From edc83b161f97c638dde698e9108f06443ce7004d Mon Sep 17 00:00:00 2001 From: Heath Stewart Date: Fri, 29 Jan 2021 11:35:14 -0800 Subject: [PATCH] Add CreateEcKeyOptions class (#18272) Resolves #16853 --- .../Azure.Security.KeyVault.Keys/CHANGELOG.md | 5 + ...e.Security.KeyVault.Keys.netstandard2.0.cs | 10 ++ .../src/CreateOctKeyOptions.cs | 58 ++++++++ .../src/KeyClient.cs | 70 ++++++++- .../src/KeyRequestParameters.cs | 9 ++ .../tests/KeyClientTests.cs | 1 + .../tests/ManagedHsmLiveTests.cs | 28 ++++ .../ManagedHsmLiveTests/CreateOctHsmKey.json | 135 ++++++++++++++++++ .../CreateOctHsmKeyAsync.json | 135 ++++++++++++++++++ .../ManagedHsmLiveTests/CreateOctKey.json | 135 ++++++++++++++++++ .../CreateOctKeyAsync.json | 135 ++++++++++++++++++ 11 files changed, 715 insertions(+), 6 deletions(-) create mode 100644 sdk/keyvault/Azure.Security.KeyVault.Keys/src/CreateOctKeyOptions.cs create mode 100644 sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctHsmKey.json create mode 100644 sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctHsmKeyAsync.json create mode 100644 sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctKey.json create mode 100644 sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctKeyAsync.json diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/CHANGELOG.md b/sdk/keyvault/Azure.Security.KeyVault.Keys/CHANGELOG.md index 52ef6ad04d3b..63762c6a1531 100644 --- a/sdk/keyvault/Azure.Security.KeyVault.Keys/CHANGELOG.md +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/CHANGELOG.md @@ -2,6 +2,11 @@ ## 4.2.0-beta.4 (Unreleased) +### Added + +- Added `CreateEcKeyOptions` class. +- Added `CreateEcKey` and `CreateEcKeyAsync` methods to the `KeyClient` class. + ### Removed - Removed local cryptographic support for AES-GCM. diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/api/Azure.Security.KeyVault.Keys.netstandard2.0.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/api/Azure.Security.KeyVault.Keys.netstandard2.0.cs index 2c6883127515..fbf9a6a55108 100644 --- a/sdk/keyvault/Azure.Security.KeyVault.Keys/api/Azure.Security.KeyVault.Keys.netstandard2.0.cs +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/api/Azure.Security.KeyVault.Keys.netstandard2.0.cs @@ -17,6 +17,14 @@ public CreateKeyOptions() { } public System.DateTimeOffset? NotBefore { get { throw null; } set { } } public System.Collections.Generic.IDictionary Tags { get { throw null; } } } + public partial class CreateOctKeyOptions : Azure.Security.KeyVault.Keys.CreateKeyOptions + { + public CreateOctKeyOptions(string name, bool hardwareProtected = false) { } + public bool HardwareProtected { get { throw null; } } + public int? KeySize { get { throw null; } set { } } + public Azure.Security.KeyVault.Keys.KeyType KeyType { get { throw null; } } + public string Name { get { throw null; } } + } public partial class CreateRsaKeyOptions : Azure.Security.KeyVault.Keys.CreateKeyOptions { public CreateRsaKeyOptions(string name, bool hardwareProtected = false) { } @@ -105,6 +113,8 @@ public KeyClient(System.Uri vaultUri, Azure.Core.TokenCredential credential, Azu public virtual System.Threading.Tasks.Task> CreateEcKeyAsync(Azure.Security.KeyVault.Keys.CreateEcKeyOptions ecKeyOptions, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } public virtual Azure.Response CreateKey(string name, Azure.Security.KeyVault.Keys.KeyType keyType, Azure.Security.KeyVault.Keys.CreateKeyOptions keyOptions = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } public virtual System.Threading.Tasks.Task> CreateKeyAsync(string name, Azure.Security.KeyVault.Keys.KeyType keyType, Azure.Security.KeyVault.Keys.CreateKeyOptions keyOptions = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } + public virtual Azure.Response CreateOctKey(Azure.Security.KeyVault.Keys.CreateOctKeyOptions octKeyOptions, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } + public virtual System.Threading.Tasks.Task> CreateOctKeyAsync(Azure.Security.KeyVault.Keys.CreateOctKeyOptions octKeyOptions, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } public virtual Azure.Response CreateRsaKey(Azure.Security.KeyVault.Keys.CreateRsaKeyOptions rsaKeyOptions, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } public virtual System.Threading.Tasks.Task> CreateRsaKeyAsync(Azure.Security.KeyVault.Keys.CreateRsaKeyOptions rsaKeyOptions, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } public virtual Azure.Response GetDeletedKey(string name, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/CreateOctKeyOptions.