diff --git a/doc/sphinx/ref/azure.keyvault.key_vault_id.rst b/doc/sphinx/ref/azure.keyvault.key_vault_id.rst deleted file mode 100644 index 70a3f0518f53..000000000000 --- a/doc/sphinx/ref/azure.keyvault.key_vault_id.rst +++ /dev/null @@ -1,10 +0,0 @@ -azure.keyvault.key_vault_id module -================================== - -Module contents ---------------- - -.. automodule:: azure.keyvault.key_vault_id - :members: - :undoc-members: - :show-inheritance: diff --git a/doc/sphinx/ref/azure.keyvault.keys.aio.rst b/doc/sphinx/ref/azure.keyvault.keys.aio.rst index 140273e82a3b..6d9c2143c02d 100644 --- a/doc/sphinx/ref/azure.keyvault.keys.aio.rst +++ b/doc/sphinx/ref/azure.keyvault.keys.aio.rst @@ -1,6 +1,18 @@ azure.keyvault.keys.aio package =============================== +Submodules +---------- + +azure.keyvault.keys.aio.client module +------------------------------------- + +.. automodule:: azure.keyvault.keys.aio.client + :members: + :undoc-members: + :show-inheritance: + + Module contents --------------- diff --git a/doc/sphinx/ref/azure.keyvault.keys.crypto.aio.rst b/doc/sphinx/ref/azure.keyvault.keys.crypto.aio.rst new file mode 100644 index 000000000000..def92aaa4d0e --- /dev/null +++ b/doc/sphinx/ref/azure.keyvault.keys.crypto.aio.rst @@ -0,0 +1,22 @@ +azure.keyvault.keys.crypto.aio package +====================================== + +Submodules +---------- + +azure.keyvault.keys.crypto.aio.client module +-------------------------------------------- + +.. automodule:: azure.keyvault.keys.crypto.aio.client + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: azure.keyvault.keys.crypto.aio + :members: + :undoc-members: + :show-inheritance: diff --git a/doc/sphinx/ref/azure.keyvault.keys.crypto.rst b/doc/sphinx/ref/azure.keyvault.keys.crypto.rst new file mode 100644 index 000000000000..b198d54e1866 --- /dev/null +++ b/doc/sphinx/ref/azure.keyvault.keys.crypto.rst @@ -0,0 +1,37 @@ +azure.keyvault.keys.crypto package +================================== + +Subpackages +----------- + +.. toctree:: + + azure.keyvault.keys.crypto.aio + +Submodules +---------- + +azure.keyvault.keys.crypto.client module +---------------------------------------- + +.. automodule:: azure.keyvault.keys.crypto.client + :members: + :undoc-members: + :show-inheritance: + +azure.keyvault.keys.crypto.enums module +--------------------------------------- + +.. automodule:: azure.keyvault.keys.crypto.enums + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: azure.keyvault.keys.crypto + :members: + :undoc-members: + :show-inheritance: diff --git a/doc/sphinx/ref/azure.keyvault.keys.rst b/doc/sphinx/ref/azure.keyvault.keys.rst index 141235bb8b27..c68c95603b82 100644 --- a/doc/sphinx/ref/azure.keyvault.keys.rst +++ b/doc/sphinx/ref/azure.keyvault.keys.rst @@ -7,14 +7,31 @@ Subpackages .. toctree:: azure.keyvault.keys.aio + azure.keyvault.keys.crypto Submodules ---------- -azure.keyvault.keys.version module ----------------------------------- +azure.keyvault.keys.client module +--------------------------------- -.. automodule:: azure.keyvault.keys.version +.. automodule:: azure.keyvault.keys.client + :members: + :undoc-members: + :show-inheritance: + +azure.keyvault.keys.enums module +-------------------------------- + +.. automodule:: azure.keyvault.keys.enums + :members: + :undoc-members: + :show-inheritance: + +azure.keyvault.keys.models module +--------------------------------- + +.. automodule:: azure.keyvault.keys.models :members: :undoc-members: :show-inheritance: diff --git a/sdk/keyvault/azure-keyvault-keys/HISTORY.md b/sdk/keyvault/azure-keyvault-keys/HISTORY.md index 0bd80f37e154..8b2b0e6aaca6 100644 --- a/sdk/keyvault/azure-keyvault-keys/HISTORY.md +++ b/sdk/keyvault/azure-keyvault-keys/HISTORY.md @@ -5,6 +5,8 @@ - Removed `azure.core.Configuration` from the public API in preparation for a revamped configuration API. Static `create_config` methods have been renamed `_create_config`, and will be removed in a future release. +- Removed `wrap_key` and `unwrap_key` from `KeyClient`. These are now available +through `CryptographyClient`. - This version of the library requires `azure-core` 1.0.0b2 - If you later want to revert to a version requiring azure-core 1.0.0b1, of this or another Azure SDK library, you must explicitly install azure-core @@ -12,6 +14,8 @@ revamped configuration API. Static `create_config` methods have been renamed `pip install azure-core==1.0.0b1 