From e69f6e182a31daafd95ed7b9fc6219da3910995e Mon Sep 17 00:00:00 2001 From: Ahson Khan Date: Wed, 14 Jul 2021 20:21:42 -0700 Subject: [PATCH] Use forward declaration to avoid exposing private/src headers from public headers. (#2626) * Remove InitRequest helper method * Rename KeyVaultPipeline to KeyVaultProtocolClient along with headers. * Move the KeyVaultProtocolClient into private imlpementation detail of Keys. * Update doc comments. * Stop building keyvault common for now since it contains no sources. * Don't generate keyvault common docs since there are no files. * Stop building azure-security-keyvault-common as part of CI. * Use forward declaration to avoid exposing private/src headers from public headers. * Simplify after the merge from main. --- .../keys/cryptography/cryptography_client.hpp | 399 +++++++++--------- .../inc/azure/keyvault/keys/key_client.hpp | 143 ++++--- .../remote_cryptography_client.cpp | 1 + .../src/key_client.cpp | 2 + .../test/ut/mocked_transport_adapter_test.hpp | 3 + 5 files changed, 280 insertions(+), 268 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/cryptography/cryptography_client.hpp b/sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/cryptography/cryptography_client.hpp index 4ab1d115d..7ffcf7269 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/cryptography/cryptography_client.hpp +++ b/sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/cryptography/cryptography_client.hpp @@ -9,8 +9,6 @@ #pragma once -#include "../src/private/keyvault_protocol.hpp" - #include #include @@ -30,222 +28,225 @@ #include #include -namespace Azure { - namespace Security { - namespace KeyVault { - namespace Keys { - namespace Cryptography { +namespace Azure { namespace Security { namespace KeyVault { namespace _detail { - struct CryptographyProvider; - struct RemoteCryptographyClient; + class KeyVaultProtocolClient; } // namespace _detail - /** - * @brief A client used to perform cryptographic operations with Azure Key Vault keys. - * - */ - class CryptographyClient final { - private: - std::shared_ptr m_pipeline; - std::string m_keyId; - std::shared_ptr< - Azure::Security::KeyVault::Keys::Cryptography::_detail::RemoteCryptographyClient> - m_remoteProvider; - std::shared_ptr - m_provider; + namespace Keys { namespace Cryptography { - explicit CryptographyClient( - std::string const& keyId, - std::shared_ptr credential, - CryptographyClientOptions const& options, - bool forceRemote); - - void Initialize(std::string const& operation, Azure::Core::Context const& context); + namespace _detail { + struct CryptographyProvider; + struct RemoteCryptographyClient; + } // namespace _detail /** - * @brief Gets whether this #CryptographyClient runs only local operations. + * @brief A client used to perform cryptographic operations with Azure Key Vault keys. * */ - bool LocalOnly() const noexcept { return m_remoteProvider == nullptr; } + class CryptographyClient final { + private: + std::shared_ptr m_pipeline; + std::string m_keyId; + std::shared_ptr< + Azure::Security::KeyVault::Keys::Cryptography::_detail::RemoteCryptographyClient> + m_remoteProvider; + std::shared_ptr + m_provider; - public: - /** - * @brief Initializes a new instance of the #CryptographyClient class. - * - * @param keyId The key identifier of the #KeyVaultKey which will be used for cryptographic - * operations. - * @param credential A #TokenCredential used to authenticate requests to the vault, like - * DefaultAzureCredential. - * @param options #CryptographyClientOptions for the #CryptographyClient for local or remote - * operations on Key Vault. - */ - explicit CryptographyClient( - std::string const& keyId, - std::shared_ptr credential, - CryptographyClientOptions options = CryptographyClientOptions()) - : CryptographyClient(keyId, credential, options, false) - { - } + explicit CryptographyClient( + std::string const& keyId, + std::shared_ptr credential, + CryptographyClientOptions const& options, + bool forceRemote); - /** - * @brief Destructs `%CryptographyClient`. - * - */ - ~CryptographyClient(); + void Initialize(std::string const& operation, Azure::Core::Context const& context); - /** - * @brief Encrypts plaintext. - * - * @param parameters An #EncryptParameters containing the data to encrypt and other parameters - * for algorithm-dependent encryption. - * @param context A #Azure::Core::Context to cancel the operation. - * @return An #EncryptResult containing the encrypted data along with all other information - * needed to decrypt it. This information should be stored with the encrypted data. - */ - EncryptResult Encrypt( - EncryptParameters const& parameters, - Azure::Core::Context const& context = Azure::Core::Context()); + /** + * @brief Gets whether this #CryptographyClient runs only local operations. + * + */ + bool LocalOnly() const noexcept { return m_remoteProvider == nullptr; } - /** - * @brief Decrypts ciphertext. - * - * @param parameters A #DecryptParameters containing the data to decrypt and other parameters - * for algorithm-dependent Decryption. - * @param context A #Azure::Core::Context to cancel the