github/azure-sdk-for-cpp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

remove local support for crypto client (#2638)

Browse Source
This commit is contained in:
Victor Vazquez 2021-07-15 18:15:21 -07:00 committed by GitHub
parent 7d7d036136
commit 0140a4add6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 168 additions and 971 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt
View File

@ -71,14 +71,11 @@ set(
src/cryptography/key_verify_parameters.cpp
src/cryptography/key_wrap_algorithm.cpp
src/cryptography/key_wrap_parameters.cpp
src/cryptography/remote_cryptography_client.cpp
src/cryptography/rsa_cryptography_provider.cpp
src/cryptography/sign_result.cpp
src/cryptography/signature_algorithm.cpp
src/cryptography/wrap_result.cpp
src/cryptography/unwrap_result.cpp
src/cryptography/verify_result.cpp
src/private/cryptography_provider.hpp
src/private/cryptography_serializers.hpp
src/private/key_backup.hpp
src/private/key_constants.hpp
@ -89,11 +86,7 @@ set(
src/private/key_wrap_parameters.hpp
src/private/keyvault_constants.hpp
src/private/keyvault_protocol.hpp
src/private/local_cryptography_provider.hpp
src/private/local_cryptography_provider_factory.hpp
src/private/package_version.hpp
src/private/remote_cryptography_client.hpp
src/private/rsa_cryptography_provider.hpp
src/delete_key_operation.cpp
src/deleted_key.cpp
src/import_key_options.cpp

52
sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/cryptography/cryptography_client.hpp
View File

@ -11,6 +11,7 @@
#include <azure/core/context.hpp>
#include <azure/core/io/body_stream.hpp>
#include <azure/core/response.hpp>
#include "azure/keyvault/keys/cryptography/cryptography_client_options.hpp"
#include "azure/keyvault/keys/cryptography/decrypt_parameters.hpp"
@ -36,11 +37,6 @@ namespace Azure { namespace Security { namespace KeyVault {
namespace Keys { namespace Cryptography {
namespace _detail {
class CryptographyProvider;
class RemoteCryptographyClient;
} // namespace _detail
/**
* @brief A client used to perform cryptographic operations with Azure Key Vault keys.
*
@ -48,26 +44,7 @@ namespace Azure { namespace Security { namespace KeyVault {
class CryptographyClient final {
private:
std::shared_ptr<Azure::Security::KeyVault::_detail::KeyVaultProtocolClient> m_pipeline;
std::string m_keyId;
std::shared_ptr<
Azure::Security::KeyVault::Keys::Cryptography::_detail::RemoteCryptographyClient>
m_remoteProvider;
std::shared_ptr<Azure::Security::KeyVault::Keys::Cryptography::_detail::CryptographyProvider>
m_provider;
explicit CryptographyClient(
std::string const& keyId,
std::shared_ptr<Core::Credentials::TokenCredential const> credential,
CryptographyClientOptions const& options,
bool forceRemote);
void Initialize(std::string const& operation, Azure::Core::Context const& context);
/**
* @brief Gets whether this #CryptographyClient runs only local operations.
*
*/
bool LocalOnly() const noexcept { return m_remoteProvider == nullptr; }
Azure::Core::Url m_keyId;
public:
/**
@ -83,10 +60,7 @@ namespace Azure { namespace Security { namespace KeyVault {
explicit CryptographyClient(
std::string const& keyId,
std::shared_ptr<Core::Credentials::TokenCredential const> credential,
CryptographyClientOptions options = CryptographyClientOptions())
: CryptographyClient(keyId, credential, options, false)
{
}
CryptographyClientOptions const& options = CryptographyClientOptions());
/**
* @brief Destructs `%CryptographyClient`.
@ -103,7 +77,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* @return An #EncryptResult containing the encrypted data along with all other information
* needed to decrypt it. This information should be stored with the encrypted data.
*/
EncryptResult Encrypt(
Azure::Response<EncryptResult> Encrypt(
EncryptParameters const& parameters,
Azure::Core::Context const& context = Azure::Core::Context());
@ -116,7 +90,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* @return An #DecryptResult containing the decrypted data along with all other information
* needed to decrypt it. This information should be stored with the Decrypted data.
*/
DecryptResult Decrypt(
Azure::Response<DecryptResult> Decrypt(
DecryptParameters const& parameters,
Azure::Core::Context const& context = Azure::Core::Context());
@ -130,7 +104,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* along with all other information needed to unwrap it. This information should be stored
* with the wrapped key.
*/
WrapResult WrapKey(
Azure::Response<WrapResult> WrapKey(
KeyWrapAlgorithm algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const& context = Azure::Core::Context());
@ -144,7 +118,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* @return The result of the unwrap operation. The returned #UnwrapResult contains the key
* along with information regarding the algorithm and key used to unwrap it.
*/
UnwrapResult UnwrapKey(
Azure::Response<UnwrapResult> UnwrapKey(
KeyWrapAlgorithm algorithm,
std::vector<uint8_t> const& encryptedKey,
Azure::Core::Context const& context = Azure::Core::Context());
@ -160,7 +134,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* along with all other information needed to verify it. This information should be stored
* with the signature.
*/
SignResult Sign(
Azure::Response<SignResult> Sign(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& digest,
Azure::Core::Context const& context = Azure::Core::Context());
@ -175,7 +149,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* along with all other information needed to verify it. This information should be stored
* with the signature.
*/
SignResult SignData(
Azure::Response<SignResult> SignData(
SignatureAlgorithm algorithm,
Azure::Core::IO::BodyStream& data,
Azure::Core::Context const& context = Azure::Core::Context());
@ -190,7 +164,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* along with all other information needed to verify it. This information should be stored
* with the signature.
*/
SignResult SignData(
Azure::Response<SignResult> SignData(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& data,
Azure::Core::Context const& context = Azure::Core::Context());
@ -207,7 +181,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* @return The result of the verify operation. If the signature is valid the
* #VerifyResult.IsValid property of the returned #VerifyResult will be set to true.
*/
VerifyResult Verify(
Azure::Response<VerifyResult> Verify(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& digest,
std::vector<uint8_t> const& signature,
@ -224,7 +198,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* @return The result of the verify operation. If the signature is valid the
* #VerifyResult.IsValid property of the returned #VerifyResult will be set to true.
*/
VerifyResult VerifyData(
Azure::Response<VerifyResult> VerifyData(
SignatureAlgorithm algorithm,
Azure::Core::IO::BodyStream& data,
std::vector<uint8_t> const& signature,
@ -241,7 +215,7 @@ namespace Azure { namespace Security { namespace KeyVault {
* @return The result of the verify operation. If the signature is valid the
* #VerifyResult.IsValid property of the returned #VerifyResult will be set to true.
*/
VerifyResult VerifyData(
Azure::Response<VerifyResult> VerifyData(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& data,
std::vector<uint8_t> const& signature,

