github/azure-sdk-for-cpp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Use forward declaration to avoid exposing private/src headers from public headers. (#2626)

Browse Source 
* Remove InitRequest helper method

* Rename KeyVaultPipeline to KeyVaultProtocolClient along with headers.

* Move the KeyVaultProtocolClient into private imlpementation detail of
Keys.

* Update doc comments.

* Stop building keyvault common for now since it contains no sources.

* Don't generate keyvault common docs since there are no files.

* Stop building azure-security-keyvault-common as part of CI.

* Use forward declaration to avoid exposing private/src headers from
public headers.

* Simplify after the merge from main.
This commit is contained in:
Ahson Khan 2021-07-14 20:21:42 -07:00 committed by GitHub
parent c4af969569
commit e69f6e182a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 280 additions and 268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

399
sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/cryptography/cryptography_client.hpp
View File

@ -9,8 +9,6 @@
#pragma once
#include "../src/private/keyvault_protocol.hpp"
#include <azure/core/context.hpp>
#include <azure/core/io/body_stream.hpp>
@ -30,222 +28,225 @@
#include <string>
#include <vector>
namespace Azure {
namespace Security {
namespace KeyVault {
namespace Keys {
namespace Cryptography {
namespace Azure { namespace Security { namespace KeyVault {
namespace _detail {
struct CryptographyProvider;
struct RemoteCryptographyClient;
class KeyVaultProtocolClient;
} // namespace _detail
/**
* @brief A client used to perform cryptographic operations with Azure Key Vault keys.
*
*/
class CryptographyClient final {
private:
std::shared_ptr<Azure::Security::KeyVault::_detail::KeyVaultProtocolClient> m_pipeline;
std::string m_keyId;
std::shared_ptr<
Azure::Security::KeyVault::Keys::Cryptography::_detail::RemoteCryptographyClient>
m_remoteProvider;
std::shared_ptr<Azure::Security::KeyVault::Keys::Cryptography::_detail::CryptographyProvider>
m_provider;
namespace Keys { namespace Cryptography {
explicit CryptographyClient(
std::string const& keyId,
std::shared_ptr<Core::Credentials::TokenCredential const> credential,
CryptographyClientOptions const& options,
bool forceRemote);
void Initialize(std::string const& operation, Azure::Core::Context const& context);
namespace _detail {
struct CryptographyProvider;
struct RemoteCryptographyClient;
} // namespace _detail
/**
* @brief Gets whether this #CryptographyClient runs only local operations.
* @brief A client used to perform cryptographic operations with Azure Key Vault keys.
*
*/
bool LocalOnly() const noexcept { return m_remoteProvider == nullptr; }
class CryptographyClient final {
private:
std::shared_ptr<Azure::Security::KeyVault::_detail::KeyVaultProtocolClient> m_pipeline;
std::string m_keyId;
std::shared_ptr<
Azure::Security::KeyVault::Keys::Cryptography::_detail::RemoteCryptographyClient>
m_remoteProvider;
std::shared_ptr<Azure::Security::KeyVault::Keys::Cryptography::_detail::CryptographyProvider>
m_provider;
public:
/**
* @brief Initializes a new instance of the #CryptographyClient class.
*
* @param keyId The key identifier of the #KeyVaultKey which will be used for cryptographic
* operations.
* @param credential A #TokenCredential used to authenticate requests to the vault, like
* DefaultAzureCredential.
* @param options #CryptographyClientOptions for the #CryptographyClient for local or remote
* operations on Key Vault.
*/
explicit CryptographyClient(
std::string const& keyId,
std::shared_ptr<Core::Credentials::TokenCredential const> credential,
CryptographyClientOptions options = CryptographyClientOptions())
: CryptographyClient(keyId, credential, options, false)
{
}
explicit CryptographyClient(
std::string const& keyId,
std::shared_ptr<Core::Credentials::TokenCredential const> credential,
CryptographyClientOptions const& options,
bool forceRemote);
/**
* @brief Destructs `%CryptographyClient`.
*
*/
~CryptographyClient();
void Initialize(std::string const& operation, Azure::Core::Context const& context);
/**
* @brief Encrypts plaintext.
*
* @param parameters An #EncryptParameters containing the data to encrypt and other parameters
* for algorithm-dependent encryption.
* @param context A #Azure::Core::Context to cancel the operation.
* @return An #EncryptResult containing the encrypted data along with all other information
* needed to decrypt it. This information should be stored with the encrypted data.
*/
EncryptResult Encrypt(
EncryptParameters const& parameters,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Gets whether this #CryptographyClient runs only local operations.
*
*/
bool LocalOnly() const noexcept { return m_remoteProvider == nullptr; }
/**
* @brief Decrypts ciphertext.
*
* @param parameters A #DecryptParameters containing the data to decrypt and other parameters
* for algorithm-dependent Decryption.
* @param context A #Azure::Core::Context to cancel the operation.
* @return An #DecryptResult containing the decrypted data along with all other information
* needed to decrypt it. This information should be stored with the Decrypted data.
*/
DecryptResult Decrypt(
DecryptParameters const& parameters,
Azure::Core::Context const& context = Azure::Core::Context());