operation. - * @return An #DecryptResult containing the decrypted data along with all other information - * needed to decrypt it. This information should be stored with the Decrypted data. - */ - DecryptResult Decrypt( - DecryptParameters const& parameters, - Azure::Core::Context const& context = Azure::Core::Context()); + public: + /** + * @brief Initializes a new instance of the #CryptographyClient class. + * + * @param keyId The key identifier of the #KeyVaultKey which will be used for cryptographic + * operations. + * @param credential A #TokenCredential used to authenticate requests to the vault, like + * DefaultAzureCredential. + * @param options #CryptographyClientOptions for the #CryptographyClient for local or remote + * operations on Key Vault. + */ + explicit CryptographyClient( + std::string const& keyId, + std::shared_ptr credential, + CryptographyClientOptions options = CryptographyClientOptions()) + : CryptographyClient(keyId, credential, options, false) + { + } - /** - * @brief Encrypts the specified key. - * - * @param algorithm The #KeyWrapAlgorithm to use. - * @param key The key to encrypt. - * @param context A #Azure::Core::Context to cancel the operation. - * @return The result of the wrap operation. The returned #WrapResult contains the wrapped key - * along with all other information needed to unwrap it. This information should be stored - * with the wrapped key. - */ - WrapResult WrapKey( - KeyWrapAlgorithm algorithm, - std::vector const& key, - Azure::Core::Context const& context = Azure::Core::Context()); + /** + * @brief Destructs `%CryptographyClient`. + * + */ + ~CryptographyClient(); - /** - * @brief Decrypts the specified encrypted key. - * - * @param algorithm The #KeyWrapAlgorithm to use. - * @param encryptedKey The encrypted key. - * @param context A #Azure::Core::Context to cancel the operation. - * @return The result of the unwrap operation. The returned #UnwrapResult contains the key - * along with information regarding the algorithm and key used to unwrap it. - */ - UnwrapResult UnwrapKey( - KeyWrapAlgorithm algorithm, - std::vector const& encryptedKey, - Azure::Core::Context const& context = Azure::Core::Context()); + /** + * @brief Encrypts plaintext. + * + * @param parameters An #EncryptParameters containing the data to encrypt and other parameters + * for algorithm-dependent encryption. + * @param context A #Azure::Core::Context to cancel the operation. + * @return An #EncryptResult containing the encrypted data along with all other information + * needed to decrypt it. This information should be stored with the encrypted data. + */ + EncryptResult Encrypt( + EncryptParameters const& parameters, + Azure::Core::Context const& context = Azure::Core::Context()); - /** - * @brief Signs the specified digest. - * - * @param algorithm The #SignatureAlgorithm to use. - * @param digest The pre-hashed digest to sign. The hash algorithm used to compute the digest - * must be compatable with the specified algorithm. - * @param context A #Azure::Core::Context to cancel the operation. - * @return The result of the sign operation. The returned #SignResult contains the signature - * along with all other information needed to verify it. This information should be stored - * with the signature. - */ - SignResult Sign( - SignatureAlgorithm algorithm, - std::vector const& digest, - Azure::Core::Context const& context = Azure::Core::Context()); + /** + * @brief Decrypts ciphertext. + * + * @param parameters A #DecryptParameters containing the data to decrypt and other parameters + * for algorithm-dependent Decryption. + * @param context A #Azure::Core::Context to cancel the operation. + * @return An #DecryptResult containing the decrypted data along with all other information + * needed to decrypt it. This information should be stored with the Decrypted data. + */ + DecryptResult Decrypt( + DecryptParameters const& parameters, + Azure::Core::Context const& context = Azure::Core::Context()); - /** - * @brief Signs the specified data. - * - * @param algorithm The #SignatureAlgorithm to use. - * @param data The data to sign. - * @param context A #Azure::Core::Context to cancel the operation. - * @return The result of the sign operation. The returned #SignResult contains the signature - * along with all other information needed to verify it. This information should be stored - * with the signature. - */ - SignResult SignData( - SignatureAlgorithm algorithm, - Azure::Core::IO::BodyStream& data, - Azure::Core::Context const& context = Azure::Core::Context()); + /** + * @brief Encrypts the specified key. + * + * @param algorithm The #KeyWrapAlgorithm to use. + * @param key The key to encrypt. + * @param context A #Azure::Core::Context to cancel the operation. + * @return The result of the wrap operation. The returned #WrapResult contains the wrapped key + * along with all other information needed to unwrap it. This information should be stored + * with the wrapped key. + */ + WrapResult WrapKey( + KeyWrapAlgorithm algorithm, + std::vector const& key, + Azure::Core::Context const& context = Azure::Core::Context()); - /** - * @brief