390
sdk/keyvault/azure-security-keyvault-keys/src/cryptography/cryptography_client.cpp
View File

@ -11,9 +11,13 @@
#include "azure/keyvault/keys/cryptography/cryptography_client.hpp"
#include "azure/keyvault/keys/key_operation.hpp"
#include "../private/cryptography_provider.hpp"
#include "../private/local_cryptography_provider_factory.hpp"
#include "../private/remote_cryptography_client.hpp"
#include "../private/cryptography_serializers.hpp"
#include "../private/key_constants.hpp"
#include "../private/key_serializers.hpp"
#include "../private/key_sign_parameters.hpp"
#include "../private/key_verify_parameters.hpp"
#include "../private/key_wrap_parameters.hpp"
#include "../private/keyvault_protocol.hpp"
#include <memory>
#include <string>
@ -56,278 +60,126 @@ inline std::vector<uint8_t> CreateDigest(
CryptographyClient::~CryptographyClient() = default;
void CryptographyClient::Initialize(std::string const&, Azure::Core::Context const& context)
{
if (m_provider != nullptr)
{
return;
}
try
{
auto key = m_remoteProvider->GetKey(context).Value;
m_provider = LocalCryptographyProviderFactory::Create(key);
if (m_provider == nullptr)
{
// KeyVaultKeyType is not supported locally. Use remote client.
m_provider = m_remoteProvider;
return;
}
}
catch (Azure::Core::RequestFailedException const& e)
{
if (e.StatusCode == HttpStatusCode::Forbidden)
{
m_provider = m_remoteProvider;
}
else
{
throw;
}
}
}
CryptographyClient::CryptographyClient(
std::string const& keyId,
std::shared_ptr<Core::Credentials::TokenCredential const> credential,
CryptographyClientOptions const& options,
bool forceRemote)
CryptographyClientOptions const& options)
{
auto apiVersion = options.Version.ToString();
m_keyId = keyId;
m_remoteProvider = std::make_shared<RemoteCryptographyClient>(keyId, credential, options);
m_pipeline = m_remoteProvider->Pipeline;
if (forceRemote)
m_keyId = Azure::Core::Url(keyId);
std::vector<std::unique_ptr<HttpPolicy>> perRetrypolicies;
{
m_provider = m_remoteProvider;
Azure::Core::Credentials::TokenRequestContext const tokenContext
= {{"https://vault.azure.net/.default"}};
perRetrypolicies.emplace_back(
std::make_unique<BearerTokenAuthenticationPolicy>(credential, tokenContext));
}
m_pipeline = std::make_shared<Azure::Security::KeyVault::_detail::KeyVaultProtocolClient>(
m_keyId,
apiVersion,
Azure::Core::Http::_internal::HttpPipeline(
options, "KeyVault", apiVersion, std::move(perRetrypolicies), {}));
}
EncryptResult CryptographyClient::Encrypt(
Azure::Response<EncryptResult> CryptographyClient::Encrypt(
EncryptParameters const& parameters,
Azure::Core::Context const& context)
{
if (m_provider == nullptr)
{
// Try to init a local crypto provider after getting the key from the server.
// If the local provider can't be created, the remote client is used as provider.
Initialize(KeyOperation::Encrypt.ToString(), context);
}
// Default result has empty values.
EncryptResult result;
// m_provider can be local or remote, depending on how it was init.
if (m_provider->SupportsOperation(KeyOperation::Encrypt))
{
try
{
result = m_provider->Encrypt(parameters, context);
}
catch (std::exception const&)
{
// If provider supports remote, otherwise re-throw
if (!m_provider->CanRemote())
{
throw;
}
}
if (result.Ciphertext.empty())
{
// Operation is not completed yet. Either not supported by the provider or not generated.
// Assert the client is NOT localOnly before running the operation on Key Vault Service with
// the remote provider.
AZURE_ASSERT_FALSE(LocalOnly());
result = m_remoteProvider->Encrypt(parameters, context);
}
}
return result;
return m_pipeline->SendRequest<EncryptResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&parameters]() {
return EncryptParametersSerializer::EncryptParametersSerialize(parameters);
},
[&parameters](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = EncryptResultSerializer::EncryptResultDeserialize(rawResponse);
result.Algorithm = parameters.Algorithm;
return result;
},
{"encrypt"});
}
DecryptResult CryptographyClient::Decrypt(
Azure::Response<DecryptResult> CryptographyClient::Decrypt(
DecryptParameters const& parameters,
Azure::Core::Context const& context)
{
if (m_provider == nullptr)
{
// Try to init a local crypto provider after getting the key from the server.
// If the local provider can't be created, the remote client is used as provider.
Initialize(KeyOperation::Decrypt.ToString(), context);
}
// Default result has empty values.
DecryptResult result;
// m_provider can be local or remote, depending on how it was init.
if (m_provider->SupportsOperation(KeyOperation::Decrypt))
{
try
{
result = m_provider->Decrypt(parameters, context);
}
catch (std::exception const&)
{
// If provider supports remote, otherwise re-throw
if (!m_provider->CanRemote())
{
throw;
}
}
if (result.Plaintext.empty())
{
// Operation is not completed yet. Either not supported by the provider or not generated.
// Assert the client is NOT localOnly before running the operation on Key Vault Service with
// the remote provider.
AZURE_ASSERT_FALSE(LocalOnly());
result = m_remoteProvider->Decrypt(parameters, context);
}
}
return result;
return m_pipeline->SendRequest<DecryptResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&parameters]() {
return DecryptParametersSerializer::DecryptParametersSerialize(parameters);
},
[&parameters](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = DecryptResultSerializer::DecryptResultDeserialize(rawResponse);
result.Algorithm = parameters.Algorithm;
return result;
},
{"decrypt"});
}
WrapResult CryptographyClient::WrapKey(
Azure::Response<WrapResult> CryptographyClient::WrapKey(
KeyWrapAlgorithm algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const& context)
{
if (m_provider == nullptr)
{
// Try to init a local crypto provider after getting the key from the server.
// If the local provider can't be created, the remote client is used as provider.
Initialize(KeyOperation::WrapKey.ToString(), context);
}
// Default result has empty values.
WrapResult result;
// m_provider can be local or remote, depending on how it was init.
if (m_provider->SupportsOperation(KeyOperation::WrapKey))
{
try
{
result = m_provider->WrapKey(algorithm, key, context);
}
catch (std::exception const&)
{
// If provider supports remote, otherwise re-throw
if (!m_provider->CanRemote())
{
throw;
}
}
if (result.EncryptedKey.size() == 0)
{
// Operation is not completed yet. Either not supported by the provider or not generated.
// Assert the client is NOT localOnly before running the operation on Key Vault Service with
// the remote provider.
AZURE_ASSERT_FALSE(LocalOnly());
result = m_remoteProvider->WrapKey(algorithm, key, context);
}
}
return result;
return m_pipeline->SendRequest<WrapResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&algorithm, &key]() {