azure-keyvault-keys==4.0.0b1` ### New features: +- Added `CryptographyClient`, a client for performing cryptographic operations +(encrypt/decrypt, wrap/unwrap, sign/verify) with a key. - Distributed tracing framework OpenCensus is now supported - Added support for HTTP challenge based authentication, allowing clients to interact with vaults in sovereign clouds. @@ -54,7 +58,7 @@ only) ### `azure-keyvault` features not implemented in this release - Certificate management APIs -- Cryptographic operations, e.g. sign, un/wrap, verify, en- and +- Cryptographic operations, e.g. sign, un/wrap_key, verify, en- and decrypt - National cloud support. This release supports public global cloud vaults, e.g. https://{vault-name}.vault.azure.net diff --git a/sdk/keyvault/azure-keyvault-keys/README.md b/sdk/keyvault/azure-keyvault-keys/README.md index 44d5ee7e9179..36d4a2e3bb38 100644 --- a/sdk/keyvault/azure-keyvault-keys/README.md +++ b/sdk/keyvault/azure-keyvault-keys/README.md @@ -152,6 +152,26 @@ for key in keys: print(key.name) ``` +### Cryptographic operations +`CryptographyClient` enables cryptographic operations (encrypt/decrypt, +wrap/unwrap, sign/verify) using a particular key. + +```py +from azure.identity import DefaultAzureCredential +from azure.keyvault.keys import KeyClient +from azure.keyvault.keys.crypto import EncryptionAlgorithm + +credential = DefaultAzureCredential() +key_client = KeyClient(vault_url=vault_url, credential=credential) + +key = key_client.get_key("my-key") +crypto_client = key_client.get_cryptography_client(key) + +result = crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, plaintext) +crypto_client.decrypt(result.algorithm, result.ciphertext) +``` +See the [reference documentation][reference_docs] for more information. + ### Async operations This library includes a complete async API supported on Python 3.5+. To use it, you must first install an async transport, such as [`aiohttp`](https://pypi.org/project/aiohttp/). diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/client.py index 7f345a4143ce..8ed40bd7fa3a 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/client.py @@ -3,7 +3,7 @@ # Licensed under the MIT License. # ------------------------------------ from datetime import datetime -from typing import Any, AsyncIterable, Mapping, Optional, Dict, List +from typing import Any, AsyncIterable, Mapping, Optional, Dict, List, Union from azure.core.exceptions import ResourceExistsError, ResourceNotFoundError from azure.core.tracing.decorator import distributed_trace @@ -11,6 +11,8 @@ from azure.keyvault.keys.models import DeletedKey, JsonWebKey, Key, KeyBase, KeyOperationResult from azure.keyvault.keys._shared import AsyncKeyVaultClientBase +from ..crypto.aio import CryptographyClient + class KeyClient(AsyncKeyVaultClientBase): """A high-level asynchronous interface for managing a vault's keys. @@ -30,6 +32,12 @@ class KeyClient(AsyncKeyVaultClientBase): # pylint:disable=protected-access + def get_cryptography_client(self, key: Union[Key, str], **kwargs: Any) -> CryptographyClient: + # the initializer requires a credential but won't actually use it in this case because we pass in this + # KeyClient's generated client, whose pipeline (and auth policy) is fully configured + credential = object() + return CryptographyClient(key, credential, generated_client=self._client, **kwargs) + @distributed_trace_async async def create_key( self, diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/client.py index 57275b9ab954..9a044c7056af 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/client.py @@ -19,6 +19,7 @@ from azure.core.tracing.decorator import distributed_trace from ._shared import KeyVaultClientBase +from .crypto import CryptographyClient from .models import Key, KeyBase, DeletedKey, KeyOperationResult @@ -40,6 +41,14 @@ class KeyClient(KeyVaultClientBase): # pylint:disable=protected-access + def get_cryptography_client(self, key, **kwargs): + # type: (Union[Key, str], Any) -> CryptographyClient + + # the initializer requires a credential but won't actually use it in this case because we pass in this + # KeyClient's generated client, whose pipeline (and auth policy) is fully configured + credential = object() + return CryptographyClient(key, credential, generated_client=self._client, **kwargs) + @distributed_trace def create_key( self, @@ -510,69 +519,3 @@ def import_key(self, name, key, hsm=None, enabled=None, not_before=None, expires