-
Notifications
You must be signed in to change notification settings - Fork 3.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Supports Encrypt/Decrypt/Wrap/Unwrap using keys (#15816)
* add encrypt and decrypt by key * add test cases and examples * add change log * add online version * remove position number
- Loading branch information
1 parent
8b4f2c8
commit 24f497c
Showing
20 changed files
with
1,705 additions
and
892 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
119 changes: 119 additions & 0 deletions
119
src/KeyVault/KeyVault/Commands/Key/InvokeAzureKeyVaultOperation.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
using Microsoft.Azure.Commands.KeyVault.Models; | ||
using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; | ||
|
||
using System; | ||
using System.Management.Automation; | ||
using System.Security; | ||
using System.Text; | ||
|
||
namespace Microsoft.Azure.Commands.KeyVault.Commands.Key | ||
{ | ||
/// <summary> | ||
/// 1. Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault. | ||
/// 2. Decrypts a single block of encrypted data. | ||
/// 3. Wraps a symmetric key using a specified key. | ||
/// 4. Unwraps a symmetric key using the specified key that was initially used for wrapping that key. | ||
/// </summary> | ||
[Cmdlet(VerbsLifecycle.Invoke, ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultKeyOperation", SupportsShouldProcess = true, DefaultParameterSetName = ByVaultNameParameterSet)] | ||
[OutputType(typeof(PSKeyOperationResult))] | ||
public class InvokeAzureKeyVaultKeyOperation : KeyVaultKeyCmdletBase | ||
{ | ||
#region Supported Operation | ||
enum Operations | ||
{ | ||
Unknown, | ||
Encrypt, | ||
Decrypt, | ||
Wrap, | ||
Unwrap | ||
} | ||
#endregion | ||
|
||
#region Input Parameter Definitions | ||
|
||
[Parameter(Mandatory = true, | ||
HelpMessage = "Algorithm identifier")] | ||
[ValidateNotNullOrEmpty] | ||
[PSArgumentCompleter("Encrypt", "Decrypt", "Wrap", "Unwrap")] | ||
public string Operation { get; set; } | ||
|
||
[Parameter(Mandatory = true, | ||
HelpMessage = "Algorithm identifier")] | ||
[ValidateNotNullOrEmpty] | ||
[PSArgumentCompleter("RSA-OAEP", "RSA-OAEP-256", "RSA1_5")] | ||
[Alias("EncryptionAlgorithm", "WrapAlgorithm")] | ||
public string Algorithm { get; set; } | ||
|
||
[Parameter(Mandatory = true, | ||
HelpMessage = "The value to be operated")] | ||
[ValidateNotNullOrEmpty] | ||
public SecureString Value { get; set; } | ||
#endregion Input Parameter Definitions | ||
|
||
public override void ExecuteCmdlet() | ||
{ | ||
NormalizeParameterSets(); | ||
|
||
Operations opt = Operations.Unknown; | ||
Enum.TryParse(Operation, out opt); | ||
|
||
if (string.IsNullOrEmpty(HsmName)) | ||
{ | ||
switch (opt) | ||
{ | ||
case Operations.Encrypt: | ||
this.WriteObject( | ||
this.Track2DataClient.Encrypt(VaultName, Name, Version, | ||
Encoding.ASCII.GetBytes(Value.ConvertToString()), Algorithm)); | ||
break; | ||
case Operations.Decrypt: | ||
this.WriteObject( | ||
this.Track2DataClient.Decrypt(VaultName, Name, Version, | ||
Convert.FromBase64String(Value.ConvertToString()), Algorithm)); | ||
break; | ||
case Operations.Wrap: | ||
this.WriteObject( | ||
this.Track2DataClient.WrapKey(VaultName, Name, Version, | ||
Encoding.ASCII.GetBytes(Value.ConvertToString()), Algorithm)); | ||
break; | ||
case Operations.Unwrap: | ||
this.WriteObject( | ||
this.Track2DataClient.UnwrapKey(VaultName, Name, Version, | ||
Convert.FromBase64String(Value.ConvertToString()), Algorithm)); | ||
break; | ||
case Operations.Unknown: | ||
throw new NotSupportedException("Not supported ${Operation} yet"); | ||
} | ||
} | ||
else | ||
{ | ||
switch (opt) | ||
{ | ||
case Operations.Encrypt: | ||
this.WriteObject( | ||