return KeyWrapParametersSerializer::KeyWrapParametersSerialize(
KeyWrapParameters(algorithm.ToString(), key));
},
[&algorithm](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = WrapResultSerializer::WrapResultDeserialize(rawResponse);
result.Algorithm = algorithm;
return result;
},
{"wrapKey"});
}
UnwrapResult CryptographyClient::UnwrapKey(
Azure::Response<UnwrapResult> CryptographyClient::UnwrapKey(
KeyWrapAlgorithm algorithm,
std::vector<uint8_t> const& encryptedKey,
Azure::Core::Context const& context)
{
if (m_provider == nullptr)
{
// Try to init a local crypto provider after getting the encryptedKey from the server.
// If the local provider can't be created, the remote client is used as provider.
Initialize(KeyOperation::UnwrapKey.ToString(), context);
}
// Default result has empty values.
UnwrapResult result;
// m_provider can be local or remote, depending on how it was init.
if (m_provider->SupportsOperation(KeyOperation::UnwrapKey))
{
try
{
result = m_provider->UnwrapKey(algorithm, encryptedKey, context);
}
catch (std::exception const&)
{
// If provider supports remote, otherwise re-throw
if (!m_provider->CanRemote())
{
throw;
}
}
if (result.Key.size() == 0)
{
// Operation is not completed yet. Either not supported by the provider or not generated.
// Assert the client is NOT localOnly before running the operation on Key Vault Service with
// the remote provider.
AZURE_ASSERT_FALSE(LocalOnly());
result = m_remoteProvider->UnwrapKey(algorithm, encryptedKey, context);
}
}
return result;
return m_pipeline->SendRequest<UnwrapResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&algorithm, &encryptedKey]() {
return KeyWrapParametersSerializer::KeyWrapParametersSerialize(
KeyWrapParameters(algorithm.ToString(), encryptedKey));
},
[&algorithm](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = UnwrapResultSerializer::UnwrapResultDeserialize(rawResponse);
result.Algorithm = algorithm;
return result;
},
{"unwrapKey"});
}
SignResult CryptographyClient::Sign(
Azure::Response<SignResult> CryptographyClient::Sign(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& digest,
Azure::Core::Context const& context)
{
if (m_provider == nullptr)
{
// Try to init a local crypto provider after getting the encryptedKey from the server.
// If the local provider can't be created, the remote client is used as provider.
Initialize(KeyOperation::Sign.ToString(), context);
}
// Default result has empty values.
SignResult result;
// m_provider can be local or remote, depending on how it was init.
if (m_provider->SupportsOperation(KeyOperation::Sign))
{
try
{
result = m_provider->Sign(algorithm, digest, context);
}
catch (std::exception const&)
{
// If provider supports remote, otherwise re-throw
if (!m_provider->CanRemote())
{
throw;
}
}
if (result.Signature.size() == 0)
{
// Operation is not completed yet. Either not supported by the provider or not generated.
// Assert the client is NOT localOnly before running the operation on Key Vault Service with
// the remote provider.
AZURE_ASSERT_FALSE(LocalOnly());
result = m_remoteProvider->Sign(algorithm, digest, context);
}
}
return result;
return m_pipeline->SendRequest<SignResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&algorithm, &digest]() {
return KeySignParametersSerializer::KeySignParametersSerialize(
KeySignParameters(algorithm.ToString(), digest));
},
[&algorithm](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = SignResultSerializer::SignResultDeserialize(rawResponse);
result.Algorithm = algorithm;
return result;
},
{"sign"});
}
SignResult CryptographyClient::SignData(
Azure::Response<SignResult> CryptographyClient::SignData(
SignatureAlgorithm algorithm,
Azure::Core::IO::BodyStream& data,
Azure::Core::Context const& context)
@ -335,7 +187,7 @@ SignResult CryptographyClient::SignData(
return Sign(algorithm, CreateDigest(algorithm, data), context);
}
SignResult CryptographyClient::SignData(
Azure::Response<SignResult> CryptographyClient::SignData(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& data,
Azure::Core::Context const& context)
@ -343,53 +195,31 @@ SignResult CryptographyClient::SignData(
return Sign(algorithm, CreateDigest(algorithm, data), context);
}
VerifyResult CryptographyClient::Verify(
Azure::Response<VerifyResult> CryptographyClient::Verify(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& digest,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context)
{
if (m_provider == nullptr)
{
// Try to init a local crypto provider after getting the encryptedKey from the server.
// If the local provider can't be created, the remote client is used as provider.
Initialize(KeyOperation::Verify.ToString(), context);
}
// Default result has empty values.
VerifyResult result;
// m_provider can be local or remote, depending on how it was init.
if (m_provider->SupportsOperation(KeyOperation::Verify))
{
try
{
result = m_provider->Verify(algorithm, digest, signature, context);
}
catch (std::exception const&)
{
// If provider supports remote, otherwise re-throw
if (!m_provider->CanRemote())
{
throw;
}
}
if (result.KeyId.empty())
{
// Operation is not completed yet. Either not supported by the provider or not generated.
// Assert the client is NOT localOnly before running the operation on Key Vault Service with
// the remote provider.
AZURE_ASSERT_FALSE(LocalOnly());
result = m_remoteProvider->Verify(algorithm, digest, signature, context);
}
}
return result;
return m_pipeline->SendRequest<VerifyResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&algorithm, &digest, &signature]() {
return KeyVerifyParametersSerializer::KeyVerifyParametersSerialize(
KeyVerifyParameters(algorithm.ToString(), digest, signature));
},
[&algorithm, this](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = VerifyResultSerializer::VerifyResultDeserialize(rawResponse);
result.Algorithm = algorithm;
// Verify result won't return the KeyId, the client SDK will add it based on the client
// KeyId.
result.KeyId = this->m_keyId.GetAbsoluteUrl();
return result;
},
{"verify"});
}
VerifyResult CryptographyClient::VerifyData(
Azure::Response<VerifyResult> CryptographyClient::VerifyData(
SignatureAlgorithm algorithm,
Azure::Core::IO::BodyStream& data,
std::vector<uint8_t> const& signature,
@ -398,7 +228,7 @@ VerifyResult CryptographyClient::VerifyData(
return Verify(algorithm, CreateDigest(algorithm, data), signature, context);
}
VerifyResult CryptographyClient::VerifyData(
Azure::Response<VerifyResult> CryptographyClient::VerifyData(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& data,
std::vector<uint8_t> const& signature,

197
sdk/keyvault/azure-security-keyvault-keys/src/cryptography/remote_cryptography_client.cpp
View File

