internal static KeyVaultCertificateOperation FromCertificateOperation(CertificateOperation certificateOperation) { if (certificateOperation == null) { return null; } var kvCertificateOperation = new KeyVaultCertificateOperation { Id = certificateOperation.Id, Status = certificateOperation.Status, StatusDetais = certificateOperation.StatusDetails, RequestId = certificateOperation.RequestId, Target = certificateOperation.Target, Issuer = certificateOperation.IssuerReference.Name, CancellationRequested = certificateOperation.CancellationRequested, }; if (certificateOperation.Csr != null && certificateOperation.Csr.Length != 0) { kvCertificateOperation.CertificateSigningRequest = Convert.ToBase64String(certificateOperation.Csr); } if (certificateOperation.Error != null) { kvCertificateOperation.ErrorCode = certificateOperation.Error.Code; kvCertificateOperation.ErrorMessage = certificateOperation.Error.Message; } return kvCertificateOperation; }
public async Task VerifyCertificateOperationError() { string issuerName = Recording.GenerateId(); string certName = Recording.GenerateId(); CertificateIssuer certIssuer = new CertificateIssuer(issuerName) { AccountId = "test", Password = "******", OrganizationId = "test", }; certIssuer.Properties.Provider = "DigiCert"; await Client.CreateIssuerAsync(certIssuer); CertificateOperation operation = null; try { CertificatePolicy certificatePolicy = DefaultPolicy; certificatePolicy.IssuerName = issuerName; operation = await Client.StartCreateCertificateAsync(certName, certificatePolicy); RegisterForCleanup(certName); using CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromMinutes(1)); TimeSpan pollingInterval = TimeSpan.FromSeconds((Mode == RecordedTestMode.Playback) ? 0 : 1); while (!operation.HasCompleted) { await Task.Delay(pollingInterval, cts.Token); await operation.UpdateStatusAsync(cts.Token); } InvalidOperationException ex = Assert.Throws <InvalidOperationException>(() => { KeyVaultCertificateWithPolicy cert = operation.Value; }); StringAssert.StartsWith("The certificate operation failed: ", ex.Message); Assert.IsTrue(operation.HasCompleted); Assert.IsFalse(operation.HasValue); Assert.AreEqual(200, operation.GetRawResponse().Status); Assert.AreEqual("failed", operation.Properties.Status); } catch (TaskCanceledException) when(operation != null) { Assert.Inconclusive("Timed out while waiting for operation {0}", operation.Id); } finally { await Client.DeleteIssuerAsync(issuerName); } }
public async Task DownloadECDsaCertificateSignLocalVerifyRemote([EnumValues] CertificateContentType contentType, [EnumValues] CertificateKeyCurveName keyCurveName) { #if NET461 Assert.Ignore("ECC is not supported before .NET Framework 4.7"); #endif string name = Recording.GenerateId(); CertificatePolicy policy = new CertificatePolicy { IssuerName = WellKnownIssuerNames.Self, Subject = "CN=default", KeyType = CertificateKeyType.Ec, KeyCurveName = keyCurveName, Exportable = true, KeyUsage = { CertificateKeyUsage.DigitalSignature, }, ContentType = contentType, }; CertificateOperation operation = await Client.StartCreateCertificateAsync(name, policy); RegisterForCleanup(name); await operation.WaitForCompletionAsync(DefaultCertificateOperationPollingInterval, default); // Download the certificate and sign data locally. byte[] plaintext = Encoding.UTF8.GetBytes(nameof(DownloadECDsaCertificateSignRemoteVerifyLocal)); X509Certificate2 certificate = null; try { certificate = await Client.DownloadCertificateAsync(name, operation.Value.Properties.Version); using ECDsa privateKey = certificate.GetECDsaPrivateKey(); byte[] signature = privateKey.SignData(plaintext, keyCurveName.GetHashAlgorithmName()); // Verify data remotely. CryptographyClient cryptoClient = GetCryptographyClient(operation.Value.KeyId); VerifyResult result = await cryptoClient.VerifyDataAsync(keyCurveName.GetSignatureAlgorithm(), plaintext, signature); Assert.IsTrue(result.IsValid); } catch (Exception ex) when(IsExpectedP256KException(ex, keyCurveName)) { Assert.Ignore("The curve is not supported by the current platform"); } finally { certificate?.Dispose(); } }
