From 0f5cd903957d50729539da2e8605d4b44edeb75d Mon Sep 17 00:00:00 2001
From: houk-ms <honc@microsoft.com>
Date: Wed, 20 Jan 2021 12:09:33 +0800
Subject: [PATCH 1/3] support --curve parameter in key import

---
 .../azure/cli/command_modules/keyvault/_params.py    | 12 ++++++++++--
 .../cli/command_modules/keyvault/_validators.py      | 10 ++++++++++
 .../azure/cli/command_modules/keyvault/custom.py     |  4 +++-
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/azure-cli/azure/cli/command_modules/keyvault/_params.py b/src/azure-cli/azure/cli/command_modules/keyvault/_params.py
index d15d49b2ceb..67e5fb1b320 100644
--- a/src/azure-cli/azure/cli/command_modules/keyvault/_params.py
+++ b/src/azure-cli/azure/cli/command_modules/keyvault/_params.py
@@ -20,7 +20,7 @@
     get_keyvault_name_completion_list, get_keyvault_version_completion_list)
 from azure.cli.command_modules.keyvault._validators import (
     datetime_type, certificate_type,
-    get_vault_base_url_type, get_hsm_base_url_type,
+    get_vault_base_url_type, get_hsm_base_url_type, validate_key_import_type,
     validate_key_import_source, validate_key_type, validate_policy_permissions, validate_principal,
     validate_resource_group_name, validate_x509_certificate_chain,
     secret_text_encoding_values, secret_binary_encoding_values, validate_subnet,
@@ -71,6 +71,12 @@ class CLIKeyTypeForBYOKImport(str, Enum):
         ec = "EC"  #: Elliptic Curve.
         rsa = "RSA"  #: RSA (https://tools.ietf.org/html/rfc3447)
 
+    class CLIJsonWebKeyCurveName(str, Enum):
+        p_256 = "P-256"  #: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1.
+        p_256k = "P-256K"  #: The SECG SECP256K1 elliptic curve.
+        p_384 = "P-384"  #: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1.
+        p_521 = "P-521"  #: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1.
+
     (KeyPermissions, SecretPermissions, CertificatePermissions, StoragePermissions,
      NetworkRuleBypassOptions, NetworkRuleAction) = self.get_models(
          'KeyPermissions', 'SecretPermissions', 'CertificatePermissions', 'StoragePermissions',
@@ -347,8 +353,10 @@ class CLIKeyTypeForBYOKImport(str, Enum):
                    help='Elliptic curve name. For valid values, see: https://docs.microsoft.com/en-us/rest/api/keyvault/createkey/createkey#jsonwebkeycurvename')
 
     with self.argument_context('keyvault key import') as c:
-        c.argument('kty', arg_type=get_enum_type(CLIKeyTypeForBYOKImport),
+        c.argument('kty', arg_type=get_enum_type(CLIKeyTypeForBYOKImport), validator=validate_key_import_type,
                    help='The type of key to import (only for BYOK).')
+        c.argument('curve', arg_type=get_enum_type(CLIJsonWebKeyCurveName), validator=validate_key_import_type,
+                   help='The curve name of the key to import (only for BYOK).')
 
     with self.argument_context('keyvault key import', arg_group='Key Source') as c:
         c.argument('pem_file', type=file_type, help='PEM file containing the key to be imported.', completer=FilesCompleter(), validator=validate_key_import_source)
diff --git a/src/azure-cli/azure/cli/command_modules/keyvault/_validators.py b/src/azure-cli/azure/cli/command_modules/keyvault/_validators.py
index c29f6493653..76a16d26dc5 100644
--- a/src/azure-cli/azure/cli/command_modules/keyvault/_validators.py
+++ b/src/azure-cli/azure/cli/command_modules/keyvault/_validators.py
@@ -184,6 +184,16 @@ def validate_key_import_source(ns):
         raise ValueError('--pem-password must be used with --pem-file or --pem-string')
 
