Search in sources :

Example 1 with KeyVaultKey

use of com.azure.security.keyvault.keys.models.KeyVaultKey in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method getKeyVaultKey.

/**
 * Fetches the key from Azure Key Vault for given key path. If the key path includes a version, then that specific
 * version of the key is retrieved, otherwise the latest key will be retrieved.
 *
 * @param masterKeyPath
 *        The key path associated with the key
 * @return The Key Vault key.
 * @throws SQLServerException
 *         If there was an error retrieving the key from Key Vault.
 */
private KeyVaultKey getKeyVaultKey(String masterKeyPath) throws SQLServerException {
    String[] keyTokens = masterKeyPath.split(KEY_URL_DELIMITER);
    String keyName = keyTokens[KEY_NAME_INDEX];
    String keyVersion = null;
    if (keyTokens.length == KEY_URL_SPLIT_LENGTH_WITH_VERSION) {
        keyVersion = keyTokens[keyTokens.length - 1];
    }
    try {
        KeyClient keyClient = getKeyClient(masterKeyPath);
        KeyVaultKey retrievedKey;
        if (null != keyVersion) {
            retrievedKey = keyClient.getKey(keyName, keyVersion);
        } else {
            retrievedKey = keyClient.getKey(keyName);
        }
        if (null == retrievedKey) {
            MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_AKVKeyNotFound"));
            Object[] msgArgs = { keyTokens[keyTokens.length - 1] };
            throw new SQLServerException(null, form.format(msgArgs), null, 0, false);
        }
        if (retrievedKey.getKeyType() != KeyType.RSA && retrievedKey.getKeyType() != KeyType.RSA_HSM) {
            MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_NonRSAKey"));
            Object[] msgArgs = { retrievedKey.getKeyType().toString() };
            throw new SQLServerException(null, form.format(msgArgs), null, 0, false);
        }
        return retrievedKey;
    } catch (RuntimeException e) {
        throw new SQLServerException(e.getMessage(), e);
    }
}
Also used : MessageFormat(java.text.MessageFormat) KeyClient(com.azure.security.keyvault.keys.KeyClient) KeyVaultKey(com.azure.security.keyvault.keys.models.KeyVaultKey)

Example 2 with KeyVaultKey

use of com.azure.security.keyvault.keys.models.KeyVaultKey in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method getCryptographyClient.

private CryptographyClient getCryptographyClient(String masterKeyPath) throws SQLServerException {
    if (this.cachedCryptographyClients.containsKey(masterKeyPath)) {
        return cachedCryptographyClients.get(masterKeyPath);
    }
    KeyVaultKey retrievedKey = getKeyVaultKey(masterKeyPath);
    CryptographyClient cryptoClient;
    if (null != credential) {
        cryptoClient = new CryptographyClientBuilder().credential(credential).keyIdentifier(retrievedKey.getId()).buildClient();
    } else {
        cryptoClient = new CryptographyClientBuilder().pipeline(keyVaultPipeline).keyIdentifier(retrievedKey.getId()).buildClient();
    }
    cachedCryptographyClients.putIfAbsent(masterKeyPath, cryptoClient);
    return cachedCryptographyClients.get(masterKeyPath);
}
Also used : CryptographyClientBuilder(com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder) CryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient) KeyVaultKey(com.azure.security.keyvault.keys.models.KeyVaultKey)

Example 3 with KeyVaultKey

use of com.azure.security.keyvault.keys.models.KeyVaultKey in project mssql-jdbc by microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method getCryptographyClient.

private CryptographyClient getCryptographyClient(String masterKeyPath) throws SQLServerException {
    if (this.cachedCryptographyClients.containsKey(masterKeyPath)) {
        return cachedCryptographyClients.get(masterKeyPath);
    }
    KeyVaultKey retrievedKey = getKeyVaultKey(masterKeyPath);
    CryptographyClient cryptoClient;
    if (null != credential) {
        cryptoClient = new CryptographyClientBuilder().credential(credential).keyIdentifier(retrievedKey.getId()).buildClient();
    } else {
        cryptoClient = new CryptographyClientBuilder().pipeline(keyVaultPipeline).keyIdentifier(retrievedKey.getId()).buildClient();
    }
    cachedCryptographyClients.putIfAbsent(masterKeyPath, cryptoClient);
    return cachedCryptographyClients.get(masterKeyPath);
}
Also used : CryptographyClientBuilder(com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder) CryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient) KeyVaultKey(com.azure.security.keyvault.keys.models.KeyVaultKey)

Example 4 with KeyVaultKey

use of com.azure.security.keyvault.keys.models.KeyVaultKey in project mssql-jdbc by microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method getKeyVaultKey.

/**
 * Fetches the key from Azure Key Vault for given key path. If the key path includes a version, then that specific
 * version of the key is retrieved, otherwise the latest key will be retrieved.
 *
 * @param masterKeyPath
 *        The key path associated with the key
 * @return The Key Vault key.
 * @throws SQLServerException
 *         If there was an error retrieving the key from Key Vault.
 */
private KeyVaultKey getKeyVaultKey(String masterKeyPath) throws SQLServerException {
    String[] keyTokens = masterKeyPath.split(KEY_URL_DELIMITER);
    String keyName = keyTokens[KEY_NAME_INDEX];
    String keyVersion = null;
    if (keyTokens.length == KEY_URL_SPLIT_LENGTH_WITH_VERSION) {
        keyVersion = keyTokens[keyTokens.length - 1];
    }
    try {
        KeyClient keyClient = getKeyClient(masterKeyPath);
        KeyVaultKey retrievedKey;
        if (null != keyVersion) {
            retrievedKey = keyClient.getKey(keyName, keyVersion);
        } else {
            retrievedKey = keyClient.getKey(keyName);
        }
        if (null == retrievedKey) {
            MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_AKVKeyNotFound"));
            Object[] msgArgs = { keyTokens[keyTokens.length - 1] };
            throw new SQLServerException(null, form.format(msgArgs), null, 0, false);
        }
        if (retrievedKey.getKeyType() != KeyType.RSA && retrievedKey.getKeyType() != KeyType.RSA_HSM) {
            MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_NonRSAKey"));
            Object[] msgArgs = { retrievedKey.getKeyType().toString() };
            throw new SQLServerException(null, form.format(msgArgs), null, 0, false);
        }
        return retrievedKey;
    } catch (RuntimeException e) {
        throw new SQLServerException(e.getMessage(), e);
    }
}
Also used : MessageFormat(java.text.MessageFormat) KeyClient(com.azure.security.keyvault.keys.KeyClient) KeyVaultKey(com.azure.security.keyvault.keys.models.KeyVaultKey)

Example 5 with KeyVaultKey

use of com.azure.security.keyvault.keys.models.KeyVaultKey in project signers by ConsenSys.

the class AzureKeyVault method fetchKey.

public CryptographyClient fetchKey(final String keyName, final String keyVersion) {
    final KeyVaultKey key = keyClient.getKey(keyName, keyVersion);
    final String keyId = key.getId();
    return new CryptographyClientBuilder().credential(tokenCredential).keyIdentifier(keyId).buildClient();
}
Also used : CryptographyClientBuilder(com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder) KeyVaultKey(com.azure.security.keyvault.keys.models.KeyVaultKey)

Aggregations

KeyVaultKey (com.azure.security.keyvault.keys.models.KeyVaultKey)5 CryptographyClientBuilder (com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder)3 KeyClient (com.azure.security.keyvault.keys.KeyClient)2 CryptographyClient (com.azure.security.keyvault.keys.cryptography.CryptographyClient)2 MessageFormat (java.text.MessageFormat)2