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/CreateOctKeyOptions.cs new file mode 100644 index 000000000000..6d654f5d85dc --- /dev/null +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/CreateOctKeyOptions.cs @@ -0,0 +1,58 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +using System; +using Azure.Core; + +namespace Azure.Security.KeyVault.Keys +{ + /// + /// The properties needed to create an AES key using the . + /// + public class CreateOctKeyOptions : CreateKeyOptions + { + /// + /// Gets the name of the key to create. + /// + public string Name { get; } + + /// + /// Gets the key type of the to create, including and . + /// + public KeyType KeyType { get; } + + /// + /// Gets or sets the key size in bits, such as 128, 192, or 256. If null, the service default is used. + /// + public int? KeySize { get; set; } + + /// + /// Gets a value indicating whether to create a hardware-protected key in a hardware security module (HSM). + /// + /// true to create a hardware-protected key; otherwise, false to create a software key. + public bool HardwareProtected { get; } + + /// + /// Initializes a new instance of the class. + /// + /// The name of the key to create. + /// True to create a hardware-protected key in a hardware security module (HSM). The default is false to create a software key. + /// is empty. + /// is null. + public CreateOctKeyOptions(string name, bool hardwareProtected = false) + { + Argument.AssertNotNullOrEmpty(name, nameof(name)); + + Name = name; + HardwareProtected = hardwareProtected; + if (hardwareProtected) + { + KeyType = KeyType.OctHsm; + } + else + { + KeyType = KeyType.Oct; + } + } + } +} diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyClient.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyClient.cs index eee6d51255ca..cb972fcafd1f 100644 --- a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyClient.cs +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyClient.cs @@ -78,7 +78,7 @@ public KeyClient(Uri vaultUri, TokenCredential credential, KeyClientOptions opti /// /// Creates and stores a new key in Key Vault. The create key operation can be used to create any key type in Azure Key Vault. - /// If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission. + /// If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/create permission. /// /// The name of the key. /// The type of key to create. See for valid values. @@ -111,7 +111,7 @@ public virtual Response CreateKey(string name, KeyType keyType, Cre /// /// Creates and stores a new key in Key Vault. The create key operation can be used to create any key type in Azure Key Vault. - /// If the named key already exists, Azure Key Vault creates a new version of the key. It requires the keys/create permission. + /// If the named key already exists, Azure Key Vault creates a new version of the key. This operation requires the keys/create permission. /// /// The name of the key. /// The type of key to create. See for valid values. @@ -144,7 +144,7 @@ public virtual async Task> CreateKeyAsync(string name, Key /// /// Creates and stores a new Elliptic Curve key in Key Vault. If the named key already exists, - /// Azure Key Vault creates a new version of the key. It requires the keys/create permission. + /// Azure Key Vault creates a new version of the key. This operation requires the keys/create permission. /// /// The key options object containing information about the Elliptic Curve key being created. /// A controlling the request lifetime. @@ -173,7 +173,7 @@ public virtual Response CreateEcKey(CreateEcKeyOptions ecKeyOptions /// /// Creates and stores a new Elliptic Curve key in Key Vault. If the named key already exists, - /// Azure Key Vault creates a new version of the key. It requires the keys/create permission. + /// Azure Key Vault creates a new version of the key. This operation requires the keys/create permission. /// /// The key options object containing information