/// <summary>
/// Retrieves a <see cref="CryptographyClient"/> capable of performing cryptographic operations with the key represented by the specified <paramref name="keyId"/>.
/// </summary>
/// <param name="keyId">The key identifier of the key used by the created <see cref="CryptographyClient"/>.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>A new <see cref="CryptographyClient"/> capable of performing cryptographic operations with the key represented by the specified <paramref name="keyId"/>.</returns>
/// <exception cref="ArgumentNullException"><paramref name="keyId"/> is null.</exception>
public virtual CryptographyClient Resolve(Uri keyId, CancellationToken cancellationToken = default)
{
Argument.AssertNotNull(keyId, nameof(keyId));
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(KeyResolver)}.{nameof(Resolve)}");
scope.AddAttribute("key", keyId);
scope.Start();
try
{
Argument.AssertNotNull(keyId, nameof(keyId));
KeyVaultKey key = GetKey(keyId, cancellationToken);
KeyVaultPipeline pipeline = new KeyVaultPipeline(keyId, _apiVersion, _pipeline, _clientDiagnostics);
// Since we already attempted to download the key, do not let the CryptographyClient needlessly try again.
return((key != null) ? new CryptographyClient(key, pipeline) : new CryptographyClient(keyId, pipeline, forceRemote: true));
}
catch (Exception e)
{
scope.Failed(e);
throw;
}
}
internal RecoverDeletedKeyOperation(KeyVaultPipeline pipeline, Response <KeyVaultKey> response)
{
_pipeline = pipeline;
_value = response.Value ?? throw new InvalidOperationException("The response does not contain a value.");
_operationInternal = new(_pipeline.Diagnostics, this, response.GetRawResponse(), nameof(RecoverDeletedKeyOperation), new[]
{
new KeyValuePair <string, string>("secret", _value.Name), // Retained for backward compatibility.
new KeyValuePair <string, string>("key", _value.Name),
});
}
internal DeleteCertificateOperation(KeyVaultPipeline pipeline, Response <DeletedCertificate> response)
{
_pipeline = pipeline;
_value = response.Value ?? throw new InvalidOperationException("The response does not contain a value.");
_response = response.GetRawResponse();
// The recoveryId is only returned if soft-delete is enabled.
if (_value.RecoveryId is null)
{
_completed = true;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="CryptographyClient"/> class.
/// </summary>
/// <param name="keyId">The <see cref="KeyBase.Id"/> of the <see cref="Key"/> which will be used for cryptographic operations.</param>
/// <param name="credential">A <see cref="TokenCredential"/> capable of providing an OAuth token.</param>
/// <param name="options">Options to configure the management of the request sent to Key Vault.</param>
/// <exception cref="ArgumentNullException"><paramref name="keyId"/> or <paramref name="credential"/> is null.</exception>
/// <exception cref="NotSupportedException">The <see cref="CryptographyClientOptions.Version"/> is not supported.</exception>
public CryptographyClient(Uri keyId, TokenCredential credential, CryptographyClientOptions options)
{
Argument.AssertNotNull(keyId, nameof(keyId));
Argument.AssertNotNull(credential, nameof(credential));
_keyId = keyId;
options ??= new CryptographyClientOptions();
var remoteProvider = new RemoteCryptographyClient(keyId, credential, options);
_pipeline = remoteProvider.Pipeline;
_remoteProvider = remoteProvider;
}
internal DeleteSecretOperation(KeyVaultPipeline pipeline, Response <DeletedSecret> response)
{
_pipeline = pipeline;
_value = response.Value ?? throw new InvalidOperationException("The response does not contain a value.");
_operationInternal = new(_pipeline.Diagnostics, this, response.GetRawResponse(), nameof(DeleteSecretOperation), new[] { new KeyValuePair <string, string>("secret", _value.Name) });
// The recoveryId is only returned if soft delete is enabled.
if (_value.RecoveryId is null)
{
// If soft delete is not enabled, deleting is immediate so set success accordingly.
_operationInternal.SetState(OperationState.Success(response.GetRawResponse()));
}
}
/// <summary>
/// Initializes a new instance of the <see cref="SecretClient"/> class for the specified vault.
