/// <inheritdoc />
public override async Task <EncryptionKeyWrapResult> WrapKeyAsync(
byte[] key,
EncryptionKeyWrapMetadata metadata,
CancellationToken cancellationToken)
{
if (metadata.Type != AzureKeyVaultKeyWrapMetadata.TypeConstant)
{
throw new ArgumentException("Invalid metadata", nameof(metadata));
}
if (!KeyVaultKeyUriProperties.TryParse(new Uri(metadata.Value), out KeyVaultKeyUriProperties keyVaultUriProperties))
{
throw new ArgumentException("KeyVault Key Uri {0} is invalid.", metadata.Value);
}
if (!await this.keyVaultAccessClient.ValidatePurgeProtectionAndSoftDeleteSettingsAsync(keyVaultUriProperties, cancellationToken))
{
throw new ArgumentException(string.Format("Key Vault {0} provided must have soft delete and purge protection enabled.", keyVaultUriProperties.KeyUri));
}
byte[] result = await this.keyVaultAccessClient.WrapKeyAsync(key, keyVaultUriProperties, cancellationToken);
EncryptionKeyWrapMetadata responseMetadata = new EncryptionKeyWrapMetadata(
type: metadata.Type,
value: metadata.Value,
algorithm: KeyVaultConstants.RsaOaep256);
return(new EncryptionKeyWrapResult(result, responseMetadata));
}
/// <inheritdoc />
public override async Task <EncryptionKeyUnwrapResult> UnwrapKeyAsync(
byte[] wrappedKey,
EncryptionKeyWrapMetadata metadata,
CancellationToken cancellationToken)
{
if (metadata.Type != AzureKeyVaultKeyWrapMetadata.TypeConstant)
{
throw new ArgumentException("Invalid metadata", nameof(metadata));
}
if (metadata.Algorithm != KeyVaultConstants.RsaOaep256)
{
throw new ArgumentException(
string.Format("Unknown encryption key wrap algorithm {0}", metadata.Algorithm),
nameof(metadata));
}
if (!KeyVaultKeyUriProperties.TryParse(new Uri(metadata.Value), out KeyVaultKeyUriProperties keyVaultUriProperties))
{
throw new ArgumentException("KeyVault Key Uri {0} is invalid.", metadata.Value);
}
byte[] result = await this.keyVaultAccessClient.UnwrapKeyAsync(wrappedKey, keyVaultUriProperties, cancellationToken);
return(new EncryptionKeyUnwrapResult(result, this.rawDekCacheTimeToLive));
}