Signs the specified data. - * - * @param algorithm The #SignatureAlgorithm to use. - * @param data The data to sign. - * @param context A #Azure::Core::Context to cancel the operation. - * @return The result of the sign operation. The returned #SignResult contains the signature - * along with all other information needed to verify it. This information should be stored - * with the signature. - */ - SignResult SignData( - SignatureAlgorithm algorithm, - std::vector const& data, - Azure::Core::Context const& context = Azure::Core::Context()); + /** + * @brief Decrypts the specified encrypted key. + * + * @param algorithm The #KeyWrapAlgorithm to use. + * @param encryptedKey The encrypted key. + * @param context A #Azure::Core::Context to cancel the operation. + * @return The result of the unwrap operation. The returned #UnwrapResult contains the key + * along with information regarding the algorithm and key used to unwrap it. + */ + UnwrapResult UnwrapKey( + KeyWrapAlgorithm algorithm, + std::vector const& encryptedKey, + Azure::Core::Context const& context = Azure::Core::Context()); - /** - * @brief Verifies the specified signature. - * - * @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to - * sign the digest. - * @param digest The pre-hashed digest corresponding to the signature. The hash algorithm used - * to compute the digest must be compatable with the specified algorithm. - * @param signature The signature to verify. - * @param context A #Azure::Core::Context to cancel the operation. - * @return The result of the verify operation. If the signature is valid the - * #VerifyResult.IsValid property of the returned #VerifyResult will be set to true. - */ - VerifyResult Verify( - SignatureAlgorithm algorithm, - std::vector const& digest, - std::vector const& signature, - Azure::Core::Context const& context = Azure::Core::Context()); + /** + * @brief Signs the specified digest. + * + * @param algorithm The #SignatureAlgorithm to use. + * @param digest The pre-hashed digest to sign. The hash algorithm used to compute the digest + * must be compatable with the specified algorithm. + * @param context A #Azure::Core::Context to cancel the operation. + * @return The result of the sign operation. The returned #SignResult contains the signature + * along with all other information needed to verify it. This information should be stored + * with the signature. + */ + SignResult Sign( + SignatureAlgorithm algorithm, + std::vector const& digest, + Azure::Core::Context const& context = Azure::Core::Context()); - /** - * @brief Verifies the specified signature. - * - * @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to - * sign the data. - * @param data The data corresponding to the signature. - * @param signature The signature to verify. - * @param context A #Azure::Core::Context to cancel the operation. - * @return The result of the verify operation. If the signature is valid the - * #VerifyResult.IsValid property of the returned #VerifyResult will be set to true. - */ - VerifyResult VerifyData( - SignatureAlgorithm algorithm, - Azure::Core::IO::BodyStream& data, - std::vector const& signature, - Azure::Core::Context const& context = Azure::Core::Context()); + /** + * @brief Signs the specified data. + * + * @param algorithm The #SignatureAlgorithm to use. + * @param data The data to sign. + * @param context A #Azure::Core::Context to cancel the operation. + * @return The result of the sign operation. The returned #SignResult contains the signature + * along with all other information needed to verify it. This information should be stored + * with the signature. + */ + SignResult SignData( + SignatureAlgorithm algorithm, + Azure::Core::IO::BodyStream& data, + Azure::Core::Context const& context = Azure::Core::Context()); - /** - * @brief Verifies the specified signature. - * - * @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to - * sign the data. - * @param data The data corresponding to the signature. - * @param signature The signature to verify. - * @param context A #Azure::Core::Context to cancel the operation. - * @return The result of the verify operation. If the signature is valid the - * #VerifyResult.IsValid property of the returned #VerifyResult will be set to true. - */ - VerifyResult VerifyData( - SignatureAlgorithm algorithm, - std::vector const& data, - std::vector const& signature, - Azure::Core::Context const& context = Azure::Core::Context()); - }; + /** + * @brief Signs the specified data. + * + * @param algorithm The #SignatureAlgorithm to use. + * @param data The data to sign. + * @param context A #Azure::Core::Context to cancel the operation. + * @return The result of the sign operation. The returned #SignResult contains the signature + * along with all other information needed to verify it. This information should be stored + * with the signature. + */ + SignResult SignData( + SignatureAlgorithm algorithm, + std::vector const& data, + Azure::Core::Context const& context = Azure::Core::Context()); -}}}}} // namespace Azure::Security::KeyVault::Keys::Cryptography + /** + * @brief Verifies