public void WaitOnDeletedCertificate(KeyVaultClient client, string vaultAddress, string certificateName) { this.retryExecutor.ExecuteAction(() => client.GetDeletedCertificateAsync(vaultAddress, certificateName).GetAwaiter().GetResult()); }
private async Task CertificatesMigrationGuide() { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_Create AzureServiceTokenProvider provider = new AzureServiceTokenProvider(); KeyVaultClient client = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback)); #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_Create #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateWithOptions using (HttpClient httpClient = new HttpClient()) { //@@AzureServiceTokenProvider provider = new AzureServiceTokenProvider(); /*@@*/ provider = new AzureServiceTokenProvider(); //@@KeyVaultClient client = new KeyVaultClient( /*@@*/ client = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback), httpClient); } #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateWithOptions #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateCustomPolicy CertificatePolicy policy = new CertificatePolicy { IssuerParameters = new IssuerParameters("issuer-name"), SecretProperties = new SecretProperties("application/x-pkcs12"), KeyProperties = new KeyProperties { KeyType = "RSA", KeySize = 2048, ReuseKey = true }, X509CertificateProperties = new X509CertificateProperties("CN=customdomain.com") { KeyUsage = new[] { KeyUsageType.CRLSign, KeyUsageType.DataEncipherment, KeyUsageType.DigitalSignature, KeyUsageType.KeyEncipherment, KeyUsageType.KeyAgreement, KeyUsageType.KeyCertSign }, ValidityInMonths = 12 }, LifetimeActions = new[] { new LifetimeAction( new Trigger { DaysBeforeExpiry = 90 }, new Models.Action(ActionType.AutoRenew)) } }; #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateCustomPolicy { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateCertificate CertificateBundle certificate = null; // Start certificate creation. // Depending on the policy and your business process, this could even take days for manual signing. CertificateOperation createOperation = await client.CreateCertificateAsync("https://myvault.vault.azure.net", "certificate-name", policy); while (true) { if ("InProgress".Equals(createOperation.Status, StringComparison.OrdinalIgnoreCase)) { await Task.Delay(TimeSpan.FromSeconds(20)); createOperation = await client.GetCertificateOperationAsync("https://myvault.vault.azure.net", "certificate-name"); continue; } if ("Completed".Equals(createOperation.Status, StringComparison.OrdinalIgnoreCase)) { certificate = await client.GetCertificateAsync(createOperation.Id); break; } throw new Exception(string.Format( CultureInfo.InvariantCulture, "Polling on pending certificate returned an unexpected result. Error code = {0}, Error message = {1}", createOperation.Error.Code, createOperation.Error.Message)); } // If you need to restart the application you can recreate the operation and continue awaiting. do { createOperation = await client.GetCertificateOperationAsync("https://myvault.vault.azure.net", "certificate-name"); if ("InProgress".Equals(createOperation.Status, StringComparison.OrdinalIgnoreCase)) { await Task.Delay(TimeSpan.FromSeconds(20)); continue; } if ("Completed".Equals(createOperation.Status, StringComparison.OrdinalIgnoreCase)) { certificate = await client.GetCertificateAsync(createOperation.Id); break; } throw new Exception(string.Format( CultureInfo.InvariantCulture, "Polling on pending certificate returned an unexpected result. Error code = {0}, Error message = {1}", createOperation.Error.Code, createOperation.Error.Message)); } while (true); #endregion Snippet:Azure_Security_KeyVault_Certificates_Snippets_MigrationGuide_CreateCertificate } { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_ImportCertificate byte[] cer = File.ReadAllBytes("certificate.pfx"); string cerBase64 = Convert.ToBase64String(cer); CertificateBundle certificate = await client.ImportCertificateAsync( "https://myvault.vault.azure.net", "certificate-name", cerBase64, certificatePolicy : policy); #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_ImportCertificate } #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy //@@CertificatePolicy policy = new CertificatePolicy /*@@*/ policy = new CertificatePolicy { IssuerParameters = new IssuerParameters("Self"), X509CertificateProperties = new X509CertificateProperties("CN=DefaultPolicy") }; #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_CreateSelfSignedPolicy // TODO { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_ListCertificates IPage <CertificateItem> page = await client.GetCertificatesAsync("https://myvault.vault.azure.net"); foreach (CertificateItem item in page) { CertificateIdentifier certificateId = item.Identifier; CertificateBundle certificate = await client.GetCertificateAsync(certificateId.Vault, certificateId.Name); } while (page.NextPageLink != null) { page = await client.GetCertificatesNextAsync(page.NextPageLink); foreach (CertificateItem item in page) { CertificateIdentifier certificateId = item.Identifier; CertificateBundle certificate = await client.GetCertificateAsync(certificateId.Vault, certificateId.Name); } } #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_ListCertificates } { #region Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_DeleteCertificate // Delete the certificate. DeletedCertificateBundle deletedCertificate = await client.DeleteCertificateAsync("https://myvault.vault.azure.net", "certificate-name"); // Purge or recover the deleted certificate if soft delete is enabled. if (deletedCertificate.RecoveryId != null) { DeletedCertificateIdentifier deletedCertificateId = deletedCertificate.RecoveryIdentifier; // Deleting a certificate does not happen immediately. Wait a while and check if the deleted certificate exists. while (true) { try { await client.GetDeletedCertificateAsync(deletedCertificateId.Vault, deletedCertificateId.Name); // Finally deleted. break; } catch (KeyVaultErrorException ex) when(ex.Response.StatusCode == HttpStatusCode.NotFound) { // Not yet deleted... } } // Purge the deleted certificate. await client.PurgeDeletedCertificateAsync(deletedCertificateId.Vault, deletedCertificateId.Name); // You can also recover the deleted certificate using RecoverDeletedCertificateAsync. } #endregion Snippet:Microsoft_Azure_KeyVault_Certificates_Snippets_MigrationGuide_DeleteCertificate } }