public:
/**
* @brief Initializes a new instance of the #CryptographyClient class.
*
* @param keyId The key identifier of the #KeyVaultKey which will be used for cryptographic
* operations.
* @param credential A #TokenCredential used to authenticate requests to the vault, like
* DefaultAzureCredential.
* @param options #CryptographyClientOptions for the #CryptographyClient for local or remote
* operations on Key Vault.
*/
explicit CryptographyClient(
std::string const& keyId,
std::shared_ptr<Core::Credentials::TokenCredential const> credential,
CryptographyClientOptions options = CryptographyClientOptions())
: CryptographyClient(keyId, credential, options, false)
{
}
/**
* @brief Encrypts the specified key.
*
* @param algorithm The #KeyWrapAlgorithm to use.
* @param key The key to encrypt.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the wrap operation. The returned #WrapResult contains the wrapped key
* along with all other information needed to unwrap it. This information should be stored
* with the wrapped key.
*/
WrapResult WrapKey(
KeyWrapAlgorithm algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Destructs `%CryptographyClient`.
*
*/
~CryptographyClient();
/**
* @brief Decrypts the specified encrypted key.
*
* @param algorithm The #KeyWrapAlgorithm to use.
* @param encryptedKey The encrypted key.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the unwrap operation. The returned #UnwrapResult contains the key
* along with information regarding the algorithm and key used to unwrap it.
*/
UnwrapResult UnwrapKey(
KeyWrapAlgorithm algorithm,
std::vector<uint8_t> const& encryptedKey,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Encrypts plaintext.
*
* @param parameters An #EncryptParameters containing the data to encrypt and other parameters
* for algorithm-dependent encryption.
* @param context A #Azure::Core::Context to cancel the operation.
* @return An #EncryptResult containing the encrypted data along with all other information
* needed to decrypt it. This information should be stored with the encrypted data.
*/
EncryptResult Encrypt(
EncryptParameters const& parameters,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Signs the specified digest.
*
* @param algorithm The #SignatureAlgorithm to use.
* @param digest The pre-hashed digest to sign. The hash algorithm used to compute the digest
* must be compatable with the specified algorithm.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the sign operation. The returned #SignResult contains the signature
* along with all other information needed to verify it. This information should be stored
* with the signature.
*/
SignResult Sign(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& digest,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Decrypts ciphertext.
*
* @param parameters A #DecryptParameters containing the data to decrypt and other parameters
* for algorithm-dependent Decryption.
* @param context A #Azure::Core::Context to cancel the operation.
* @return An #DecryptResult containing the decrypted data along with all other information
* needed to decrypt it. This information should be stored with the Decrypted data.
*/
DecryptResult Decrypt(
DecryptParameters const& parameters,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Signs the specified data.
*
* @param algorithm The #SignatureAlgorithm to use.
* @param data The data to sign.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the sign operation. The returned #SignResult contains the signature
* along with all other information needed to verify it. This information should be stored
* with the signature.
*/
SignResult SignData(
SignatureAlgorithm algorithm,
Azure::Core::IO::BodyStream& data,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Encrypts the specified key.
*
* @param algorithm The #KeyWrapAlgorithm to use.
* @param key The key to encrypt.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the wrap operation. The returned #WrapResult contains the wrapped key
* along with all other information needed to unwrap it. This information should be stored
* with the wrapped key.
*/
WrapResult WrapKey(
KeyWrapAlgorithm algorithm,
std::vector<uint8_t> const& key,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Signs the specified data.
*
* @param algorithm The #SignatureAlgorithm to use.
* @param data The data to sign.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the sign operation. The returned #SignResult contains the signature
* along with all other information needed to verify it. This information should be stored
* with the signature.
*/
SignResult SignData(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& data,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Decrypts the specified encrypted key.
*
* @param algorithm The #KeyWrapAlgorithm to use.
* @param encryptedKey The encrypted key.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the unwrap operation. The returned #UnwrapResult contains the key
* along with information regarding the algorithm and key used to unwrap it.
*/
UnwrapResult UnwrapKey(
KeyWrapAlgorithm algorithm,
std::vector<uint8_t> const& encryptedKey,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Verifies the specified signature.
*
* @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to