the specified signature. + * + * @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to + * sign the digest. + * @param digest The pre-hashed digest corresponding to the signature. The hash algorithm used + * to compute the digest must be compatable with the specified algorithm. + * @param signature The signature to verify. + * @param context A #Azure::Core::Context to cancel the operation. + * @return The result of the verify operation. If the signature is valid the + * #VerifyResult.IsValid property of the returned #VerifyResult will be set to true. + */ + VerifyResult Verify( + SignatureAlgorithm algorithm, + std::vector const& digest, + std::vector const& signature, + Azure::Core::Context const& context = Azure::Core::Context()); + + /** + * @brief Verifies the specified signature. + * + * @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to + * sign the data. + * @param data The data corresponding to the signature. + * @param signature The signature to verify. + * @param context A #Azure::Core::Context to cancel the operation. + * @return The result of the verify operation. If the signature is valid the + * #VerifyResult.IsValid property of the returned #VerifyResult will be set to true. + */ + VerifyResult VerifyData( + SignatureAlgorithm algorithm, + Azure::Core::IO::BodyStream& data, + std::vector const& signature, + Azure::Core::Context const& context = Azure::Core::Context()); + + /** + * @brief Verifies the specified signature. + * + * @param algorithm The #SignatureAlgorithm to use. This must be the same algorithm used to + * sign the data. + * @param data The data corresponding to the signature. + * @param signature The signature to verify. + * @param context A #Azure::Core::Context to cancel the operation. + * @return The result of the verify operation. If the signature is valid the + * #VerifyResult.IsValid property of the returned #VerifyResult will be set to true. + */ + VerifyResult VerifyData( + SignatureAlgorithm algorithm, + std::vector const& data, + std::vector const& signature, + Azure::Core::Context const& context = Azure::Core::Context()); + }; + + }} // namespace Keys::Cryptography +}}} // namespace Azure::Security::KeyVault diff --git a/sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/key_client.hpp b/sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/key_client.hpp index 6d3d87baf..3820cfb9f 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/key_client.hpp +++ b/sdk/keyvault/azure-security-keyvault-keys/inc/azure/keyvault/keys/key_client.hpp @@ -9,8 +9,6 @@ #pragma once -#include "../src/private/keyvault_protocol.hpp" - #include "azure/keyvault/keys/backup_key_result.hpp" #include "azure/keyvault/keys/delete_key_operation.hpp" #include "azure/keyvault/keys/import_key_options.hpp" @@ -25,6 +23,10 @@ #include #include +namespace Azure { namespace Security { namespace KeyVault { namespace _detail { + class KeyVaultProtocolClient; +}}}} // namespace Azure::Security::KeyVault::_detail + namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** @@ -127,12 +129,13 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** * @brief Creates and stores a new Elliptic Curve key in Key Vault. * - * @remark If the named key already exists, Azure Key Vault creates a new version of the key. + * @remark If the named key already exists, Azure Key Vault creates a new version of the + * key. * * @remark This operation requires the keys/create permission. * - * @param ecKeyOptions The key options object containing information about the Elliptic Curve - * key being created. + * @param ecKeyOptions The key options object containing information about the Elliptic + * Curve key being created. * @param context A #Azure::Core::Context controlling the request lifetime. * @return The Key wrapped in the Response. */ @@ -143,12 +146,13 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** * @brief Creates and stores a new RSA key in Key Vault. * - * @remark If the named key already exists, Azure Key Vault creates a new version of the key. + * @remark If the named key already exists, Azure Key Vault creates a new version of the + * key. * * @remark This operation requires the keys/create permission. * - * @param rsaKeyOptions The key options object containing information about the RSA key being - * created. + * @param rsaKeyOptions The key options object containing information about the RSA key + * being created. * @param context A #Azure::Core::Context controlling the request lifetime. * @return The Key wrapped in the Response. */ @@ -159,12 +163,13 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** * @brief Creates and stores a new AES key in Key Vault. * - * @remark If the named key already exists, Azure Key Vault creates a new version of the key. + * @remark If the named key already exists, Azure Key Vault creates a new version of the + * key. * * @remark This operation requires the keys/create permission. * - * @param octKeyOptions The key options object containing information about the AES key being - * created. + * @param octKeyOptions The key options object containing information about the AES