public async Task VerifyImportCertificatePemWithoutIssuer()
{
string certificateName = Recording.GenerateId();
byte[] certificateBytes = Encoding.ASCII.GetBytes(PemCertificateWithV3Extensions);
#region Snippet:CertificateClientLiveTests_VerifyImportCertificatePem
#if SNIPPET
byte[] certificateBytes = File.ReadAllBytes("certificate.pem");
#endif
ImportCertificateOptions options = new ImportCertificateOptions(certificateName, certificateBytes)
{
Policy = new CertificatePolicy
{
ContentType = CertificateContentType.Pem
}
};
#endregion
KeyVaultCertificateWithPolicy cert = await Client.ImportCertificateAsync(options);
RegisterForCleanup(certificateName);
certificateBytes = Convert.FromBase64String(CertificateWithV3ExtensionsBase64);
CollectionAssert.AreEqual(certificateBytes, cert.Cer);
Assert.AreEqual("CN=Azure SDK", cert.Policy.Subject);
Assert.AreEqual("*****@*****.**", cert.Policy.SubjectAlternativeNames?.Emails?[0]);
}
public async Task ImportPemCertificateAsync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = TestEnvironment.KeyVaultUrl;
CertificateClient client = new CertificateClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
string name = $"cert-{Guid.NewGuid()}";
//@@ byte[] pem = File.ReadAllBytes("certificate.cer");
/*@@*/ byte[] pem = Encoding.ASCII.GetBytes(s_pem);
ImportCertificateOptions importOptions = new ImportCertificateOptions(name, pem)
{
Policy = new CertificatePolicy(WellKnownIssuerNames.Self, "CN=contoso.com")
{
// Required when the certificate bytes are a PEM-formatted certificate.
ContentType = CertificateContentType.Pem,
// Optionally mark the private key exportable.
Exportable = true
}
};
await client.ImportCertificateAsync(importOptions);
DeleteCertificateOperation operation = await client.StartDeleteCertificateAsync(name);
// To ensure certificates are deleted on server side.
// You only need to wait for completion if you want to purge or recover the certificate.
await operation.WaitForCompletionAsync();
client.PurgeDeletedCertificate(name);
}
public async Task Save(CertificateInfo certificateInfo)
{
var client = await GetClient();
var importOptions = new ImportCertificateOptions(
_options.CertificateName,
await File.ReadAllBytesAsync(certificateInfo.CacheFile.FullName));
importOptions.Password = certificateInfo.CacheFilePassword;
try
{
_ = await client.ImportCertificateAsync(importOptions);
certificateInfo.StoreInfo.Add(
GetType(),
new StoreInfo()
{
Path = _options.VaultName,
Name = _options.CertificateName
});
}
catch (Exception ex)
{
_log.Error(ex, "Error importing certificate to KeyVault");
}
}
public async Task SaveAsync(X509Certificate2 certificate, CancellationToken cancellationToken)
{
var domainName = certificate.GetNameInfo(X509NameType.DnsName, false);
_logger.LogInformation("Saving certificate for {Domain} in Azure KeyVault.", domainName);
if (!(await ShouldImportVersionAsync(domainName, certificate, cancellationToken)))
{
_logger.LogInformation("Certificate for {Domain} is already up-to-date in Azure KeyVault. Skipping importing.", domainName);
return;
}
var exported = certificate.Export(X509ContentType.Pfx);
var options = new ImportCertificateOptions(NormalizeHostName(domainName), exported);
try
{
await _client.ImportCertificateAsync(options, cancellationToken);
_logger.LogInformation("Imported certificate into Azure KeyVault for {Domain}", domainName);
}
catch (RequestFailedException ex)
{
_logger.LogWarning(ex, "Failed to save {Domain} certificate to Azure KeyVault", domainName);
}
}
public async Task ImportPfxCertificateAsync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = TestEnvironment.KeyVaultUrl;
CertificateClient client = new CertificateClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
string name = $"cert-{Guid.NewGuid()}";
//@@ byte[] pfx = File.ReadAllBytes("certificate.pfx");
/*@@*/ byte[] pfx = Convert.FromBase64String(s_pfxBase64);
ImportCertificateOptions importOptions = new ImportCertificateOptions(name, pfx)
{
Policy = new CertificatePolicy(WellKnownIssuerNames.Self, "CN=contoso.com")
{
// Required when setting a policy; if no policy required, Pfx is assumed.