* sign the digest.
* @param digest The pre-hashed digest corresponding to the signature. The hash algorithm used
* to compute the digest must be compatable with the specified algorithm.
* @param signature The signature to verify.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the verify operation. If the signature is valid the
* #VerifyResult.IsValid property of the returned #VerifyResult will be set to true.
*/
VerifyResult Verify(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& digest,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Signs the specified digest.
*
* @param algorithm The #SignatureAlgorithm to use.
* @param digest The pre-hashed digest to sign. The hash algorithm used to compute the digest
* must be compatable with the specified algorithm.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the sign operation. The returned #SignResult contains the signature
* along with all other information needed to verify it. This information should be stored
* with the signature.
*/
SignResult Sign(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& digest,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Verifies the specified signature.
*
* @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to
* sign the data.
* @param data The data corresponding to the signature.
* @param signature The signature to verify.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the verify operation. If the signature is valid the
* #VerifyResult.IsValid property of the returned #VerifyResult will be set to true.
*/
VerifyResult VerifyData(
SignatureAlgorithm algorithm,
Azure::Core::IO::BodyStream& data,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Signs the specified data.
*
* @param algorithm The #SignatureAlgorithm to use.
* @param data The data to sign.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the sign operation. The returned #SignResult contains the signature
* along with all other information needed to verify it. This information should be stored
* with the signature.
*/
SignResult SignData(
SignatureAlgorithm algorithm,
Azure::Core::IO::BodyStream& data,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Verifies the specified signature.
*
* @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to
* sign the data.
* @param data The data corresponding to the signature.
* @param signature The signature to verify.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the verify operation. If the signature is valid the
* #VerifyResult.IsValid property of the returned #VerifyResult will be set to true.
*/
VerifyResult VerifyData(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& data,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context = Azure::Core::Context());
};
/**
* @brief Signs the specified data.
*
* @param algorithm The #SignatureAlgorithm to use.
* @param data The data to sign.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the sign operation. The returned #SignResult contains the signature
* along with all other information needed to verify it. This information should be stored
* with the signature.
*/
SignResult SignData(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& data,
Azure::Core::Context const& context = Azure::Core::Context());
}}}}} // namespace Azure::Security::KeyVault::Keys::Cryptography
/**
* @brief Verifies the specified signature.
*
* @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to
* sign the digest.
* @param digest The pre-hashed digest corresponding to the signature. The hash algorithm used
* to compute the digest must be compatable with the specified algorithm.
* @param signature The signature to verify.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the verify operation. If the signature is valid the
* #VerifyResult.IsValid property of the returned #VerifyResult will be set to true.
*/
VerifyResult Verify(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& digest,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Verifies the specified signature.
*
* @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to
* sign the data.
* @param data The data corresponding to the signature.
* @param signature The signature to verify.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the verify operation. If the signature is valid the
* #VerifyResult.IsValid property of the returned #VerifyResult will be set to true.
*/
VerifyResult VerifyData(
SignatureAlgorithm algorithm,
Azure::Core::IO::BodyStream& data,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context = Azure::Core::Context());
/**
* @brief Verifies the specified signature.
*
* @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to
* sign the data.
* @param data The data corresponding to the signature.
* @param signature The signature to verify.
* @param context A #Azure::Core::Context to cancel the operation.
* @return The result of the verify operation. If the signature is valid the
* #VerifyResult.IsValid property of the returned #VerifyResult will be set to true.
*/
VerifyResult VerifyData(
SignatureAlgorithm algorithm,
std::vector<uint8_t> const& data,
std::vector<uint8_t> const& signature,
Azure::Core::Context const& context = Azure::Core::Context());
};
}} // namespace Keys::Cryptography
}}} // namespace Azure::Security::KeyVault