/// </summary>
/// <param name="vaultUri">A <see cref="Uri"/> to the vault on which the client operates. Appears as "DNS Name" in the Azure portal.</param>
/// <param name="credential">A <see cref="TokenCredential"/> used to authenticate requests to the vault, such as DefaultAzureCredential.</param>
/// <param name="options"><see cref="SecretClientOptions"/> that allow to configure the management of the request sent to Key Vault.</param>
/// <exception cref="ArgumentNullException"><paramref name="vaultUri"/> or <paramref name="credential"/> is null.</exception>
public SecretClient(Uri vaultUri, TokenCredential credential, SecretClientOptions options)
{
Argument.AssertNotNull(vaultUri, nameof(vaultUri));
Argument.AssertNotNull(credential, nameof(credential));
options ??= new SecretClientOptions();
string apiVersion = options.GetVersionString();
HttpPipeline pipeline = HttpPipelineBuilder.Build(options,
new ChallengeBasedAuthenticationPolicy(credential));
_pipeline = new KeyVaultPipeline(vaultUri, apiVersion, pipeline, new ClientDiagnostics(options));
}
internal RemoteCryptographyClient(Uri keyId, TokenCredential credential, CryptographyClientOptions options)
{
Argument.AssertNotNull(keyId, nameof(keyId));
Argument.AssertNotNull(credential, nameof(credential));
_keyId = keyId;
options ??= new CryptographyClientOptions();
string apiVersion = options.GetVersionString();
HttpPipeline pipeline = HttpPipelineBuilder.Build(options,
new ChallengeBasedAuthenticationPolicy(credential));
Pipeline = new KeyVaultPipeline(keyId, apiVersion, pipeline, new ClientDiagnostics(options));
}
/// <summary>
/// Initializes a new instance of the CryptographyClient class.
/// </summary>
/// <param name="keyId">The <see cref="KeyBase.Id"/> of the <see cref="Key"/> which will be used for cryptographic operations</param>
/// <param name="credential">Represents a credential capable of providing an OAuth token.</param>
/// <param name="options">Options that allow to configure the management of the request sent to Key Vault.</param>
public CryptographyClient(Uri keyId, TokenCredential credential, CryptographyClientOptions options)
{
_keyId = keyId ?? throw new ArgumentNullException(nameof(keyId));
if (credential is null)
{
throw new ArgumentNullException(nameof(credential));
}
options ??= new CryptographyClientOptions();
var remoteProvider = new RemoteCryptographyClient(keyId, credential, options);
_pipeline = remoteProvider.Pipeline;
_cryptoProvider = remoteProvider;
}
/// <summary>
/// Initializes a new instance of the SecretClient class.
/// </summary>
/// <param name="vaultUri">Endpoint URL for the Azure Key Vault service.</param>
/// <param name="credential">Represents a credential capable of providing an OAuth token.</param>
/// <param name="options">Options that allow to configure the management of the request sent to Key Vault.</param>
/// <exception cref="ArgumentNullException"><paramref name="vaultUri"/> or <paramref name="credential"/> is null.</exception>
public SecretClient(Uri vaultUri, TokenCredential credential, SecretClientOptions options)
{
_vaultUri = vaultUri ?? throw new ArgumentNullException(nameof(vaultUri));
if (credential is null)
{
throw new ArgumentNullException(nameof(credential));
}
options ??= new SecretClientOptions();
string apiVersion = options.GetVersionString();
HttpPipeline pipeline = HttpPipelineBuilder.Build(options,
new ChallengeBasedAuthenticationPolicy(credential));
_pipeline = new KeyVaultPipeline(_vaultUri, apiVersion, pipeline);
}
/// <summary>
///
/// </summary>
/// <param name="keyId"></param>
/// <param name="credential"></param>
/// <param name="options"></param>
public RemoteCryptographyClient(Uri keyId, TokenCredential credential, CryptographyClientOptions options)
{
KeyId = keyId ?? throw new ArgumentNullException(nameof(keyId));
if (credential is null)
{
throw new ArgumentNullException(nameof(credential));
}
options ??= new CryptographyClientOptions();
string apiVersion = options.GetVersionString();
HttpPipeline pipeline = HttpPipelineBuilder.Build(options,
new ChallengeBasedAuthenticationPolicy(credential));
Pipeline = new KeyVaultPipeline(keyId, apiVersion, pipeline);
}
internal DeleteKeyOperation(KeyVaultPipeline pipeline, Response <DeletedKey> response)
{
_pipeline = pipeline;
_value = response.Value ?? throw new InvalidOperationException("The response does not contain a value.");
// The recoveryId is only returned if soft delete is enabled.
if (_value.RecoveryId is null)
{
// If soft delete is not enabled, deleting is immediate so set success accordingly.