ContentType = CertificateContentType.Pkcs12,
// Optionally mark the private key exportable.
Exportable = true
}
};
await client.ImportCertificateAsync(importOptions);
DeleteCertificateOperation operation = await client.StartDeleteCertificateAsync(name);
// To ensure certificates are deleted on server side.
// You only need to wait for completion if you want to purge or recover the certificate.
await operation.WaitForCompletionAsync();
client.PurgeDeletedCertificate(name);
}
/// <summary>
/// Deploy current cert to Azure Key Vault
/// </summary>
/// <param name="log"></param>
/// <param name="managedCert"></param>
/// <param name="settings"></param>
/// <param name="credentials"></param>
/// <param name="isPreviewOnly"></param>
/// <returns></returns>
public async Task <List <ActionResult> > Execute(DeploymentTaskExecutionParams execParams)
{
var definition = GetDefinition(execParams.Definition);
var results = await Validate(execParams);
if (results.Any())
{
return(results);
}
var managedCert = ManagedCertificate.GetManagedCertificate(execParams.Subject);
if (string.IsNullOrEmpty(managedCert.CertificatePath))
{
results.Add(new ActionResult("No certificate to deploy.", false));
return(results);
}
var keyVaultUri = new Uri(execParams.Settings.Parameters.FirstOrDefault(c => c.Key == "vault_uri")?.Value);
var pfxData = File.ReadAllBytes(managedCert.CertificatePath);
// from application user details in Azure AD
var cred = new ClientSecretCredential(execParams.Credentials["tenantid"], execParams.Credentials["clientid"], execParams.Credentials["secret"]);
var client = new CertificateClient(keyVaultUri, cred);
var customName = execParams.Settings.Parameters.FirstOrDefault(c => c.Key == "cert_name")?.Value;
var certName = GetStringAsKeyVaultName(customName ?? managedCert.Name);
var importOptions = new ImportCertificateOptions(certName, pfxData);
try
{
await client.ImportCertificateAsync(importOptions);
execParams.Log.Information($"Deployed certificate [{certName}] to Azure Key Vault");
results.Add(new ActionResult("Certificate Deployed to Azure Key Vault", true));
}
catch (AuthenticationFailedException exp)
{
execParams.Log.Error($"Azure Authentiation error: {exp.InnerException?.Message ?? exp.Message}");
results.Add(new ActionResult("Key Vault Deployment Failed", false));
}
catch (Exception exp)
{
execParams.Log.Error($"Failed to deploy certificate [{certName}] to Azure Key Vault :{exp}");
results.Add(new ActionResult("Key Vault Deployment Failed", false));
}
return(results);
}
public async Task UploadCertificateAsync(string name, Uri keyVaultUri, byte[] pfxCertificate, string pfxPassword)
{
var client = new CertificateClient(keyVaultUri, azureCredential);
var importOptions = new ImportCertificateOptions(name, pfxCertificate)
{
Password = pfxPassword,
Enabled = true
};
logger.LogInformation("Upload the certificate to KeyVault: KeyVault={keyVaultUri}, Name={certName}", keyVaultUri, name);
await client.ImportCertificateAsync(importOptions);
}
private async Task <KeyVaultCertificateWithPolicy> ImportCertificateAsync(
byte[] certificate,
string password,
CancellationToken cancellationToken)
{
var options = new ImportCertificateOptions(_certificateName, certificate)
{
Password = password,
Enabled = true
};
var result = await _certificateClient.ImportCertificateAsync(options, cancellationToken);
return(result.Value);
}
public void ImportPfxCertificateSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = TestEnvironment.KeyVaultUrl;
#region Snippet:CertificatesSample3CertificateClient
CertificateClient client = new CertificateClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
#endregion
#region Snippet:CertificatesSample3ImportPfxCertificate
string name = $"cert-{Guid.NewGuid()}";
#if SNIPPET
byte[] pfx = File.ReadAllBytes("certificate.pfx");
#else
byte[] pfx = Convert.FromBase64String(s_pfxBase64);
#endif
ImportCertificateOptions importOptions = new ImportCertificateOptions(name, pfx)
{
Policy = new CertificatePolicy(WellKnownIssuerNames.Self, "CN=contoso.com")
{
// Required when setting a policy; if no policy required, Pfx is assumed.