@ -1,197 +0,0 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// SPDX-License-Identifier: MIT
#include <azure/core/credentials/credentials.hpp>
#include <azure/core/http/http.hpp>
#include <azure/core/http/policies/policy.hpp>
#include <azure/core/internal/http/pipeline.hpp>
#include "../private/cryptography_serializers.hpp"
#include "../private/key_constants.hpp"
#include "../private/key_serializers.hpp"
#include "../private/key_sign_parameters.hpp"
#include "../private/key_verify_parameters.hpp"
#include "../private/key_wrap_parameters.hpp"
#include "../private/remote_cryptography_client.hpp"
#include <memory>
#include <string>
#include <vector>
using namespace Azure::Security::KeyVault::Keys;
using namespace Azure::Security::KeyVault::Keys::Cryptography;
using namespace Azure::Security::KeyVault::Keys::Cryptography::_detail;
using namespace Azure::Core::Http;
using namespace Azure::Core::Http::Policies;
using namespace Azure::Core::Http::Policies::_internal;
RemoteCryptographyClient::RemoteCryptographyClient(
std::string const& keyId,
std::shared_ptr<Core::Credentials::TokenCredential const> credential,
CryptographyClientOptions options)
{
auto apiVersion = options.Version.ToString();
// Remote client is init with the URL to a key vault key.
KeyId = Azure::Core::Url(keyId);
std::vector<std::unique_ptr<HttpPolicy>> perRetrypolicies;
{
Azure::Core::Credentials::TokenRequestContext const tokenContext
= {{"https://vault.azure.net/.default"}};
perRetrypolicies.emplace_back(
std::make_unique<BearerTokenAuthenticationPolicy>(credential, tokenContext));
}
Pipeline = std::make_shared<Azure::Security::KeyVault::_detail::KeyVaultProtocolClient>(
Azure::Core::Url(keyId),
apiVersion,
Azure::Core::Http::_internal::HttpPipeline(
options, "KeyVault", apiVersion, std::move(perRetrypolicies), {}));
}
Azure::Response<KeyVaultKey> RemoteCryptographyClient::GetKey(
Azure::Core::Context const& context) const
{
// The remote crypto client is created with a Key Vault key URL, hence, no path is required to get
// the key from the server.
return Pipeline->SendRequest<KeyVaultKey>(
context,
Azure::Core::Http::HttpMethod::Get,
[](Azure::Core::Http::RawResponse const& rawResponse) {
return Azure::Security::KeyVault::Keys::_detail::KeyVaultKeySerializer::
KeyVaultKeyDeserialize(rawResponse);
},
{});
}
EncryptResult RemoteCryptographyClient::Encrypt(
EncryptParameters const& parameters,
Azure::Core::Context const& context) const
{
return Pipeline
->SendRequest<EncryptResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&parameters]() {
return EncryptParametersSerializer::EncryptParametersSerialize(parameters);
},
[&parameters](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = EncryptResultSerializer::EncryptResultDeserialize(rawResponse);
result.Algorithm = parameters.Algorithm;
return result;
},
{"encrypt"})
.Value;
}
DecryptResult RemoteCryptographyClient::Decrypt(
DecryptParameters const& parameters,
Azure::Core::Context const& context) const
{
return Pipeline
->SendRequest<DecryptResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&parameters]() {
return DecryptParametersSerializer::DecryptParametersSerialize(parameters);
},
[&parameters](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = DecryptResultSerializer::DecryptResultDeserialize(rawResponse);
result.Algorithm = parameters.Algorithm;
return result;
},
{"decrypt"})
.Value;
}
WrapResult RemoteCryptographyClient::WrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const& context) const
{
return Pipeline
->SendRequest<WrapResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&algorithm, &key]() {
return KeyWrapParametersSerializer::KeyWrapParametersSerialize(
KeyWrapParameters(algorithm.ToString(), key));
},
[&algorithm](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = WrapResultSerializer::WrapResultDeserialize(rawResponse);
result.Algorithm = algorithm;
return result;
},
{"wrapKey"})
.Value;
}
UnwrapResult RemoteCryptographyClient::UnwrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const& context) const
{
return Pipeline
->SendRequest<UnwrapResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&algorithm, &key]() {
return KeyWrapParametersSerializer::KeyWrapParametersSerialize(
KeyWrapParameters(algorithm.ToString(), key));
},
[&algorithm](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = UnwrapResultSerializer::UnwrapResultDeserialize(rawResponse);
result.Algorithm = algorithm;
return result;
},
{"unwrapKey"})
.Value;
}
SignResult RemoteCryptographyClient::Sign(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& digest,
Azure::Core::Context const& context) const
{
return Pipeline
->SendRequest<SignResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&algorithm, &digest]() {
return KeySignParametersSerializer::KeySignParametersSerialize(
KeySignParameters(algorithm.ToString(), digest));
},
[&algorithm](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = SignResultSerializer::SignResultDeserialize(rawResponse);
result.Algorithm = algorithm;
return result;
},
{"sign"})
.Value;
}
VerifyResult RemoteCryptographyClient::Verify(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& digest,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context) const
{
return Pipeline
->SendRequest<VerifyResult>(
context,
Azure::Core::Http::HttpMethod::Post,
[&algorithm, &digest, &signature]() {
return KeyVerifyParametersSerializer::KeyVerifyParametersSerialize(
KeyVerifyParameters(algorithm.ToString(), digest, signature));
},
[&algorithm, this](Azure::Core::Http::RawResponse const& rawResponse) {
auto result = VerifyResultSerializer::VerifyResultDeserialize(rawResponse);
result.Algorithm = algorithm;
// Verify result won't return the KeyId, the client SDK will add it based on the client
// KeyId.
result.KeyId = this->KeyId.GetAbsoluteUrl();
return result;
},
{"verify"})
.Value;
}

80
sdk/keyvault/azure-security-keyvault-keys/src/cryptography/rsa_cryptography_provider.cpp
View File

@ -1,80 +0,0 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// SPDX-License-Identifier: MIT
#include "../private/rsa_cryptography_provider.hpp"
#include <memory>
#include <string>
namespace Azure {
namespace Security {
namespace KeyVault {
namespace Keys {
namespace Cryptography {
namespace _detail {
EncryptResult RsaCryptographyProvider::Encrypt(
EncryptParameters const& parameters,
Azure::Core::Context const&) const
{
EncryptResult result;
result.Algorithm = parameters.Algorithm;
return result;
}
DecryptResult RsaCryptographyProvider::Decrypt(
DecryptParameters const& parameters,
Azure::Core::Context const&) const
{
DecryptResult result;
result.Algorithm = parameters.Algorithm;
return result;
}
WrapResult RsaCryptographyProvider::WrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const&) const
{
WrapResult result;
(void)key;
result.Algorithm = algorithm;
return result;
}
UnwrapResult RsaCryptographyProvider::UnwrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const&) const
{
UnwrapResult result;
(void)key;
result.Algorithm = algorithm;
return result;
}
SignResult RsaCryptographyProvider::Sign(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& digest,
Azure::Core::Context const&) const
{
SignResult result;
(void)digest;
result.Algorithm = algorithm;
return result;
}
VerifyResult RsaCryptographyProvider::Verify(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& digest,
std::vector<uint8_t> const& signature,
Azure::Core::Context const&) const
{
VerifyResult result;
(void)digest;
(void)signature;
result.Algorithm = algorithm;
return result;
}
}}}}}} // namespace Azure::Security::KeyVault::Keys::Cryptography::_detail

