combine track 1&2 sdk

src/Accounts/Accounts/ChangeLog.md

@@ -19,6 +19,8 @@
 -->
 ## Upcoming Release
 
+* Updated Azure.Core to 1.5.0 (for Az.KeyVault)
+
 ## Version 1.9.2
 * Updated `Connect-AzAccount` to accept parameter `MaxContextPopulation` [#9865]
 * Updated SubscriptionClient version to 2019-06-01 and display tenant domains [#9838]

src/Accounts/Authentication/Utilities/CustomAssemblyResolver.cs

@@ -10,7 +10,7 @@ public static class CustomAssemblyResolver
         private static IDictionary<string, Version> NetFxPreloadAssemblies =
             new Dictionary<string, Version>(StringComparer.InvariantCultureIgnoreCase)
             {
-                {"Azure.Core", new Version("1.2.2.0")},
+                {"Azure.Core", new Version("1.5.0.0")},
                 {"Microsoft.Bcl.AsyncInterfaces", new Version("1.0.0.0")},
                 {"Microsoft.IdentityModel.Clients.ActiveDirectory", new Version("3.19.2.6005")},
                 {"Microsoft.IdentityModel.Clients.ActiveDirectory.Platform", new Version("3.19.2.6005")},

src/KeyVault/KeyVault/Az.KeyVault.psd1

@@ -58,7 +58,8 @@ RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '1.9.2'; })
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = 'Microsoft.Azure.KeyVault.dll', 
                'Microsoft.Azure.KeyVault.WebKey.dll', 
-               'Microsoft.Azure.Management.KeyVault.dll'
+               'Microsoft.Azure.Management.KeyVault.dll',
+               'Azure.Security.KeyVault.Keys.dll'
 
 # Script files (.ps1) that are run in the caller's environment prior to importing this module.
 # ScriptsToProcess = @()

src/KeyVault/KeyVault/Commands/AddAzureKeyVaultKey.cs

@@ -243,7 +243,8 @@ public override void ExecuteCmdlet()
                             VaultName,
                             Name,
                             CreateKeyAttributes(),
-                            Size);
+                            Size,
+                            null);
                 }
                 else
                 {
@@ -300,4 +301,4 @@ internal JsonWebKey CreateWebKeyFromFile()
             return converterChain.ConvertKeyFromFile(keyFile, KeyFilePassword);
         }
     }
-}
+}

src/KeyVault/KeyVault/KeyVault.csproj

@@ -12,6 +12,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Security.KeyVault.Keys" Version="4.1.0" />
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.KeyVault.WebKey" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.1.0-preview.1" />

src/KeyVault/KeyVault/Models/DataServiceCredential.cs

@@ -18,6 +18,7 @@
 using System.Threading.Tasks;
 using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
+using Microsoft.Rest;
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
 {
@@ -72,6 +73,11 @@ public string GetToken()
             return GetTokenInternal(this.TenantId, this._authenticationFactory, this._context, this._endpointName).Item1.AccessToken;
         }
 
+        public IAccessToken GetTokenTemp() // todo rename / refactor
+        {
+            return GetTokenInternal(this.TenantId, this._authenticationFactory, this._context, this._endpointName).Item1;
+        }
+
         private static string GetTenantId(IAzureContext context)
         {
             if (context.Account == null)

src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs

@@ -24,7 +24,9 @@ namespace Microsoft.Azure.Commands.KeyVault.Models
 {
     public interface IKeyVaultDataServiceClient
     {
-        PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size);
+        PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName);
+
+        PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName);
 
         PSKeyVaultKey ImportKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, JsonWebKey webKey, bool? importToHsm);
 

src/KeyVault/KeyVault/Models/KeyVaultCmdletBase.cs

@@ -17,6 +17,7 @@
 using System.Linq;
 using System.Management.Automation;
 using Microsoft.Azure.Commands.Common.Authentication;
+using Microsoft.Azure.Commands.KeyVault.Track2Models;
 using Microsoft.Azure.Commands.ResourceManager.Common;
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
@@ -44,7 +45,27 @@ internal IKeyVaultDataServiceClient DataServiceClient
             }
         }
 