this.Track2DataClient.ManagedHsmKeyEncrypt(HsmName, Name, Version, | ||
Encoding.ASCII.GetBytes(Value.ConvertToString()), Algorithm)); | ||
break; | ||
case Operations.Decrypt: | ||
this.WriteObject( | ||
this.Track2DataClient.ManagedHsmKeyDecrypt(HsmName, Name, Version, | ||
Convert.FromBase64String(Value.ConvertToString()), Algorithm)); | ||
break; | ||
case Operations.Wrap: | ||
this.WriteObject( | ||
this.Track2DataClient.ManagedHsmWrapKey(HsmName, Name, Version, | ||
Encoding.ASCII.GetBytes(Value.ConvertToString()), Algorithm)); | ||
break; | ||
case Operations.Unwrap: | ||
this.WriteObject( | ||
this.Track2DataClient.ManagedHsmUnwrapKey(HsmName, Name, Version, | ||
Convert.FromBase64String(Value.ConvertToString()), Algorithm)); | ||
break; | ||
case Operations.Unknown: | ||
throw new NotSupportedException("Not supported ${Operation} yet"); | ||
} | ||
|
||
} | ||
} | ||
} | ||
} |
94 changes: 94 additions & 0 deletions
94
src/KeyVault/KeyVault/Commands/Key/KeyVaultKeyCmdletBase.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
using Microsoft.Azure.Commands.KeyVault.Models; | ||
using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; | ||
using Microsoft.Azure.Management.Internal.Resources.Utilities.Models; | ||
|
||
using System.Management.Automation; | ||
|
||
namespace Microsoft.Azure.Commands.KeyVault.Commands.Key | ||
{ | ||
public class KeyVaultKeyCmdletBase : KeyVaultCmdletBase | ||
{ | ||
#region Parameter Set Names | ||
|
||
internal const string ByVaultNameParameterSet = "ByVaultName"; | ||
internal const string ByHsmNameParameterSet = "ByHsmName"; | ||
internal const string ByKeyInputObjectParameterSet = "ByKeyInputObject"; | ||
|
||
#endregion | ||
|
||
#region Input Parameter Definitions | ||
|
||
/// <summary> | ||
/// Vault name | ||
/// </summary> | ||
[Parameter(Mandatory = true, | ||
Position = 0, | ||
ParameterSetName = ByVaultNameParameterSet, | ||
HelpMessage = "Vault name.")] | ||
[ResourceNameCompleter("Microsoft.KeyVault/vaults", "FakeResourceGroupName")] | ||
[ValidateNotNullOrEmpty] | ||
public string VaultName { get; set; } | ||
|
||
[Parameter(Mandatory = true, | ||
Position = 0, | ||
ParameterSetName = ByHsmNameParameterSet, | ||
HelpMessage = "HSM name.")] | ||
[ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")] | ||
[ValidateNotNullOrEmpty] | ||
public string HsmName { get; set; } | ||
|
||
/// <summary> | ||
/// Key name. | ||
/// </summary> | ||
[Parameter(Mandatory = true, | ||
Position = 1, | ||
ParameterSetName = ByVaultNameParameterSet, | ||
HelpMessage = "Key name.")] | ||
[Parameter(Mandatory = true, | ||
Position = 1, | ||
ParameterSetName = ByHsmNameParameterSet, | ||
HelpMessage = "Key name.")] | ||
[ValidateNotNullOrEmpty] | ||
[Alias(Constants.KeyName)] | ||
public string Name { get; set; } | ||
|
||
/// <summary> | ||
/// Key object | ||
/// </summary> | ||
[Parameter(Mandatory = true, | ||
Position = 0, | ||
ParameterSetName = ByKeyInputObjectParameterSet, | ||
ValueFromPipeline = true, | ||
HelpMessage = "Key object")] | ||
[ValidateNotNullOrEmpty] | ||
[Alias("Key")] | ||
public PSKeyVaultKeyIdentityItem InputObject { get; set; } | ||
|
||
/// <summary> | ||
/// Key version. | ||
/// </summary> | ||
[Parameter(Mandatory = false, | ||
HelpMessage = "Key version.")] | ||
[Alias("KeyVersion")] | ||
public string Version { get; set; } | ||
|
||
#endregion Input Parameter Definitions | ||
|
||
internal void NormalizeParameterSets() | ||
{ | ||
if (InputObject != null) { | ||
Name = InputObject.Name; | ||
Version = Version ?? InputObject.Version; | ||
|
||
if (InputObject.IsHsm) | ||
{ | ||
HsmName = InputObject.VaultName; | ||
} | ||
else | ||
{ | ||
VaultName = InputObject.VaultName; | ||
} | ||
} | ||
} | ||
} | ||
} |
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.