReleasePolicy();
if (keyAttributes.KeyOps != null)
{
foreach (var keyOp in keyAttributes.KeyOps)
{
options.KeyOperations.Add(new KeyOperation(keyOp));
}
}
if (keyAttributes.Tags != null)
{
foreach (DictionaryEntry entry in keyAttributes.Tags)
{
options.Tags.Add(entry.Key.ToString(), entry.Value.ToString());
}
}
if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm)
{
return(new PSKeyVaultKey(client.CreateRsaKey(options as CreateRsaKeyOptions).Value, _uriHelper, isHsm: true));
}
else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm)
{
return(new PSKeyVaultKey(client.CreateEcKey(options as CreateEcKeyOptions).Value, _uriHelper, isHsm: true));
}
else if (keyAttributes.KeyType == KeyType.Oct || keyAttributes.KeyType.ToString() == "oct-HSM")
{
return(new PSKeyVaultKey(client.CreateKey(keyName, KeyType.Oct, options).Value, _uriHelper, isHsm: true));
}
else
{
throw new NotSupportedException($"{keyAttributes.KeyType} is not supported");
}
}
internal PSKeyVaultKey CreateKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int?size, string curveName)
{
var client = CreateKeyClient(managedHsmName);
return(CreateKey(client, keyName, keyAttributes, size, curveName));
}
private PSKeyVaultKey UpdateKey(KeyClient client, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes)
{
KeyVaultKey keyBundle = null;
// Update updatable properties
KeyProperties keyProperties = new KeyProperties(_uriHelper.CreateaMagedHsmKeyUri(client.VaultUri, keyName, keyVersion))
{
Enabled = keyAttributes.Enabled,
ExpiresOn = keyAttributes.Expires,
NotBefore = keyAttributes.NotBefore,
ReleasePolicy = keyAttributes.ReleasePolicy?.ToKeyReleasePolicy()
};
if (keyAttributes.Tags != null)
{
keyProperties.Tags.Clear();
foreach (KeyValuePair <string, string> entry in keyAttributes.TagsDirectionary)
{
keyProperties.Tags.Add(entry.Key, entry.Value);
}
}
try
{
keyBundle = client.UpdateKeyProperties(keyProperties, keyAttributes.KeyOps?.Select(op => new KeyOperation(op)));
}
catch (Exception ex)
{
throw GetInnerException(ex);
}
return(new PSKeyVaultKey(keyBundle, this._uriHelper, isHsm: true));
}
internal PSKeyVaultKey UpdateKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes)
{
if (string.IsNullOrEmpty(managedHsmName))
{
throw new ArgumentNullException(nameof(managedHsmName));
}
if (string.IsNullOrEmpty(keyName))
{
throw new ArgumentNullException(nameof(keyName));
}
if (keyAttributes == null)
{
throw new ArgumentNullException(nameof(keyAttributes));
}
var client = CreateKeyClient(managedHsmName);
return(UpdateKey(client, keyName, keyVersion, keyAttributes));
}
private PSKeyVaultKey UpdateKey(KeyClient client, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes)
{
KeyVaultKey keyBundle = client.GetKeyAsync(keyName, keyVersion).GetAwaiter().GetResult();
KeyProperties keyProperties = keyBundle.Properties;
keyProperties.Enabled = keyAttributes.Enabled;
keyProperties.ExpiresOn = keyAttributes.Expires;
keyProperties.NotBefore = keyAttributes.NotBefore;
if (keyAttributes.Tags != null)
{
keyProperties.Tags.Clear();
foreach (KeyValuePair <string, string> entry in keyAttributes.TagsDirectionary)
{
keyProperties.Tags.Add(entry.Key, entry.Value);
}
}
try
{
keyBundle = client.UpdateKeyPropertiesAsync(keyProperties, keyAttributes.KeyOps?.Cast <KeyOperation>().ToList())
.GetAwaiter().GetResult();
}
catch (Exception ex)
{
throw GetInnerException(ex);
}
return(new PSKeyVaultKey(keyBundle, this._uriHelper, isHsm: true));
}
public PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int?size, string curveName)
{
return(VaultClient.CreateKey(vaultName, keyName, keyAttributes, size, curveName));
}
public PSKeyVaultKey UpdateManagedHsmKey(string managedHsmName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes)
{
return(HsmClient.UpdateKey(managedHsmName, keyName, keyVersion, keyAttributes));
}
public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int?size, string curveName)
{
return(HsmClient.CreateKey(managedHsmName, keyName, keyAttributes, size, curveName));
}
public PSKeyVaultKey UpdateKey(string vaultName, string keyName, string keyVersion, PSKeyVaultKeyAttributes keyAttributes)
{
throw new NotImplementedException();
}
public PSKeyVaultKey ImportKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, Microsoft.Azure.KeyVault.WebKey.JsonWebKey webKey, bool?importToHsm)
{
throw new NotImplementedException();
}