 
+def validate_key_import_type(ns):
+    # Default value of kty is: RSA
+    kty = getattr(ns, 'kty', None)
+    crv = getattr(ns, 'curve', None)
+
+    if (kty == 'EC' and crv is None) or (kty != 'EC' and crv):
+        from azure.cli.core.azclierror import ValidationError
+        raise ValidationError('parameter --curve should be specified when key type is EC.')
+
+
 def validate_key_type(ns):
     crv = getattr(ns, 'curve', None)
     kty = getattr(ns, 'kty', None) or ('EC' if crv else 'RSA')
diff --git a/src/azure-cli/azure/cli/command_modules/keyvault/custom.py b/src/azure-cli/azure/cli/command_modules/keyvault/custom.py
index 0f0a24083e0..79643268665 100644
--- a/src/azure-cli/azure/cli/command_modules/keyvault/custom.py
+++ b/src/azure-cli/azure/cli/command_modules/keyvault/custom.py
@@ -1189,7 +1189,7 @@ def import_key(cmd, client, key_name=None, vault_base_url=None,  # pylint: disab
                hsm_name=None, identifier=None,  # pylint: disable=unused-argument
                protection=None, key_ops=None, disabled=False, expires=None,
                not_before=None, tags=None, pem_file=None, pem_string=None, pem_password=None, byok_file=None,
-               byok_string=None, kty='RSA'):
+               byok_string=None, kty='RSA', curve=None):
     """ Import a private key. Supports importing base64 encoded private keys from PEM files or strings.
         Supports importing BYOK keys into HSM for premium key vaults. """
     KeyAttributes = cmd.get_models('KeyAttributes', resource_type=ResourceType.DATA_KEYVAULT)
@@ -1234,7 +1234,9 @@ def import_key(cmd, client, key_name=None, vault_base_url=None,  # pylint: disab
 
         key_obj.kty = kty + '-HSM'
         key_obj.t = byok_data
+        key_obj.crv = curve
 
+        print(key_obj)
     return client.import_key(vault_base_url, key_name, key_obj, protection == 'hsm', key_attrs, tags)
 
 

From 6b313ecca096a6704fe13d9f37dada8c57d07f33 Mon Sep 17 00:00:00 2001
From: houk-ms <honc@microsoft.com>
Date: Wed, 20 Jan 2021 12:55:20 +0800
Subject: [PATCH 2/3] code refining

---
 src/azure-cli/azure/cli/command_modules/keyvault/custom.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/azure-cli/azure/cli/command_modules/keyvault/custom.py b/src/azure-cli/azure/cli/command_modules/keyvault/custom.py
index 79643268665..a944b52ce28 100644
--- a/src/azure-cli/azure/cli/command_modules/keyvault/custom.py
+++ b/src/azure-cli/azure/cli/command_modules/keyvault/custom.py
@@ -1236,7 +1236,6 @@ def import_key(cmd, client, key_name=None, vault_base_url=None,  # pylint: disab
         key_obj.t = byok_data
         key_obj.crv = curve
 
-        print(key_obj)
     return client.import_key(vault_base_url, key_name, key_obj, protection == 'hsm', key_attrs, tags)
 
 

From 44b5aee8fa4a0a1318bf156e4c5de38390e09e85 Mon Sep 17 00:00:00 2001
From: Houk <62928370+houk-ms@users.noreply.github.com>
Date: Wed, 20 Jan 2021 15:15:20 +0800
Subject: [PATCH 3/3] Update
 src/azure-cli/azure/cli/command_modules/keyvault/_validators.py

Co-authored-by: Yunge Zhu <yungez@microsoft.com>
---
 src/azure-cli/azure/cli/command_modules/keyvault/_validators.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/azure-cli/azure/cli/command_modules/keyvault/_validators.py b/src/azure-cli/azure/cli/command_modules/keyvault/_validators.py
index 76a16d26dc5..c855d240b2c 100644
--- a/src/azure-cli/azure/cli/command_modules/keyvault/_validators.py
+++ b/src/azure-cli/azure/cli/command_modules/keyvault/_validators.py
@@ -191,7 +191,7 @@ def validate_key_import_type(ns):
 
     if (kty == 'EC' and crv is None) or (kty != 'EC' and crv):
         from azure.cli.core.azclierror import ValidationError
-        raise ValidationError('parameter --curve should be specified when key type is EC.')
+        raise ValidationError('parameter --curve should be specified when key type --kty is EC.')
 
 
 def validate_key_type(ns):