public async Task DownloadVersionedCertificate(string contentType) { string name = Recording.GenerateId(); CertificatePolicy policy = new CertificatePolicy { IssuerName = WellKnownIssuerNames.Self, Subject = "CN=default", KeyType = CertificateKeyType.Rsa, Exportable = true, ReuseKey = false, KeyUsage = { CertificateKeyUsage.DataEncipherment, }, CertificateTransparency = false, ContentType = contentType, }; CertificateOperation operation = await Client.StartCreateCertificateAsync(name, policy); RegisterForCleanup(name); await operation.WaitForCompletionAsync(DefaultCertificateOperationPollingInterval, default); KeyVaultCertificate certificate = await Client.GetCertificateAsync(name); string version = certificate.Properties.Version; using X509Certificate2 pub = new X509Certificate2(certificate.Cer); using RSA pubkey = (RSA)pub.PublicKey.Key; byte[] plaintext = Encoding.UTF8.GetBytes("Hello, world!"); byte[] ciphertext = pubkey.Encrypt(plaintext, RSAEncryptionPadding.Pkcs1); // Create a new certificate version that is not exportable just to further prove we are not downloading it. policy.Exportable = false; operation = await Client.StartCreateCertificateAsync(name, policy); await operation.WaitForCompletionAsync(DefaultCertificateOperationPollingInterval, default); certificate = await Client.GetCertificateAsync(name); Assert.AreNotEqual(version, certificate.Properties.Version); // Now download the certificate and test decryption. using X509Certificate2 x509certificate = await Client.DownloadCertificateAsync(name, version); Assert.IsTrue(x509certificate.HasPrivateKey); using RSA rsa = (RSA)x509certificate.PrivateKey; byte[] decrypted = rsa.Decrypt(ciphertext, RSAEncryptionPadding.Pkcs1); CollectionAssert.AreEqual(plaintext, decrypted); }
public async Task CreateCertificateAsync() { #region Snippet:CreateCertificateAsync // Create a certificate. This starts a long running operation to create and sign the certificate. CertificateOperation operation = await client.StartCreateCertificateAsync("MyCertificate", CertificatePolicy.Default); // You can await the completion of the create certificate operation. KeyVaultCertificateWithPolicy certificate = await operation.WaitForCompletionAsync(); #endregion }
public async Task HelloWorldAsync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL"); // Instantiate a certificate client that will be used to call the service. Notice that the client is using // default Azure credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', // 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials. var client = new CertificateClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); // Let's create a self signed certifiate using the default policy. If the certificiate // already exists in the Key Vault, then a new version of the key is created. string certName = $"defaultCert-{Guid.NewGuid()}"; CertificateOperation certOp = await client.StartCreateCertificateAsync(certName); // Next let's wait on the certificate operation to complete. Note that certificate creation can last an indeterministic // amount of time, so applications should only wait on the operation to complete in the case the issuance time is well // known and within the scope of the application lifetime. In this case we are creating a self-signed certificate which // should be issued in a relatively short amount of time. CertificateWithPolicy certificate = await certOp.WaitForCompletionAsync(); // At some time later we could get the created certificate along with it's policy from the Key Vault. certificate = await client.GetCertificateAsync(certName); Debug.WriteLine($"Certificate was returned with name {certificate.Name} which expires {certificate.Properties.Expires}"); // We find that the certificate has been compromised and we want to disable it so applications will no longer be able // to access the compromised version of the certificate. CertificateProperties certificateProperties = certificate.Properties; certificateProperties.Enabled = false; Certificate updatedCert = await client.UpdateCertificatePropertiesAsync(certificateProperties); Debug.WriteLine($"Certificate enabled set to '{updatedCert.Properties.Enabled}'"); // We need to create a new version of the certificate that applications can use to replace the compromised certificate. // Creating