143
sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/key_client.hpp
View File

@ -9,8 +9,6 @@
#pragma once
#include "../src/private/keyvault_protocol.hpp"
#include "azure/keyvault/keys/backup_key_result.hpp"
#include "azure/keyvault/keys/delete_key_operation.hpp"
#include "azure/keyvault/keys/import_key_options.hpp"
@ -25,6 +23,10 @@
#include <list>
#include <vector>
namespace Azure { namespace Security { namespace KeyVault { namespace _detail {
class KeyVaultProtocolClient;
}}}} // namespace Azure::Security::KeyVault::_detail
namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
@ -127,12 +129,13 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
* @brief Creates and stores a new Elliptic Curve key in Key Vault.
*
* @remark If the named key already exists, Azure Key Vault creates a new version of the key.
* @remark If the named key already exists, Azure Key Vault creates a new version of the
* key.
*
* @remark This operation requires the keys/create permission.
*
* @param ecKeyOptions The key options object containing information about the Elliptic Curve
* key being created.
* @param ecKeyOptions The key options object containing information about the Elliptic
* Curve key being created.
* @param context A #Azure::Core::Context controlling the request lifetime.
* @return The Key wrapped in the Response.
*/
@ -143,12 +146,13 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
* @brief Creates and stores a new RSA key in Key Vault.
*
* @remark If the named key already exists, Azure Key Vault creates a new version of the key.
* @remark If the named key already exists, Azure Key Vault creates a new version of the
* key.
*
* @remark This operation requires the keys/create permission.
*
* @param rsaKeyOptions The key options object containing information about the RSA key being
* created.
* @param rsaKeyOptions The key options object containing information about the RSA key
* being created.
* @param context A #Azure::Core::Context controlling the request lifetime.
* @return The Key wrapped in the Response.
*/
@ -159,12 +163,13 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
* @brief Creates and stores a new AES key in Key Vault.
*
* @remark If the named key already exists, Azure Key Vault creates a new version of the key.
* @remark If the named key already exists, Azure Key Vault creates a new version of the
* key.
*
* @remark This operation requires the keys/create permission.
*
* @param octKeyOptions The key options object containing information about the AES key being
* created.
* @param octKeyOptions The key options object containing information about the AES key
* being created.
* @param context A #Azure::Core::Context controlling the request lifetime.
* @return The Key wrapped in the Response.
*/
@ -173,13 +178,13 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
Azure::Core::Context const& context = Azure::Core::Context()) const;
/**
* @brief Get a single page with the properties of all keys in the specified vault. You can use
* the returned #KeyProperties.Name in subsequent calls to #GetKey.
* @brief Get a single page with the properties of all keys in the specified vault. You can
* use the returned #KeyProperties.Name in subsequent calls to #GetKey.
*
* @remark Retrieves a list of the keys in the Key Vault that contains the public part of a
* stored key. The operation is applicable to all key types, however only the base key
* identifier, attributes, and tags are provided in the response. Individual versions of a key
* are not listed in the response. This operation requires the keys/list permission.
* identifier, attributes, and tags are provided in the response. Individual versions of a
* key are not listed in the response. This operation requires the keys/list permission.
*
* @remark Use \p options to control which page to get. If
* #GetPropertiesOfKeysOptions.NextPageToken is not set, the operation will get the first
@ -195,9 +200,9 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
Azure::Core::Context const& context = Azure::Core::Context()) const;
/**
* @brief Get one page listing the properties of all the versions of the specified key. You can
* use the returned #KeyProperties.Name and #KeyProperties.Version in subsequent calls to
* #GetKey.
* @brief Get one page listing the properties of all the versions of the specified key. You
* can use the returned #KeyProperties.Name and #KeyProperties.Version in subsequent calls
* to #GetKey.
*
* @remark The full identifier, attributes, and tags are provided in the response. This
* operation requires the keys/list permission.
@ -220,17 +225,17 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
* @brief Deletes a key of any type from storage in Azure Key Vault.
*
* @remark The delete key operation cannot be used to remove individual versions of a key. This
* operation removes the cryptographic material associated with the key, which means the key is
* not usable for Sign/Verify, WrapKey/Unwrap or Encrypt/Decrypt operations. This operation
* requires the keys/delete permission.
* @remark The delete key operation cannot be used to remove individual versions of a key.
* This operation removes the cryptographic material associated with the key, which means
* the key is not usable for Sign/Verify, WrapKey/Unwrap or Encrypt/Decrypt operations. This
* operation requires the keys/delete permission.