-        protected string GetDefaultFileForOperation( string operationName, string vaultName, string entityName )
+        internal IKeyVaultDataServiceClient Track2DataClient
+        {
+
+            get
+            {
+                if (_track2DataServiceClient == null)
+                {
+                    _track2DataServiceClient = new Track2KeyVaultDataServiceClient(
+                        AzureSession.Instance.AuthenticationFactory,
+                        DefaultContext);
+                }
+
+                return _track2DataServiceClient;
+            }
+            set
+            {
+                _track2DataServiceClient = value;
+            }
+        }
+
+        protected string GetDefaultFileForOperation(string operationName, string vaultName, string entityName)
         {
             // caller is responsible for parameter validation
             var currentPath = CurrentPath();
@@ -54,6 +75,7 @@ protected string GetDefaultFileForOperation( string operationName, string vaultN
         }
 
         private IKeyVaultDataServiceClient dataServiceClient;
+        private IKeyVaultDataServiceClient _track2DataServiceClient;
 
         /// <summary>
         /// Utility function that will continually iterate over the updated KeyVaultObjectFilterOptions until the options
@@ -70,7 +92,7 @@ protected void GetAndWriteObjects<TObject>(KeyVaultObjectFilterOptions options,
                 WriteObject(pageResults, true);
             } while (!string.IsNullOrEmpty(options.NextLink));
         }
-        
+
         public List<T> KVSubResourceWildcardFilter<T>(string name, IEnumerable<T> resources)
         {
             if (!string.IsNullOrEmpty(name))

src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs

@@ -56,7 +56,7 @@ public KeyVaultDataServiceClient()
         {
         }
 
-        public PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size)
+        public PSKeyVaultKey CreateKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName)
         {
             if (string.IsNullOrEmpty(vaultName))
                 throw new ArgumentNullException(nameof(vaultName));
@@ -2002,6 +2002,11 @@ public PSKeyVaultManagedStorageAccount RestoreManagedStorageAccount(string vault
             return new PSKeyVaultManagedStorageAccount(storageAccountBundle, this.vaultUriHelper);
         }
 
+        public PSKeyVaultKey CreateManagedHsmKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName)
+        {
+            throw new NotImplementedException("Creating keys on managed HSM is only possible in track 2 SDK.");
+        }
+
         private VaultUriHelper vaultUriHelper;
         private KeyVaultClient keyVaultClient;
     }

src/KeyVault/KeyVault/Models/PSKeyVaultKey.cs

@@ -16,6 +16,7 @@
 using System;
 using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties;
 using System.Linq;
+using Track2Sdk = Azure.Security.KeyVault.Keys;
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
 {
@@ -24,7 +25,7 @@ public class PSKeyVaultKey : PSKeyVaultKeyIdentityItem
         public PSKeyVaultKey()
         { }
 
-        internal PSKeyVaultKey(Azure.KeyVault.Models.KeyBundle keyBundle, VaultUriHelper vaultUriHelper)
+        internal PSKeyVaultKey(Microsoft.Azure.KeyVault.Models.KeyBundle keyBundle, VaultUriHelper vaultUriHelper)
         {
             if (keyBundle == null)
                 throw new ArgumentNullException("keyBundle");
@@ -36,9 +37,9 @@ internal PSKeyVaultKey(Azure.KeyVault.Models.KeyBundle keyBundle, VaultUriHelper
             Key = keyBundle.Key;
             Attributes = new PSKeyVaultKeyAttributes(
                 keyBundle.Attributes.Enabled,
-                keyBundle.Attributes.Expires, 
-                keyBundle.Attributes.NotBefore, 
-                keyBundle.Key.Kty, 
+                keyBundle.Attributes.Expires,
+                keyBundle.Attributes.NotBefore,
+                keyBundle.Key.Kty,
                 keyBundle.Key.KeyOps.ToArray(),
                 keyBundle.Attributes.Created,
                 keyBundle.Attributes.Updated,
@@ -54,6 +55,38 @@ internal PSKeyVaultKey(Azure.KeyVault.Models.KeyBundle keyBundle, VaultUriHelper
             Tags = (keyBundle.Tags == null) ? null : keyBundle.Tags.ConvertToHashtable();
         }
 