a certificate with the same name and policy as the compromised certificate will create another version of the // certificate with similar properties to the original certificate CertificateOperation newCertOp = await client.StartCreateCertificateAsync(certificate.Name, certificate.Policy); CertificateWithPolicy newCert = await newCertOp.WaitForCompletionAsync(); // The certificate is no longer needed, need to delete it from the Key Vault. await client.DeleteCertificateAsync(certName); // To ensure key is deleted on server side. Assert.IsTrue(await WaitForDeletedKeyAsync(client, certName)); // If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged. await client.PurgeDeletedCertificateAsync(certName); }
public async Task DownloadCertificateAsync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = TestEnvironment.KeyVaultUrl; CertificateClient client = new CertificateClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); string certificateName = $"rsa-{Guid.NewGuid()}"; CertificateOperation operation = await client.StartCreateCertificateAsync(certificateName, CertificatePolicy.Default); await operation.WaitForCompletionAsync(); using SHA256 sha = SHA256.Create(); byte[] data = Encoding.UTF8.GetBytes("test"); byte[] hash = sha.ComputeHash(data); #region Snippet:CertificatesSample4DownloadCertificateAsync X509KeyStorageFlags keyStorageFlags = X509KeyStorageFlags.MachineKeySet; if (!RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { keyStorageFlags |= X509KeyStorageFlags.EphemeralKeySet; } DownloadCertificateOptions options = new DownloadCertificateOptions { KeyStorageFlags = keyStorageFlags }; using X509Certificate2 certificate = await client.DownloadCertificateAsync(certificateName, options : options); using RSA key = certificate.GetRSAPrivateKey(); byte[] signature = key.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Debug.WriteLine($"Signature: {Convert.ToBase64String(signature)}"); #endregion Response <KeyVaultCertificateWithPolicy> certificateResponse = await client.GetCertificateAsync(certificateName); using X509Certificate2 publicCertificate = new X509Certificate2(certificateResponse.Value.Cer); using RSA publicKey = publicCertificate.GetRSAPublicKey(); bool verified = publicKey.VerifyHash(hash, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Debug.WriteLine($"Signature verified: {verified}"); Assert.IsTrue(verified); DeleteCertificateOperation deleteOperation = await client.StartDeleteCertificateAsync(certificateName); await deleteOperation.WaitForCompletionAsync(); client.PurgeDeletedCertificate(certificateName); }
public async Task VerifyCertificateCreateDefaultPolicy() { string certName = Recording.GenerateId(); CertificateOperation operation = await Client.StartCreateCertificateAsync(certName); RegisterForCleanup(certName); CertificateWithPolicy certificate = await WaitForCompletion(operation); Assert.NotNull(certificate); Assert.AreEqual(certificate.Name, certName); }
public async Task UpdateStatusEventuallyCompleted() { var transport = new MockTransport(new[] { new MockResponse(202).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""completed""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/1"",""policy"":{s_policyJson}}}"), }); CertificateClient client = CreateClient(transport); CertificateOperation operation = await client.StartCreateCertificateAsync(CertificateName, s_policy); await WaitForOperationAsync(operation); // Begin IEnumerable <EventWrittenEventArgs> messages = _listener.EventsById(CertificatesEventSource.BeginUpdateStatusEvent); Assert.AreEqual(10, messages.Count()); EventWrittenEventArgs message = messages.Last(); Assert.AreEqual(EventLevel.Verbose, message.Level); Assert.AreEqual("BeginUpdateStatus", message.EventName); Assert.AreEqual($"{CertificateId}/pending", message.GetProperty <string>("id")); Assert.AreEqual("inProgress", message.GetProperty <string>("status")); Assert.AreEqual("(none)", message.GetProperty <string>("error")); // End messages = _listener.EventsById(CertificatesEventSource.EndUpdateStatusEvent); Assert.AreEqual(10, messages.Count()); message = messages.Last(); Assert.AreEqual(EventLevel.Verbose, message.Level); Assert.AreEqual("EndUpdateStatus", message.EventName); Assert.AreEqual($"{CertificateId}/pending", message.GetProperty <string>("id")); Assert.AreEqual("completed", message.GetProperty <string>("status")); Assert.AreEqual("(none)", message.GetProperty <string>("error")); }