ContentType = CertificateContentType.Pkcs12,
// Optionally mark the private key exportable.
Exportable = true
}
};
client.ImportCertificate(importOptions);
#endregion
DeleteCertificateOperation operation = client.StartDeleteCertificate(name);
// To ensure certificates are deleted on server side.
// You only need to wait for completion if you want to purge or recover the certificate.
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
client.PurgeDeletedCertificate(name);
}
public async Task VerifyImportCertificatePfx()
{
string caCertificateName = Recording.GenerateId();
byte[] caCertificateBytes = Convert.FromBase64String(CaKeyPairPkcs12Base64);
ImportCertificateOptions options = new ImportCertificateOptions(caCertificateName, caCertificateBytes)
{
Policy = new CertificatePolicy(WellKnownIssuerNames.Self, "CN=Azure SDK")
{
ContentType = CertificateContentType.Pkcs12,
},
};
KeyVaultCertificateWithPolicy cert = await Client.ImportCertificateAsync(options);
RegisterForCleanup(caCertificateName);
byte[] pubBytes = Convert.FromBase64String(CaPublicKeyBase64);
CollectionAssert.AreEqual(pubBytes, cert.Cer);
}
public async Task <string> ImportCertificateAsync([ActivityTrigger] AddCertificateRequestRecord record, ILogger log)
{
log.LogInformation($"Creating certificate for {record.Hostname}");
var certificateName = record.Hostname.Replace("*", "wildcard").Replace(".", "-");
var certificate = record.Certificate
.Replace("-----BEGIN CERTIFICATE-----", "")
.Replace("-----END CERTIFICATE-----", "");
var privateKey = record.PrivateKey
.Replace("-----BEGIN PRIVATE KEY-----", "")
.Replace("-----END PRIVATE KEY-----", "");
var certificateByteArray = Encoding.ASCII.GetBytes(certificate);
var x509Certificate = new X509Certificate2(certificateByteArray);
using RSA rsa = RSA.Create();
var privateKeyByteArray = Convert.FromBase64String(privateKey);
if (record.Password == null)
{
rsa.ImportPkcs8PrivateKey(new ReadOnlySpan <byte>(privateKeyByteArray), out _);
}
else
{
rsa.ImportEncryptedPkcs8PrivateKey(record.Password, new ReadOnlySpan <byte>(privateKeyByteArray), out _);
}
var x509CertificateWithPrivateKey = x509Certificate.CopyWithPrivateKey(rsa);
// Import certificate with the new Certificate Client
var options = new ImportCertificateOptions(certificateName, x509CertificateWithPrivateKey.Export(X509ContentType.Pfx))
{
Password = record.Password
};
options.Tags.Add("Hostname", record.Hostname);
var cert = await _certificateClient.ImportCertificateAsync(options);
return(cert.Value.SecretId.AbsoluteUri);
}
public async Task VerifyImportCertificatePem()
{
string certificateName = Recording.GenerateId();
byte[] certificateBytes = Encoding.ASCII.GetBytes(PemCertificateWithV3Extensions);
ImportCertificateOptions options = new ImportCertificateOptions(certificateName, certificateBytes)
{
Policy = new CertificatePolicy(WellKnownIssuerNames.Self, "CN=Azure SDK")
{
ContentType = CertificateContentType.Pem,
},
};