+        internal PSKeyVaultKey(Track2Sdk.KeyVaultKey key, VaultUriHelper vaultUriHelper)
+        {
+            if (key == null)
+                throw new ArgumentNullException("key");
+            if (key.Key == null || key.Properties == null)
+                throw new ArgumentException(KeyVaultProperties.Resources.InvalidKeyBundle);
+
+            SetObjectIdentifier(vaultUriHelper, new Microsoft.Azure.KeyVault.KeyIdentifier(key.Id.ToString()));
+
+            Key = key.Key.ToTrack1JsonWebKey();
+            Attributes = new PSKeyVaultKeyAttributes(
+                key.Properties.Enabled,
+                /// see https://docs.microsoft.com/en-us/dotnet/standard/datetime/converting-between-datetime-and-offset#conversions-from-datetimeoffset-to-datetime
+                key.Properties.ExpiresOn?.UtcDateTime, // time returned by key vault are UTC
+                key.Properties.NotBefore?.UtcDateTime,
+                key.KeyType.ToString(),
+                key.KeyOperations.Select(op => op.ToString()).ToArray(),
+                key.Properties.CreatedOn?.UtcDateTime,
+                key.Properties.UpdatedOn?.UtcDateTime,
+                key.Properties.RecoveryLevel,
+                key.Properties.Tags
+            );
+
+            Enabled = key.Properties.Enabled;
+            Expires = key.Properties.ExpiresOn?.UtcDateTime;
+            NotBefore = key.Properties.NotBefore?.UtcDateTime;
+            Created = key.Properties.CreatedOn?.UtcDateTime;
+            Updated = key.Properties.UpdatedOn?.UtcDateTime;
+            RecoveryLevel = key.Properties.RecoveryLevel;
+            Tags = key.Properties.Tags.ConvertToHashtable();
+        }
+
         public PSKeyVaultKeyAttributes Attributes { get; set; }
 
         public JsonWebKey Key { get; set; }

src/KeyVault/KeyVault/Models/VaultUriHelper.cs

@@ -20,11 +20,15 @@ namespace Microsoft.Azure.Commands.KeyVault.Models
 {
     internal class VaultUriHelper
     {
-        public VaultUriHelper(string keyVaultDnsSuffix)
+        // it doesn't matter if this class acts as a vault uri helper or hsm uri helper
+        // the logic is basically the same
+        // todo: combine them together
+        public VaultUriHelper(string keyVaultDnsSuffix, string managedHsmDnsSuffix = null)
         {
             if (string.IsNullOrEmpty(keyVaultDnsSuffix))
                 throw new ArgumentNullException("keyVaultDnsSuffix");
             this.KeyVaultDnsSuffix = keyVaultDnsSuffix;
+            ManagedHsmDnsSuffix = managedHsmDnsSuffix;
         }
 
         public string GetVaultName(string vaultAddress)
@@ -39,6 +43,7 @@ public String CreateVaultAddress(string vaultName)
         }
 
         public string KeyVaultDnsSuffix { get; private set; }
+        public string ManagedHsmDnsSuffix { get; private set; }
 
         private Uri CreateAndValidateVaultUri(string vaultAddress)
         {
@@ -56,7 +61,7 @@ private Uri CreateAndValidateVaultUri(string vaultAddress)
             return vaultUri;
         }
 