public async Task VerifyDeleteCertificateOperation() { string certName = Recording.GenerateId(); CertificatePolicy certificatePolicy = Client.CreateDefaultPolicy(); certificatePolicy.IssuerName = "UNKNOWN"; CertificateOperation operation = await Client.StartCreateCertificateAsync(certName); RegisterForCleanup(certName); await Client.DeleteCertificateOperationAsync(certName); Assert.ThrowsAsync <RequestFailedException>(() => WaitForCompletion(operation)); }
public async Task VerifyGetCertificateOperation() { string certName = Recording.GenerateId(); CertificatePolicy certificatePolicy = DefaultPolicy; certificatePolicy.IssuerName = WellKnownIssuerNames.Unknown; await Client.StartCreateCertificateAsync(certName, certificatePolicy); RegisterForCleanup(certName); CertificateOperation getOperation = await Client.GetCertificateOperationAsync(certName); Assert.IsNotNull(getOperation); }
public async Task VerifyGetCertificateOperation() { string certName = Recording.GenerateId(); CertificatePolicy certificatePolicy = Client.CreateDefaultPolicy(); certificatePolicy.IssuerName = "UNKNOWN"; await Client.StartCreateCertificateAsync(certName); RegisterForCleanup(certName); CertificateOperation getOperation = await Client.GetCertificateOperationAsync(certName); Assert.IsNotNull(getOperation); }
public async Task UpdateStatusErred() { var transport = new MockTransport(new[] { new MockResponse(202).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""inProgress""}}"), new MockResponse(200).WithContent($@"{{""id"":""{CertificateId}/pending"",""status"":""failed"",""error"":{{""code"":""mock failure code"",""message"":""mock failure message""}}}}"), }); CertificateClient client = CreateClient(transport); CertificateOperation operation = await client.StartCreateCertificateAsync(CertificateName, s_policy); Exception ex = Assert.ThrowsAsync <InvalidOperationException>(async() => await WaitForOperationAsync(operation)); Assert.AreEqual("The certificate operation failed: mock failure message", ex.Message); // Begin IEnumerable <EventWrittenEventArgs> messages = _listener.EventsById(CertificatesEventSource.BeginUpdateStatusEvent); Assert.AreEqual(5, messages.Count()); EventWrittenEventArgs message = messages.Last(); Assert.AreEqual(EventLevel.Verbose, message.Level); Assert.AreEqual("BeginUpdateStatus", message.EventName); Assert.AreEqual($"{CertificateId}/pending", message.GetProperty <string>("id")); Assert.AreEqual("inProgress", message.GetProperty <string>("status")); Assert.AreEqual("(none)", message.GetProperty <string>("error")); // End messages = _listener.EventsById(CertificatesEventSource.EndUpdateStatusEvent); Assert.AreEqual(5, messages.Count()); message = messages.Last(); Assert.AreEqual(EventLevel.Verbose, message.Level); Assert.AreEqual("EndUpdateStatus", message.EventName); Assert.AreEqual($"{CertificateId}/pending", message.GetProperty <string>("id")); Assert.AreEqual("failed", message.GetProperty <string>("status")); Assert.AreEqual("mock failure message", message.GetProperty <string>("error")); }
public async Task DownloadLatestCertificate(string contentType) { string name = Recording.GenerateId(); CertificatePolicy policy = new CertificatePolicy { IssuerName = WellKnownIssuerNames.Self, Subject = "CN=default", KeyType = CertificateKeyType.Rsa, Exportable = true, ReuseKey = false, KeyUsage = { CertificateKeyUsage.DataEncipherment, }, CertificateTransparency = false, ContentType = contentType, }; CertificateOperation operation = await Client.StartCreateCertificateAsync(name, policy); RegisterForCleanup(name); await operation.WaitForCompletionAsync(DefaultCertificateOperationPollingInterval, default); KeyVaultCertificate certificate = await Client.GetCertificateAsync(name); using X509Certificate2 pub = new X509Certificate2(certificate.Cer); #if NET6_0_OR_GREATER using RSA pubkey = (RSA)pub.PublicKey.GetRSAPublicKey(); #else using RSA pubkey = (RSA)pub.PublicKey.Key; #endif byte[] plaintext = Encoding.UTF8.GetBytes("Hello, world!"); byte[] ciphertext = pubkey.Encrypt(plaintext, RSAEncryptionPadding.Pkcs1); using X509Certificate2 x509certificate = await Client.DownloadCertificateAsync(name); Assert.IsTrue(x509certificate.HasPrivateKey); using RSA rsa = (RSA)x509certificate.GetRSAPrivateKey(); byte[] decrypted = rsa.Decrypt(ciphertext, RSAEncryptionPadding.Pkcs1); CollectionAssert.AreEqual(plaintext, decrypted); }
