Example 11 with SecretBundle
use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getVault.
public static AzureDockerCertVault getVault(AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (certVault == null || keyVaultClient == null || certVault.uri == null) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
}
String vaultUri = certVault.uri;
try {
SecretBundle secret = keyVaultClient.getSecret(vaultUri, SECRETENTRY_DOCKERHOSTNAMES);
if (secret != null) {
certVault.hostName = secret.value();
} else {
certVault.hostName = null;
return null;
}
} catch (Exception e) {
return null;
}
//Execute Key Vault Secret read in parallel
Map<String, String> secretNamesAndValueMap = new HashMap<>();
Observable.from(DOCKERHOST_SECRETS).flatMap(secretName -> {
return Observable.create(new Observable.OnSubscribe<Pair<String, String>>() {
@Override
public void call(Subscriber<? super Pair<String, String>> subscriber) {
keyVaultClient.getSecretAsync(vaultUri, secretName, new ServiceCallback<SecretBundle>() {
@Override
public void failure(Throwable throwable) {
subscriber.onCompleted();
}
@Override
public void success(SecretBundle secretBundle) {
if (secretBundle != null) {
subscriber.onNext(new Pair<>(secretName, secretBundle.value()));
}
subscriber.onCompleted();
}
});
}
}).subscribeOn(Schedulers.io());
}, 5).subscribeOn(Schedulers.io()).toBlocking().subscribe(new Action1<Pair<String, String>>() {
@Override
public void call(Pair<String, String> secretNameAndValue) {
secretNamesAndValueMap.put(secretNameAndValue.first(), secretNameAndValue.second());
}
});
String currentSecretValue;
currentSecretValue = secretNamesAndValueMap.get("vmUsername");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.vmUsername = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("vmPwd");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.vmPwd = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("sshKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.sshKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("sshPubKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.sshPubKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsCACert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsCACert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsCAKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsCAKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsClientCert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsClientCert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsClientKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsClientKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsServerCert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsServerCert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsServerKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsServerKey = currentSecretValue;
}
return certVault;
}
Also used :
KeyPair(com.jcraft.jsch.KeyPair)
JSch(com.jcraft.jsch.JSch)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
HashMap(java.util.HashMap)
Action1(rx.functions.Action1)
DEBUG(com.microsoft.azure.docker.ops.utils.AzureDockerUtils.DEBUG)
SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle)
Observable(rx.Observable)
Azure(com.microsoft.azure.management.Azure)
Map(java.util.Map)
Schedulers(rx.schedulers.Schedulers)
DefaultLoader(com.microsoft.tooling.msservices.components.DefaultLoader)
ResourceGroup(com.microsoft.azure.management.resources.ResourceGroup)
Vault(com.microsoft.azure.management.keyvault.Vault)
Subscriber(rx.Subscriber)
ServiceCallback(com.microsoft.rest.ServiceCallback)
Files(java.nio.file.Files)
AzureDockerUtils(com.microsoft.azure.docker.ops.utils.AzureDockerUtils)
FileWriter(java.io.FileWriter)
Pair(com.microsoft.azuretools.utils.Pair)
SetSecretRequest(com.microsoft.azure.keyvault.requests.SetSecretRequest)
SecretPermissions(com.microsoft.azure.management.keyvault.SecretPermissions)
List(java.util.List)
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault)
Paths(java.nio.file.Paths)
CloudException(com.microsoft.azure.CloudException)
KeyVaultClient(com.microsoft.azure.keyvault.KeyVaultClient)
HashMap(java.util.HashMap)
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
CloudException(com.microsoft.azure.CloudException)
Observable(rx.Observable)
SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle)
ServiceCallback(com.microsoft.rest.ServiceCallback)
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
KeyPair(com.jcraft.jsch.KeyPair)
Pair(com.microsoft.azuretools.utils.Pair)
Example 12 with SecretBundle
use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-sdk-for-java by Azure.
the class CertificateOperationsTest method createSelfSignedCertificatePkcs12.
/**
* Create a self-signed certificate in PKCS12 format (which includes the
* private key) certificate.
*
* @throws Exception
*/
@Test
public void createSelfSignedCertificatePkcs12() throws Exception {
// Set content type to indicate the certificate is PKCS12 format.