-        private Uri CreateVaultUri(string vaultName)
+        public Uri CreateVaultUri(string vaultName)
         {
             if (string.IsNullOrEmpty(vaultName))
                 throw new ArgumentNullException("vaultName");
@@ -65,5 +70,15 @@ private Uri CreateVaultUri(string vaultName)
 
             return builder.Uri;
         }
+
+        public Uri CreateManagedHsmUri(string name)
+        {
+            if (string.IsNullOrEmpty(name))
+                throw new ArgumentNullException("name");
+
+            UriBuilder builder = new UriBuilder("https", name+ "." + ManagedHsmDnsSuffix);
+
+            return builder.Uri;
+        }
     }
 }

src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs

@@ -0,0 +1,81 @@
+using Azure.Security.KeyVault.Keys;
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
+using Microsoft.Azure.Commands.KeyVault.Models;
+using System;
+using System.Collections;
+
+namespace Microsoft.Azure.Commands.KeyVault.Track2Models
+{
+    internal class Track2HsmClient
+    {
+        private Track2TokenCredential _credential;
+        private VaultUriHelper _uriHelper;
+        private KeyClient CreateKeyClient(string hsmName) => new KeyClient(_uriHelper.CreateVaultUri(hsmName), _credential);
+
+        public Track2HsmClient(IAuthenticationFactory authFactory, IAzureContext context)
+        {
+            _credential = new Track2TokenCredential(new DataServiceCredential(authFactory, context, AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointResourceId));
+            _uriHelper = new VaultUriHelper(context.Environment.GetEndpoint(AzureEnvironment.ExtendedEndpoint.ManagedHsmServiceEndpointSuffix));
+        }
+
+        internal PSKeyVaultKey CreateKey(string managedHsmName, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName)
+        {
+            var client = CreateKeyClient(managedHsmName);
+            return CreateKey(client, keyName, keyAttributes, size, curveName);
+        }
+
+        private PSKeyVaultKey CreateKey(KeyClient client, string keyName, PSKeyVaultKeyAttributes keyAttributes, int? size, string curveName)
+        {
+            // todo duplicated code with Track2VaultClient.CreateKey
+            CreateKeyOptions options;
+            bool isHsm = keyAttributes.KeyType == KeyType.RsaHsm || keyAttributes.KeyType == KeyType.EcHsm;
+
+            if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm)
+            {
+                options = new CreateRsaKeyOptions(keyName, isHsm) { KeySize = size };
+            }
+            else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm)
+            {
+                options = new CreateEcKeyOptions(keyName, isHsm) { CurveName = string.IsNullOrEmpty(curveName) ? null : new KeyCurveName(curveName) };
+            }
+            else
+            {
+                options = new CreateKeyOptions();
+            }
+            options.NotBefore = keyAttributes.NotBefore;
+            options.ExpiresOn = keyAttributes.Expires;
+            options.Enabled = keyAttributes.Enabled;
+            if (keyAttributes.KeyOps != null)
+            {
+                foreach (var keyOp in keyAttributes.KeyOps)
+                {
+                    options.KeyOperations.Add(new KeyOperation(keyOp));
+                }
+            }
+            if (keyAttributes.Tags != null)
+            {
+                foreach (DictionaryEntry entry in keyAttributes.Tags)
+                {
+                    options.Tags.Add(entry.Key.ToString(), entry.Value.ToString());
+                }
+            }
+
+            if (keyAttributes.KeyType == KeyType.Rsa || keyAttributes.KeyType == KeyType.RsaHsm)
+            {
+                return new PSKeyVaultKey(client.CreateRsaKey(options as CreateRsaKeyOptions).Value, _uriHelper);
+            }
+            else if (keyAttributes.KeyType == KeyType.Ec || keyAttributes.KeyType == KeyType.EcHsm)
+            {
+                return new PSKeyVaultKey(client.CreateEcKey(options as CreateEcKeyOptions).Value, _uriHelper);
+            }
+            else if (keyAttributes.KeyType == KeyType.Oct || keyAttributes.KeyType.ToString() == "oct-HSM")
+            {
+                return new PSKeyVaultKey(client.CreateKey(keyName, KeyType.Oct, options).Value, _uriHelper);
+            }
+            else
+            {
+                throw new NotSupportedException($"{keyAttributes.KeyType} is not supported");
+            }
+        }
+    }
+}