public void CreateCertificate() { #region Snippet:CreateCertificate // Create a certificate. This starts a long running operation to create and sign the certificate. CertificateOperation operation = client.StartCreateCertificate("MyCertificate", CertificatePolicy.Default); // You can await the completion of the create certificate operation. // You should run UpdateStatus in another thread or do other work like pumping messages between calls. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } KeyVaultCertificateWithPolicy certificate = operation.Value; #endregion }
public void CreateClient() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL"); #region Snippet:CreateCertificateClient // Create a new certificate client using the default credential from Azure.Identity using environment variables previously set, // including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID. var client = new CertificateClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential()); // Create a certificate using the certificate client. CertificateOperation operation = client.StartCreateCertificate("MyCertificate", CertificatePolicy.Default); // Retrieve a certificate using the certificate client. KeyVaultCertificateWithPolicy certificate = client.GetCertificate("MyCertificate"); #endregion this.client = client; }
public async Task VerifyUnexpectedCancelCertificateOperation() { string certName = Recording.GenerateId(); CertificatePolicy certificatePolicy = DefaultPolicy; CertificateOperation operation = await Client.StartCreateCertificateAsync(certName, certificatePolicy); RegisterForCleanup(certName); OperationCanceledException ex = null; try { // Calling through the CertificateClient directly won't affect the CertificateOperation, so subsequent status updates should throw. await Client.CancelCertificateOperationAsync(certName); await operation.WaitForCompletionAsync(DefaultCertificateOperationPollingInterval, default); } catch (OperationCanceledException e) { ex = e; } catch (RequestFailedException e) when(e.Status == 403) { Assert.Inconclusive("The create operation completed before it could be canceled."); } catch (RequestFailedException e) when(e.Status == 409) { Assert.Inconclusive("There was a service timing issue when attempting to cancel the operation."); } if (operation.HasCompleted && !operation.Properties.CancellationRequested) { Assert.Inconclusive("The create operation completed before it could be canceled."); } Assert.AreEqual("The operation was canceled so no value is available.", ex?.Message); Assert.IsTrue(operation.HasCompleted); Assert.IsFalse(operation.HasValue); Assert.AreEqual(200, operation.GetRawResponse().Status); }
protected async Task <CertificateWithPolicy> WaitForCompletion(CertificateOperation operation) { operation.PollingInterval = TimeSpan.FromSeconds((Mode == RecordedTestMode.Playback) ? 0 : 1); if (IsAsync) { await operation.WaitCompletionAsync(); } else { while (!operation.HasValue) { operation.UpdateStatus(); await Task.Delay(operation.PollingInterval); } } return(operation.Value); }
public async Task VerifyCancelCertificateOperation() { string certName = Recording.GenerateId(); CertificatePolicy certificatePolicy = DefaultPolicy; CertificateOperation operation = await Client.StartCreateCertificateAsync(certName, certificatePolicy); RegisterForCleanup(certName); // Give the service time to process the start request. await DelayAsync(TimeSpan.FromSeconds(2)); OperationCanceledException ex = null; try { await operation.CancelAsync(); await operation.WaitForCompletionAsync(DefaultCertificateOperationPollingInterval, default); } catch (OperationCanceledException e) { ex = e; } catch (RequestFailedException e) when(e.Status == 403) { Assert.Inconclusive("The create operation completed before it could be canceled."); } if (operation.HasCompleted && !operation.Properties.CancellationRequested) { Assert.Inconclusive("The create operation completed before it could be canceled."); } Assert.AreEqual("The operation was canceled so no value is available.", ex?.Message); Assert.IsTrue(operation.HasCompleted); Assert.IsFalse(operation.HasValue); Assert.AreEqual(200, operation.GetRawResponse().Status); }
