public async Task <IEnumerable <SecurityKey> > GetValidationKeysAsync()
{
if (_cache.TryGetValue("ValidationKeys", out List <SecurityKey> validationKeys))
{
return(validationKeys);
}
validationKeys = new List <SecurityKey>();
var certificateVersions = await _keyVaultClient.GetCertificateVersionsAsync(_vault, _certificateName);
foreach (var certificateItem in certificateVersions)
{
if (certificateItem.Attributes.Enabled.HasValue && certificateItem.Attributes.Enabled.Value)
{
var certificateVersionBundle = await _keyVaultClient.GetCertificateAsync(certificateItem.Identifier.Identifier);
var certificateVersionSecurityKey = await GetSecurityKeyFromSecretAsync(_keyVaultClient, certificateVersionBundle.SecretIdentifier.Identifier).ConfigureAwait(false);
validationKeys.Add(certificateVersionSecurityKey);
}
}
var options = new MemoryCacheEntryOptions();
options.AbsoluteExpiration = DateTime.Now.AddDays(1);
_cache.Set("ValidationKeys", validationKeys, options);
return(validationKeys);
}
internal async Task <List <Microsoft.Azure.KeyVault.Models.CertificateItem> > GetAllEnabledCertificateVersionsAsync(string certificateName)
{
// Get all the certificate versions (this will also get the currect active version)
var certificateVersions = await _keyVaultClient.GetCertificateVersionsAsync(_vault, certificateName);
// Find all enabled versions of the certificate and sort them by creation date in decending order
return(certificateVersions
.Where(certVersion => certVersion.Attributes.Enabled.HasValue && certVersion.Attributes.Enabled.Value)
.OrderByDescending(certVersion => certVersion.Attributes.Created)
.ToList());
}
private async Task <List <CertificateItem> > GetAllEnabledCertificateVersionsAsync(KeyVaultClient keyVaultClient)
{
// Get all the certificate versions (this will also get the currect active version
var certificateVersions = await keyVaultClient.GetCertificateVersionsAsync(_keyVaultEndpoint, _certificateName);
// Find all enabled versions of the certificate and sort them by creation date in decending order
return(certificateVersions
.Where(certVersion => certVersion.Attributes.Enabled.HasValue && certVersion.Attributes.Enabled.Value)
.OrderByDescending(certVersion => certVersion.Attributes.Created)
.ToList());
}
private async Task <List <X509Certificate2> > GetAllCertificateVersions(string keyVaultUrl, string certificateName)
{
List <X509Certificate2> certificates = new List <X509Certificate2>();
KeyVaultClient client = KeyVaultSettings.GetClient(_keyVaultSettings.ClientId, _keyVaultSettings.ClientSecret);
// Get the first page of certificates
IPage <CertificateItem> certificateItemsPage = await client.GetCertificateVersionsAsync(keyVaultUrl, certificateName);
while (true)
{
foreach (var certificateItem in certificateItemsPage)
{
// Ignore disabled or expired certificates
if (certificateItem.Attributes.Enabled == true &&
(certificateItem.Attributes.Expires == null ||
certificateItem.Attributes.Expires > DateTime.UtcNow))
{
CertificateBundle certificateVersionBundle =
await client.GetCertificateAsync(certificateItem.Identifier.Identifier);
SecretBundle certificatePrivateKeySecretBundle =
await client.GetSecretAsync(certificateVersionBundle.SecretIdentifier.Identifier);
byte[] privateKeyBytes = Convert.FromBase64String(certificatePrivateKeySecretBundle.Value);
X509Certificate2 certificateWithPrivateKey = new X509Certificate2(privateKeyBytes);
certificates.Add(certificateWithPrivateKey);
}
}
if (certificateItemsPage.NextPageLink == null)
{
break;
}
certificateItemsPage = await client.GetCertificateVersionsNextAsync(certificateItemsPage.NextPageLink);
}
return(certificates);
}
private async Task <List <X509Certificate2> > GetAllCertificateVersions()
{
var keyVaultClient = new KeyVaultClient(_azureKeyVaultAuthentication.KeyVaultClientAuthenticationCallback);
var certificates = new List <X509Certificate2>();
// Get the first page of certificates
var certificateItemsPage = await keyVaultClient.GetCertificateVersionsAsync(_keyVaultOptions.KeyVaultUrl, _keyVaultOptions.KeyIdentifier);
while (true)
{
foreach (var certificateItem in certificateItemsPage)
{
// Ignored disabled or expired certificates
if (certificateItem.Attributes.Enabled == true &&
(certificateItem.Attributes.Expires == null || certificateItem.Attributes.Expires > DateTime.UtcNow))
{
var certificateVersionBundle = await keyVaultClient.GetCertificateAsync(certificateItem.Identifier.Identifier);
var certificatePrivateKeySecretBundle = await keyVaultClient.GetSecretAsync(certificateVersionBundle.SecretIdentifier.Identifier);
var privateKeyBytes = Convert.FromBase64String(certificatePrivateKeySecretBundle.Value);
var certificateWithPrivateKey = new X509Certificate2(privateKeyBytes, (string)null, X509KeyStorageFlags.MachineKeySet);
certificates.Add(certificateWithPrivateKey);
}
}
if (certificateItemsPage.NextPageLink == null)
{
break;
}
else
{
// Get the next page
certificateItemsPage = await keyVaultClient.GetCertificateVersionsNextAsync(certificateItemsPage.NextPageLink);
}
}
return(certificates);
}
/// <summary>
/// List the versions of a certificate
/// </summary>
/// <param name="certificateName"> certificate name</param>
private static void ListCertificateVersions(string certificateName)
{
var vaultAddress = inputValidator.GetVaultAddress();
certificateName = (certificateName == string.Empty) ? inputValidator.GetKeyId() : certificateName;
var numKeyVersions = 0;
var maxResults = 1;
Console.Out.WriteLine("List certificate versions:---------------");
var results = keyVaultClient.GetCertificateVersionsAsync(vaultAddress, certificateName, maxResults).GetAwaiter().GetResult();
if (results != null)
{
numKeyVersions += results.Count();
foreach (var m in results)
{
Console.Out.WriteLine("\t{0}-{1}", m.Identifier.Name, m.Identifier.Version);
}
}
while (results != null && !string.IsNullOrWhiteSpace(results.NextPageLink))
{
results = keyVaultClient.GetCertificateVersionsNextAsync(results.NextPageLink).GetAwaiter().GetResult();
if (results != null && results != null)
{
numKeyVersions += results.Count();
foreach (var m in results)
{
Console.Out.WriteLine("\t{0}-{1}", m.Identifier.Name, m.Identifier.Version);
}
}
}
Console.Out.WriteLine("\n\tNumber of versions of certificate {0} in the vault: {1}", certificateName, numKeyVersions);
}
