public void ListCertificates()
{
#region Snippet:ListCertificates
Pageable <CertificateProperties> allCertificates = client.GetPropertiesOfCertificates();
foreach (CertificateProperties certificateProperties in allCertificates)
{
Console.WriteLine(certificateProperties.Name);
}
#endregion
}
private async Task MigrationGuide()
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_Create
CertificateClient client = new CertificateClient(
new Uri("https://myvault.vault.azure.net"),
new DefaultAzureCredential());
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_Create
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateWithOptions
using (HttpClient httpClient = new HttpClient())
{
CertificateClientOptions options = new CertificateClientOptions
{
Transport = new HttpClientTransport(httpClient)
};
//@@CertificateClient client = new CertificateClient(
/*@@*/ CertificateClient _ = new CertificateClient(
new Uri("https://myvault.vault.azure.net"),
new DefaultAzureCredential(),
options);
}
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateWithOptions
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateCustomPolicy
CertificatePolicy policy = new CertificatePolicy("issuer-name", "CN=customdomain.com")
{
ContentType = CertificateContentType.Pkcs12,
KeyType = CertificateKeyType.Rsa,
ReuseKey = true,
KeyUsage =
{
CertificateKeyUsage.CrlSign,
CertificateKeyUsage.DataEncipherment,
CertificateKeyUsage.DigitalSignature,
CertificateKeyUsage.KeyEncipherment,
CertificateKeyUsage.KeyAgreement,
CertificateKeyUsage.KeyCertSign
},
ValidityInMonths = 12,
LifetimeActions =
{
new LifetimeAction(CertificatePolicyAction.AutoRenew)
{
DaysBeforeExpiry = 90,
}
}
};
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy
//@@CertificatePolicy policy = CertificatePolicy.Default;
/*@@*/ policy = CertificatePolicy.Default;
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateCertificate
// Start certificate creation.
// Depending on the policy and your business process, this could even take days for manual signing.
CertificateOperation createOperation = await client.StartCreateCertificateAsync("certificate-name", policy);
KeyVaultCertificateWithPolicy certificate = await createOperation.WaitForCompletionAsync(TimeSpan.FromSeconds(20), CancellationToken.None);
// If you need to restart the application you can recreate the operation and continue awaiting.
createOperation = new CertificateOperation(client, "certificate-name");
certificate = await createOperation.WaitForCompletionAsync(TimeSpan.FromSeconds(20), CancellationToken.None);
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateCertificate
}
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_ImportCertificate
byte[] cer = File.ReadAllBytes("certificate.pfx");
ImportCertificateOptions importCertificateOptions = new ImportCertificateOptions("certificate-name", cer)
{
Policy = policy
};
KeyVaultCertificateWithPolicy certificate = await client.ImportCertificateAsync(importCertificateOptions);
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_ImportCertificate
}
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_ListCertificates
// List all certificates asynchronously.
await foreach (CertificateProperties item in client.GetPropertiesOfCertificatesAsync())
{
KeyVaultCertificateWithPolicy certificate = await client.GetCertificateAsync(item.Name);
}
// List all certificates synchronously.
foreach (CertificateProperties item in client.GetPropertiesOfCertificates())
{
KeyVaultCertificateWithPolicy certificate = client.GetCertificate(item.Name);
}
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_ListCertificates
}
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_DeleteCertificate
// Delete the certificate.
DeleteCertificateOperation deleteOperation = await client.StartDeleteCertificateAsync("certificate-name");
// Purge or recover the deleted certificate if soft delete is enabled.
if (deleteOperation.Value.RecoveryId != null)
{
// Deleting a certificate does not happen immediately. Wait for the certificate to be deleted.
DeletedCertificate deletedCertificate = await deleteOperation.WaitForCompletionAsync();
// Purge the deleted certificate.
await client.PurgeDeletedCertificateAsync(deletedCertificate.Name);
// You can also recover the deleted certificate using StartRecoverDeletedCertificateAsync,
// which returns RecoverDeletedCertificateOperation you can await like DeleteCertificateOperation above.
}
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_DeleteCertificate
}
}
public void GetCertificatesSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
// Instantiate a certificate client that will be used to call the service. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new CertificateClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create two self-signed certificates using the default policy
string certName1 = $"defaultCert-{Guid.NewGuid()}";
CertificateOperation certOp1 = client.StartCreateCertificate(certName1, CertificatePolicy.Default);
string certName2 = $"defaultCert-{Guid.NewGuid()}";
CertificateOperation certOp2 = client.StartCreateCertificate(certName1, CertificatePolicy.Default);
// Next let's wait on the certificate operation to complete. Note that certificate creation can last an indeterministic
// amount of time, so applications should only wait on the operation to complete in the case the issuance time is well
// known and within the scope of the application lifetime. In this case we are creating a self-signed certificate which
// should be issued in a relatively short amount of time.