*
* @param name The name of the key.
* @param context A cancellation token controlling the request lifetime.
* @return A #Azure::Security::KeyVault::Keys::DeleteKeyOperation to wait on this long-running
* operation. If the key is soft delete-enabled, you only need to wait for the operation to
* complete if you need to recover or purge the key; otherwise, the key is deleted automatically
* on purge schedule.
* @return A #Azure::Security::KeyVault::Keys::DeleteKeyOperation to wait on this
* long-running operation. If the key is soft delete-enabled, you only need to wait for the
* operation to complete if you need to recover or purge the key; otherwise, the key is
* deleted automatically on purge schedule.
*/
Azure::Security::KeyVault::Keys::DeleteKeyOperation StartDeleteKey(
std::string const& name,
@ -239,8 +244,8 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
* @brief Gets the public part of a deleted key.
*
* @remark The Get Deleted Key operation is applicable for soft-delete enabled vaults. While the
* operation can be invoked on any vault, it will return an error if invoked on a non
* @remark The Get Deleted Key operation is applicable for soft-delete enabled vaults. While
* the operation can be invoked on any vault, it will return an error if invoked on a non
* soft-delete enabled vault. This operation requires the keys/get permission.
*
* @param name The name of the key.
@ -254,8 +259,8 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
* @brief Get a page listing the deleted keys in the specified vault.
*
* @remark Retrieves the list of the keys in the Key Vault that contains the public part of the
* deleted key. This operation includes deletion-specific information. This operation is
* @remark Retrieves the list of the keys in the Key Vault that contains the public part of
* the deleted key. This operation includes deletion-specific information. This operation is
* applicable for vaults enabled for soft-delete. While the operation can be invoked on any
* vault, it will return error if invoked on a non soft-delete enabled vault. This operation
* requires the keys/list permission.
@ -276,9 +281,9 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
* @brief Permanently deletes the specified key.
*
* @remark The Purge Deleted Key operation is applicable for soft-delete enabled values. While
* the operation can be invoked on any vault, it will return an error if invoked on a non
* soft-delete enabled vault. This operation requires the keys/purge permission.
* @remark The Purge Deleted Key operation is applicable for soft-delete enabled values.
* While the operation can be invoked on any vault, it will return an error if invoked on a
* non soft-delete enabled vault. This operation requires the keys/purge permission.
*
* @param name The name of the key.
* @param context A #Azure::Core::Context controlling the request lifetime.
@ -292,9 +297,9 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
*
* @remark The Recover Deleted Key operation is applicable for deleted keys in soft-delete
* enabled vaults. It recovers the deleted key back to its latest version under /keys. An
* attempt to recover an non-deleted key will return an error. Consider this the inverse of the
* delete operation on soft-delete enabled vaults. This operation requires the keys/recover
* permission.
* attempt to recover an non-deleted key will return an error. Consider this the inverse of
* the delete operation on soft-delete enabled vaults. This operation requires the
* keys/recover permission.
*
* @param name The name of the key.
* @param context A #Azure::Core::Context controlling the request lifetime.
@ -309,12 +314,12 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
* applied to any key type and key version stored in Azure Key Vault.
*
* @remark In order to perform this operation, the key must already exist in the Key Vault.
* Note: The cryptographic material of a key itself cannot be changed. This operation requires
* the keys/update permission.
* Note: The cryptographic material of a key itself cannot be changed. This operation
* requires the keys/update permission.
*
* @param properties The #KeyProperties object with updated properties.
* @param keyOperations Optional list of supported #KeyOperation. If no operation list provided,
* no changes will be made to existing key operations.
* @param keyOperations Optional list of supported #KeyOperation. If no operation list
* provided, no changes will be made to existing key operations.
* @param context A #Azure::Core::Context controlling the request lifetime.
* @return Azure::Response<KeyVaultKey>
*/
@ -327,17 +332,17 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
* @brief Request that a backup of the specified be downloaded to the client.
*
* @remark The Key Backup operation exports a key from Azure Key Vault in a protected form. Note
* that this operation does NOT return the actual key in a form that can be used outside the
* Azure Key Vault system, the returned key is either protected to a Azure Key Vault HSM or to
* Azure Key Vault itself. The intent of this operation is to allow a client to GENERATE a key
* in one Azure Key Vault instance, BACKUP the key, and then RESTORE it into another Azure Key
* Vault instance. The BACKUP operation may be used to export, in protected form, any key type