KeyVaultCertificateWithPolicy cert = await Client.ImportCertificateAsync(options);
RegisterForCleanup(certificateName);
certificateBytes = Convert.FromBase64String(CertificateWithV3ExtensionsBase64);
CollectionAssert.AreEqual(certificateBytes, cert.Cer);
Assert.AreEqual("CN=Azure SDK", cert.Policy.Subject);
Assert.AreEqual("*****@*****.**", cert.Policy.SubjectAlternativeNames?.Emails?[0]);
}
public async Task VerifyImportCertificatePem()
{
const string pem =
"-----BEGIN CERTIFICATE-----\n" +
"MIIDqzCCApMCFC+MROpib4t03Wqzgkcod1lad6JtMA0GCSqGSIb3DQEBCwUAMIGR\n" +
"MQswCQYDVQQGEwJVUzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1JlZG1vbmQxEjAQ\n" +
"BgNVBAoMCU1pY3Jvc29mdDESMBAGA1UECwwJQXp1cmUgU0RLMRIwEAYDVQQDDAlB\n" +
"enVyZSBTREsxJzAlBgkqhkiG9w0BCQEWGG9wZW5zb3VyY2VAbWljcm9zb2Z0LmNv\n" +
"bTAeFw0yMDAyMTQyMzE3MTZaFw0yNTAyMTIyMzE3MTZaMIGRMQswCQYDVQQGEwJV\n" +
"UzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1JlZG1vbmQxEjAQBgNVBAoMCU1pY3Jv\n" +
"c29mdDESMBAGA1UECwwJQXp1cmUgU0RLMRIwEAYDVQQDDAlBenVyZSBTREsxJzAl\n" +
"BgkqhkiG9w0BCQEWGG9wZW5zb3VyY2VAbWljcm9zb2Z0LmNvbTCCASIwDQYJKoZI\n" +
"hvcNAQEBBQADggEPADCCAQoCggEBANwCTuK0OnFc8UytzzCIB5pUWqWCMZA8kWO1\n" +
"Es84wOVupPTZHNDWKI57prj0CB5JP2yU8BkIFjhkV/9wc2KLjKwu7xaJTwBZF/i0\n" +
"t8dPBbgiEUmK6xdbJsLXoef/XZ5AmvCKb0mimEMvL8KgeF5OHuZJuYO0zCiRNVtp\n" +
"ZYSx2R73qhgy5klDHh346qQd5T+KbsdK3DArilT86QO1GrpBWl1GPvHJ3VZ1OO33\n" +
"iFWfyEVgwdAtMAkWXH8Eh1/MpPE8WQk5X5pdVEu+RJLLrVbgr+cnlVzfirSVLRar\n" +
"KZROAB3e2x8JdSqylnar/WWK11NERdiKaZr3WxAkceuVkTsKmRkCAwEAATANBgkq\n" +
"hkiG9w0BAQsFAAOCAQEAYLfk2dBcW1mJbkVYx80ogDUy/xX3d+uuop2gZwUXuzWY\n" +
"I4uXzSEsY37/+NKzOX6PtET3X6xENDW7AuJhTuWmTGZtPB1AjiVKLIgRwugV3Ovr\n" +
"1DoPBIvS7iCHGGcsr7tAgYxiVATlIcczCxQG1KPhrrLSUDxkbiyUHpyroExHGBeC\n" +
"UflT2BIO+TZ+44aYfO7vuwpu0ajfB6Rs0s/DM+uUTWCfsVvyPenObHz5HF2vxf75\n" +
"y8pr3fYKuUvpJ45T0ZjiXyRpkBTDudU3vuYuyAP3PwO6F/ic7Rm9D1uzEI38Va+o\n" +
"6CUh4NJnpIZIBs7T+rPwhKrUuM7BEO0CL7VTh37UzA==\n" +
"-----END CERTIFICATE-----\n" +
"-----BEGIN PRIVATE KEY-----\n" +
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDcAk7itDpxXPFM\n" +
"rc8wiAeaVFqlgjGQPJFjtRLPOMDlbqT02RzQ1iiOe6a49AgeST9slPAZCBY4ZFf/\n" +
"cHNii4ysLu8WiU8AWRf4tLfHTwW4IhFJiusXWybC16Hn/12eQJrwim9JophDLy/C\n" +
"oHheTh7mSbmDtMwokTVbaWWEsdke96oYMuZJQx4d+OqkHeU/im7HStwwK4pU/OkD\n" +
"tRq6QVpdRj7xyd1WdTjt94hVn8hFYMHQLTAJFlx/BIdfzKTxPFkJOV+aXVRLvkSS\n" +
"y61W4K/nJ5Vc34q0lS0WqymUTgAd3tsfCXUqspZ2q/1litdTREXYimma91sQJHHr\n" +
"lZE7CpkZAgMBAAECggEAMRfSwoO1BtbWgWXHdezkxWtNTuFebfEWAEnHiLYBVTD7\n" +
"XieUZoVjR2gQK/VIWnm9zVzutqc3Th4WBMny9WpuWX2fnEfHeSxoTPcGi1L207/G\n" +
"W8LD8tJEM/YqCrrRCR8hc8twSd4eW9+LqMJmGaUVAA4zd1BAvkyou10pahLFgEMZ\n" +
"nlYxOzz0KrniNIdQxhwfaXZYUzX5ooJYtgY74vnSOHQhepRt5HY9B7iZ6jm/3ulA\n" +
"aJnfNbQ8YDYTS0R+OGv8RXU/jLCm5+TPwx0XFwZ6vRtWwWUUxhLV77Re9GP1xIx9\n" +
"VnYm9W3RyOm/KD9keQMTWKT0bLGB8fC6kj2mvbjgAQKBgQDzh5sy7q9RA+GqprC8\n" +
"8aUmkaTMXNahPPPJoLOflJ/+QlOt6YZUIn55vmicVsvFzr9hbxdTW7aQS91iAu05\n" +
