Examples with SecretBundle com.microsoft.azure.keyvault.models.SecretBundle used on opensource projects

Example 16 with SecretBundle

use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-sdk-for-java by Azure.

the class KeyVaultKeyResolverBCProviderTest method KeyVault_KeyVaultKeyResolver_Secret256Base64.

/* 
      * Test resolving a key from a 256bit secret encoded as base64 in a vault using various KeyVaultKeyResolver constructors.
      */
@Test
public void KeyVault_KeyVaultKeyResolver_Secret256Base64() throws InterruptedException, ExecutionException {
    // Arrange
    byte[] keyBytes = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F };
    byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF };
    byte[] EK = { 0x64, (byte) 0xE8, (byte) 0xC3, (byte) 0xF9, (byte) 0xCE, 0x0F, 0x5B, (byte) 0xA2, 0x63, (byte) 0xE9, 0x77, 0x79, 0x05, (byte) 0x81, (byte) 0x8A, 0x2A, (byte) 0x93, (byte) 0xC8, 0x19, 0x1E, 0x7D, 0x6E, (byte) 0x8A, (byte) 0xE7 };
    try {
        SetSecretRequest request = new SetSecretRequest.Builder(getVaultUri(), SECRET_NAME, _base64.encodeAsString(keyBytes)).withContentType("application/octet-stream").build();
        SecretBundle secretBundle = keyVaultClient.setSecret(request);
        if (secretBundle != null) {
            try {
                // ctor with client
                KeyVaultKeyResolver resolver = new KeyVaultKeyResolver(keyVaultClient, _provider);
                IKey baseKey = resolver.resolveKeyAsync(secretBundle.secretIdentifier().baseIdentifier()).get();
                IKey versionKey = resolver.resolveKeyAsync(secretBundle.secretIdentifier().identifier()).get();
                // Check for correct key identifiers
                Assert.assertEquals(baseKey.getKid(), versionKey.getKid());
                // Ensure key operations give the expected results
                byte[] encrypted = null;
                try {
                    encrypted = baseKey.wrapKeyAsync(CEK, "A256KW").get().getLeft();
                } catch (Exception e) {
                    fail(e.getMessage());
                }
                // Assert
                assertArrayEquals(EK, encrypted);
                try {
                    encrypted = versionKey.wrapKeyAsync(CEK, "A256KW").get().getLeft();
                } catch (Exception e) {
                    fail(e.getMessage());
                }
                // Assert
                assertArrayEquals(EK, encrypted);
            } finally {
                // Delete the key
                keyVaultClient.deleteSecret(getVaultUri(), SECRET_NAME);
            }
        }
    } catch (Exception ex) {
        fail(ex.getMessage());
    }
}

Example 17 with SecretBundle

use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-sdk-for-java by Azure.

the class KeyVaultKeyResolverDefaultProviderTest method KeyVault_KeyVaultKeyResolver_Secret128Base64.