key + * being created. * @param context A #Azure::Core::Context controlling the request lifetime. * @return The Key wrapped in the Response. */ @@ -173,13 +178,13 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { Azure::Core::Context const& context = Azure::Core::Context()) const; /** - * @brief Get a single page with the properties of all keys in the specified vault. You can use - * the returned #KeyProperties.Name in subsequent calls to #GetKey. + * @brief Get a single page with the properties of all keys in the specified vault. You can + * use the returned #KeyProperties.Name in subsequent calls to #GetKey. * * @remark Retrieves a list of the keys in the Key Vault that contains the public part of a * stored key. The operation is applicable to all key types, however only the base key - * identifier, attributes, and tags are provided in the response. Individual versions of a key - * are not listed in the response. This operation requires the keys/list permission. + * identifier, attributes, and tags are provided in the response. Individual versions of a + * key are not listed in the response. This operation requires the keys/list permission. * * @remark Use \p options to control which page to get. If * #GetPropertiesOfKeysOptions.NextPageToken is not set, the operation will get the first @@ -195,9 +200,9 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { Azure::Core::Context const& context = Azure::Core::Context()) const; /** - * @brief Get one page listing the properties of all the versions of the specified key. You can - * use the returned #KeyProperties.Name and #KeyProperties.Version in subsequent calls to - * #GetKey. + * @brief Get one page listing the properties of all the versions of the specified key. You + * can use the returned #KeyProperties.Name and #KeyProperties.Version in subsequent calls + * to #GetKey. * * @remark The full identifier, attributes, and tags are provided in the response. This * operation requires the keys/list permission. @@ -220,17 +225,17 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** * @brief Deletes a key of any type from storage in Azure Key Vault. * - * @remark The delete key operation cannot be used to remove individual versions of a key. This - * operation removes the cryptographic material associated with the key, which means the key is - * not usable for Sign/Verify, WrapKey/Unwrap or Encrypt/Decrypt operations. This operation - * requires the keys/delete permission. + * @remark The delete key operation cannot be used to remove individual versions of a key. + * This operation removes the cryptographic material associated with the key, which means + * the key is not usable for Sign/Verify, WrapKey/Unwrap or Encrypt/Decrypt operations. This + * operation requires the keys/delete permission. * * @param name The name of the key. * @param context A cancellation token controlling the request lifetime. - * @return A #Azure::Security::KeyVault::Keys::DeleteKeyOperation to wait on this long-running - * operation. If the key is soft delete-enabled, you only need to wait for the operation to - * complete if you need to recover or purge the key; otherwise, the key is deleted automatically - * on purge schedule. + * @return A #Azure::Security::KeyVault::Keys::DeleteKeyOperation to wait on this + * long-running operation. If the key is soft delete-enabled, you only need to wait for the + * operation to complete if you need to recover or purge the key; otherwise, the key is + * deleted automatically on purge schedule. */ Azure::Security::KeyVault::Keys::DeleteKeyOperation StartDeleteKey( std::string const& name, @@ -239,8 +244,8 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** * @brief Gets the public part of a deleted key. * - * @remark The Get Deleted Key operation is applicable for soft-delete enabled vaults. While the - * operation can be invoked on any vault, it will return an error if invoked on a non + * @remark The Get Deleted Key operation is applicable for soft-delete enabled vaults. While + * the operation can be invoked on any vault, it will return an error if invoked on a non * soft-delete enabled vault. This operation requires the keys/get permission. * * @param name The name of the key. @@ -254,8 +259,8 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** * @brief Get a page listing the deleted keys in the specified vault. * - * @remark Retrieves the list of the keys in the Key Vault that contains the public part of the - * deleted key. This operation includes deletion-specific information. This operation is + * @remark Retrieves the list of the keys in the Key Vault that contains the public part of + * the deleted key. This operation includes deletion-specific information. This operation is * applicable for vaults enabled for soft-delete. While the operation can be invoked on any * vault, it will return error if invoked on a non soft-delete enabled vault. This operation * requires the keys/list permission. @@ -276,9 +281,9 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** * @brief Permanently deletes the specified key. * - * @remark The Purge Deleted