SecretProperties secretProperties = new SecretProperties().withContentType(MIME_PKCS12);
String subjectName = "CN=SelfSignedJavaPkcs12";
X509CertificateProperties x509Properties = new X509CertificateProperties().withSubject(subjectName).withValidityInMonths(12);
// Set issuer to "Self"
IssuerParameters issuerParameters = new IssuerParameters().withName(ISSUER_SELF);
CertificatePolicy certificatePolicy = new CertificatePolicy().withSecretProperties(secretProperties).withIssuerParameters(issuerParameters).withX509CertificateProperties(x509Properties);
Attributes attribute = new CertificateAttributes().withEnabled(true).withExpires(new DateTime().withYear(2050).withMonthOfYear(1)).withNotBefore(new DateTime().withYear(2000).withMonthOfYear(1));
String vaultUri = getVaultUri();
String certificateName = "createSelfSignedJavaPkcs12";
CreateCertificateRequest createCertificateRequest = new CreateCertificateRequest.Builder(vaultUri, certificateName).withPolicy(certificatePolicy).withAttributes(attribute).withTags(sTags).build();
CertificateOperation certificateOperation = keyVaultClient.createCertificate(createCertificateRequest);
Assert.assertNotNull(certificateOperation);
Assert.assertTrue(certificateOperation.status().equalsIgnoreCase(STATUS_IN_PROGRESS));
CertificateBundle certificateBundle = pollOnCertificateOperation(certificateOperation);
validateCertificateBundle(certificateBundle, certificatePolicy);
compareAttributes(attribute, createCertificateRequest.certificateAttributes());
// Load the CER part into X509Certificate object
X509Certificate x509Certificate = loadCerToX509Certificate(certificateBundle);
Assert.assertTrue(x509Certificate.getSubjectX500Principal().getName().equals(subjectName));
Assert.assertTrue(x509Certificate.getIssuerX500Principal().getName().equals(subjectName));
// Retrieve the secret backing the certificate
SecretIdentifier secretIdentifier = certificateBundle.secretIdentifier();
SecretBundle secret = keyVaultClient.getSecret(secretIdentifier.baseIdentifier());
Assert.assertTrue(secret.managed());
// Retrieve the key backing the certificate
KeyIdentifier keyIdentifier = certificateBundle.keyIdentifier();
KeyBundle keyBundle = keyVaultClient.getKey(keyIdentifier.baseIdentifier());
Assert.assertTrue(keyBundle.managed());
// Load the secret into a KeyStore
String secretPassword = "";
KeyStore keyStore = loadSecretToKeyStore(secret, secretPassword);
// Validate the certificate and key in the KeyStore
validateCertificateKeyInKeyStore(keyStore, x509Certificate, secretPassword);
CertificateBundle deletedCertificateBundle = keyVaultClient.deleteCertificate(getVaultUri(), certificateName);
Assert.assertNotNull(deletedCertificateBundle);
try {
keyVaultClient.getCertificate(deletedCertificateBundle.certificateIdentifier().baseIdentifier());
} catch (KeyVaultErrorException e) {
Assert.assertNotNull(e.body().error());
Assert.assertEquals("CertificateNotFound", e.body().error().code());
}
}
Also used :
KeyIdentifier(com.microsoft.azure.keyvault.KeyIdentifier)
CertificateAttributes(com.microsoft.azure.keyvault.models.CertificateAttributes)
CertificateBundle(com.microsoft.azure.keyvault.models.CertificateBundle)
KeyVaultErrorException(com.microsoft.azure.keyvault.models.KeyVaultErrorException)
IssuerParameters(com.microsoft.azure.keyvault.models.IssuerParameters)
CertificatePolicy(com.microsoft.azure.keyvault.models.CertificatePolicy)
Attributes(com.microsoft.azure.keyvault.models.Attributes)
CertificateAttributes(com.microsoft.azure.keyvault.models.CertificateAttributes)
X509CertificateProperties(com.microsoft.azure.keyvault.models.X509CertificateProperties)
CertificateOperation(com.microsoft.azure.keyvault.models.CertificateOperation)
KeyStore(java.security.KeyStore)
DateTime(org.joda.time.DateTime)
X509Certificate(java.security.cert.X509Certificate)
CreateCertificateRequest(com.microsoft.azure.keyvault.requests.CreateCertificateRequest)
SecretIdentifier(com.microsoft.azure.keyvault.SecretIdentifier)
SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle)
SecretProperties(com.microsoft.azure.keyvault.models.SecretProperties)
KeyBundle(com.microsoft.azure.keyvault.models.KeyBundle)
Test(org.junit.Test)
Example 13 with SecretBundle
use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-sdk-for-java by Azure.
the class CertificateOperationsTest method importCertificatePkcs12.
