/// <inheritdoc/>
public async Task <KeyHandle> ImportKeyAsync(string name, Key key,
KeyStoreProperties store, CancellationToken ct)
{
var document = new KeyDocument {
Id = name,
KeyJson = _serializer.FromObject(key),
IsDisabled = false,
IsExportable = store?.Exportable ?? false,
};
var result = await _keys.AddAsync(document, ct, name);
return(new KeyId(result.Id));
}
/// <inheritdoc/>
public async Task <KeyHandle> ImportKeyAsync(string name, Key key,
KeyStoreProperties store, CancellationToken ct)
{
if (string.IsNullOrEmpty(name))
{
throw new ArgumentNullException(nameof(name));
}
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
try {
// Import key
var keyBundle = await _keyVaultClient.ImportKeyAsync(_vaultBaseUrl, name,
key.ToJsonWebKey(), null, new KeyAttributes {
Enabled = true,
NotBefore = DateTime.UtcNow
}, null, ct);
if (store?.Exportable ?? false)
{
// Store key as json web key secret so we can export it
var secretBundle = await _keyVaultClient.SetSecretAsync(_vaultBaseUrl,
name, JsonConvert.SerializeObject(key.ToJsonWebKey()),
null, ContentEncodings.MimeTypeJson,
new SecretAttributes {
Enabled = true,
NotBefore = DateTime.UtcNow
}, ct);
return(new KeyVaultKeyHandle(keyBundle, secretBundle));
}
return(new KeyVaultKeyHandle(keyBundle));
}
catch (KeyVaultErrorException kex) {
throw new ExternalDependencyException("Failed to import key", kex);
}
}
/// <inheritdoc/>
public async Task <KeyHandle> CreateKeyAsync(string name, CreateKeyParams keyParams,
KeyStoreProperties store, CancellationToken ct)
{
if (string.IsNullOrEmpty(name))
{
throw new ArgumentNullException(nameof(name));
}
if (keyParams == null)
{
throw new ArgumentNullException(nameof(keyParams));
}
try {
if (!(store?.Exportable ?? false))
{
// Create key inside key vault
var result = await _keyVaultClient.CreateKeyAsync(_vaultBaseUrl, name,
new NewKeyParameters {
KeySize = (int?)keyParams.KeySize,
CurveName = keyParams.Curve?.ToJsonWebKeyCurveName(),
Attributes = new KeyAttributes {
Enabled = true,
NotBefore = DateTime.UtcNow
},
Kty = keyParams.Type.ToKty(_keyStoreIsHsm)
}, ct);
return(new KeyVaultKeyHandle(result));
}
// Create key outside and import
return(await ImportKeyAsync(name, keyParams.CreateKey(),
new KeyStoreProperties { Exportable = true }, ct));
}
catch (KeyVaultErrorException kex) {
throw new ExternalDependencyException("Failed to create key", kex);
}
}
/// <inheritdoc/>
public async Task <KeyHandle> CreateKeyAsync(string name,
CreateKeyParams keyParams, KeyStoreProperties store, CancellationToken ct)
{
return(await ImportKeyAsync(name, keyParams.CreateKey(), store, ct));
}