_operationInternal = OperationInternal.Succeeded(response.GetRawResponse());
}
else
{
_operationInternal = new(_pipeline.Diagnostics, this, response.GetRawResponse(), nameof(DeleteKeyOperation), new[]
{
new KeyValuePair <string, string>("secret", _value.Name), // Retained for backward compatibility.
new KeyValuePair <string, string>("key", _value.Name),
});
}
}
/// <summary>
/// Retrieves a <see cref="CryptographyClient"/> capable of performing cryptographic operations with the key represented by the specfiied keyId.
/// </summary>
/// <param name="keyId">The key idenitifier of the key used by the created <see cref="CryptographyClient"/> </param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>A new <see cref="CryptographyClient"/> capable of performing cryptographic operations with the key represented by the specfiied keyId</returns>
public virtual async Task <CryptographyClient> ResolveAsync(Uri keyId, CancellationToken cancellationToken = default)
{
Argument.AssertNotNull(keyId, nameof(keyId));
using DiagnosticScope scope = _clientDiagnostics.CreateScope("Azure.Security.KeyVault.Keys.Cryptography.KeyResolver.Resolve");
scope.AddAttribute("key", keyId);
scope.Start();
try
{
Argument.AssertNotNull(keyId, nameof(keyId));
Key key = await GetKeyAsync(keyId, cancellationToken).ConfigureAwait(false);
KeyVaultPipeline pipeline = new KeyVaultPipeline(keyId, _apiVersion, _pipeline, _clientDiagnostics);
return((key != null) ? new CryptographyClient(key, pipeline) : new CryptographyClient(keyId, pipeline));
}
catch (Exception e)
{
scope.Failed(e);
throw;
}
}
/// <summary>
/// Retrieves a <see cref="CryptographyClient"/> capable of performing cryptographic operations with the key represented by the specfiied <paramref name="keyId"/>.
/// </summary>
/// <param name="keyId">The key idenitifier of the key used by the created <see cref="CryptographyClient"/>.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>A new <see cref="CryptographyClient"/> capable of performing cryptographic operations with the key represented by the specfiied <paramref name="keyId"/>.</returns>
/// <exception cref="ArgumentNullException"><paramref name="keyId"/> is null.</exception>
public virtual CryptographyClient Resolve(Uri keyId, CancellationToken cancellationToken = default)
{
Argument.AssertNotNull(keyId, nameof(keyId));
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(KeyResolver)}.{nameof(Resolve)}");
scope.AddAttribute("key", keyId);
scope.Start();
try
{
Argument.AssertNotNull(keyId, nameof(keyId));
KeyVaultKey key = GetKey(keyId, cancellationToken);
KeyVaultPipeline pipeline = new KeyVaultPipeline(keyId, _apiVersion, _pipeline, _clientDiagnostics);
return((key != null) ? new CryptographyClient(key, pipeline) : new CryptographyClient(keyId, pipeline));
}
catch (Exception e)
{
scope.Failed(e);
throw;
}
}
internal RecoverDeletedSecretOperation(KeyVaultPipeline pipeline, Response <SecretProperties> response)
{
_pipeline = pipeline;
_value = response.Value ?? throw new InvalidOperationException("The response does not contain a value.");
_response = response.GetRawResponse();
}
internal RecoverDeletedCertificateOperation(KeyVaultPipeline pipeline, Response <KeyVaultCertificateWithPolicy> response)
{
_pipeline = pipeline;
_value = response.Value ?? throw new InvalidOperationException("The response does not contain a value.");
_response = response.GetRawResponse();
}
internal RecoverDeletedSecretOperation(KeyVaultPipeline pipeline, Response <SecretProperties> response)
{
_pipeline = pipeline;
_value = response.Value ?? throw new InvalidOperationException("The response does not contain a value.");
_operationInternal = new(_pipeline.Diagnostics, this, response.GetRawResponse(), nameof(RecoverDeletedSecretOperation), new[] { new KeyValuePair <string, string>("secret", _value.Name) });
}
internal RemoteCryptographyClient(KeyVaultPipeline pipeline)
{
Pipeline = pipeline;
}