/* 
      * Test resolving a key from a 128bit secret encoded as base64 in a vault using various KeyVaultKeyResolver constructors.
      */
@Test
public void KeyVault_KeyVaultKeyResolver_Secret128Base64() throws InterruptedException, ExecutionException {
    // Arrange
    byte[] keyBytes = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
    byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF };
    byte[] EK = { 0x1F, (byte) 0xA6, (byte) 0x8B, 0x0A, (byte) 0x81, 0x12, (byte) 0xB4, 0x47, (byte) 0xAE, (byte) 0xF3, 0x4B, (byte) 0xD8, (byte) 0xFB, 0x5A, 0x7B, (byte) 0x82, (byte) 0x9D, 0x3E, (byte) 0x86, 0x23, 0x71, (byte) 0xD2, (byte) 0xCF, (byte) 0xE5 };
    try {
        SetSecretRequest request = new SetSecretRequest.Builder(getVaultUri(), SECRET_NAME, _base64.encodeAsString(keyBytes)).withContentType("application/octet-stream").build();
        SecretBundle secretBundle = keyVaultClient.setSecret(request);
        if (secretBundle != null) {
            try {
                // ctor with client
                KeyVaultKeyResolver resolver = new KeyVaultKeyResolver(keyVaultClient);
                IKey baseKey = resolver.resolveKeyAsync(secretBundle.secretIdentifier().baseIdentifier()).get();
                IKey versionKey = resolver.resolveKeyAsync(secretBundle.secretIdentifier().identifier()).get();
                // Check for correct key identifiers
                Assert.assertEquals(baseKey.getKid(), versionKey.getKid());
                // Ensure key operations give the expected results
                byte[] encrypted = null;
                try {
                    encrypted = baseKey.wrapKeyAsync(CEK, "A128KW").get().getLeft();
                } catch (Exception ex) {
                    fail(ex.getMessage());
                }
                // Assert
                assertArrayEquals(EK, encrypted);
                try {
                    encrypted = versionKey.wrapKeyAsync(CEK, "A128KW").get().getLeft();
                } catch (Exception ex) {
                    fail(ex.getMessage());
                }
                // Assert
                assertArrayEquals(EK, encrypted);
            } finally {
                // Delete the key
                keyVaultClient.deleteSecret(getVaultUri(), SECRET_NAME);
            }
        }
    } catch (Exception ex) {
        fail(ex.getMessage());
    }
}

Example 18 with SecretBundle

use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-sdk-for-java by Azure.

the class SecretOperationsTest method disabledSecretGet.

@Test
public // verifies the inner error on disabled secret
void disabledSecretGet() throws Exception {
    String secretName = "disabledsecret";
    SecretBundle secret = keyVaultClient.setSecret(new SetSecretRequest.Builder(getVaultUri(), secretName, SECRET_VALUE).withAttributes(new SecretAttributes().withEnabled(false)).build());
    try {
        keyVaultClient.getSecret(secret.id());
        Assert.fail("Should throw exception for disabled secret.");
    } catch (KeyVaultErrorException e) {
        Assert.assertEquals(e.body().error().code(), "Forbidden");
        Assert.assertNotNull(e.body().error().message());
        Assert.assertNotNull(e.body().error().innerError());
        Assert.assertEquals(e.body().error().innerError().code(), "SecretDisabled");
    } catch (Exception e) {
        Assert.fail("Should throw KeyVaultErrorException for disabled secret.");
    }
    keyVaultClient.deleteSecret(getVaultUri(), secretName);
}

Example 19 with SecretBundle

use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-sdk-for-java by Azure.

the class SecretOperationsTest method crudOperations.

