public async Task VerifyUpdateCertificate()
{
string certName = Recording.GenerateId();
CertificateOperation operation = await Client.StartCreateCertificateAsync(certName);
RegisterForCleanup(certName);
CertificateWithPolicy original = await WaitForCompletion(operation);
CertificateProperties originalProperties = original.Properties;
Assert.IsTrue(originalProperties.Enabled);
Assert.IsEmpty(originalProperties.Tags);
IDictionary <string, string> expTags = new Dictionary <string, string>()
{
{ "key1", "value1" }
};
originalProperties.Tags.Add("key1", "value1");
Certificate updated = await Client.UpdateCertificatePropertiesAsync(originalProperties);
Assert.IsTrue(updated.Properties.Enabled);
CollectionAssert.AreEqual(expTags, updated.Properties.Tags);
originalProperties.Enabled = false;
originalProperties.Tags.Clear();
updated = await Client.UpdateCertificatePropertiesAsync(originalProperties);
Assert.IsFalse(updated.Properties.Enabled);
CollectionAssert.AreEqual(expTags, updated.Properties.Tags);
}
public async Task VerifyCertificateGetWithPolicyInProgress()
{
string certName = Recording.GenerateId();
CertificatePolicy certificatePolicy = Client.CreateDefaultPolicy();
certificatePolicy.IssuerName = "UNKNOWN";
await Client.StartCreateCertificateAsync(certName);
RegisterForCleanup(certName);
CertificateWithPolicy certificateWithPolicy = await Client.GetCertificateWithPolicyAsync(certName);
Assert.NotNull(certificateWithPolicy);
Assert.AreEqual(certificateWithPolicy.Name, certName);
Assert.NotNull(certificateWithPolicy.Properties.Version);
Certificate certificate = await Client.GetCertificateAsync(certName, certificateWithPolicy.Properties.Version);
Assert.NotNull(certificate);
Assert.AreEqual(certificate.Name, certName);
}
public async Task VerifyUpdateCertificate()
{
string certName = Recording.GenerateId();
CertificateOperation operation = await Client.StartCreateCertificateAsync(certName);
RegisterForCleanup(certName);
CertificateWithPolicy original = await WaitForCompletion(operation);
IDictionary <string, string> expTags = new Dictionary <string, string>()
{
{ "key1", "value1" }
};
Certificate updated = await Client.UpdateCertificateAsync(certName, original.Version, tags : expTags);
Assert.IsNull(original.Tags);
CollectionAssert.AreEqual(expTags, updated.Tags);
updated = await Client.UpdateCertificateAsync(certName, original.Version, enabled : false);
Assert.IsFalse(updated.Enabled);
}
public void HelloWorldSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
// Instantiate a certificate client that will be used to call the service. Notice that the client is using
// default Azure credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var client = new CertificateClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create a self signed certifiate using the default policy. If the certificiate
// already exists in the Key Vault, then a new version of the key is created.
string certName = $"defaultCert-{Guid.NewGuid()}";
CertificateOperation certOp = client.StartCreateCertificate(certName);
// Next let's wait on the certificate operation to complete. Note that certificate creation can last an indeterministic
// amount of time, so applications should only wait on the operation to complete in the case the issuance time is well
// known and within the scope of the application lifetime. In this case we are creating a self-signed certificate which
// should be issued in a relatively short amount of time.
while (!certOp.HasCompleted)
{
certOp.UpdateStatus();
Thread.Sleep(certOp.PollingInterval);
}
// Let's get the created certificate along with it's policy from the Key Vault.
CertificateWithPolicy certificate = client.GetCertificateWithPolicy(certName);
Debug.WriteLine($"Certificate was returned with name {certificate.Name} which expires {certificate.Properties.Expires}");
// We find that the certificate has been compromised and we want to disable it so applications will no longer be able
// to access the compromised version of the certificate.
Certificate updatedCert = client.UpdateCertificate(certName, certificate.Version, enabled: false);
Debug.WriteLine($"Certificate enabled set to '{updatedCert.Properties.Enabled}'");
// We need to create a new version of the certificate that applications can use to replace the compromised certificate.