/**
* Import a PKCS12 format (which includes the private key) certificate.
*/
@Test
public void importCertificatePkcs12() throws Exception {
String certificateContent = "MIIJOwIBAzCCCPcGCSqGSIb3DQEHAaCCCOgEggjkMIII4DCCBgkGCSqGSIb3DQEHAaCCBfoEggX2MIIF8jCCBe4GCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAj15YH9pOE58AICB9AEggTYLrI+SAru2dBZRQRlJY7XQ3LeLkah2FcRR3dATDshZ2h0IA2oBrkQIdsLyAAWZ32qYR1qkWxLHn9AqXgu27AEbOk35+pITZaiy63YYBkkpR+pDdngZt19Z0PWrGwHEq5z6BHS2GLyyN8SSOCbdzCz7blj3+7IZYoMj4WOPgOm/tQ6U44SFWek46QwN2zeA4i97v7ftNNns27ms52jqfhOvTA9c/wyfZKAY4aKJfYYUmycKjnnRl012ldS2lOkASFt+lu4QCa72IY6ePtRudPCvmzRv2pkLYS6z3cI7omT8nHP3DymNOqLbFqr5O2M1ZYaLC63Q3xt3eVvbcPh3N08D1hHkhz/KDTvkRAQpvrW8ISKmgDdmzN55Pe55xHfSWGB7gPw8sZea57IxFzWHTK2yvTslooWoosmGxanYY2IG/no3EbPOWDKjPZ4ilYJe5JJ2immlxPz+2e2EOCKpDI+7fzQcRz3PTd3BK+budZ8aXX8aW/lOgKS8WmxZoKnOJBNWeTNWQFugmktXfdPHAdxMhjUXqeGQd8wTvZ4EzQNNafovwkI7IV/ZYoa++RGofVR3ZbRSiBNF6TDj/qXFt0wN/CQnsGAmQAGNiN+D4mY7i25dtTu/Jc7OxLdhAUFpHyJpyrYWLfvOiS5WYBeEDHkiPUa/8eZSPA3MXWZR1RiuDvuNqMjct1SSwdXADTtF68l/US1ksU657+XSC+6ly1A/upz+X71+C4Ho6W0751j5ZMT6xKjGh5pee7MVuduxIzXjWIy3YSd0fIT3U0A5NLEvJ9rfkx6JiHjRLx6V1tqsrtT6BsGtmCQR1UCJPLqsKVDvAINx3cPA/CGqr5OX2BGZlAihGmN6n7gv8w4O0k0LPTAe5YefgXN3m9pE867N31GtHVZaJ/UVgDNYS2jused4rw76ZWN41akx2QN0JSeMJqHXqVz6AKfz8ICS/dFnEGyBNpXiMRxrY/QPKi/wONwqsbDxRW7vZRVKs78pBkE0ksaShlZk5GkeayDWC/7Hi/NqUFtIloK9XB3paLxo1DGu5qqaF34jZdktzkXp0uZqpp+FfKZaiovMjt8F7yHCPk+LYpRsU2Cyc9DVoDA6rIgf+uEP4jppgehsxyT0lJHax2t869R2jYdsXwYUXjgwHIV0voj7bJYPGFlFjXOp6ZW86scsHM5xfsGQoK2Fp838VT34SHE1ZXU/puM7rviREHYW72pfpgGZUILQMohuTPnd8tFtAkbrmjLDo+k9xx7HUvgoFTiNNWuq/cRjr70FKNguMMTIrid+HwfmbRoaxENWdLcOTNeascER2a+37UQolKD5ksrPJG6RdNA7O2pzp3micDYRs/+s28cCIxO//J/d4nsgHp6RTuCu4+Jm9k0YTw2Xg75b2cWKrxGnDUgyIlvNPaZTB5QbMid4x44/lE0LLi9kcPQhRgrK07OnnrMgZvVGjt1CLGhKUv7KFc3xV1r1rwKkosxnoG99oCoTQtregcX5rIMjHgkc1IdflGJkZzaWMkYVFOJ4Weynz008i4ddkske5vabZs37Lb8iggUYNBYZyGzalruBgnQyK4fz38Fae4nWYjyildVfgyo/fCePR2ovOfphx9OQJi+M9BoFmPrAg+8ARDZ+R+5yzYuEc9ZoVX7nkp7LTGB3DANBgkrBgEEAYI3EQIxADATBgkqhkiG9w0BCRUxBgQEAQAAADBXBgkqhkiG9w0BCRQxSh5IAGEAOAAwAGQAZgBmADgANgAtAGUAOQA2AGUALQA0ADIAMgA0AC0AYQBhADEAMQAtAGIAZAAxADkANABkADUAYQA2AGIANwA3MF0GCSsGAQQBgjcRATFQHk4ATQBpAGMAcgBvAHMAbwBmAHQAIABTAHQAcgBvAG4AZwAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIwggLPBgkqhkiG9w0BBwagggLAMIICvAIBADCCArUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECNX+VL2MxzzWAgIH0ICCAojmRBO+CPfVNUO0s+BVuwhOzikAGNBmQHNChmJ/pyzPbMUbx7tO63eIVSc67iERda2WCEmVwPigaVQkPaumsfp8+L6iV/BMf5RKlyRXcwh0vUdu2Qa7qadD+gFQ2kngf4Dk6vYo2/2HxayuIf6jpwe8vql4ca3ZtWXfuRix2fwgltM0bMz1g59d7x/glTfNqxNlsty0A/rWrPJjNbOPRU2XykLuc3AtlTtYsQ32Zsmu67A7UNBw6tVtkEXlFDqhavEhUEO3dvYqMY+QLxzpZhA0q44ZZ9/ex0X6QAFNK5wuWxCbupHWsgxRwKftrxyszMHsAvNoNcTlqcctee+ecNwTJQa1/MDbnhO6/qHA7cfG1qYDq8Th635vGNMW1w3sVS7l0uEvdayAsBHWTcOC2tlMa5bfHrhY8OEIqj5bN5H9RdFy8G/W239tjDu1OYjBDydiBqzBn8HG1DSj1Pjc0kd/82d4ZU0308KFTC3yGcRad0GnEH0Oi3iEJ9HbriUbfVMbXNHOF+MktWiDVqzndGMKmuJSdfTBKvGFvejAWVO5E4mgLvoaMmbchc3BO7sLeraHnJN5hvMBaLcQI38N86mUfTR8AP6AJ9c2k514KaDLclm4z6J8dMz60nUeo5D3YD09G6BavFHxSvJ8MF0Lu5zOFzEePDRFm9mH8W0N/sFlIaYfD/GWU/w44mQucjaBk95YtqOGRIj58tGDWr8iUdHwaYKGqU24zGeRae9DhFXPzZshV1ZGsBQFRaoYkyLAwdJWIXTi+c37YaC8FRSEnnNmS79Dou1Kc3BvK4EYKAD2KxjtUebrV174gD0Q+9YuJ0GXOTspBvCFd5VT2Rw5zDNrA/J3F5fMCk4wOzAfMAcGBSsOAwIaBBSxgh2xyF+88V4vAffBmZXv8Txt4AQU4O/NX4MjxSodbE7ApNAMIvrtREwCAgfQ";
String certificatePassword = "123";
// Set content type to indicate the certificate is PKCS12 format.