@Test
public void crudOperations() throws Exception {
    SecretBundle secret;
    {
        // Create secret
        secret = keyVaultClient.setSecret(new SetSecretRequest.Builder(getVaultUri(), SECRET_NAME, SECRET_VALUE).build());
        validateSecret(secret, getVaultUri(), SECRET_NAME, SECRET_VALUE, null, null);
    }
    // Secret identifier.
    SecretIdentifier secretId = new SecretIdentifier(secret.id());
    {
        // Get secret using kid WO version
        SecretBundle readBundle = keyVaultClient.getSecret(secretId.baseIdentifier());
        compareSecrets(secret, readBundle);
    }
    {
        // Get secret using full kid as defined in the bundle
        SecretBundle readBundle = keyVaultClient.getSecret(secret.id());
        compareSecrets(secret, readBundle);
    }
    {
        // Get secret using vault and secret name.
        SecretBundle readBundle = keyVaultClient.getSecret(getVaultUri(), SECRET_NAME);
        compareSecrets(secret, readBundle);
    }
    {
        // Get secret using vault, secret name and version.
        SecretBundle readBundle = keyVaultClient.getSecret(getVaultUri(), SECRET_NAME, secretId.version());
        compareSecrets(secret, readBundle);
    }
    {
        secret.attributes().withExpires(new DateTime().withMonthOfYear(2).withDayOfMonth(1).withYear(2050));
        Map<String, String> tags = new HashMap<String, String>();
        tags.put("foo", "baz");
        secret.withTags(tags).withContentType("application/html").withValue(// The value doesn't get updated
        null);
        // Update secret using the kid as defined in the bundle
        SecretBundle updatedSecret = keyVaultClient.updateSecret(new UpdateSecretRequest.Builder(secret.id()).withContentType(secret.contentType()).withAttributes(secret.attributes()).withTags(secret.tags()).build());
        compareSecrets(secret, updatedSecret);
        // Subsequent operations must use the updated bundle for comparison.
        secret = updatedSecret;
    }
    {
        // Update secret using vault and secret name.
        secret.attributes().withNotBefore(new DateTime().withMonthOfYear(2).withDayOfMonth(1).withYear(2000));
        Map<String, String> tags = new HashMap<String, String>();
        tags.put("rex", "woof");
        secret.withTags(tags).withContentType("application/html");
        // Perform the operation.
        SecretBundle updatedSecret = keyVaultClient.updateSecret(new UpdateSecretRequest.Builder(getVaultUri(), SECRET_NAME).withVersion(secret.secretIdentifier().version()).withContentType(secret.contentType()).withAttributes(secret.attributes()).withTags(secret.tags()).build());
        compareSecrets(secret, updatedSecret);
        validateSecret(updatedSecret, secret.secretIdentifier().vault(), secret.secretIdentifier().name(), null, secret.contentType(), secret.attributes());
    }
    {
        // Delete secret
        SecretBundle deleteBundle = keyVaultClient.deleteSecret(getVaultUri(), SECRET_NAME);
        compareSecrets(secret, deleteBundle);
    }
    {
        // Expects a secret not found
        try {
            keyVaultClient.getSecret(secretId.baseIdentifier());
        } catch (KeyVaultErrorException e) {
            Assert.assertNotNull(e.body().error().code());
            Assert.assertEquals("SecretNotFound", e.body().error().code());
        }
    }
}

Example 20 with SecretBundle

use of com.microsoft.azure.keyvault.models.SecretBundle in project azure-sdk-for-java by Azure.

the class SecretOperationsTest method listSecrets.

@Test
public void listSecrets() throws Exception {
    HashSet<String> secrets = new HashSet<String>();
    for (int i = 0; i < MAX_SECRETS; ++i) {
        int failureCount = 0;
        for (; ; ) {
            try {
                SecretBundle secret = keyVaultClient.setSecret(new SetSecretRequest.Builder(getVaultUri(), SECRET_NAME + i, SECRET_VALUE).build());
                SecretIdentifier id = new SecretIdentifier(secret.id());
                secrets.add(id.baseIdentifier());
                break;
            } catch (KeyVaultErrorException e) {
                ++failureCount;
                if (e.body().error().code().equals("Throttled")) {
                    System.out.println("Waiting to avoid throttling");
                    Thread.sleep(failureCount * 1500);
                    continue;
                }
                throw e;
            }
        }
    }
    PagedList<SecretItem> listResult = keyVaultClient.listSecrets(getVaultUri(), PAGELIST_MAX_SECRETS);
    Assert.assertTrue(PAGELIST_MAX_SECRETS >= listResult.currentPage().items().size());
    HashSet<String> toDelete = new HashSet<String>();
    for (SecretItem item : listResult) {
        if (item != null) {
            SecretIdentifier id = new SecretIdentifier(item.id());
            toDelete.add(id.name());
            secrets.remove(item.id());
        }
    }
    Assert.assertEquals(0, secrets.size());
    for (String secretName : toDelete) {
        try {
            keyVaultClient.deleteSecret(getVaultUri(), secretName);
        } catch (KeyVaultErrorException e) {
            // Ignore forbidden exception for certificate secrets that cannot be deleted
            if (!e.body().error().code().equals("Forbidden"))
                throw e;
        }
    }
}