// Creating a certificate with the same name and policy as the compromised certificate will create another version of the
// certificate with similar properties to the original certificate
CertificateOperation newCertOp = client.StartCreateCertificate(certificate.Name, certificate.Policy);
while (!newCertOp.HasCompleted)
{
newCertOp.UpdateStatus();
Thread.Sleep(newCertOp.PollingInterval);
}
// The certificate is no longer needed, need to delete it from the Key Vault.
client.DeleteCertificate(certName);
// To ensure certificate is deleted on server side.
Assert.IsTrue(WaitForDeletedCertificate(client, certName));
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted certificate needs to be purged.
client.PurgeDeletedCertificate(certName);
}
public async Task RetrieveCertificateAsync()
{
#region Snippet:RetrieveCertificate
CertificateWithPolicy certificateWithPolicy = await client.GetCertificateAsync("MyCertificate");
#endregion
#region Snippet:GetCertificate
Certificate certificate = await client.GetCertificateVersionAsync(certificateWithPolicy.Name, certificateWithPolicy.Properties.Version);
#endregion
}
public async Task NotFoundAsync()
{
#region Snippet:CertificateNotFound
try
{
CertificateWithPolicy certificateWithPolicy = await client.GetCertificateAsync("SomeCertificate");
}
catch (RequestFailedException ex)
{
Console.WriteLine(ex.ToString());
}
#endregion
}
public async Task VerifyCertificateCreateDefaultPolicy()
{
string certName = Recording.GenerateId();
CertificateOperation operation = await Client.StartCreateCertificateAsync(certName);
RegisterForCleanup(certName);
CertificateWithPolicy certificate = await WaitForCompletion(operation);
Assert.NotNull(certificate);
Assert.AreEqual(certificate.Name, certName);
}
public async Task UpdateCertificateAsync()
{
CertificateWithPolicy certificate = await client.GetCertificateAsync("MyCertificate");
#region Snippet:UpdateCertificate
CertificateProperties certificateProperties = new CertificateProperties(certificate.Id)
{
Tags =
{
["key1"] = "value1"
}
};
Certificate updated = await client.UpdateCertificatePropertiesAsync(certificateProperties);
#endregion
}
public async Task CreateClientAsync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
#region Snippet:CreateCertificateClient
// Create a new certificate client using the default credential from Azure.Identity using environment variables previously set,
// including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID.
var client = new CertificateClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential());
#endregion
#region Snippet:CreateCertificate
// Create a certificate. This starts a long running operation to create and sign the certificate.
CertificateOperation operation = await client.StartCreateCertificateAsync("MyCertificate");
// You can await the completion of the create certificate operation.
CertificateWithPolicy certificate = await operation.WaitForCompletionAsync();
#endregion
this.client = client;
}
public async Task VerifyDeleteRecoverPurge()
{
string certName = Recording.GenerateId();
CertificateOperation operation = await Client.StartCreateCertificateAsync(certName);
CertificateWithPolicy original = await WaitForCompletion(operation);
Assert.NotNull(original);
DeletedCertificate deletedCert = await Client.DeleteCertificateAsync(certName);
Assert.IsNotNull(deletedCert);
Assert.IsNotNull(deletedCert.RecoveryId);
await WaitForDeletedCertificate(certName);
_ = await Client.RecoverDeletedCertificateAsync(certName);
Assert.NotNull(original);
await PollForCertificate(certName);
deletedCert = await Client.DeleteCertificateAsync(certName);
Assert.IsNotNull(deletedCert);
Assert.IsNotNull(deletedCert.RecoveryId);
await WaitForDeletedCertificate(certName);
await Client.PurgeDeletedCertificateAsync(certName);
await WaitForPurgedCertificate(certName);
}
public async Task VerifyGetCertificateCompleted()
{
string certName = Recording.GenerateId();
CertificateOperation operation = await Client.StartCreateCertificateAsync(certName);
RegisterForCleanup(certName);
await WaitForCompletion(operation);
CertificateWithPolicy certificateWithPolicy = await Client.GetCertificateWithPolicyAsync(certName);
Assert.NotNull(certificateWithPolicy);
Assert.AreEqual(certificateWithPolicy.Name, certName);
Assert.NotNull(certificateWithPolicy.Properties.Version);
Certificate certificate = await Client.GetCertificateAsync(certName, certificateWithPolicy.Properties.Version);
Assert.NotNull(certificate);
Assert.AreEqual(certificate.Name, certName);
}