75
sdk/keyvault/azure-security-keyvault-keys/src/private/cryptography_provider.hpp
View File

@ -1,75 +0,0 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// SPDX-License-Identifier: MIT
/**
* @file
* @brief Defines the operations supported by a Cryptography provider.
*
*/
#pragma once
#include <azure/core/context.hpp>
#include "azure/keyvault/keys/cryptography/decrypt_parameters.hpp"
#include "azure/keyvault/keys/cryptography/decrypt_result.hpp"
#include "azure/keyvault/keys/cryptography/encrypt_parameters.hpp"
#include "azure/keyvault/keys/cryptography/encrypt_result.hpp"
#include "azure/keyvault/keys/cryptography/key_wrap_algorithm.hpp"
#include "azure/keyvault/keys/cryptography/sign_result.hpp"
#include "azure/keyvault/keys/cryptography/signature_algorithm.hpp"
#include "azure/keyvault/keys/cryptography/unwrap_result.hpp"
#include "azure/keyvault/keys/cryptography/verify_result.hpp"
#include "azure/keyvault/keys/cryptography/wrap_result.hpp"
#include "azure/keyvault/keys/key_operation.hpp"
#include <memory>
#include <string>
#include <vector>
namespace Azure {
namespace Security {
namespace KeyVault {
namespace Keys {
namespace Cryptography {
namespace _detail {
class CryptographyProvider {
public:
virtual ~CryptographyProvider() = default;
virtual bool CanRemote() const noexcept = 0;
virtual bool SupportsOperation(
Azure::Security::KeyVault::Keys::KeyOperation operation) const noexcept = 0;
virtual EncryptResult Encrypt(
EncryptParameters const& parameters,
Azure::Core::Context const& context) const = 0;
virtual DecryptResult Decrypt(
DecryptParameters const& parameters,
Azure::Core::Context const& context) const = 0;
virtual WrapResult WrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const& context) const = 0;
virtual UnwrapResult UnwrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& encryptedKey,
Azure::Core::Context const& context) const = 0;
virtual SignResult Sign(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& digest,
Azure::Core::Context const& context) const = 0;
virtual VerifyResult Verify(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& digest,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context) const = 0;
};
}}}}}} // namespace Azure::Security::KeyVault::Keys::Cryptography::_detail

48
sdk/keyvault/azure-security-keyvault-keys/src/private/local_cryptography_provider.hpp
View File

@ -1,48 +0,0 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// SPDX-License-Identifier: MIT
/**
* @file
* @brief Define the base bahavior for a local cryptography provider.
*
*/
#pragma once
#include "cryptography_provider.hpp"
#include "azure/keyvault/keys/keyvault_key.hpp"
#include <memory>
#include <string>
namespace Azure {
namespace Security {
namespace KeyVault {
namespace Keys {
namespace Cryptography {
namespace _detail {
class LocalCryptographyProvider : public CryptographyProvider {
private:
Azure::Security::KeyVault::Keys::KeyProperties m_keyProperties;
bool m_canRemote;
protected:
Azure::Security::KeyVault::Keys::JsonWebKey m_keyMaterial;
public:
LocalCryptographyProvider() = delete;
LocalCryptographyProvider(
Azure::Security::KeyVault::Keys::JsonWebKey const& keyMaterial,
Azure::Security::KeyVault::Keys::KeyProperties const& keyProperties,
bool localOnly = false)
: m_keyProperties(keyProperties), m_canRemote(!localOnly && !keyMaterial.Id.empty()),
m_keyMaterial(keyMaterial)
{
}
bool CanRemote() const noexcept override { return m_canRemote; };
};
}}}}}} // namespace Azure::Security::KeyVault::Keys::Cryptography::_detail

51
sdk/keyvault/azure-security-keyvault-keys/src/private/local_cryptography_provider_factory.hpp
View File

@ -1,51 +0,0 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// SPDX-License-Identifier: MIT
/**
* @file
* @brief Exposes a factory for creating local cryptography providers.
*
*/
#pragma once
#include "azure/keyvault/keys/keyvault_key.hpp"
#include "cryptography_provider.hpp"
#include "rsa_cryptography_provider.hpp"
#include <memory>
#include <string>
namespace Azure {
namespace Security {
namespace KeyVault {
namespace Keys {
namespace Cryptography {
namespace _detail {
class LocalCryptographyProviderFactory final {
public:
LocalCryptographyProviderFactory() = delete;
static std::unique_ptr<CryptographyProvider> Create(
Azure::Security::KeyVault::Keys::JsonWebKey const& keyMaterial,
Azure::Security::KeyVault::Keys::KeyProperties const& keyProperties,
bool localOnly = false)
{
if (keyMaterial.KeyType == Azure::Security::KeyVault::Keys::KeyVaultKeyType::Rsa
|| keyMaterial.KeyType == Azure::Security::KeyVault::Keys::KeyVaultKeyType::RsaHsm)
{
return std::make_unique<RsaCryptographyProvider>(keyMaterial, keyProperties, localOnly);
}
return nullptr;
}
static std::unique_ptr<CryptographyProvider> Create(
Azure::Security::KeyVault::Keys::KeyVaultKey const& key,
bool localOnly = false)
{
return Create(key.Key, key.Properties, localOnly);
}
};
}}}}}} // namespace Azure::Security::KeyVault::Keys::Cryptography::_detail

83
sdk/keyvault/azure-security-keyvault-keys/src/private/remote_cryptography_client.hpp
View File

