use of com.azure.security.keyvault.keys.models.KeyVaultKey in project mssql-jdbc by Microsoft.
the class SQLServerColumnEncryptionAzureKeyVaultProvider method getKeyVaultKey.
/**
* Fetches the key from Azure Key Vault for given key path. If the key path includes a version, then that specific
* version of the key is retrieved, otherwise the latest key will be retrieved.
*
* @param masterKeyPath
* The key path associated with the key
* @return The Key Vault key.
* @throws SQLServerException
* If there was an error retrieving the key from Key Vault.
*/
private KeyVaultKey getKeyVaultKey(String masterKeyPath) throws SQLServerException {
String[] keyTokens = masterKeyPath.split(KEY_URL_DELIMITER);
String keyName = keyTokens[KEY_NAME_INDEX];
String keyVersion = null;
if (keyTokens.length == KEY_URL_SPLIT_LENGTH_WITH_VERSION) {
keyVersion = keyTokens[keyTokens.length - 1];
}
try {
KeyClient keyClient = getKeyClient(masterKeyPath);
KeyVaultKey retrievedKey;
if (null != keyVersion) {
retrievedKey = keyClient.getKey(keyName, keyVersion);
} else {
retrievedKey = keyClient.getKey(keyName);
}
if (null == retrievedKey) {
MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_AKVKeyNotFound"));
Object[] msgArgs = { keyTokens[keyTokens.length - 1] };
throw new SQLServerException(null, form.format(msgArgs), null, 0, false);
}
if (retrievedKey.getKeyType() != KeyType.RSA && retrievedKey.getKeyType() != KeyType.RSA_HSM) {
MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_NonRSAKey"));
Object[] msgArgs = { retrievedKey.getKeyType().toString() };
throw new SQLServerException(null, form.format(msgArgs), null, 0, false);
}
return retrievedKey;
} catch (RuntimeException e) {
throw new SQLServerException(e.getMessage(), e);
}
}
use of com.azure.security.keyvault.keys.models.KeyVaultKey in project mssql-jdbc by Microsoft.
the class SQLServerColumnEncryptionAzureKeyVaultProvider method getCryptographyClient.
private CryptographyClient getCryptographyClient(String masterKeyPath) throws SQLServerException {
if (this.cachedCryptographyClients.containsKey(masterKeyPath)) {
return cachedCryptographyClients.get(masterKeyPath);
}
KeyVaultKey retrievedKey = getKeyVaultKey(masterKeyPath);
CryptographyClient cryptoClient;
if (null != credential) {
cryptoClient = new CryptographyClientBuilder().credential(credential).keyIdentifier(retrievedKey.getId()).buildClient();
} else {
cryptoClient = new CryptographyClientBuilder().pipeline(keyVaultPipeline).keyIdentifier(retrievedKey.getId()).buildClient();
}
cachedCryptographyClients.putIfAbsent(masterKeyPath, cryptoClient);
return cachedCryptographyClients.get(masterKeyPath);
}
use of com.azure.security.keyvault.keys.models.KeyVaultKey in project mssql-jdbc by microsoft.
the class SQLServerColumnEncryptionAzureKeyVaultProvider method getCryptographyClient.
private CryptographyClient getCryptographyClient(String masterKeyPath) throws SQLServerException {
if (this.cachedCryptographyClients.containsKey(masterKeyPath)) {
return cachedCryptographyClients.get(masterKeyPath);
}
KeyVaultKey retrievedKey = getKeyVaultKey(masterKeyPath);
CryptographyClient cryptoClient;
if (null != credential) {
cryptoClient = new CryptographyClientBuilder().credential(credential).keyIdentifier(retrievedKey.getId()).buildClient();
} else {
cryptoClient = new CryptographyClientBuilder().pipeline(keyVaultPipeline).keyIdentifier(retrievedKey.getId()).buildClient();
}
cachedCryptographyClients.putIfAbsent(masterKeyPath, cryptoClient);
return cachedCryptographyClients.get(masterKeyPath);
}
use of com.azure.security.keyvault.keys.models.KeyVaultKey in project mssql-jdbc by microsoft.
the class SQLServerColumnEncryptionAzureKeyVaultProvider method getKeyVaultKey.
/**
* Fetches the key from Azure Key Vault for given key path. If the key path includes a version, then that specific
* version of the key is retrieved, otherwise the latest key will be retrieved.
*
* @param masterKeyPath
* The key path associated with the key
* @return The Key Vault key.
* @throws SQLServerException
* If there was an error retrieving the key from Key Vault.
*/
private KeyVaultKey getKeyVaultKey(String masterKeyPath) throws SQLServerException {
String[] keyTokens = masterKeyPath.split(KEY_URL_DELIMITER);
String keyName = keyTokens[KEY_NAME_INDEX];
String keyVersion = null;
if (keyTokens.length == KEY_URL_SPLIT_LENGTH_WITH_VERSION) {
keyVersion = keyTokens[keyTokens.length - 1];
}
try {
KeyClient keyClient = getKeyClient(masterKeyPath);
KeyVaultKey retrievedKey;
if (null != keyVersion) {
retrievedKey = keyClient.getKey(keyName, keyVersion);
} else {
retrievedKey = keyClient.getKey(keyName);
}
if (null == retrievedKey) {
MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_AKVKeyNotFound"));
Object[] msgArgs = { keyTokens[keyTokens.length - 1] };
throw new SQLServerException(null, form.format(msgArgs), null, 0, false);
}
if (retrievedKey.getKeyType() != KeyType.RSA && retrievedKey.getKeyType() != KeyType.RSA_HSM) {
MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_NonRSAKey"));
Object[] msgArgs = { retrievedKey.getKeyType().toString() };
throw new SQLServerException(null, form.format(msgArgs), null, 0, false);
}
return retrievedKey;
} catch (RuntimeException e) {
throw new SQLServerException(e.getMessage(), e);
}
}
use of com.azure.security.keyvault.keys.models.KeyVaultKey in project signers by ConsenSys.
the class AzureKeyVault method fetchKey.
public CryptographyClient fetchKey(final String keyName, final String keyVersion) {
final KeyVaultKey key = keyClient.getKey(keyName, keyVersion);
final String keyId = key.getId();
return new CryptographyClientBuilder().credential(tokenCredential).keyIdentifier(keyId).buildClient();
}
Aggregations