public void CanRemoveKeyWithNoPassThruTest()
{
DeletedKeyBundle expected = keyBundle;
keyVaultClientMock.Setup(kv => kv.DeleteKey(VaultName, KeyName)).Returns(expected).Verifiable();
// Mock the should process to return true
commandRuntimeMock.Setup(cr => cr.ShouldProcess(KeyName, It.IsAny <string>())).Returns(true);
cmdlet.Name = KeyName;
cmdlet.Force = true;
cmdlet.ExecuteCmdlet();
keyVaultClientMock.VerifyAll();
// Without PassThru never call WriteObject
commandRuntimeMock.Verify(f => f.WriteObject(expected), Times.Never());
}
public RemoveKeyVaultKeyTests()
{
base.SetupTest();
cmdlet = new RemoveAzureKeyVaultKey()
{
CommandRuntime = commandRuntimeMock.Object,
DataServiceClient = keyVaultClientMock.Object,
VaultName = VaultName
};
keyAttributes = new KeyAttributes(true, DateTime.Now, DateTime.Now, "HSM", new string[] { "All" }, null);
webKey = new WebKey.JsonWebKey();
keyBundle = new DeletedKeyBundle()
{
Attributes = keyAttributes, Key = webKey, Name = KeyName, VaultName = VaultName
};
}
public override void ExecuteCmdlet()
{
if (InRemovedState.IsPresent)
{
ConfirmAction(
Force.IsPresent,
string.Format(
CultureInfo.InvariantCulture,
KeyVaultProperties.Resources.RemoveDeletedKeyWarning,
Name),
string.Format(
CultureInfo.InvariantCulture,
KeyVaultProperties.Resources.RemoveDeletedKeyWhatIfMessage,
Name),
Name,
() => { DataServiceClient.PurgeKey(VaultName, Name); });
return;
}
DeletedKeyBundle deletedKeyBundle = null;
ConfirmAction(
Force.IsPresent,
string.Format(
CultureInfo.InvariantCulture,
KeyVaultProperties.Resources.RemoveKeyWarning,
Name),
string.Format(
CultureInfo.InvariantCulture,
KeyVaultProperties.Resources.RemoveKeyWhatIfMessage,
Name),
Name,
() => { deletedKeyBundle = DataServiceClient.DeleteKey(VaultName, Name); });
if (PassThru)
{
WriteObject(deletedKeyBundle);
}
}
public override void ExecuteCmdlet()
{
KeyBundle keyBundle;
switch (ParameterSetName)
{
case ByKeyNameParameterSet:
keyBundle = DataServiceClient.GetKey(VaultName, Name, Version ?? string.Empty);
WriteObject(keyBundle);
break;
case ByKeyVersionsParameterSet:
keyBundle = DataServiceClient.GetKey(VaultName, Name, string.Empty);
if (keyBundle != null)
{
WriteObject(new KeyIdentityItem(keyBundle));
GetAndWriteKeyVersions(VaultName, Name, keyBundle.Version);
}
break;
case ByVaultNameParameterSet:
GetAndWriteKeys(VaultName);
break;
case ByDeletedKeyParameterSet:
if (Name == null)
{
GetAndWriteDeletedKeys(VaultName);
break;
}
DeletedKeyBundle deletedKeyBundle = DataServiceClient.GetDeletedKey(VaultName, Name);
WriteObject(deletedKeyBundle);
break;
default:
throw new ArgumentException(KeyVaultProperties.Resources.BadParameterSetName);
}
}
private async Task KeysMigrationGuide()
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Create
AzureServiceTokenProvider provider = new AzureServiceTokenProvider();
KeyVaultClient client = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback));
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Create
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_CreateWithOptions
using (HttpClient httpClient = new HttpClient())
{
//@@AzureServiceTokenProvider provider = new AzureServiceTokenProvider();
/*@@*/ provider = new AzureServiceTokenProvider();
//@@KeyVaultClient client = new KeyVaultClient(
/*@@*/ client = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback),
httpClient);
}
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_CreateWithOptions
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_CreateKey
// Create RSA key.