"swEyltsR0my7FXsHZnN4SBct2FimAzMLTWQr10vLLRoSR5CNpUdoXGWFOAa3LKrZ\n" +
"aPJEM1hA3h2XDfZ7Gtxjg4ypIQKBgQDnRl9pGwd83MkoxT4CiZvNbvdBg4lXlHcA\n" +
"JoZ9OfoOey+7WRsOFsMvQapXf+JlvixP0ldECXZyxifswvfmiR2oqYTeRbITderg\n" +
"mwjDjN571Ui0ls5HwCBE+/iZoNmQI5INAPqsQMXwW0rx4YNXHblsJ0qT+3yFNWOF\n" +
"m6STMH8Y+QKBgFai8JivB1nICrleMdQWF43gFIPLp2OXPpeFf0GPa1fWGtTtFifK\n" +
"WbpP/gFYc4f8pGMyVVcHcqxlAO5EYka7ovpvZqIxfRMVcj5QuVWaN/zMUcVFsBwe\n" +
"PTvHjSRL+FF2ejuaCAxdipRZOTJjRqivyDhxF72EB3zcr8pd5PfWLe1hAoGASJRO\n" +
"JvcDj4zeWDwmLLewvHTBhb7Y4DJIcjSk6jHCpr7ECQB6vB4qnO73nUQV8aYP0/EH\n" +
"z+NEV9qV9vhswd1wAFlKyFKJAxBzaI9e3becrrINghb9n4jM17lXmCbhgBmZoRkY\n" +
"kew18itERspl5HYAlc9y2SQIPOm3VNu2dza1/EkCgYEAlTMyL6arbtJJsygzVn8l\n" +
"gKHuURwp1cxf6hUuXKJ56xI/I1OZjMidZM0bYSznmK9SGNxlfNbIV8vNhQfiwR6t\n" +
"HyGypSRP+h9MS9E66boXyINaOClZqiCn0pI9aiIpl3D6EbT6e7+zKljT0XmZJduK\n" +
"BkRGMfUngiT8oVyaMtZWYPM=\n" +
"-----END PRIVATE KEY-----\n";
string caCertificateName = Recording.GenerateId();
byte[] caCertificateBytes = Encoding.ASCII.GetBytes(pem);
ImportCertificateOptions options = new ImportCertificateOptions(caCertificateName, caCertificateBytes)
{
Policy = new CertificatePolicy(WellKnownIssuerNames.Self, "CN=Azure SDK")
{
ContentType = CertificateContentType.Pem,
},
};
KeyVaultCertificateWithPolicy cert = await Client.ImportCertificateAsync(options);
RegisterForCleanup(caCertificateName);
byte[] pubBytes = Convert.FromBase64String(CaPublicKeyBase64);
CollectionAssert.AreEqual(pubBytes, cert.Cer);
}
private async Task MigrationGuide()
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_Create
CertificateClient client = new CertificateClient(
new Uri("https://myvault.vault.azure.net"),
new DefaultAzureCredential());
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_Create
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateWithOptions
using (HttpClient httpClient = new HttpClient())
{
CertificateClientOptions options = new CertificateClientOptions
{
Transport = new HttpClientTransport(httpClient)
};
//@@CertificateClient client = new CertificateClient(
/*@@*/ CertificateClient _ = new CertificateClient(
new Uri("https://myvault.vault.azure.net"),
new DefaultAzureCredential(),
options);
}
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateWithOptions
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateCustomPolicy
CertificatePolicy policy = new CertificatePolicy("issuer-name", "CN=customdomain.com")
{
ContentType = CertificateContentType.Pkcs12,
KeyType = CertificateKeyType.Rsa,
ReuseKey = true,
KeyUsage =
{
CertificateKeyUsage.CrlSign,
CertificateKeyUsage.DataEncipherment,
CertificateKeyUsage.DigitalSignature,
CertificateKeyUsage.KeyEncipherment,
CertificateKeyUsage.KeyAgreement,
CertificateKeyUsage.KeyCertSign
},
ValidityInMonths = 12,
LifetimeActions =
{
new LifetimeAction(CertificatePolicyAction.AutoRenew)
{
DaysBeforeExpiry = 90,
}
}
};
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy
//@@CertificatePolicy policy = CertificatePolicy.Default;