@ -1,83 +0,0 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// SPDX-License-Identifier: MIT
/**
* @file
* @brief A remote client used to perform cryptographic operations with Azure Key Vault keys.
*
*/
#pragma once
#include <azure/core/response.hpp>
#include <azure/core/url.hpp>
#include "cryptography_provider.hpp"
#include "keyvault_protocol.hpp"
#include "azure/keyvault/keys/cryptography/cryptography_client_options.hpp"
#include "azure/keyvault/keys/cryptography/encrypt_parameters.hpp"
#include "azure/keyvault/keys/cryptography/encrypt_result.hpp"
#include "azure/keyvault/keys/keyvault_key.hpp"
#include <memory>
#include <string>
namespace Azure {
namespace Security {
namespace KeyVault {
namespace Keys {
namespace Cryptography {
namespace _detail {
class RemoteCryptographyClient final
: public Azure::Security::KeyVault::Keys::Cryptography::_detail::CryptographyProvider {
public:
std::shared_ptr<Azure::Security::KeyVault::_detail::KeyVaultProtocolClient> Pipeline;
Azure::Core::Url KeyId;
explicit RemoteCryptographyClient(
std::string const& keyId,
std::shared_ptr<Core::Credentials::TokenCredential const> credential,
CryptographyClientOptions options = CryptographyClientOptions());
bool CanRemote() const noexcept override { return true; }
bool SupportsOperation(Azure::Security::KeyVault::Keys::KeyOperation) const noexcept override
{
return true;
};
Azure::Response<KeyVaultKey> GetKey(
Azure::Core::Context const& context = Azure::Core::Context()) const;
EncryptResult Encrypt(
EncryptParameters const& parameters,
Azure::Core::Context const& context) const override;
DecryptResult Decrypt(
DecryptParameters const& parameters,
Azure::Core::Context const& context) const override;
WrapResult WrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const& context) const override;
UnwrapResult UnwrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& encryptedKey,
Azure::Core::Context const& context) const override;
SignResult Sign(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& digest,
Azure::Core::Context const& context) const override;
VerifyResult Verify(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& digest,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context) const override;
};
}}}}}} // namespace Azure::Security::KeyVault::Keys::Cryptography::_detail

78
sdk/keyvault/azure-security-keyvault-keys/src/private/rsa_cryptography_provider.hpp
View File

@ -1,78 +0,0 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// SPDX-License-Identifier: MIT
/**
* @file
* @brief RSA local cryptography provider.
*
*/
#pragma once
#include "local_cryptography_provider.hpp"
#include <memory>
#include <string>
namespace Azure {
namespace Security {
namespace KeyVault {
namespace Keys {
namespace Cryptography {
namespace _detail {
class RsaCryptographyProvider final : public LocalCryptographyProvider {
public:
RsaCryptographyProvider(
Azure::Security::KeyVault::Keys::JsonWebKey const& keyMaterial,
Azure::Security::KeyVault::Keys::KeyProperties const& keyProperties,
bool localOnly)
: LocalCryptographyProvider(keyMaterial, keyProperties, localOnly)
{
}
bool SupportsOperation(
Azure::Security::KeyVault::Keys::KeyOperation operation) const noexcept override
{
if (operation == Azure::Security::KeyVault::Keys::KeyOperation::Encrypt
|| operation == Azure::Security::KeyVault::Keys::KeyOperation::Decrypt
|| operation == Azure::Security::KeyVault::Keys::KeyOperation::Sign
|| operation == Azure::Security::KeyVault::Keys::KeyOperation::Verify
|| operation == Azure::Security::KeyVault::Keys::KeyOperation::WrapKey
|| operation == Azure::Security::KeyVault::Keys::KeyOperation::UnwrapKey)
{
return m_keyMaterial.SupportsOperation(operation);
}
return false;
}
EncryptResult Encrypt(
EncryptParameters const& parameters,
Azure::Core::Context const& context) const override;
DecryptResult Decrypt(
DecryptParameters const& parameters,
Azure::Core::Context const& context) const override;
WrapResult WrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const& context) const override;
UnwrapResult UnwrapKey(
KeyWrapAlgorithm const& algorithm,
std::vector<uint8_t> const& encryptedKey,
Azure::Core::Context const& context) const override;
SignResult Sign(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& sigest,
Azure::Core::Context const& context) const override;
VerifyResult Verify(
SignatureAlgorithm const& algorithm,
std::vector<uint8_t> const& sigest,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context) const override;
};
}}}}}} // namespace Azure::Security::KeyVault::Keys::Cryptography::_detail

4
sdk/keyvault/azure-security-keyvault-keys/test/samples/sample4-encrypt-decrypt/sample4_encrypt_decrypt.cpp
View File

@ -52,13 +52,13 @@ int main()
uint8_t const data[] = "A single block of plaintext";
std::vector<uint8_t> plaintext(std::begin(data), std::end(data));
EncryptResult encryptResult
= cryptoClient.Encrypt(EncryptParameters::RsaOaepParameters(plaintext));
= cryptoClient.Encrypt(EncryptParameters::RsaOaepParameters(plaintext)).Value;
std::cout << " - Encrypted data using the algorithm " << encryptResult.Algorithm.ToString()
<< ", with key " << encryptResult.KeyId << ". The resulting encrypted data is: "
<< Azure::Core::Convert::Base64Encode(encryptResult.Ciphertext) << std::endl;
DecryptResult decryptResult
= cryptoClient.Decrypt(DecryptParameters::RsaOaepParameters(encryptResult.Ciphertext));
= cryptoClient.Decrypt(DecryptParameters::RsaOaepParameters(encryptResult.Ciphertext)).Value;
std::cout << " - Decrypted data using the algorithm " << decryptResult.Algorithm.ToString()
<< ", with key " << decryptResult.KeyId << ". The resulting decrypted data is: "
<< std::string(decryptResult.Plaintext.begin(), decryptResult.Plaintext.end())

18
sdk/keyvault/azure-security-keyvault-keys/test/samples/sample5-sign-verify/sample5_sign_verify.cpp
View File

