use of com.microsoft.azure.keyvault.SecretIdentifier in project azure-sdk-for-java by Azure.
the class CertificateOperationsTest method validatePem.
private void validatePem(CertificateBundle certificateBundle, String subjectName) throws CertificateException, IOException, KeyVaultErrorException, IllegalArgumentException, InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
// Load the CER part into X509Certificate object
X509Certificate x509Certificate = loadCerToX509Certificate(certificateBundle);
Assert.assertTrue(x509Certificate.getSubjectX500Principal().getName().equals(subjectName));
Assert.assertTrue(x509Certificate.getIssuerX500Principal().getName().equals(subjectName));
// Retrieve the secret backing the certificate
SecretIdentifier secretIdentifier = certificateBundle.secretIdentifier();
SecretBundle secret = keyVaultClient.getSecret(secretIdentifier.baseIdentifier());
Assert.assertTrue(secret.managed());
String secretValue = secret.value();
// Extract private key from PEM
PrivateKey secretPrivateKey = extractPrivateKeyFromPemContents(secretValue);
Assert.assertNotNull(secretPrivateKey);
// Extract certificates from PEM
List<X509Certificate> certificates = extractCertificatesFromPemContents(secretValue);
Assert.assertNotNull(certificates);
Assert.assertTrue(certificates.size() == 1);
// has the public key corresponding to the private key.
X509Certificate secretCertificate = certificates.get(0);
Assert.assertNotNull(secretCertificate);
Assert.assertTrue(secretCertificate.getSubjectX500Principal().getName().equals(x509Certificate.getSubjectX500Principal().getName()));
Assert.assertTrue(secretCertificate.getIssuerX500Principal().getName().equals(x509Certificate.getIssuerX500Principal().getName()));
Assert.assertTrue(secretCertificate.getSerialNumber().equals(x509Certificate.getSerialNumber()));
// Create a KeyPair with the private key from the KeyStore and public
// key from the certificate to verify they match
KeyPair keyPair = new KeyPair(secretCertificate.getPublicKey(), secretPrivateKey);
Assert.assertNotNull(keyPair);
verifyRSAKeyPair(keyPair);
}
use of com.microsoft.azure.keyvault.SecretIdentifier in project azure-sdk-for-java by Azure.
the class CertificateOperationsTest method createCertificatePkcs12.
/**
* Create a test-issuer issued certificate in PKCS12 format (which includes
* the private key) certificate.
*
* @throws Exception
*/
@Test
public void createCertificatePkcs12() throws Exception {
// Construct organization administrator details
AdministratorDetails administratorDetails = new AdministratorDetails().withFirstName("John").withLastName("Doe").withEmailAddress("john.doe@contoso.com").withPhone("1234567890");
// Construct organization details
List<AdministratorDetails> administratorsDetails = new ArrayList<AdministratorDetails>();
administratorsDetails.add(administratorDetails);
OrganizationDetails organizationDetails = new OrganizationDetails().withAdminDetails(administratorsDetails);
// Construct certificate issuer credentials
IssuerCredentials credentials = new IssuerCredentials().withAccountId("account1").withPassword("Pa$$w0rd");
String certificateIssuerName = "createCertificateJavaPkcs12Issuer01";
IssuerBundle createdCertificateIssuer = keyVaultClient.setCertificateIssuer(new SetCertificateIssuerRequest.Builder(getVaultUri(), certificateIssuerName, ISSUER_TEST).withCredentials(credentials).withOrganizationDetails(organizationDetails).build());
validateCertificateIssuer(createdCertificateIssuer, certificateIssuerName);
// Set content type to indicate the certificate is PKCS12 format.