* from Azure Key Vault. Individual versions of a key cannot be backed up. BACKUP / RESTORE can
* be performed within geographical boundaries only; meaning that a BACKUP from one geographical
* are cannot be restored to another geographical are. For example, a backup from the US
* geographical are cannot be restored in an EU geographical area. This operation requires the
* key/backup permission.
* @remark The Key Backup operation exports a key from Azure Key Vault in a protected form.
* Note that this operation does NOT return the actual key in a form that can be used
* outside the Azure Key Vault system, the returned key is either protected to a Azure Key
* Vault HSM or to Azure Key Vault itself. The intent of this operation is to allow a client
* to GENERATE a key in one Azure Key Vault instance, BACKUP the key, and then RESTORE it
* into another Azure Key Vault instance. The BACKUP operation may be used to export, in
* protected form, any key type from Azure Key Vault. Individual versions of a key cannot be
* backed up. BACKUP / RESTORE can be performed within geographical boundaries only; meaning
* that a BACKUP from one geographical are cannot be restored to another geographical are.
* For example, a backup from the US geographical are cannot be restored in an EU
* geographical area. This operation requires the key/backup permission.
*
* @param name The name of the key.
* @param context A #Azure::Core::Context controlling the request lifetime.
@ -349,17 +354,17 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
/**
* @brief Restores a backed up key to keyvault.
*
* @remark Imports a previously backed up key into Azure Key Vault, restoring the key, its key
* identifier, attributes, and access control policies. The RESTORE operation may be used to
* import a previously backed up key. Individual versions of a key cannot be restored. The key
* is restored in its entirety with the same key name as it had when it was backed up. If the
* key name is not available in the target Key Vault, the RESTORE operation will be rejected.
* While the key name is retained during restore, the final key identifier will change if the
* key is restored to a different vault. Restore will restore all versions and preserve version
* identifiers. The RESTORE operation is subject to security constrains: The target Key Vault
* must be owned by the same Microsoft Azure Subscription as the source Key Vault. The user must
* have RESTORE permission in the target Key Vault. This operation requires the keys/restore
* permission.
* @remark Imports a previously backed up key into Azure Key Vault, restoring the key, its
* key identifier, attributes, and access control policies. The RESTORE operation may be
* used to import a previously backed up key. Individual versions of a key cannot be
* restored. The key is restored in its entirety with the same key name as it had when it
* was backed up. If the key name is not available in the target Key Vault, the RESTORE
* operation will be rejected. While the key name is retained during restore, the final key
* identifier will change if the key is restored to a different vault. Restore will restore
* all versions and preserve version identifiers. The RESTORE operation is subject to
* security constrains: The target Key Vault must be owned by the same Microsoft Azure
* Subscription as the source Key Vault. The user must have RESTORE permission in the target
* Key Vault. This operation requires the keys/restore permission.
*
* @param backup The backup blob associated with a key.
* @param context A #Azure::Core::Context controlling the request lifetime.
@ -372,9 +377,9 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
* @brief Imports an externally created ket, stores it, and returns jey parameters and
* attributes to the client.
*
* @remark The import key operation may be used to import any key type into an Azure Key Vault.
* If the named key already exists, Azure Key Vault creates a new version of the key. This
* operation requires the keys/import permission.
* @remark The import key operation may be used to import any key type into an Azure Key
* Vault. If the named key already exists, Azure Key Vault creates a new version of the key.
* This operation requires the keys/import permission.
*
* @param name The name of the key.
* @param keyMaterial The #JsonWebKey being imported.
@ -390,12 +395,12 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys {
* @brief Imports an externally created key, stores it, and returns key parameters and
* attributes to the client.
*
* @remark The import operation may be used to import any key type into an Azure Key Vault. If
* the named key already exists, Azure Key Vault creates a new version of the key. This
* @remark The import operation may be used to import any key type into an Azure Key Vault.
* If the named key already exists, Azure Key Vault creates a new version of the key. This
* operation requires the keys/import permission.
*
* @param importKeyOptions The key import configuration object containing information about the
* #JsonWebKey being imported.
* @param importKeyOptions The key import configuration object containing information about
* the #JsonWebKey being imported.
* @param context A #Azure::Core::Context controlling the request lifetime.
*/
Azure::Response<KeyVaultKey> ImportKey(