/*@@*/ policy = CertificatePolicy.Default;
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateCertificate
// Start certificate creation.
// Depending on the policy and your business process, this could even take days for manual signing.
CertificateOperation createOperation = await client.StartCreateCertificateAsync("certificate-name", policy);
KeyVaultCertificateWithPolicy certificate = await createOperation.WaitForCompletionAsync(TimeSpan.FromSeconds(20), CancellationToken.None);
// If you need to restart the application you can recreate the operation and continue awaiting.
createOperation = new CertificateOperation(client, "certificate-name");
certificate = await createOperation.WaitForCompletionAsync(TimeSpan.FromSeconds(20), CancellationToken.None);
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateCertificate
}
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_ImportCertificate
byte[] cer = File.ReadAllBytes("certificate.pfx");
ImportCertificateOptions importCertificateOptions = new ImportCertificateOptions("certificate-name", cer)
{
Policy = policy
};
KeyVaultCertificateWithPolicy certificate = await client.ImportCertificateAsync(importCertificateOptions);
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_ImportCertificate
}
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_ListCertificates
// List all certificates asynchronously.
await foreach (CertificateProperties item in client.GetPropertiesOfCertificatesAsync())
{
KeyVaultCertificateWithPolicy certificate = await client.GetCertificateAsync(item.Name);
}
// List all certificates synchronously.
foreach (CertificateProperties item in client.GetPropertiesOfCertificates())
{
KeyVaultCertificateWithPolicy certificate = client.GetCertificate(item.Name);
}
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_ListCertificates
}
{
#region Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_DeleteCertificate
// Delete the certificate.
DeleteCertificateOperation deleteOperation = await client.StartDeleteCertificateAsync("certificate-name");
// Purge or recover the deleted certificate if soft delete is enabled.
if (deleteOperation.Value.RecoveryId != null)
{
// Deleting a certificate does not happen immediately. Wait for the certificate to be deleted.
DeletedCertificate deletedCertificate = await deleteOperation.WaitForCompletionAsync();
// Purge the deleted certificate.
await client.PurgeDeletedCertificateAsync(deletedCertificate.Name);
// You can also recover the deleted certificate using StartRecoverDeletedCertificateAsync,
// which returns RecoverDeletedCertificateOperation you can await like DeleteCertificateOperation above.
}
#endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_DeleteCertificate
}
}
public async Task StorePfxCertificateAsync(string identifier, byte[] pfx)
{
var import = new ImportCertificateOptions(identifier, pfx);
await certClient.ImportCertificateAsync(import);
}