SecretProperties secretProperties = new SecretProperties().withContentType(MIME_PKCS12);
String subjectName = "CN=TestJavaPkcs12";
X509CertificateProperties x509Properties = new X509CertificateProperties().withSubject(subjectName).withValidityInMonths(12);
// Set issuer reference to the created issuer
IssuerParameters issuerParameters = new IssuerParameters();
issuerParameters.withName(createdCertificateIssuer.issuerIdentifier().name());
CertificatePolicy certificatePolicy = new CertificatePolicy().withSecretProperties(secretProperties).withIssuerParameters(issuerParameters).withX509CertificateProperties(x509Properties);
String vaultUri = getVaultUri();
String certificateName = "createTestJavaPkcs12";
CertificateOperation certificateOperation = keyVaultClient.createCertificate(new CreateCertificateRequest.Builder(vaultUri, certificateName).withPolicy(certificatePolicy).build());
Assert.assertNotNull(certificateOperation);
Assert.assertTrue(certificateOperation.status().equalsIgnoreCase(STATUS_IN_PROGRESS));
CertificateBundle certificateBundle = pollOnCertificateOperation(certificateOperation);
validateCertificateBundle(certificateBundle, certificatePolicy);
// Load the CER part into X509Certificate object
X509Certificate x509Certificate = loadCerToX509Certificate(certificateBundle);
Assert.assertTrue(x509Certificate.getSubjectX500Principal().getName().equals(subjectName));
Assert.assertTrue(x509Certificate.getIssuerX500Principal().getName().equals(subjectName));
// Retrieve the secret backing the certificate
SecretIdentifier secretIdentifier = certificateBundle.secretIdentifier();
SecretBundle secret = keyVaultClient.getSecret(secretIdentifier.baseIdentifier());
Assert.assertTrue(secret.managed());
// Load the secret into a KeyStore
String secretPassword = "";
KeyStore keyStore = loadSecretToKeyStore(secret, secretPassword);
// Validate the certificate and key in the KeyStore
validateCertificateKeyInKeyStore(keyStore, x509Certificate, secretPassword);
CertificateBundle deletedCertificateBundle = keyVaultClient.deleteCertificate(getVaultUri(), certificateName);
Assert.assertNotNull(deletedCertificateBundle);
try {
keyVaultClient.getCertificate(deletedCertificateBundle.certificateIdentifier().baseIdentifier());
} catch (KeyVaultErrorException e) {
Assert.assertNotNull(e.body().error());
Assert.assertEquals("CertificateNotFound", e.body().error().code());
}
}
use of com.microsoft.azure.keyvault.SecretIdentifier in project azure-sdk-for-java by Azure.
the class CertificateOperationsTest method createSelfSignedCertificatePkcs12.
/**
* Create a self-signed certificate in PKCS12 format (which includes the
* private key) certificate.
*
* @throws Exception
*/
@Test
public void createSelfSignedCertificatePkcs12() throws Exception {
// Set content type to indicate the certificate is PKCS12 format.
SecretProperties secretProperties = new SecretProperties().withContentType(MIME_PKCS12);
String subjectName = "CN=SelfSignedJavaPkcs12";
X509CertificateProperties x509Properties = new X509CertificateProperties().withSubject(subjectName).withValidityInMonths(12);
// Set issuer to "Self"
IssuerParameters issuerParameters = new IssuerParameters().withName(ISSUER_SELF);
CertificatePolicy certificatePolicy = new CertificatePolicy().withSecretProperties(secretProperties).withIssuerParameters(issuerParameters).withX509CertificateProperties(x509Properties);
Attributes attribute = new CertificateAttributes().withEnabled(true).withExpires(new DateTime().withYear(2050).withMonthOfYear(1)).withNotBefore(new DateTime().withYear(2000).withMonthOfYear(1));
String vaultUri = getVaultUri();
String certificateName = "createSelfSignedJavaPkcs12";
CreateCertificateRequest createCertificateRequest = new CreateCertificateRequest.Builder(vaultUri, certificateName).withPolicy(certificatePolicy).withAttributes(attribute).withTags(sTags).build();
CertificateOperation certificateOperation = keyVaultClient.createCertificate(createCertificateRequest);
Assert.assertNotNull(certificateOperation);
Assert.assertTrue(certificateOperation.status().equalsIgnoreCase(STATUS_IN_PROGRESS));
CertificateBundle certificateBundle = pollOnCertificateOperation(certificateOperation);
validateCertificateBundle(certificateBundle, certificatePolicy);
compareAttributes(attribute, createCertificateRequest.certificateAttributes());
// Load the CER part into X509Certificate object
X509Certificate x509Certificate = loadCerToX509Certificate(certificateBundle);
Assert.assertTrue(x509Certificate.getSubjectX500Principal().getName().equals(subjectName));
Assert.assertTrue(x509Certificate.getIssuerX500Principal().getName().equals(subjectName));
// Retrieve the secret backing the certificate
SecretIdentifier secretIdentifier = certificateBundle.secretIdentifier();
SecretBundle secret = keyVaultClient.getSecret(secretIdentifier.baseIdentifier());
Assert.assertTrue(secret.managed());
// Retrieve the key backing the certificate
KeyIdentifier keyIdentifier = certificateBundle.keyIdentifier();
KeyBundle keyBundle = keyVaultClient.getKey(keyIdentifier.baseIdentifier());
Assert.assertTrue(keyBundle.managed());
// Load the secret into a KeyStore
String secretPassword = "";
KeyStore keyStore = loadSecretToKeyStore(secret, secretPassword);
// Validate the certificate and key in the KeyStore
validateCertificateKeyInKeyStore(keyStore, x509Certificate, secretPassword);
CertificateBundle deletedCertificateBundle = keyVaultClient.deleteCertificate(getVaultUri(), certificateName);
Assert.assertNotNull(deletedCertificateBundle);
try {
keyVaultClient.getCertificate(deletedCertificateBundle.certificateIdentifier().baseIdentifier());
} catch (KeyVaultErrorException e) {
Assert.assertNotNull(e.body().error());
Assert.assertEquals("CertificateNotFound", e.body().error().code());
}
}
use of com.microsoft.azure.keyvault.SecretIdentifier in project azure-sdk-for-java by Azure.