NewKeyParameters createRsaParameters = new NewKeyParameters
{
Kty = JsonWebKeyType.Rsa,
KeySize = 4096
};
KeyBundle rsaKey = await client.CreateKeyAsync("https://myvault.vault.azure.net", "rsa-key-name", createRsaParameters);
// Create Elliptic-Curve key.
NewKeyParameters createEcParameters = new NewKeyParameters
{
Kty = JsonWebKeyType.EllipticCurve,
CurveName = "P-256"
};
KeyBundle ecKey = await client.CreateKeyAsync("https://myvault.vault.azure.net", "ec-key-name", createEcParameters);
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_CreateKey
}
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_ListKeys
IPage <KeyItem> page = await client.GetKeysAsync("https://myvault.vault.azure.net");
foreach (KeyItem item in page)
{
KeyIdentifier keyId = item.Identifier;
KeyBundle key = await client.GetKeyAsync(keyId.Vault, keyId.Name);
}
while (page.NextPageLink != null)
{
page = await client.GetKeysNextAsync(page.NextPageLink);
foreach (KeyItem item in page)
{
KeyIdentifier keyId = item.Identifier;
KeyBundle key = await client.GetKeyAsync(keyId.Vault, keyId.Name);
}
}
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_ListKeys
}
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_DeleteKey
// Delete the key.
DeletedKeyBundle deletedKey = await client.DeleteKeyAsync("https://myvault.vault.azure.net", "key-name");
// Purge or recover the deleted key if soft delete is enabled.
if (deletedKey.RecoveryId != null)
{
DeletedKeyIdentifier deletedKeyId = deletedKey.RecoveryIdentifier;
// Deleting a key does not happen immediately. Wait a while and check if the deleted key exists.
while (true)
{
try
{
await client.GetDeletedKeyAsync(deletedKeyId.Vault, deletedKeyId.Name);
// Finally deleted.
break;
}
catch (KeyVaultErrorException ex) when(ex.Response.StatusCode == HttpStatusCode.NotFound)
{
// Not yet deleted...
}
}
// Purge the deleted key.
await client.PurgeDeletedKeyAsync(deletedKeyId.Vault, deletedKeyId.Name);
// You can also recover the deleted key using RecoverDeletedKeyAsync.
}
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_DeleteKey
}
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Encrypt
// Encrypt a message. The plaintext must be small enough for the chosen algorithm.
byte[] plaintext = Encoding.UTF8.GetBytes("Small message to encrypt");
KeyOperationResult encrypted = await client.EncryptAsync("rsa-key-name", JsonWebKeyEncryptionAlgorithm.RSAOAEP256, plaintext);
// Decrypt the message.
KeyOperationResult decrypted = await client.DecryptAsync("rsa-key-name", JsonWebKeyEncryptionAlgorithm.RSAOAEP256, encrypted.Result);
string message = Encoding.UTF8.GetString(decrypted.Result);
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Encrypt
}
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Wrap
using (Aes aes = Aes.Create())
{
// Use a symmetric key to encrypt large amounts of data, possibly streamed...
// Now wrap the key and store the encrypted key and plaintext IV to later decrypt the key to decrypt the data.
KeyOperationResult wrapped = await client.WrapKeyAsync(
"https://myvault.vault.azure.net",
"rsa-key-name",
null,
JsonWebKeyEncryptionAlgorithm.RSAOAEP256,
aes.Key);
// Read the IV and the encrypted key from the payload, then unwrap the key.
KeyOperationResult unwrapped = await client.UnwrapKeyAsync(
"https://myvault.vault.azure.net",
"rsa-key-name",
null,
JsonWebKeyEncryptionAlgorithm.RSAOAEP256,
wrapped.Result);
aes.Key = unwrapped.Result;
// Decrypt the payload with the symmetric key.
}
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Wrap
}
}