public async Task VerifyCancelCertificateOperation() { string certName = Recording.GenerateId(); CertificatePolicy certificatePolicy = DefaultPolicy; CertificateOperation operation = await Client.StartCreateCertificateAsync(certName, certificatePolicy); RegisterForCleanup(certName); try { await Client.CancelCertificateOperationAsync(certName); } catch (RequestFailedException ex) when(ex.Status == 403) { Assert.Inconclusive("The create operation completed before it could be canceled."); } Assert.ThrowsAsync <OperationCanceledException>(() => WaitForCompletion(operation)); }
public async Task VerifyGetCertificatePolicy() { string certName = Recording.GenerateId(); CertificatePolicy certificatePolicy = DefaultPolicy; CertificateOperation operation = await Client.StartCreateCertificateAsync(certName, certificatePolicy); KeyVaultCertificateWithPolicy original = await operation.WaitForCompletionAsync(DefaultCertificateOperationPollingInterval, default); Assert.NotNull(original); RegisterForCleanup(certName); CertificatePolicy policy = await Client.GetCertificatePolicyAsync(certName); Assert.NotNull(policy); Assert.AreEqual(DefaultPolicy.KeyType, policy.KeyType); Assert.AreEqual(DefaultPolicy.IssuerName, policy.IssuerName); Assert.AreEqual(DefaultPolicy.ReuseKey, policy.ReuseKey); }
public async Task VerifyDeleteRecoverPurge() { string certName = Recording.GenerateId(); CertificateOperation operation = await Client.StartCreateCertificateAsync(certName, DefaultPolicy); KeyVaultCertificateWithPolicy original = await operation.WaitForCompletionAsync(DefaultCertificateOperationPollingInterval, default); Assert.NotNull(original); DeleteCertificateOperation deleteOperation = await Client.StartDeleteCertificateAsync(certName); DeletedCertificate deletedCert = deleteOperation.Value; Assert.IsNotNull(deletedCert); Assert.IsNotNull(deletedCert.RecoveryId); await WaitForDeletedCertificate(certName); _ = await Client.StartRecoverDeletedCertificateAsync(certName); Assert.NotNull(original); await PollForCertificate(certName); deleteOperation = await Client.StartDeleteCertificateAsync(certName); deletedCert = deleteOperation.Value; Assert.IsNotNull(deletedCert); Assert.IsNotNull(deletedCert.RecoveryId); await WaitForDeletedCertificate(certName); await Client.PurgeDeletedCertificateAsync(certName); await WaitForPurgedCertificate(certName); }
public async Task VerifyDeleteCertificateOperation() { string certName = Recording.GenerateId(); CertificatePolicy certificatePolicy = DefaultPolicy; certificatePolicy.IssuerName = WellKnownIssuerNames.Unknown; CertificateOperation operation = await Client.StartCreateCertificateAsync(certName, certificatePolicy); RegisterForCleanup(certName); await operation.DeleteAsync(); InvalidOperationException ex = Assert.ThrowsAsync <InvalidOperationException>(() => WaitForCompletion(operation)); Assert.AreEqual("The operation was deleted so no value is available.", ex.Message); Assert.IsTrue(operation.HasCompleted); Assert.IsFalse(operation.HasValue); Assert.AreEqual(404, operation.GetRawResponse().Status); }
protected override void ProcessRecord() { CertificateOperation certificateOperation = null; ConfirmAction( Force.IsPresent, string.Format( CultureInfo.InvariantCulture, "Are you sure you want to stop certificate operation for '{0}'?", Name), string.Format( CultureInfo.InvariantCulture, "Stop certificate operation for '{0}'", Name), Name, () => { certificateOperation = this.DataServiceClient.CancelCertificateOperation(VaultName, Name); var kvCertificateOperation = KeyVaultCertificateOperation.FromCertificateOperation(certificateOperation); this.WriteObject(kvCertificateOperation); }); }
