コード例 #1
0
 /// <summary>
 /// Configures the retries on an options instance
 /// </summary>
 /// <param name="options">The options instance</param>
 /// <param name="mode">The retry mode</param>
 /// <param name="maximumRetries">The maximum retries to be performed</param>
 /// <param name="delay">The delay before invoking the first retry</param>
 /// <param name="maximumDelay">The maximum delay allowed between retries</param>
 /// <param name="networkTimeout">The network timeout for a single operation</param>
 public static void ConfigureRetries(KeyClientOptions options, RetryMode mode, int maximumRetries, TimeSpan delay, TimeSpan maximumDelay, TimeSpan networkTimeout)
 {
     options.Retry.Delay          = delay;
     options.Retry.MaxDelay       = maximumDelay;
     options.Retry.MaxRetries     = maximumRetries;
     options.Retry.NetworkTimeout = networkTimeout;
     options.Retry.Mode           = mode;
 }
コード例 #2
0
        /// <summary>
        /// Initializes a new instance of the type
        /// </summary>
        /// <param name="keyVault">The key vault URI</param>
        /// <param name="credential">Oauth token credentials</param>
        /// <param name="options">The options used to access the keys</param>
        public KeyVaultKeys(Uri keyVault, TokenCredential credential, KeyClientOptions options)
        {
            Guard.NotNull(nameof(credential), credential);
            Guard.NotNull(nameof(options), options);
            Guard.NotNull(nameof(keyVault), keyVault);

            Client = new KeyClient(keyVault, credential, options);
        }
コード例 #3
0
        public KeyClientTests(bool isAsync) : base(isAsync)
        {
            KeyClientOptions options = new KeyClientOptions
            {
                Transport = new MockTransport(),
            };

            Client = InstrumentClient(new KeyClient(new Uri("http://localhost"), new DefaultAzureCredential(), options));
        }
コード例 #4
0
 /// <summary>
 /// Configures the diagnostics information associated with a key option
 /// </summary>
 /// <param name="options">The option instance</param>
 /// <param name="applicationId">The application id</param>
 /// <param name="isDistributedTracingEnabled">True if distributed tracing is in use</param>
 /// <param name="isLoggingContentEnabled">True if logging of content is enabled</param>
 /// <param name="isLoggingEnabled">True if logging is enabled</param>
 /// <param name="isTelemetryEnabled">True if telemetry is enabled</param>
 /// <param name="loggingContentSizeLimit">The maximum size of the content being logged</param>
 public static void ConfigureDiagnostics(KeyClientOptions options, string applicationId, bool isDistributedTracingEnabled, bool isLoggingContentEnabled, bool isLoggingEnabled, bool isTelemetryEnabled, int loggingContentSizeLimit)
 {
     options.Diagnostics.ApplicationId = applicationId;
     options.Diagnostics.IsDistributedTracingEnabled = isDistributedTracingEnabled;
     options.Diagnostics.IsLoggingContentEnabled     = isLoggingContentEnabled;
     options.Diagnostics.IsLoggingEnabled            = isLoggingEnabled;
     options.Diagnostics.IsTelemetryEnabled          = isTelemetryEnabled;
     options.Diagnostics.LoggedContentSizeLimit      = loggingContentSizeLimit;
 }
コード例 #5
0
        internal KeyClient GetClient()
        {
            KeyClientOptions options = InstrumentClientOptions(new KeyClientOptions(_serviceVersion)
            {
                Diagnostics =
                {
                    LoggedHeaderNames =
                    {
                        "x-ms-request-id",
                    },
                },
            });

            // Until https://github.com/Azure/azure-sdk-for-net/issues/8575 is fixed,
            // we need to delay creation of keys due to aggressive service limits on key creation:
            // https://docs.microsoft.com/azure/key-vault/key-vault-service-limits
            IInterceptor[] interceptors = new[] { new DelayCreateKeyInterceptor(Mode) };

            return(InstrumentClient(new KeyClient(Uri, TestEnvironment.Credential, options), interceptors));
        }
コード例 #6
0
        public void OptionsTests()
        {
            var options = new KeyClientOptions(KeyClientOptions.ServiceVersion.V7_1);

            KeyVaultKeys.ConfigureDiagnostics(options, "app1", true, true, true, true, 2000);
            KeyVaultKeys.ConfigureRetries(options, RetryMode.Fixed, 3, TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(4), TimeSpan.FromMinutes(2));

            Assert.IsTrue(options.Retry.Delay == TimeSpan.FromMinutes(1), "Delay not expected");
            Assert.IsTrue(options.Retry.MaxDelay == TimeSpan.FromMinutes(4), "Maximum delay not expected");
            Assert.IsTrue(options.Retry.NetworkTimeout == TimeSpan.FromMinutes(2), "Network timeout not expected");
            Assert.IsTrue(options.Retry.MaxRetries == 3, "Maximum retries not expected");
            Assert.IsTrue(options.Retry.Mode == RetryMode.Fixed, "Retry mode not expected");