Key operation is applicable for soft-delete enabled values. While - * the operation can be invoked on any vault, it will return an error if invoked on a non - * soft-delete enabled vault. This operation requires the keys/purge permission. + * @remark The Purge Deleted Key operation is applicable for soft-delete enabled values. + * While the operation can be invoked on any vault, it will return an error if invoked on a + * non soft-delete enabled vault. This operation requires the keys/purge permission. * * @param name The name of the key. * @param context A #Azure::Core::Context controlling the request lifetime. @@ -292,9 +297,9 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { * * @remark The Recover Deleted Key operation is applicable for deleted keys in soft-delete * enabled vaults. It recovers the deleted key back to its latest version under /keys. An - * attempt to recover an non-deleted key will return an error. Consider this the inverse of the - * delete operation on soft-delete enabled vaults. This operation requires the keys/recover - * permission. + * attempt to recover an non-deleted key will return an error. Consider this the inverse of + * the delete operation on soft-delete enabled vaults. This operation requires the + * keys/recover permission. * * @param name The name of the key. * @param context A #Azure::Core::Context controlling the request lifetime. @@ -309,12 +314,12 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { * applied to any key type and key version stored in Azure Key Vault. * * @remark In order to perform this operation, the key must already exist in the Key Vault. - * Note: The cryptographic material of a key itself cannot be changed. This operation requires - * the keys/update permission. + * Note: The cryptographic material of a key itself cannot be changed. This operation + * requires the keys/update permission. * * @param properties The #KeyProperties object with updated properties. - * @param keyOperations Optional list of supported #KeyOperation. If no operation list provided, - * no changes will be made to existing key operations. + * @param keyOperations Optional list of supported #KeyOperation. If no operation list + * provided, no changes will be made to existing key operations. * @param context A #Azure::Core::Context controlling the request lifetime. * @return Azure::Response */ @@ -327,17 +332,17 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** * @brief Request that a backup of the specified be downloaded to the client. * - * @remark The Key Backup operation exports a key from Azure Key Vault in a protected form. Note - * that this operation does NOT return the actual key in a form that can be used outside the - * Azure Key Vault system, the returned key is either protected to a Azure Key Vault HSM or to - * Azure Key Vault itself. The intent of this operation is to allow a client to GENERATE a key - * in one Azure Key Vault instance, BACKUP the key, and then RESTORE it into another Azure Key - * Vault instance. The BACKUP operation may be used to export, in protected form, any key type - * from Azure Key Vault. Individual versions of a key cannot be backed up. BACKUP / RESTORE can - * be performed within geographical boundaries only; meaning that a BACKUP from one geographical - * are cannot be restored to another geographical are. For example, a backup from the US - * geographical are cannot be restored in an EU geographical area. This operation requires the - * key/backup permission. + * @remark The Key Backup operation exports a key from Azure Key Vault in a protected form. + * Note that this operation does NOT return the actual key in a form that can be used + * outside the Azure Key Vault system, the returned key is either protected to a Azure Key + * Vault HSM or to Azure Key Vault itself. The intent of this operation is to allow a client + * to GENERATE a key in one Azure Key Vault instance, BACKUP the key, and then RESTORE it + * into another Azure Key Vault instance. The BACKUP operation may be used to export, in + * protected form, any key type from Azure Key Vault. Individual versions of a key cannot be + * backed up. BACKUP / RESTORE can be performed within geographical boundaries only; meaning + * that a BACKUP from one geographical are cannot be restored to another geographical are. + * For example, a backup from the US geographical are cannot be restored in an EU + * geographical area. This operation requires the key/backup permission. * * @param name The name of the key. * @param context A #Azure::Core::Context controlling the request lifetime. @@ -349,17 +354,17 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { /** * @brief Restores a backed up key to keyvault. * - * @remark Imports a previously backed up key into Azure Key Vault, restoring the key, its key - * identifier, attributes, and access control policies. The RESTORE operation may be used to - * import a previously backed up key. Individual versions of a key cannot be restored. The key - * is restored in its entirety with the same key name as it had when it was backed up. If the - * key name is not available in the target Key Vault, the RESTORE operation will be rejected. - * While the key name is retained during restore, the final key identifier will change if the - * key is restored to a different vault. Restore will restore all versions and preserve version - * identifiers. The RESTORE operation is subject to security constrains: The target Key Vault - * must be owned by the same Microsoft Azure Subscription as the source Key Vault. The user must - * have RESTORE permission in the target Key Vault. This operation requires the keys/restore - * permission. + * @remark Imports a previously backed up key into Azure Key Vault, restoring the key, its + * key identifier, attributes, and access control policies. The RESTORE operation may be + * used to import a previously backed up key. Individual versions of a key cannot be + * restored. The key is restored in its entirety with the same key name as it had when it + * was backed up. If the key name is not available in the target Key Vault, the RESTORE + * operation will be rejected. While the key name is retained during restore, the final key + * identifier will change if the key is restored to a different vault. Restore will restore + * all versions and preserve version identifiers. The RESTORE operation is subject to + * security constrains: The target Key Vault must be owned by the same Microsoft Azure + * Subscription as the source Key Vault. The user must have RESTORE permission in the target + * Key Vault. This operation requires the keys/restore permission. * * @param backup The backup blob associated with a key. * @param context A #Azure::Core::Context controlling the request lifetime. @@ -372,9 +377,9 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { * @brief Imports an externally created ket, stores it, and returns jey parameters and * attributes to the client. * - * @remark The import key operation may be used to import any key type into an Azure Key Vault. - * If the named key already exists, Azure Key Vault creates a new version of the key. This - * operation requires the keys/import permission. + * @remark The import key operation may be used to import any key type into an Azure Key + * Vault. If the named key already exists, Azure Key Vault creates a new version of the key. + * This operation requires the keys/import permission. * * @param name The name of the key. * @param keyMaterial The #JsonWebKey being imported. @@ -390,12 +395,12 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { * @brief Imports an externally created key, stores it, and returns key parameters and * attributes to the client. * - * @remark The import operation may be used to import any key type into an Azure Key Vault. If - * the named key already exists, Azure Key Vault creates a new version of the key. This + * @remark The import operation may be used to import any key type into an Azure Key Vault. + * If the named key already exists, Azure Key Vault creates a new version of the key. This * operation requires the keys/import permission. * - * @param importKeyOptions The key import configuration object containing information about the - * #JsonWebKey being imported. + * @param importKeyOptions The key import configuration object containing information about + * the #JsonWebKey being imported. * @param context A #Azure::Core::Context controlling the request lifetime. */ Azure::Response ImportKey( diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/remote_cryptography_client.cpp b/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/remote_cryptography_client.cpp index b866bf1a8..85202640a 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/remote_cryptography_client.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/remote_cryptography_client.cpp @@ -4,6 +4,7 @@ #include #include #include +#include #include "../private/cryptography_serializers.hpp" #include "../private/key_constants.hpp" diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/key_client.cpp b/sdk/keyvault/azure-security-keyvault-keys/src/key_client.cpp index d0536e60a..78741e7aa 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/key_client.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/src/key_client.cpp @@ -4,12 +4,14 @@ #include #include #include +#include #include "azure/keyvault/keys/key_client.hpp" #include "private/key_backup.hpp" #include "private/key_constants.hpp" #include "private/key_request_parameters.hpp" #include "private/key_serializers.hpp" +#include "private/keyvault_protocol.hpp" #include #include diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut/mocked_transport_adapter_test.hpp b/sdk/keyvault/azure-security-keyvault-keys/test/ut/mocked_transport_adapter_test.hpp index 2b76974d0..b189b5a99 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/test/ut/mocked_transport_adapter_test.hpp +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut/mocked_transport_adapter_test.hpp @@ -10,7 +10,10 @@ #include #include "./../../src/private/key_serializers.hpp" +#include "./../../src/private/keyvault_protocol.hpp" + #include +#include #include #include #include