the class CertificateOperationsTest method importCertificatePkcs12.
/**
* Import a PKCS12 format (which includes the private key) certificate.
*/
@Test
public void importCertificatePkcs12() throws Exception {
String certificateContent = "MIIJOwIBAzCCCPcGCSqGSIb3DQEHAaCCCOgEggjkMIII4DCCBgkGCSqGSIb3DQEHAaCCBfoEggX2MIIF8jCCBe4GCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAj15YH9pOE58AICB9AEggTYLrI+SAru2dBZRQRlJY7XQ3LeLkah2FcRR3dATDshZ2h0IA2oBrkQIdsLyAAWZ32qYR1qkWxLHn9AqXgu27AEbOk35+pITZaiy63YYBkkpR+pDdngZt19Z0PWrGwHEq5z6BHS2GLyyN8SSOCbdzCz7blj3+7IZYoMj4WOPgOm/tQ6U44SFWek46QwN2zeA4i97v7ftNNns27ms52jqfhOvTA9c/wyfZKAY4aKJfYYUmycKjnnRl012ldS2lOkASFt+lu4QCa72IY6ePtRudPCvmzRv2pkLYS6z3cI7omT8nHP3DymNOqLbFqr5O2M1ZYaLC63Q3xt3eVvbcPh3N08D1hHkhz/KDTvkRAQpvrW8ISKmgDdmzN55Pe55xHfSWGB7gPw8sZea57IxFzWHTK2yvTslooWoosmGxanYY2IG/no3EbPOWDKjPZ4ilYJe5JJ2immlxPz+2e2EOCKpDI+7fzQcRz3PTd3BK+budZ8aXX8aW/lOgKS8WmxZoKnOJBNWeTNWQFugmktXfdPHAdxMhjUXqeGQd8wTvZ4EzQNNafovwkI7IV/ZYoa++RGofVR3ZbRSiBNF6TDj/qXFt0wN/CQnsGAmQAGNiN+D4mY7i25dtTu/Jc7OxLdhAUFpHyJpyrYWLfvOiS5WYBeEDHkiPUa/8eZSPA3MXWZR1RiuDvuNqMjct1SSwdXADTtF68l/US1ksU657+XSC+6ly1A/upz+X71+C4Ho6W0751j5ZMT6xKjGh5pee7MVuduxIzXjWIy3YSd0fIT3U0A5NLEvJ9rfkx6JiHjRLx6V1tqsrtT6BsGtmCQR1UCJPLqsKVDvAINx3cPA/CGqr5OX2BGZlAihGmN6n7gv8w4O0k0LPTAe5YefgXN3m9pE867N31GtHVZaJ/UVgDNYS2jused4rw76ZWN41akx2QN0JSeMJqHXqVz6AKfz8ICS/dFnEGyBNpXiMRxrY/QPKi/wONwqsbDxRW7vZRVKs78pBkE0ksaShlZk5GkeayDWC/7Hi/NqUFtIloK9XB3paLxo1DGu5qqaF34jZdktzkXp0uZqpp+FfKZaiovMjt8F7yHCPk+LYpRsU2Cyc9DVoDA6rIgf+uEP4jppgehsxyT0lJHax2t869R2jYdsXwYUXjgwHIV0voj7bJYPGFlFjXOp6ZW86scsHM5xfsGQoK2Fp838VT34SHE1ZXU/puM7rviREHYW72pfpgGZUILQMohuTPnd8tFtAkbrmjLDo+k9xx7HUvgoFTiNNWuq/cRjr70FKNguMMTIrid+HwfmbRoaxENWdLcOTNeascER2a+37UQolKD5ksrPJG6RdNA7O2pzp3micDYRs/+s28