SecretProperties secretProperties = new SecretProperties().withContentType(MIME_PKCS12);
CertificatePolicy certificatePolicy = new CertificatePolicy().withSecretProperties(secretProperties);
Attributes attribute = new CertificateAttributes().withEnabled(true);
String vaultUri = getVaultUri();
String certificateName = "importCertPkcs";
CertificateBundle certificateBundle = keyVaultClient.importCertificate(new ImportCertificateRequest.Builder(vaultUri, certificateName, certificateContent).withPassword(certificatePassword).withPolicy(certificatePolicy).withAttributes(attribute).withTags(sTags).build());
// Validate the certificate bundle created
validateCertificateBundle(certificateBundle, certificatePolicy);
Assert.assertTrue(toHexString(certificateBundle.x509Thumbprint()).equalsIgnoreCase("7cb8b7539d87ba7215357b9b9049dff2d3fa59ba"));
Assert.assertEquals(attribute.enabled(), certificateBundle.attributes().enabled());
// Load the CER part into X509Certificate object
X509Certificate x509Certificate = loadCerToX509Certificate(certificateBundle);
Assert.assertTrue(x509Certificate.getSubjectX500Principal().getName().equals("CN=KeyVaultTest"));
Assert.assertTrue(x509Certificate.getIssuerX500Principal().getName().equals("CN=Root Agency"));
// Retrieve the secret backing the certificate
SecretIdentifier secretIdentifier = certificateBundle.secretIdentifier();
SecretBundle secret = keyVaultClient.getSecret(secretIdentifier.baseIdentifier());
Assert.assertTrue(secret.managed());
// Load the secret into a KeyStore
String secretPassword = "";
KeyStore keyStore = loadSecretToKeyStore(secret, secretPassword);
// Validate the certificate and key in the KeyStore
validateCertificateKeyInKeyStore(keyStore, x509Certificate, secretPassword);
CertificateBundle deletedCertificateBundle = keyVaultClient.deleteCertificate(getVaultUri(), certificateName);
try {
keyVaultClient.getCertificate(deletedCertificateBundle.certificateIdentifier().baseIdentifier());
} catch (KeyVaultErrorException e) {
Assert.assertNotNull(e.body().error());
Assert.assertEquals("CertificateNotFound", e.body().error().code());
}
}
Also used :
SecretIdentifier(com.microsoft.azure.keyvault.SecretIdentifier)
SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle)
SecretProperties(com.microsoft.azure.keyvault.models.SecretProperties)
CertificateAttributes(com.microsoft.azure.keyvault.models.CertificateAttributes)
CertificateBundle(com.microsoft.azure.keyvault.models.CertificateBundle)
KeyVaultErrorException(com.microsoft.azure.keyvault.models.KeyVaultErrorException)
CertificatePolicy(com.microsoft.azure.keyvault.models.CertificatePolicy)
Attributes(com.microsoft.azure.keyvault.models.Attributes)
CertificateAttributes(com.microsoft.azure.keyvault.models.CertificateAttributes)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 14 with SecretBundle
use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-sdk-for-java by Azure.
the class AsyncOperationsTest method secretAsync.
@Test
public void secretAsync() throws Exception {
String vault = getVaultUri();
String secretname = "mySecret";
String password = "password";
SetSecretRequest setSecretRequest = new SetSecretRequest.Builder(vault, secretname, password).build();
SecretBundle secretBundle = keyVaultClient.setSecretAsync(setSecretRequest, null).get();
Assert.assertNotNull(secretBundle);
UpdateSecretRequest updateSecretRequest = new UpdateSecretRequest.Builder(secretBundle.id()).build();
secretBundle = keyVaultClient.updateSecretAsync(updateSecretRequest, null).get();
Assert.assertNotNull(secretBundle);
secretBundle = keyVaultClient.getSecretAsync(secretBundle.id(), null).get();
Assert.assertNotNull(secretBundle);
List<SecretItem> secretItems = keyVaultClient.listSecretsAsync(vault, 2, null).get();
Assert.assertNotNull(secretItems);
List<SecretItem> secretVersionItems = keyVaultClient.listSecretVersionsAsync(vault, secretname, 2, null).get();
Assert.assertNotNull(secretVersionItems);
secretBundle = keyVaultClient.deleteSecretAsync(vault, secretname, null).get();
Assert.assertNotNull(secretBundle);
try {
keyVaultClient.deleteSecretAsync(vault, secretname, null).get();
} catch (ExecutionException ex) {
Throwable t = ex.getCause();
if (t instanceof KeyVaultErrorException) {
Assert.assertEquals("SecretNotFound", ((KeyVaultErrorException) t).body().error().code());
} else
throw ex;
}
}
Also used :
SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle)
KeyVaultErrorException(com.microsoft.azure.keyvault.models.KeyVaultErrorException)
SecretItem(com.microsoft.azure.keyvault.models.SecretItem)
SetSecretRequest(com.microsoft.azure.keyvault.requests.SetSecretRequest)
ExecutionException(java.util.concurrent.ExecutionException)
UpdateSecretRequest(com.microsoft.azure.keyvault.requests.UpdateSecretRequest)
Test(org.junit.Test)
Example 15 with SecretBundle
use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-sdk-for-java by Azure.
the class KeyVaultKeyResolverBCProviderTest method KeyVault_KeyVaultKeyResolver_Secret192Base64.