while (!certOp1.HasCompleted)
{
certOp1.UpdateStatus();
Thread.Sleep(TimeSpan.FromSeconds(1));
}
while (!certOp2.HasCompleted)
{
certOp2.UpdateStatus();
Thread.Sleep(TimeSpan.FromSeconds(1));
}
// Let's list the certificates which exist in the vault along with their thumbprints
foreach (CertificateProperties cert in client.GetPropertiesOfCertificates())
{
Debug.WriteLine($"Certificate is returned with name {cert.Name} and thumbprint {BitConverter.ToString(cert.X509Thumbprint)}");
}
// We need to create a new version of a certificate. Creating a certificate with the same name will create another version of the certificate
CertificateOperation newCertOp = client.StartCreateCertificate(certName1, CertificatePolicy.Default);
while (!newCertOp.HasCompleted)
{
newCertOp.UpdateStatus();
Thread.Sleep(TimeSpan.FromSeconds(1));
}
// Let's print all the versions of this certificate
foreach (CertificateProperties cert in client.GetPropertiesOfCertificateVersions(certName1))
{
Debug.WriteLine($"Certificate {cert.Name} with name {cert.Version}");
}
// The certificates are no longer needed.
// You need to delete them from the Key Vault.
client.DeleteCertificate(certName1);
client.DeleteCertificate(certName2);
// To ensure certificates are deleted on server side.
Assert.IsTrue(WaitForDeletedCertificate(client, certName1));
Assert.IsTrue(WaitForDeletedCertificate(client, certName2));
// You can list all the deleted and non-purged certificates, assuming Key Vault is soft-delete enabled.
foreach (DeletedCertificate deletedCert in client.GetDeletedCertificates())
{
Debug.WriteLine($"Deleted certificate's recovery Id {deletedCert.RecoveryId}");
}
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted keys needs to be purged.
client.PurgeDeletedCertificate(certName1);
client.PurgeDeletedCertificate(certName2);
}
public void GetCertificatesSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = TestEnvironment.KeyVaultUrl;
#region Snippet:CertificatesSample2CertificateClient
CertificateClient client = new CertificateClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
#endregion
#region Snippet:CertificatesSample2CreateCertificate
string certName1 = $"defaultCert-{Guid.NewGuid()}";
CertificateOperation certOp1 = client.StartCreateCertificate(certName1, CertificatePolicy.Default);
string certName2 = $"defaultCert-{Guid.NewGuid()}";
CertificateOperation certOp2 = client.StartCreateCertificate(certName2, CertificatePolicy.Default);
while (!certOp1.HasCompleted)
{
certOp1.UpdateStatus();
Thread.Sleep(TimeSpan.FromSeconds(1));
}
while (!certOp2.HasCompleted)
{
certOp2.UpdateStatus();
Thread.Sleep(TimeSpan.FromSeconds(1));
}
#endregion
#region Snippet:CertificatesSample2ListCertificates
foreach (CertificateProperties cert in client.GetPropertiesOfCertificates())
{
Debug.WriteLine($"Certificate is returned with name {cert.Name} and thumbprint {BitConverter.ToString(cert.X509Thumbprint)}");
}
#endregion
#region Snippet:CertificatesSample2CreateCertificateWithNewVersion
CertificateOperation newCertOp = client.StartCreateCertificate(certName1, CertificatePolicy.Default);
while (!newCertOp.HasCompleted)
{
newCertOp.UpdateStatus();
Thread.Sleep(TimeSpan.FromSeconds(1));
}
#endregion
#region Snippet:CertificatesSample2ListCertificateVersions
foreach (CertificateProperties cert in client.GetPropertiesOfCertificateVersions(certName1))
{
Debug.WriteLine($"Certificate {cert.Name} with name {cert.Version}");
}
#endregion
#region Snippet:CertificatesSample2DeleteCertificates
DeleteCertificateOperation operation1 = client.StartDeleteCertificate(certName1);
DeleteCertificateOperation operation2 = client.StartDeleteCertificate(certName2);
// To ensure certificates are deleted on server side.
// You only need to wait for completion if you want to purge or recover the certificate.
while (!operation1.HasCompleted || !operation2.HasCompleted)
{
Thread.Sleep(2000);
operation1.UpdateStatus();
operation2.UpdateStatus();
}
#endregion
#region Snippet:CertificatesSample2ListDeletedCertificates
foreach (DeletedCertificate deletedCert in client.GetDeletedCertificates())
{
Debug.WriteLine($"Deleted certificate's recovery Id {deletedCert.RecoveryId}");
}
#endregion
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted keys needs to be purged.
client.PurgeDeletedCertificate(certName1);
client.PurgeDeletedCertificate(certName2);
}