about the Elliptic Curve key being created. /// A controlling the request lifetime. @@ -202,7 +202,7 @@ public virtual async Task> CreateEcKeyAsync(CreateEcKeyOpt /// /// Creates and stores a new RSA key in Key Vault. If the named key already exists, Azure Key Vault creates a new - /// version of the key. It requires the keys/create permission. + /// version of the key. This operation requires the keys/create permission. /// /// The key options object containing information about the RSA key being created. /// A controlling the request lifetime. @@ -231,7 +231,7 @@ public virtual Response CreateRsaKey(CreateRsaKeyOptions rsaKeyOpti /// /// Creates and stores a new RSA key in Key Vault. If the named key already exists, Azure Key Vault creates a new - /// version of the key. It requires the keys/create permission. + /// version of the key. This operation requires the keys/create permission. /// /// The key options object containing information about the RSA key being created. /// A controlling the request lifetime. @@ -258,6 +258,64 @@ public virtual async Task> CreateRsaKeyAsync(CreateRsaKeyO } } + /// + /// Creates and stores a new AES key in Key Vault. If the named key already exists, Azure Key Vault creates a new + /// version of the key. This operation requires the keys/create permission. + /// + /// The key options object containing information about the AES key being created. + /// A controlling the request lifetime. + /// is null. + /// The server returned an error. See for details returned from the server. + public virtual Response CreateOctKey(CreateOctKeyOptions octKeyOptions, CancellationToken cancellationToken = default) + { + Argument.AssertNotNull(octKeyOptions, nameof(octKeyOptions)); + + var parameters = new KeyRequestParameters(octKeyOptions); + + using DiagnosticScope scope = _pipeline.CreateScope($"{nameof(KeyClient)}.{nameof(CreateOctKey)}"); + scope.AddAttribute("key", octKeyOptions.Name); + scope.Start(); + + try + { + return _pipeline.SendRequest(RequestMethod.Post, parameters, () => new KeyVaultKey(octKeyOptions.Name), cancellationToken, KeysPath, octKeyOptions.Name, "/create"); + } + catch (Exception e) + { + scope.Failed(e); + throw; + } + } + + /// + /// Creates and stores a new AES key in Key Vault. If the named key already exists, Azure Key Vault creates a new + /// version of the key. This operation requires the keys/create permission. + /// + /// The key options object containing information about the AES key being created. + /// A controlling the request lifetime. + /// is null. + /// The server returned an error. See for details returned from the server. + public virtual async Task> CreateOctKeyAsync(CreateOctKeyOptions octKeyOptions, CancellationToken cancellationToken = default) + { + Argument.AssertNotNull(octKeyOptions, nameof(octKeyOptions)); + + var parameters = new KeyRequestParameters(octKeyOptions); + + using DiagnosticScope scope = _pipeline.CreateScope($"{nameof(KeyClient)}.{nameof(CreateOctKey)}"); + scope.AddAttribute("key", octKeyOptions.Name); + scope.Start(); + + try + { + return await _pipeline.SendRequestAsync(RequestMethod.Post, parameters, () => new KeyVaultKey(octKeyOptions.Name), cancellationToken, KeysPath, octKeyOptions.Name, "/create").ConfigureAwait(false); + } + catch (Exception e) + { + scope.Failed(e); + throw; + } + } + /// /// The update key operation changes specified attributes of a stored key and /// can be applied to any key type and key version stored in Azure Key Vault. diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyRequestParameters.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyRequestParameters.cs index fff010b92dd4..d92db713a954 100644 --- a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyRequestParameters.cs +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyRequestParameters.cs @@ -112,6 +112,15 @@ internal KeyRequestParameters(CreateRsaKeyOptions rsaKey) } } + internal KeyRequestParameters(CreateOctKeyOptions octKey) + : this(octKey.KeyType, octKey) + { + if (octKey.KeySize.HasValue) + { + KeySize = octKey.KeySize.Value; + } + } + void IJsonSerializable.WriteProperties(Utf8JsonWriter json) { if (KeyType != default) diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientTests.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientTests.cs index b9304ae3041b..203c5e061e34 100644 --- a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientTests.cs +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientTests.cs @@ -31,6 +31,7 @@ public void CreateKeyArgumentValidation() Assert.ThrowsAsync(() => Client.CreateKeyAsync(string.Empty, KeyType.Ec)); Assert.ThrowsAsync(() => Client.CreateEcKeyAsync(null)); Assert.ThrowsAsync(() => Client.CreateRsaKeyAsync(null)); + Assert.ThrowsAsync(() => Client.CreateOctKeyAsync(null)); } [Test] diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmLiveTests.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmLiveTests.cs index 8395bdda1fbc..ae6dbd5f3544 100644 --- a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmLiveTests.cs +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmLiveTests.cs @@ -43,5 +43,33 @@ public async Task CreateRsaWithPublicExponent() int publicExponent = rsaParams.Exponent.ToInt32(); Assert.AreEqual(3, publicExponent); } + + [Test] + public async Task CreateOctHsmKey() + { + string keyName = Recording.GenerateId(); + + CreateOctKeyOptions options = new CreateOctKeyOptions(keyName, hardwareProtected: true); + KeyVaultKey ecHsmkey = await Client.CreateOctKeyAsync(options); + RegisterForCleanup(keyName); + + KeyVaultKey keyReturned = await Client.GetKeyAsync(keyName); + + AssertKeyVaultKeysEqual(ecHsmkey, keyReturned); + } + + [Test] + public async Task CreateOctKey() + { + string keyName = Recording.GenerateId(); + + CreateOctKeyOptions ecKey = new CreateOctKeyOptions(keyName, hardwareProtected: false); + KeyVaultKey keyNoHsm = await Client.CreateOctKeyAsync(ecKey); + RegisterForCleanup(keyNoHsm.Name); + + KeyVaultKey keyReturned = await Client.GetKeyAsync(keyNoHsm.Name); + + AssertKeyVaultKeysEqual(keyNoHsm, keyReturned); + } } } diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctHsmKey.json b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctHsmKey.json new file mode 100644 index 000000000000..193a9e806ff0 --- /dev/null +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctHsmKey.json @@ -0,0 +1,135 @@ +{ + "Entries": [ + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/874501701/create?api-version=7.1", + "RequestMethod": "POST", + "RequestHeaders": { + "Accept": "application/json", + "Content-Type": "application/json", + "traceparent": "00-b49e54011ae40a48bf9d0d5e477ca56f-e7dbba6cd3eb0b4f-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "c64e8d6c5cea99d2e0a1fcd9f4bd38e9", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": null, + "StatusCode": 401, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "0", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-request-id": "b624d130-61cf-11eb-a627-0242ac120005", + "x-ms-server-latency": "0" + }, + "ResponseBody": [] + }, + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/874501701/create?api-version=7.1", + "RequestMethod": "POST", + "RequestHeaders": { + "Accept": "application/json", + "Authorization": "Sanitized", + "Content-Length": "17", + "Content-Type": "application/json", + "traceparent": "00-b49e54011ae40a48bf9d0d5e477ca56f-e7dbba6cd3eb0b4f-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "c64e8d6c5cea99d2e0a1fcd9f4bd38e9", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": { + "kty": "oct-HSM" + }, + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "334", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-keyvault-network-info": "addr=67.171.12.239", + "x-ms-keyvault-region": "eastus2", + "x-ms-request-id": "b69d00b0-61cf-11eb-a627-0242ac120005", + "x-ms-server-latency": "482" + }, + "ResponseBody": { + "attributes": { + "created": 1611883031, + "enabled": true, + "exportable": false, + "recoverableDays": 90, + "recoveryLevel": "Recoverable\u002BPurgeable", + "updated": 1611883031 + }, + "key": { + "key_ops": [ + "wrapKey", + "unwrapKey", + "decrypt", + "encrypt" + ], + "kid": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/874501701/4cf141d1a70500482ffef14bcb9f8f6e", + "kty": "oct-HSM" + } + } + }, + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/874501701/?api-version=7.1", + "RequestMethod": "GET", + "RequestHeaders": { + "Accept": "application/json", + "Authorization": "Sanitized", + "Content-Type": "application/json", + "traceparent": "00-c7bebc7420ff6c45a2e3f5a6fcf13afb-0ae6361305050148-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "351f8f98dabccc223226d08a709eb568", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": null, + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "334", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-build-version": "1.0.20210112-1-4fbf61ac-develop", + "x-ms-keyvault-network-info": "addr=67.171.12.239", + "x-ms-keyvault-region": "eastus2", + "x-ms-request-id": "b70113fc-61cf-11eb-a627-0242ac120005", + "x-ms-server-latency": "41" + }, + "ResponseBody": { + "attributes": { + "created": 1611883031, + "enabled": true, + "exportable": false, + "recoverableDays": 90, + "recoveryLevel": "Recoverable\u002BPurgeable", + "updated": 1611883031 + }, + "key": { + "key_ops": [ + "encrypt", + "decrypt", + "wrapKey", + "unwrapKey" + ], + "kid": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/874501701/4cf141d1a70500482ffef14bcb9f8f6e", + "kty": "oct-HSM" + } + } + } + ], + "Variables": { + "AZURE_MANAGEDHSM_URL": "https://heathskeyvaulthsm.managedhsm.azure.net/", + "RandomSeed": "2009816420" + } +} \ No newline at end of file diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctHsmKeyAsync.json b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctHsmKeyAsync.json new file mode 100644 index 000000000000..23ede242419d --- /dev/null +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctHsmKeyAsync.json @@ -0,0 +1,135 @@ +{ + "Entries": [ + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/2104817842/create?api-version=7.1", + "RequestMethod": "POST", + "RequestHeaders": { + "Accept": "application/json", + "Content-Type": "application/json", + "traceparent": "00-f32506490d8e574ab64993c86612b044-1ad538d3916ea14d-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "25fee6fde6ddd7aac8f4c6171b715875", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": null, + "StatusCode": 401, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "0", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-request-id": "b7a37b88-61cf-11eb-a627-0242ac120005", + "x-ms-server-latency": "0" + }, + "ResponseBody": [] + }, + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/2104817842/create?api-version=7.1", + "RequestMethod": "POST", + "RequestHeaders": { + "Accept": "application/json", + "Authorization": "Sanitized", + "Content-Length": "17", + "Content-Type": "application/json", + "traceparent": "00-f32506490d8e574ab64993c86612b044-1ad538d3916ea14d-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "25fee6fde6ddd7aac8f4c6171b715875", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": { + "kty": "oct-HSM" + }, + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "335", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-keyvault-network-info": "addr=67.171.12.239", + "x-ms-keyvault-region": "eastus2", + "x-ms-request-id": "b7ecead4-61cf-11eb-a627-0242ac120005", + "x-ms-server-latency": "186" + }, + "ResponseBody": { + "attributes": { + "created": 1611883033, + "enabled": true, + "exportable": false, + "recoverableDays": 90, + "recoveryLevel": "Recoverable\u002BPurgeable", + "updated": 1611883033 + }, + "key": { + "key_ops": [ + "wrapKey", + "unwrapKey", + "decrypt", + "encrypt" + ], + "kid": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/2104817842/ada78549038c4a930447064c4a1aad36", + "kty": "oct-HSM" + } + } + }, + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/2104817842/?api-version=7.1", + "RequestMethod": "GET", + "RequestHeaders": { + "Accept": "application/json", + "Authorization": "Sanitized", + "Content-Type": "application/json", + "traceparent": "00-84aa383919dbc248a75c95430eb16cf8-0c9614dd21714f4e-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "08e9dcb7f45177a20b1537f19f73121d", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": null, + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "335", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-build-version": "1.0.20210112-1-4fbf61ac-develop", + "x-ms-keyvault-network-info": "addr=67.171.12.239", + "x-ms-keyvault-region": "eastus2", + "x-ms-request-id": "b81a6f54-61cf-11eb-a627-0242ac120005", + "x-ms-server-latency": "40" + }, + "ResponseBody": { + "attributes": { + "created": 