public override async Task <RegeneratedSecret> Rekey(TimeSpan requestedValidPeriod)
{
_logger.LogInformation("Regenerating Key Vault key {KeyName}", Configuration.KeyName);
var client = GetKeyClient();
Response <KeyVaultKey> currentKey = await client.GetKeyAsync(Configuration.KeyName);
CreateKeyOptions creationOptions = new CreateKeyOptions()
{
Enabled = true,
ExpiresOn = DateTimeOffset.UtcNow + requestedValidPeriod,
NotBefore = DateTimeOffset.UtcNow
};
foreach (KeyOperation op in currentKey.Value.KeyOperations)
{
creationOptions.KeyOperations.Add(op);
}
foreach (System.Collections.Generic.KeyValuePair <string, string> tag in currentKey.Value.Properties.Tags)
{
creationOptions.Tags.Add(tag.Key, tag.Value);
}
Response <KeyVaultKey> key = await client.CreateKeyAsync(Configuration.KeyName, currentKey.Value.KeyType, creationOptions);
_logger.LogInformation("Successfully rekeyed Key Vault key {KeyName}", Configuration.KeyName);
return(new RegeneratedSecret()
{
UserHint = Configuration.UserHint,
NewSecretValue = key.Value.Key.Id.GetSecureString()
});
}
public async Task CreateKeyWithOptions()
{
var exp = new DateTimeOffset(new DateTime(637027248120000000, DateTimeKind.Utc));
DateTimeOffset nbf = exp.AddDays(-30);
var keyOptions = new CreateKeyOptions()
{
KeyOperations = { KeyOperation.Verify },
Enabled = false,
ExpiresOn = exp,
NotBefore = nbf,
};
KeyVaultKey key = await Client.CreateKeyAsync(Recording.GenerateId(), KeyType.Ec, keyOptions);
RegisterForCleanup(key.Name);
KeyVaultKey keyReturned = await Client.GetKeyAsync(key.Name);
AssertKeyVaultKeysEqual(key, keyReturned);
}
private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyAttributes keyAttributes, int?size, string curveName)
{
// todo duplicated code with Track2VaultClient.CreateKey
CreateKeyOptions options;
bool isHsm = keyAttributes.KeyType == KeyType.RsaHsm || keyAttributes.KeyType == KeyType.EcHsm;
if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm)
{
options = new CreateRsaKeyOptions(keyName, isHsm)
{
KeySize = size
};
}
else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm)
{
options = new CreateEcKeyOptions(keyName, isHsm);
if (string.IsNullOrEmpty(curveName))
{
(options as CreateEcKeyOptions).CurveName = null;
}
else
{
(options as CreateEcKeyOptions).CurveName = new KeyCurveName(curveName);
}
}
else
{
options = new CreateKeyOptions();
}
// Common key attributes
options.NotBefore = keyAttributes.NotBefore;
options.ExpiresOn = keyAttributes.Expires;
options.Enabled = keyAttributes.Enabled;
options.Exportable = keyAttributes.Exportable;
options.ReleasePolicy = keyAttributes.ReleasePolicy?.ToKeyReleasePolicy();
if (keyAttributes.KeyOps != null)
{
foreach (var keyOp in keyAttributes.KeyOps)
{
options.KeyOperations.Add(new KeyOperation(keyOp));
}
}
if (keyAttributes.Tags != null)
{
foreach (DictionaryEntry entry in keyAttributes.Tags)
{
options.Tags.Add(entry.Key.ToString(), entry.Value.ToString());
}
}
if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm)
{
return(new PSKeyVaultKey(client.CreateRsaKey(options as CreateRsaKeyOptions).Value, _uriHelper, isHsm: true));
}
else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm)
{
return(new PSKeyVaultKey(client.CreateEcKey(options as CreateEcKeyOptions).Value, _uriHelper, isHsm: true));
}
else if (keyAttributes.KeyType == KeyType.Oct || keyAttributes.KeyType.ToString() == "oct-HSM")
{
return(new PSKeyVaultKey(client.CreateKey(keyName, KeyType.Oct, options).Value, _uriHelper, isHsm: true));
}
else
{
throw new NotSupportedException($"{keyAttributes.KeyType} is not supported");
}
}
public KeyVaultKey Store(string name, KeyType keyType, CreateKeyOptions keyOptions = null)
{
_logger.LogInformation("Storing key: {Name}", name);
return(_client.CreateKey(name, keyType, keyOptions));
}