public async Task CreateClientAsync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL"); #region Snippet:CreateCertificateClient // Create a new certificate client using the default credential from Azure.Identity using environment variables previously set, // including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID. var client = new CertificateClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential()); #endregion #region Snippet:CreateCertificate // Create a certificate. This starts a long running operation to create and sign the certificate. CertificateOperation operation = await client.StartCreateCertificateAsync("MyCertificate"); // You can await the completion of the create certificate operation. CertificateWithPolicy certificate = await operation.WaitForCompletionAsync(); #endregion this.client = client; }
public async Task VerifyDeleteRecoverPurge() { string certName = Recording.GenerateId(); CertificateOperation operation = await Client.StartCreateCertificateAsync(certName); CertificateWithPolicy original = await WaitForCompletion(operation); Assert.NotNull(original); DeletedCertificate deletedCert = await Client.DeleteCertificateAsync(certName); Assert.IsNotNull(deletedCert); Assert.IsNotNull(deletedCert.RecoveryId); await WaitForDeletedCertificate(certName); _ = await Client.RecoverDeletedCertificateAsync(certName); Assert.NotNull(original); await PollForCertificate(certName); deletedCert = await Client.DeleteCertificateAsync(certName); Assert.IsNotNull(deletedCert); Assert.IsNotNull(deletedCert.RecoveryId); await WaitForDeletedCertificate(certName); await Client.PurgeDeletedCertificateAsync(certName); await WaitForPurgedCertificate(certName); }
public async Task VerifyCancelCertificateOperation() { // Log details why this fails often for live tests on net461. using AzureEventSourceListener listener = AzureEventSourceListener.CreateConsoleLogger(EventLevel.Verbose); string certName = Recording.GenerateId(); CertificatePolicy certificatePolicy = DefaultPolicy; CertificateOperation operation = await Client.StartCreateCertificateAsync(certName, certificatePolicy); RegisterForCleanup(certName); try { await Client.CancelCertificateOperationAsync(certName); } catch (RequestFailedException ex) when(ex.Status == 403) { Assert.Inconclusive("The create operation completed before it could be canceled."); } Assert.ThrowsAsync <OperationCanceledException>(() => WaitForCompletion(operation)); }
public async Task VerifyGetCertificateCompleted() { string certName = Recording.GenerateId(); CertificateOperation operation = await Client.StartCreateCertificateAsync(certName, DefaultPolicy); RegisterForCleanup(certName); await operation.WaitForCompletionAsync(DefaultCertificateOperationPollingInterval, default); KeyVaultCertificateWithPolicy certificateWithPolicy = await Client.GetCertificateAsync(certName); Assert.NotNull(certificateWithPolicy); Assert.AreEqual(certificateWithPolicy.Name, certName); Assert.NotNull(certificateWithPolicy.Properties.Version); KeyVaultCertificate certificate = await Client.GetCertificateVersionAsync(certName, certificateWithPolicy.Properties.Version); Assert.NotNull(certificate); Assert.AreEqual(certificate.Name, certName); }
public async Task VerifyGetCertificateCompletedSubsequently() { string certName = Recording.GenerateId(); await Client.StartCreateCertificateAsync(certName, DefaultPolicy); RegisterForCleanup(certName); // Pretend a separate process was started subsequently and we need to get the operation again. CertificateOperation operation = new CertificateOperation(Client, certName); // Need to call the real async wait method or the sync version of this test fails because it's using the instrumented Client directly. using CancellationTokenSource cts = new CancellationTokenSource(DefaultCertificateOperationTimeout); await operation.WaitForCompletionAsync(PollingInterval, cts.Token); Assert.IsTrue(operation.HasCompleted); Assert.IsTrue(operation.HasValue); KeyVaultCertificateWithPolicy certificateWithPolicy = operation.Value; Assert.NotNull(certificateWithPolicy); Assert.AreEqual(certName, certificateWithPolicy.Name); Assert.NotNull(certificateWithPolicy.Properties.Version); }
public CertificateOperationDeleter(CertificateOperation operation) { _operation = operation; }
protected IAsyncDisposable EnsureDeleted(CertificateOperation operation) => new CertificateOperationDeleter(operation);