cCIxO//J/d4nsgHp6RTuCu4+Jm9k0YTw2Xg75b2cWKrxGnDUgyIlvNPaZTB5QbMid4x44/lE0LLi9kcPQhRgrK07OnnrMgZvVGjt1CLGhKUv7KFc3xV1r1rwKkosxnoG99oCoTQtregcX5rIMjHgkc1IdflGJkZzaWMkYVFOJ4Weynz008i4ddkske5vabZs37Lb8iggUYNBYZyGzalruBgnQyK4fz38Fae4nWYjyildVfgyo/fCePR2ovOfphx9OQJi+M9BoFmPrAg+8ARDZ+R+5yzYuEc9ZoVX7nkp7LTGB3DANBgkrBgEEAYI3EQIxADATBgkqhkiG9w0BCRUxBgQEAQAAADBXBgkqhkiG9w0BCRQxSh5IAGEAOAAwAGQAZgBmADgANgAtAGUAOQA2AGUALQA0ADIAMgA0AC0AYQBhADEAMQAtAGIAZAAxADkANABkADUAYQA2AGIANwA3MF0GCSsGAQQBgjcRATFQHk4ATQBpAGMAcgBvAHMAbwBmAHQAIABTAHQAcgBvAG4AZwAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIwggLPBgkqhkiG9w0BBwagggLAMIICvAIBADCCArUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECNX+VL2MxzzWAgIH0ICCAojmRBO+CPfVNUO0s+BVuwhOzikAGNBmQHNChmJ/pyzPbMUbx7tO63eIVSc67iERda2WCEmVwPigaVQkPaumsfp8+L6iV/BMf5RKlyRXcwh0vUdu2Qa7qadD+gFQ2kngf4Dk6vYo2/2HxayuIf6jpwe8vql4ca3ZtWXfuRix2fwgltM0bMz1g59d7x/glTfNqxNlsty0A/rWrPJjNbOPRU2XykLuc3AtlTtYsQ32Zsmu67A7UNBw6tVtkEXlFDqhavEhUEO3dvYqMY+QLxzpZhA0q44ZZ9/ex0X6QAFNK5wuWxCbupHWsgxRwKftrxyszMHsAvNoNcTlqcctee+ecNwTJQa1/MDbnhO6/qHA7cfG1qYDq8Th635vGNMW1w3sVS7l0uEvdayAsBHWTcOC2tlMa5bfHrhY8OEIqj5bN5H9RdFy8G/W239tjDu1OYjBDydiBqzBn8HG1DSj1Pjc0kd/82d4ZU0308KFTC3yGcRad0GnEH0Oi3iEJ9HbriUbfVMbXNHOF+MktWiDVqzndGMKmuJSdfTBKvGFvejAWVO5E4mgLvoaMmbchc3BO7sLeraHnJN5hvMBaLcQI38N86mUfTR8AP6AJ9c2k514KaDLclm4z6J8dMz60nUeo5D3YD09G6BavFHxSvJ8MF0Lu5zOFzEePDRFm9mH8W0N/sFlIaYfD/GWU/w44mQucjaBk95YtqOGRIj58tGDWr8iUdHwaYKGqU24zGeRae9DhFXPzZshV1ZGsBQFRaoYkyLAwdJWIXTi+c37YaC8FRSEnnNmS79Dou1Kc3BvK4EYKAD2KxjtUebrV174gD0Q+9YuJ0GXOTspBvCFd5VT2Rw5zDNrA/J3F5fMCk4wOzAfMAcGBSsOAwIaBBSxgh2xyF+88V4vAffBmZXv8Txt4AQU4O/NX4MjxSodbE7ApNAMIvrtREwCAgfQ";
String certificatePassword = "123";
// Set content type to indicate the certificate is PKCS12 format.