            Assert.IsTrue(options.Diagnostics.IsLoggingContentEnabled, "Is logging content enabled not expected");
            Assert.IsTrue(options.Diagnostics.IsLoggingEnabled, "Is logging enabled not expected");
            Assert.IsTrue(options.Diagnostics.IsTelemetryEnabled, "Is telemetry enabled not expected");
            Assert.IsTrue(options.Diagnostics.IsDistributedTracingEnabled, "Is distributed tracing enabled not expected");
            Assert.IsTrue(options.Diagnostics.LoggedContentSizeLimit == 2000, "Logging content size not expected");
            Assert.IsTrue(string.Equals(options.Diagnostics.ApplicationId, "app1", StringComparison.Ordinal), "Application id not expected");
        }
コード例 #7
0
        private async Task MigrationGuide()
        {
            #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Create
            KeyClient client = new KeyClient(
                new Uri("https://myvault.vault.azure.net"),
                new DefaultAzureCredential());

            CryptographyClient cryptoClient = new CryptographyClient(
                new Uri("https://myvault.vault.azure.net"),
                new DefaultAzureCredential());
            #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Create

            #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_CreateWithOptions
            using (HttpClient httpClient = new HttpClient())
            {
                KeyClientOptions options = new KeyClientOptions
                {
                    Transport = new HttpClientTransport(httpClient)
                };

#if SNIPPET
                KeyClient client = new KeyClient(
#else
                client = new KeyClient(
#endif
                    new Uri("https://myvault.vault.azure.net"),
                    new DefaultAzureCredential(),
                    options);

                CryptographyClientOptions cryptoOptions = new CryptographyClientOptions
                {
                    Transport = new HttpClientTransport(httpClient)
                };

#if SNIPPET
                CryptographyClient cryptoClient = new CryptographyClient(
#else
                cryptoClient = new CryptographyClient(
#endif
                    new Uri("https://myvault.vault.azure.net"),
                    new DefaultAzureCredential(),
                    cryptoOptions);
            }
            #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_CreateWithOptions

            {
                #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_CreateKeys
                // Create RSA key.
                CreateRsaKeyOptions createRsaOptions = new CreateRsaKeyOptions("rsa-key-name")
                {
                    KeySize = 4096
                };

                KeyVaultKey rsaKey = await client.CreateRsaKeyAsync(createRsaOptions);

                // Create Elliptic-Curve key.
                CreateEcKeyOptions createEcOptions = new CreateEcKeyOptions("ec-key-name")
                {
                    CurveName = KeyCurveName.P256
                };

                KeyVaultKey ecKey = await client.CreateEcKeyAsync(createEcOptions);

                #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_CreateKeys
            }

            {
                #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_ListKeys
                // List all keys asynchronously.
                await foreach (KeyProperties item in client.GetPropertiesOfKeysAsync())
                {
                    KeyVaultKey key = await client.GetKeyAsync(item.Name);
                }

                // List all keys synchronously.
                foreach (KeyProperties item in client.GetPropertiesOfKeys())
                {
                    KeyVaultKey key = client.GetKey(item.Name);
                }
                #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_ListKeys
            }

            {
                #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_DeleteKey
                // Delete the key.
                DeleteKeyOperation deleteOperation = await client.StartDeleteKeyAsync("key-name");

                // Purge or recover the deleted key if soft delete is enabled.
                if (deleteOperation.Value.RecoveryId != null)
                {
                    // Deleting a key does not happen immediately. Wait for the key to be deleted.
                    DeletedKey deletedKey = await deleteOperation.WaitForCompletionAsync();

                    // Purge the deleted key.
                    await client.PurgeDeletedKeyAsync(deletedKey.Name);

                    // You can also recover the deleted key using StartRecoverDeletedKeyAsync,
                    // which returns RecoverDeletedKeyOperation you can await like DeleteKeyOperation above.
                }
                #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_DeleteKey
            }

            {
                #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Encrypt
                // Encrypt a message. The plaintext must be small enough for the chosen algorithm.
                byte[] plaintext        = Encoding.UTF8.GetBytes("Small message to encrypt");
                EncryptResult encrypted = await cryptoClient.EncryptAsync(EncryptionAlgorithm.RsaOaep256, plaintext);

                // Decrypt the message.
                DecryptResult decrypted = await cryptoClient.DecryptAsync(encrypted.Algorithm, encrypted.Ciphertext);

                string message = Encoding.UTF8.GetString(decrypted.Plaintext);
                                                         #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Encrypt
            }

            {
                #region Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Wrap
                using (Aes aes = Aes.Create())
                {
                    // Use a symmetric key to encrypt large amounts of data, possibly streamed...

                    // Now wrap the key and store the encrypted key and plaintext IV to later decrypt the key to decrypt the data.
                    WrapResult wrapped = await cryptoClient.WrapKeyAsync(KeyWrapAlgorithm.RsaOaep256, aes.Key);

                    // Read the IV and the encrypted key from the payload, then unwrap the key.
                    UnwrapResult unwrapped = await cryptoClient.UnwrapKeyAsync(wrapped.Algorithm, wrapped.EncryptedKey);

                    aes.Key = unwrapped.Key;

                    // Decrypt the payload with the symmetric key.
                }
                       #endregion Snippet:Azure_Security_KeyVault_Keys_Snippets_MigrationGuide_Wrap
            }
        }
コード例 #8
0
 public AttestationClient(Uri endpoint, KeyClientOptions options)
 {
     _endpoint    = endpoint;
     _diagnostics = new ClientDiagnostics(options);
     _pipeline    = HttpPipelineBuilder.Build(options);
 }