/*
* Test resolving a key from a 128bit secret encoded as base64 in a vault using various KeyVaultKeyResolver constructors.
*/
@Test
public void KeyVault_KeyVaultKeyResolver_Secret192Base64() throws InterruptedException, ExecutionException {
// Arrange
byte[] keyBytes = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 };
byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF };
byte[] EK = { (byte) 0x96, 0x77, (byte) 0x8B, 0x25, (byte) 0xAE, 0x6C, (byte) 0xA4, 0x35, (byte) 0xF9, 0x2B, 0x5B, (byte) 0x97, (byte) 0xC0, 0x50, (byte) 0xAE, (byte) 0xD2, 0x46, (byte) 0x8A, (byte) 0xB8, (byte) 0xA1, 0x7A, (byte) 0xD8, 0x4E, 0x5D };
try {
SetSecretRequest request = new SetSecretRequest.Builder(getVaultUri(), SECRET_NAME, _base64.encodeAsString(keyBytes)).withContentType("application/octet-stream").build();
SecretBundle secretBundle = keyVaultClient.setSecret(request);
if (secretBundle != null) {
try {
// ctor with client
KeyVaultKeyResolver resolver = new KeyVaultKeyResolver(keyVaultClient, _provider);
IKey baseKey = resolver.resolveKeyAsync(secretBundle.secretIdentifier().baseIdentifier()).get();
IKey versionKey = resolver.resolveKeyAsync(secretBundle.secretIdentifier().identifier()).get();
// Check for correct key identifiers
Assert.assertEquals(baseKey.getKid(), versionKey.getKid());
// Ensure key operations give the expected results
byte[] encrypted = null;
try {
encrypted = baseKey.wrapKeyAsync(CEK, "A192KW").get().getLeft();
} catch (Exception e) {
fail(e.getMessage());
}
// Assert
assertArrayEquals(EK, encrypted);
try {
encrypted = versionKey.wrapKeyAsync(CEK, "A192KW").get().getLeft();
} catch (Exception e) {
fail(e.getMessage());
}
// Assert
assertArrayEquals(EK, encrypted);
} finally {
// Delete the key
keyVaultClient.deleteSecret(getVaultUri(), SECRET_NAME);
}
}
} catch (Exception ex) {
Assert.fail(ex.getMessage());
}
}
Also used :
SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle)
IKey(com.microsoft.azure.keyvault.core.IKey)
SetSecretRequest(com.microsoft.azure.keyvault.requests.SetSecretRequest)
ExecutionException(java.util.concurrent.ExecutionException)
KeyVaultKeyResolver(com.microsoft.azure.keyvault.extensions.KeyVaultKeyResolver)
Test(org.junit.Test)
Aggregations
SecretBundle (com.microsoft.azure.keyvault.models.SecretBundle)20
Test (org.junit.Test)14
SetSecretRequest (com.microsoft.azure.keyvault.requests.SetSecretRequest)9
KeyVaultErrorException (com.microsoft.azure.keyvault.models.KeyVaultErrorException)8
ExecutionException (java.util.concurrent.ExecutionException)7
SecretIdentifier (com.microsoft.azure.keyvault.SecretIdentifier)6
IKey (com.microsoft.azure.keyvault.core.IKey)6
KeyVaultKeyResolver (com.microsoft.azure.keyvault.extensions.KeyVaultKeyResolver)6
Observable (rx.Observable)5
ServiceResponse (com.microsoft.rest.ServiceResponse)4
X509Certificate (java.security.cert.X509Certificate)4
ResponseBody (okhttp3.ResponseBody)4
Response (retrofit2.Response)4
CertificateBundle (com.microsoft.azure.keyvault.models.CertificateBundle)3
CertificatePolicy (com.microsoft.azure.keyvault.models.CertificatePolicy)3
SecretAttributes (com.microsoft.azure.keyvault.models.SecretAttributes)3
SecretItem (com.microsoft.azure.keyvault.models.SecretItem)3
SecretProperties (com.microsoft.azure.keyvault.models.SecretProperties)3
InvalidKeyException (java.security.InvalidKeyException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