SecretProperties secretProperties = new SecretProperties().withContentType(MIME_PKCS12);
CertificatePolicy certificatePolicy = new CertificatePolicy().withSecretProperties(secretProperties);
Attributes attribute = new CertificateAttributes().withEnabled(true);
String vaultUri = getVaultUri();
String certificateName = "importCertPkcs";
CertificateBundle certificateBundle = keyVaultClient.importCertificate(new ImportCertificateRequest.Builder(vaultUri, certificateName, certificateContent).withPassword(certificatePassword).withPolicy(certificatePolicy).withAttributes(attribute).withTags(sTags).build());
// Validate the certificate bundle created
validateCertificateBundle(certificateBundle, certificatePolicy);
Assert.assertTrue(toHexString(certificateBundle.x509Thumbprint()).equalsIgnoreCase("7cb8b7539d87ba7215357b9b9049dff2d3fa59ba"));
Assert.assertEquals(attribute.enabled(), certificateBundle.attributes().enabled());
// Load the CER part into X509Certificate object
X509Certificate x509Certificate = loadCerToX509Certificate(certificateBundle);
Assert.assertTrue(x509Certificate.getSubjectX500Principal().getName().equals("CN=KeyVaultTest"));
Assert.assertTrue(x509Certificate.getIssuerX500Principal().getName().equals("CN=Root Agency"));
// Retrieve the secret backing the certificate
SecretIdentifier secretIdentifier = certificateBundle.secretIdentifier();
SecretBundle secret = keyVaultClient.getSecret(secretIdentifier.baseIdentifier());
Assert.assertTrue(secret.managed());
// Load the secret into a KeyStore
String secretPassword = "";
KeyStore keyStore = loadSecretToKeyStore(secret, secretPassword);
// Validate the certificate and key in the KeyStore
validateCertificateKeyInKeyStore(keyStore, x509Certificate, secretPassword);
CertificateBundle deletedCertificateBundle = keyVaultClient.deleteCertificate(getVaultUri(), certificateName);
try {
keyVaultClient.getCertificate(deletedCertificateBundle.certificateIdentifier().baseIdentifier());
} catch (KeyVaultErrorException e) {
Assert.assertNotNull(e.body().error());
Assert.assertEquals("CertificateNotFound", e.body().error().code());
}
}
use of com.microsoft.azure.keyvault.SecretIdentifier in project azure-sdk-for-java by Azure.
the class SecretOperationsTest method crudOperations.
@Test
public void crudOperations() throws Exception {
SecretBundle secret;
{
// Create secret
secret = keyVaultClient.setSecret(new SetSecretRequest.Builder(getVaultUri(), SECRET_NAME, SECRET_VALUE).build());
validateSecret(secret, getVaultUri(), SECRET_NAME, SECRET_VALUE, null, null);
}
// Secret identifier.
SecretIdentifier secretId = new SecretIdentifier(secret.id());
{
// Get secret using kid WO version
SecretBundle readBundle = keyVaultClient.getSecret(secretId.baseIdentifier());
compareSecrets(secret, readBundle);
}
{
// Get secret using full kid as defined in the bundle
SecretBundle readBundle = keyVaultClient.getSecret(secret.id());
compareSecrets(secret, readBundle);
}
{
// Get secret using vault and secret name.
SecretBundle readBundle = keyVaultClient.getSecret(getVaultUri(), SECRET_NAME);
compareSecrets(secret, readBundle);
}
{
// Get secret using vault, secret name and version.
SecretBundle readBundle = keyVaultClient.getSecret(getVaultUri(), SECRET_NAME, secretId.version());
compareSecrets(secret, readBundle);
}
{
secret.attributes().withExpires(new DateTime().withMonthOfYear(2).withDayOfMonth(1).withYear(2050));
Map<String, String> tags = new HashMap<String, String>();
tags.put("foo", "baz");
secret.withTags(tags).withContentType("application/html").withValue(// The value doesn't get updated
null);
// Update secret using the kid as defined in the bundle
SecretBundle updatedSecret = keyVaultClient.updateSecret(new UpdateSecretRequest.Builder(secret.id()).withContentType(secret.contentType()).withAttributes(secret.attributes()).withTags(secret.tags()).build());
compareSecrets(secret, updatedSecret);
// Subsequent operations must use the updated bundle for comparison.
secret = updatedSecret;
}
{
// Update secret using vault and secret name.
secret.attributes().withNotBefore(new DateTime().withMonthOfYear(2).withDayOfMonth(1).withYear(2000));
Map<String, String> tags = new HashMap<String, String>();
tags.put("rex", "woof");
secret.withTags(tags).withContentType("application/html");
// Perform the operation.
SecretBundle updatedSecret = keyVaultClient.updateSecret(new UpdateSecretRequest.Builder(getVaultUri(), SECRET_NAME).withVersion(secret.secretIdentifier().version()).withContentType(secret.contentType()).withAttributes(secret.attributes()).withTags(secret.tags()).build());
compareSecrets(secret, updatedSecret);
validateSecret(updatedSecret, secret.secretIdentifier().vault(), secret.secretIdentifier().name(), null, secret.contentType(), secret.attributes());
}
{
// Delete secret
SecretBundle deleteBundle = keyVaultClient.deleteSecret(getVaultUri(), SECRET_NAME);
compareSecrets(secret, deleteBundle);
}
{
// Expects a secret not found
try {
keyVaultClient.getSecret(secretId.baseIdentifier());
} catch (KeyVaultErrorException e) {
Assert.assertNotNull(e.body().error().code());
Assert.assertEquals("SecretNotFound", e.body().error().code());
}
}
}
Aggregations