1
sdk/keyvault/azure-security-keyvault-keys/src/cryptography/remote_cryptography_client.cpp
View File

@ -4,6 +4,7 @@
#include <azure/core/credentials/credentials.hpp>
#include <azure/core/http/http.hpp>
#include <azure/core/http/policies/policy.hpp>
#include <azure/core/internal/http/pipeline.hpp>
#include "../private/cryptography_serializers.hpp"
#include "../private/key_constants.hpp"

2
sdk/keyvault/azure-security-keyvault-keys/src/key_client.cpp
View File

@ -4,12 +4,14 @@
#include <azure/core/credentials/credentials.hpp>
#include <azure/core/http/http.hpp>
#include <azure/core/http/policies/policy.hpp>
#include <azure/core/internal/http/pipeline.hpp>
#include "azure/keyvault/keys/key_client.hpp"
#include "private/key_backup.hpp"
#include "private/key_constants.hpp"
#include "private/key_request_parameters.hpp"
#include "private/key_serializers.hpp"
#include "private/keyvault_protocol.hpp"
#include <memory>
#include <string>

3
sdk/keyvault/azure-security-keyvault-keys/test/ut/mocked_transport_adapter_test.hpp
View File

@ -10,7 +10,10 @@
#include <gtest/gtest.h>
#include "./../../src/private/key_serializers.hpp"
#include "./../../src/private/keyvault_protocol.hpp"
#include <azure/core.hpp>
#include <azure/core/internal/http/pipeline.hpp>
#include <azure/keyvault/key_vault_keys.hpp>
#include <cstdio>
#include <string>