1611883033, + "enabled": true, + "exportable": false, + "recoverableDays": 90, + "recoveryLevel": "Recoverable\u002BPurgeable", + "updated": 1611883033 + }, + "key": { + "key_ops": [ + "encrypt", + "decrypt", + "wrapKey", + "unwrapKey" + ], + "kid": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/2104817842/ada78549038c4a930447064c4a1aad36", + "kty": "oct-HSM" + } + } + } + ], + "Variables": { + "AZURE_MANAGEDHSM_URL": "https://heathskeyvaulthsm.managedhsm.azure.net/", + "RandomSeed": "1023989232" + } +} \ No newline at end of file diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctKey.json b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctKey.json new file mode 100644 index 000000000000..dcfd1878b710 --- /dev/null +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctKey.json @@ -0,0 +1,135 @@ +{ + "Entries": [ + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1142470767/create?api-version=7.1", + "RequestMethod": "POST", + "RequestHeaders": { + "Accept": "application/json", + "Content-Type": "application/json", + "traceparent": "00-445b31a4440db147bd360ed2a155a216-7eac06e3eaf88440-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "445a4e419aad7b3500487ec025be3ed9", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": null, + "StatusCode": 401, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "0", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-request-id": "d6ff7a04-61cf-11eb-92cf-0242ac120007", + "x-ms-server-latency": "1" + }, + "ResponseBody": [] + }, + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1142470767/create?api-version=7.1", + "RequestMethod": "POST", + "RequestHeaders": { + "Accept": "application/json", + "Authorization": "Sanitized", + "Content-Length": "13", + "Content-Type": "application/json", + "traceparent": "00-445b31a4440db147bd360ed2a155a216-7eac06e3eaf88440-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "445a4e419aad7b3500487ec025be3ed9", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": { + "kty": "oct" + }, + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "335", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-keyvault-network-info": "addr=67.171.12.239", + "x-ms-keyvault-region": "eastus2", + "x-ms-request-id": "d77fba2a-61cf-11eb-92cf-0242ac120007", + "x-ms-server-latency": "561" + }, + "ResponseBody": { + "attributes": { + "created": 1611883087, + "enabled": true, + "exportable": false, + "recoverableDays": 90, + "recoveryLevel": "Recoverable\u002BPurgeable", + "updated": 1611883087 + }, + "key": { + "key_ops": [ + "wrapKey", + "unwrapKey", + "decrypt", + "encrypt" + ], + "kid": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1142470767/9ea74bed458f069411b2b16ff5cfddc7", + "kty": "oct-HSM" + } + } + }, + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1142470767/?api-version=7.1", + "RequestMethod": "GET", + "RequestHeaders": { + "Accept": "application/json", + "Authorization": "Sanitized", + "Content-Type": "application/json", + "traceparent": "00-be24f7ab765b4b47a09f9b6965317686-2aee920a2565e643-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "e2543db30353144979d9a3c76b8186ff", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": null, + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "335", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-build-version": "1.0.20210112-1-4fbf61ac-develop", + "x-ms-keyvault-network-info": "addr=67.171.12.239", + "x-ms-keyvault-region": "eastus2", + "x-ms-request-id": "d7eb3156-61cf-11eb-92cf-0242ac120007", + "x-ms-server-latency": "43" + }, + "ResponseBody": { + "attributes": { + "created": 1611883087, + "enabled": true, + "exportable": false, + "recoverableDays": 90, + "recoveryLevel": "Recoverable\u002BPurgeable", + "updated": 1611883087 + }, + "key": { + "key_ops": [ + "encrypt", + "decrypt", + "wrapKey", + "unwrapKey" + ], + "kid": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1142470767/9ea74bed458f069411b2b16ff5cfddc7", + "kty": "oct-HSM" + } + } + } + ], + "Variables": { + "AZURE_MANAGEDHSM_URL": "https://heathskeyvaulthsm.managedhsm.azure.net/", + "RandomSeed": "278501552" + } +} \ No newline at end of file diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctKeyAsync.json b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctKeyAsync.json new file mode 100644 index 000000000000..8b496d5f1822 --- /dev/null +++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/SessionRecords/ManagedHsmLiveTests/CreateOctKeyAsync.json @@ -0,0 +1,135 @@ +{ + "Entries": [ + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1834436679/create?api-version=7.1", + "RequestMethod": "POST", + "RequestHeaders": { + "Accept": "application/json", + "Content-Type": "application/json", + "traceparent": "00-f0fa6aa56e14a744bfc0f9516d96135c-6f97214ed6314344-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "e24e20bc9454c1e1af23ac1370dfd304", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": null, + "StatusCode": 401, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "0", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "WWW-Authenticate": "Bearer authorization=\u0022https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47\u0022, resource=\u0022https://managedhsm.azure.net\u0022", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-request-id": "d876ce78-61cf-11eb-92cf-0242ac120007", + "x-ms-server-latency": "0" + }, + "ResponseBody": [] + }, + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1834436679/create?api-version=7.1", + "RequestMethod": "POST", + "RequestHeaders": { + "Accept": "application/json", + "Authorization": "Sanitized", + "Content-Length": "13", + "Content-Type": "application/json", + "traceparent": "00-f0fa6aa56e14a744bfc0f9516d96135c-6f97214ed6314344-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "e24e20bc9454c1e1af23ac1370dfd304", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": { + "kty": "oct" + }, + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "335", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-keyvault-network-info": "addr=67.171.12.239", + "x-ms-keyvault-region": "eastus2", + "x-ms-request-id": "d8c32052-61cf-11eb-92cf-0242ac120007", + "x-ms-server-latency": "167" + }, + "ResponseBody": { + "attributes": { + "created": 1611883088, + "enabled": true, + "exportable": false, + "recoverableDays": 90, + "recoveryLevel": "Recoverable\u002BPurgeable", + "updated": 1611883088 + }, + "key": { + "key_ops": [ + "wrapKey", + "unwrapKey", + "decrypt", + "encrypt" + ], + "kid": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1834436679/a8ad7a901b330d602a23225ba2908134", + "kty": "oct-HSM" + } + } + }, + { + "RequestUri": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1834436679/?api-version=7.1", + "RequestMethod": "GET", + "RequestHeaders": { + "Accept": "application/json", + "Authorization": "Sanitized", + "Content-Type": "application/json", + "traceparent": "00-ebc5d3a27344f647be590d296dcfef38-48653d7ed0484c4d-00", + "User-Agent": "azsdk-net-Security.KeyVault.Keys/4.2.0-alpha.20210128.1 (.NET Framework 4.8.4250.0; Microsoft Windows 10.0.19042 )", + "x-ms-client-request-id": "6381b97b34ce5931338d1d5ca9760769", + "x-ms-return-client-request-id": "true" + }, + "RequestBody": null, + "StatusCode": 200, + "ResponseHeaders": { + "Cache-Control": "no-cache", + "Content-Length": "335", + "content-security-policy": "default-src \u0027self\u0027", + "Content-Type": "application/json; charset=utf-8", + "strict-transport-security": "max-age=31536000; includeSubDomains", + "x-content-type-options": "nosniff", + "x-frame-options": "SAMEORIGIN", + "x-ms-build-version": "1.0.20210112-1-4fbf61ac-develop", + "x-ms-keyvault-network-info": "addr=67.171.12.239", + "x-ms-keyvault-region": "eastus2", + "x-ms-request-id": "d8ed9530-61cf-11eb-92cf-0242ac120007", + "x-ms-server-latency": "43" + }, + "ResponseBody": { + "attributes": { + "created": 1611883088, + "enabled": true, + "exportable": false, + "recoverableDays": 90, + "recoveryLevel": "Recoverable\u002BPurgeable", + "updated": 1611883088 + }, + "key": { + "key_ops": [ + "encrypt", + "decrypt", + "wrapKey", + "unwrapKey" + ], + "kid": "https://heathskeyvaulthsm.managedhsm.azure.net/keys/1834436679/a8ad7a901b330d602a23225ba2908134", + "kty": "oct-HSM" + } + } + } + ], + "Variables": { + "AZURE_MANAGEDHSM_URL": "https://heathskeyvaulthsm.managedhsm.azure.net/", + "RandomSeed": "1327761336" + } +} \ No newline at end of file