@ -70,42 +70,43 @@ int main()
= Azure::Core::Convert::Base64Decode("DU9EdhpwhJqnGnieD0qKYEz6e8QPKlOVpYZZro");
// Sign and Verify from digest
SignResult rsaSignResult = rsaCryptoClient.Sign(SignatureAlgorithm::RS256, digest);
SignResult rsaSignResult = rsaCryptoClient.Sign(SignatureAlgorithm::RS256, digest).Value;
std::cout << " - Signed digest using the algorithm " << rsaSignResult.Algorithm.ToString()
<< ", with key " << rsaSignResult.KeyId << ". The resulting signature is: "
<< Azure::Core::Convert::Base64Encode(rsaSignResult.Signature) << std::endl;
SignResult ecSignResult = ecCryptoClient.Sign(SignatureAlgorithm::ES256K, digest);
SignResult ecSignResult = ecCryptoClient.Sign(SignatureAlgorithm::ES256K, digest).Value;
std::cout << " - Signed digest using the algorithm " << ecSignResult.Algorithm.ToString()
<< ", with key " << ecSignResult.KeyId << ". The resulting signature is: "
<< Azure::Core::Convert::Base64Encode(ecSignResult.Signature) << std::endl;
VerifyResult rsaVerifyResult
= rsaCryptoClient.Verify(SignatureAlgorithm::RS256, digest, rsaSignResult.Signature);
= rsaCryptoClient.Verify(SignatureAlgorithm::RS256, digest, rsaSignResult.Signature).Value;
std::cout << " - Verified the signature using the algorithm "
<< rsaVerifyResult.Algorithm.ToString() << ", with key " << rsaVerifyResult.KeyId
<< ". Signature is valid: " << (rsaVerifyResult.IsValid ? "True" : "False")
<< std::endl;
VerifyResult ecVerifyResult
= ecCryptoClient.Verify(SignatureAlgorithm::ES256K, digest, ecSignResult.Signature);
= ecCryptoClient.Verify(SignatureAlgorithm::ES256K, digest, ecSignResult.Signature).Value;
std::cout << " - Verified the signature using the algorithm "
<< ecVerifyResult.Algorithm.ToString() << ", with key " << ecVerifyResult.KeyId
<< ". Signature is valid: " << (ecVerifyResult.IsValid ? "True" : "False") << std::endl;
// Sign and Verify from data
SignResult rsaSignDataResult = rsaCryptoClient.SignData(SignatureAlgorithm::RS256, data);
SignResult rsaSignDataResult = rsaCryptoClient.SignData(SignatureAlgorithm::RS256, data).Value;
std::cout << " - Signed data using the algorithm " << rsaSignDataResult.Algorithm.ToString()
<< ", with key " << rsaSignDataResult.KeyId << ". The resulting signature is: "
<< Azure::Core::Convert::Base64Encode(rsaSignDataResult.Signature) << std::endl;
SignResult ecSignDataResult = ecCryptoClient.SignData(SignatureAlgorithm::ES256K, data);
SignResult ecSignDataResult = ecCryptoClient.SignData(SignatureAlgorithm::ES256K, data).Value;
std::cout << " - Signed data using the algorithm " << ecSignDataResult.Algorithm.ToString()
<< ", with key " << ecSignDataResult.KeyId << ". The resulting signature is: "
<< Azure::Core::Convert::Base64Encode(ecSignDataResult.Signature) << std::endl;
VerifyResult rsaVerifyDataResult
= rsaCryptoClient.VerifyData(SignatureAlgorithm::RS256, data, rsaSignDataResult.Signature);
= rsaCryptoClient.VerifyData(SignatureAlgorithm::RS256, data, rsaSignDataResult.Signature)
.Value;
std::cout << " - Verified the signature using the algorithm "
<< rsaVerifyDataResult.Algorithm.ToString() << ", with key "
<< rsaVerifyDataResult.KeyId
@ -113,7 +114,8 @@ int main()
<< std::endl;
VerifyResult ecVerifyDataResult
= ecCryptoClient.VerifyData(SignatureAlgorithm::ES256K, data, ecSignDataResult.Signature);
= ecCryptoClient.VerifyData(SignatureAlgorithm::ES256K, data, ecSignDataResult.Signature)
.Value;
std::cout << " - Verified the signature using the algorithm "
<< ecVerifyDataResult.Algorithm.ToString() << ", with key " << ecVerifyDataResult.KeyId
<< ". Signature is valid: " << (ecVerifyDataResult.IsValid ? "True" : "False")

6
sdk/keyvault/azure-security-keyvault-keys/test/samples/sample6-wrap-unwrap/sample6_wrap_unwrap.cpp
View File

@ -60,13 +60,13 @@ int main()
std::cout << " - Using a sample generated key: " << Azure::Core::Convert::Base64Encode(keyData)
<< std::endl;
WrapResult wrapResult = cryptoClient.WrapKey(KeyWrapAlgorithm::RsaOaep, keyData);
auto wrapResult = cryptoClient.WrapKey(KeyWrapAlgorithm::RsaOaep, keyData).Value;
std::cout << " - Encrypted data using the algorithm " << wrapResult.Algorithm.ToString()
<< ", with key " << wrapResult.KeyId << ". The resulting encrypted data is: "
<< Azure::Core::Convert::Base64Encode(wrapResult.EncryptedKey) << std::endl;
UnwrapResult unwrapResult
= cryptoClient.UnwrapKey(KeyWrapAlgorithm::RsaOaep, wrapResult.EncryptedKey);
auto unwrapResult
= cryptoClient.UnwrapKey(KeyWrapAlgorithm::RsaOaep, wrapResult.EncryptedKey).Value;
std::cout << " - Decrypted data using the algorithm " << unwrapResult.Algorithm.ToString()
<< ", with key " << unwrapResult.KeyId << ". The resulting decrypted data is: "
<< Azure::Core::Convert::Base64Encode(unwrapResult.Key) << std::endl;

50
sdk/keyvault/azure-security-keyvault-keys/test/ut/key_cryptographic_client_test_live.cpp
View File

@ -37,13 +37,15 @@ TEST_P(KeyVaultClientTest, RemoteEncrypt)
uint8_t plaintextSource[] = "A single block of plaintext";
std::vector<uint8_t> plaintext(std::begin(plaintextSource), std::end(plaintextSource));
auto encryptResult = cryptoClient.Encrypt(EncryptParameters::RsaOaepParameters(plaintext));
auto encryptResult
= cryptoClient.Encrypt(EncryptParameters::RsaOaepParameters(plaintext)).Value;
EXPECT_EQ(encryptResult.Algorithm.ToString(), EncryptionAlgorithm::RsaOaep.ToString());
EXPECT_EQ(encryptResult.KeyId, rsaKey.Id());
EXPECT_TRUE(encryptResult.Ciphertext.size() > 0);
auto decryptResult
= cryptoClient.Decrypt(DecryptParameters::RsaOaepParameters(encryptResult.Ciphertext));
= cryptoClient.Decrypt(DecryptParameters::RsaOaepParameters(encryptResult.Ciphertext))
.Value;
EXPECT_EQ(decryptResult.Algorithm.ToString(), encryptResult.Algorithm.ToString());
EXPECT_EQ(decryptResult.Plaintext, plaintext);
EXPECT_EQ(decryptResult.KeyId, encryptResult.KeyId);
@ -67,12 +69,12 @@ TEST_P(KeyVaultClientTest, RemoteWrap)
uint8_t plaintextSource[] = "A single block of plaintext";
std::vector<uint8_t> plaintext(std::begin(plaintextSource), std::end(plaintextSource));
auto wrapResult = cryptoClient.WrapKey(KeyWrapAlgorithm::RsaOaep256, plaintext);
auto wrapResult = cryptoClient.WrapKey(KeyWrapAlgorithm::RsaOaep256, plaintext).Value;
EXPECT_EQ(wrapResult.Algorithm.ToString(), KeyWrapAlgorithm::RsaOaep256.ToString());
EXPECT_EQ(wrapResult.KeyId, rsaKey.Id());
EXPECT_TRUE(wrapResult.EncryptedKey.size() > 0);
auto unwrapResult = cryptoClient.UnwrapKey(wrapResult.Algorithm, wrapResult.EncryptedKey);
auto unwrapResult = cryptoClient.UnwrapKey(wrapResult.Algorithm, wrapResult.EncryptedKey).Value;
EXPECT_EQ(unwrapResult.Algorithm.ToString(), wrapResult.Algorithm.ToString());
EXPECT_EQ(unwrapResult.Key, plaintext);
EXPECT_EQ(unwrapResult.KeyId, wrapResult.KeyId);
@ -100,12 +102,13 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA256)
std::vector<uint8_t> digest
= sha256.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest);
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest).Value;
EXPECT_EQ(signResult.Algorithm.ToString(), signatureAlgorithm.ToString());
EXPECT_EQ(signResult.KeyId, rsaKey.Id());
EXPECT_TRUE(signResult.Signature.size() > 0);
auto verifyResult = cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature);
auto verifyResult
= cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature).Value;
EXPECT_EQ(verifyResult.Algorithm.ToString(), verifyResult.Algorithm.ToString());
EXPECT_EQ(verifyResult.KeyId, rsaKey.Id());
EXPECT_TRUE(verifyResult.IsValid);
@ -118,12 +121,13 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA256)
std::vector<uint8_t> digest
= sha256.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest);
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest).Value;
EXPECT_EQ(signResult.Algorithm.ToString(), signatureAlgorithm.ToString());
EXPECT_EQ(signResult.KeyId, rsaKey.Id());
EXPECT_TRUE(signResult.Signature.size() > 0);
auto verifyResult = cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature);
auto verifyResult
= cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature).Value;
EXPECT_EQ(verifyResult.Algorithm.ToString(), verifyResult.Algorithm.ToString());
EXPECT_EQ(verifyResult.KeyId, rsaKey.Id());
EXPECT_TRUE(verifyResult.IsValid);
@ -148,12 +152,13 @@ TEST_F(KeyVaultClientTest, RemoteSignVerifyES256)
std::vector<uint8_t> digest
= sha256.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest);
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest).Value;
EXPECT_EQ(signResult.Algorithm.ToString(), signatureAlgorithm.ToString());
EXPECT_EQ(signResult.KeyId, ecKey.Id());
EXPECT_TRUE(signResult.Signature.size() > 0);
auto verifyResult = cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature);
auto verifyResult
= cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature).Value;
EXPECT_EQ(verifyResult.Algorithm.ToString(), verifyResult.Algorithm.ToString());
EXPECT_EQ(verifyResult.KeyId, ecKey.Id());
EXPECT_TRUE(verifyResult.IsValid);
@ -171,12 +176,13 @@ TEST_F(KeyVaultClientTest, RemoteSignVerifyES256)
std::vector<uint8_t> digest
= sha256.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest);
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest).Value;
EXPECT_EQ(signResult.Algorithm.ToString(), signatureAlgorithm.ToString());
EXPECT_EQ(signResult.KeyId, ecKey.Id());
EXPECT_TRUE(signResult.Signature.size() > 0);
auto verifyResult = cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature);
auto verifyResult
= cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature).Value;
EXPECT_EQ(verifyResult.Algorithm.ToString(), verifyResult.Algorithm.ToString());
EXPECT_EQ(verifyResult.KeyId, ecKey.Id());
EXPECT_TRUE(verifyResult.IsValid);
@ -204,12 +210,13 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA384)
std::vector<uint8_t> digest
= sha384.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest);
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest).Value;
EXPECT_EQ(signResult.Algorithm.ToString(), signatureAlgorithm.ToString());
EXPECT_EQ(signResult.KeyId, rsaKey.Id());
EXPECT_TRUE(signResult.Signature.size() > 0);
auto verifyResult = cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature);
auto verifyResult
= cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature).Value;
EXPECT_EQ(verifyResult.Algorithm.ToString(), verifyResult.Algorithm.ToString());
EXPECT_EQ(verifyResult.KeyId, rsaKey.Id());
EXPECT_TRUE(verifyResult.IsValid);
@ -222,12 +229,13 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA384)
std::vector<uint8_t> digest
= sha384.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest);
auto signResult = cryptoClient.Sign(signatureAlgorithm, digest).Value;
EXPECT_EQ(signResult.Algorithm.ToString(), signatureAlgorithm.ToString());
EXPECT_EQ(signResult.KeyId, rsaKey.Id());
EXPECT_TRUE(signResult.Signature.size() > 0);
auto verifyResult = cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature);
auto verifyResult
= cryptoClient.Verify(signResult.Algorithm, digest, signResult.Signature).Value;
EXPECT_EQ(verifyResult.Algorithm.ToString(), verifyResult.Algorithm.ToString());
EXPECT_EQ(verifyResult.KeyId, rsaKey.Id());
EXPECT_TRUE(verifyResult.IsValid);
@ -252,12 +260,13 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyDataRSA256)
// RS256
{
auto signatureAlgorithm = SignatureAlgorithm::RS256;
auto signResult = cryptoClient.SignData(signatureAlgorithm, data);
auto signResult = cryptoClient.SignData(signatureAlgorithm, data).Value;
EXPECT_EQ(signResult.Algorithm.ToString(), signatureAlgorithm.ToString());
EXPECT_EQ(signResult.KeyId, rsaKey.Id());
EXPECT_TRUE(signResult.Signature.size() > 0);
auto verifyResult = cryptoClient.VerifyData(signResult.Algorithm, data, signResult.Signature);
auto verifyResult
= cryptoClient.VerifyData(signResult.Algorithm, data, signResult.Signature).Value;
EXPECT_EQ(verifyResult.Algorithm.ToString(), verifyResult.Algorithm.ToString());
EXPECT_EQ(verifyResult.KeyId, rsaKey.Id());
EXPECT_TRUE(verifyResult.IsValid);
@ -266,12 +275,13 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyDataRSA256)
// PS256
{
auto signatureAlgorithm = SignatureAlgorithm::PS256;
auto signResult = cryptoClient.SignData(signatureAlgorithm, data);
auto signResult = cryptoClient.SignData(signatureAlgorithm, data).Value;
EXPECT_EQ(signResult.Algorithm.ToString(), signatureAlgorithm.ToString());
EXPECT_EQ(signResult.KeyId, rsaKey.Id());
EXPECT_TRUE(signResult.Signature.size() > 0);
auto verifyResult = cryptoClient.VerifyData(signResult.Algorithm, data, signResult.Signature);
auto verifyResult
= cryptoClient.VerifyData(signResult.Algorithm, data, signResult.Signature).Value;
EXPECT_EQ(verifyResult.Algorithm.ToString(), verifyResult.Algorithm.ToString());
EXPECT_EQ(verifyResult.KeyId, rsaKey.Id());
EXPECT_TRUE(verifyResult.IsValid);