self.vault_url, name, key=key, hsm=hsm, key_attributes=attributes, tags=tags, **kwargs ) return Key._from_key_bundle(bundle) - - @distributed_trace - def wrap_key(self, name, algorithm, value, version=None, **kwargs): - # type: (str, str, Optional[str], bytes, Mapping[str, Any]) -> KeyOperationResult - """Wraps a symmetric key using a specified key. - - The WRAP operation supports encryption of a symmetric key using a key - encryption key that has previously been stored in an Azure Key Vault. - The WRAP operation is only strictly necessary for symmetric keys stored - in Azure Key Vault since protection with an asymmetric key can be - performed using the public portion of the key. This operation is - supported for asymmetric keys as a convenience for callers that have a - key-reference but do not have access to the public key material. This - operation requires the keys/wrapKey permission. - - :param str name: The name of the key - :param str version: The version of the key. - :param algorithm: algorithm identifier. Possible values include: - 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' - :type algorithm: str or - ~azure.security.keyvault.v7_0.models.JsonWebKeyEncryptionAlgorithm - :param value: - :type value: bytes - :returns: The wrapped symmetric key. - :rtype: ~azure.keyvault.keys.models.Key - - """ - if version is None: - version = "" - - bundle = self._client.wrap_key( - self.vault_url, name, key_version=version, algorithm=algorithm, value=value, **kwargs - ) - return KeyOperationResult(id=bundle.kid, value=bundle.result) - - @distributed_trace - def unwrap_key(self, name, algorithm, value, version=None, **kwargs): - # type: (str, str, Optional[str], bytes, Mapping[str, Any]) -> KeyOperationResult - """Unwraps a symmetric key using the specified key that was initially used - for wrapping that key. - - The UNWRAP operation supports decryption of a symmetric key using the - target key encryption key. This operation is the reverse of the WRAP - operation. The UNWRAP operation applies to asymmetric and symmetric - keys stored in Azure Key Vault since it uses the private portion of the - key. This operation requires the keys/unwrapKey permission. - - :param str name: The name of the key - :param str version: The version of the key. - :param algorithm: algorithm identifier. Possible values include: - 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' - :type algorithm: str or - ~azure.security.keyvault.v7_0.models.JsonWebKeyEncryptionAlgorithm - :param value: - :type value: bytes - :returns: The unwrapped symmetric key. - :rtype: ~azure.keyvault.keys.models.Key - - """ - if version is None: - version = "" - - bundle = self._client.unwrap_key( - self.vault_url, name, key_version=version, algorithm=algorithm, value=value, **kwargs - ) - return KeyOperationResult(id=bundle.kid, value=bundle.result) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/__init__.py new file mode 100644 index 000000000000..7aceb566002a --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/__init__.py @@ -0,0 +1,29 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +from collections import namedtuple + +DecryptResult = namedtuple("DecryptResult", ["decrypted_bytes"]) +EncryptResult = namedtuple("EncryptResult", ["key_id", "algorithm", "ciphertext", "authentication_tag"]) +SignResult = namedtuple("SignResult", ["key_id", "algorithm", "signature"]) +VerifyResult = namedtuple("VerifyResult", ["result"]) +UnwrapKeyResult = namedtuple("UnwrapKeyResult", ["unwrapped_bytes"]) +WrapKeyResult = namedtuple("WrapKeyResult", ["key_id", "algorithm", "encrypted_key"]) + +from .client import CryptographyClient +from .enums import EncryptionAlgorithm, KeyWrapAlgorithm, SignatureAlgorithm + + +__all__ = [ + "CryptographyClient", + "DecryptResult", + "EncryptionAlgorithm", + "EncryptResult", + "KeyWrapAlgorithm", + "SignatureAlgorithm", + "SignResult", + "UnwrapKeyResult", + "VerifyResult", + "WrapKeyResult", +] diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/__init__.py new file mode 100644 index 000000000000..6a1b8bbf1191 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/__init__.py @@ -0,0 +1,17 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +from .client import CryptographyClient +from .. import EncryptionAlgorithm, KeyWrapAlgorithm, SignatureAlgorithm +from .. import EncryptResult, SignResult, WrapKeyResult + +__all__ = [ + "CryptographyClient", + "EncryptionAlgorithm", + "EncryptResult", + "KeyWrapAlgorithm", + "SignatureAlgorithm", + "SignResult", + "WrapKeyResult", +] diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/client.py new file mode 100644 index 000000000000..e10235b992ac --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/client.py @@ -0,0 +1,245 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +try: + from typing import TYPE_CHECKING +except ImportError: + TYPE_CHECKING = False + +if TYPE_CHECKING: + # pylint:disable=unused-import + from typing import Any, Optional, Union + from azure.core.credentials import TokenCredential + from .. import EncryptionAlgorithm, KeyWrapAlgorithm, SignatureAlgorithm + +from azure.core.exceptions import HttpResponseError + +from .. import DecryptResult, EncryptResult, SignResult, VerifyResult, UnwrapKeyResult, WrapKeyResult +from azure.keyvault.keys.models import Key +from azure.keyvault.keys._shared import AsyncKeyVaultClientBase, parse_vault_id + + +class CryptographyClient(AsyncKeyVaultClientBase): + """ + Performs cryptographic operations using Azure Key Vault keys. + + :param key: + Either a :class:`~azure.keyvault.keys.models.Key` instance as returned by + :func:`~azure.keyvault.keys.KeyClient.get_key`, or a string. + If a string, the value must be the full identifier of an Azure Key Vault key with a version. + :type key: str or :class:`~azure.keyvault.keys.models.Key` + :param credential: An object which can provide an access token for the vault, such as a credential from + :mod:`azure.identity` + + Keyword arguments + - *api_version* - version of the Key Vault API to use. Defaults to the most recent. + """ + + def __init__(self, key: "Union[Key, str]", credential: "TokenCredential", **kwargs: "Any") -> None: + if isinstance(key, Key): + self._key = key + self._key_id = parse_vault_id(key.id) + elif isinstance(key, str): + self._key = None + self._key_id = parse_vault_id(key) + self._get_key_forbidden = None # type: Optional[bool] + else: + raise ValueError("'key' must be a Key instance or a key ID string including a version") + + if not self._key_id.version: + raise ValueError("'key' must include a version") + + super(CryptographyClient, self).__init__(vault_url=self._key_id.vault_url, credential=credential, **kwargs) + + @property + def key_id(self) -> str: + """ + The full identifier of the client's key. + + :rtype: str + """ + return "/".join(self._key_id) + + async def get_key(self) -> "Optional[Key]": + """ + Get the client's :class:`~azure.keyvault.keys.models.Key`. + Can be `None`, if the client lacks keys/get permission. + + :rtype: :class:`~azure.keyvault.keys.models.Key` or None + """ + + if not (self._key or self._get_key_forbidden): + try: + self._key = await self._client.get_key(self._key_id.vault_url, self._key_id.name, self._key_id.version) + except HttpResponseError as ex: + self._get_key_forbidden = ex.status_code == 403 + return self._key + + async def encrypt(self, algorithm: "EncryptionAlgorithm", plaintext: bytes, **kwargs: "Any") -> EncryptResult: + """ + Encrypt bytes using the client's key. Requires the keys/encrypt permission. + + This method encrypts only a single block of data, the size of which depends on the key and encryption algorithm. + + :param algorithm: encryption algorithm to use + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.EncryptionAlgorithm` + :param bytes plaintext: bytes to encrypt + :rtype: :class:`~azure.keyvault.keys.crypto.EncryptResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import EncryptionAlgorithm + + # encrypt returns a tuple with the ciphertext and the metadata required to decrypt it + key_id, algorithm, ciphertext, authentication_tag = await client.encrypt(EncryptionAlgorithm.rsa_oaep, b"plaintext") + + """ + + result = await self._client.encrypt( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm, plaintext, **kwargs + ) + return EncryptResult(key_id=self.key_id, algorithm=algorithm, ciphertext=result.result, authentication_tag=None) + + async def decrypt(self, algorithm: "EncryptionAlgorithm", ciphertext: bytes, **kwargs: "Any") -> DecryptResult: + """ + Decrypt a single block of encrypted data using the client's key. Requires the keys/decrypt permission. + + This method decrypts only a single block of data, the size of which depends on the key and encryption algorithm. + + :param algorithm: encryption algorithm to use + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.EncryptionAlgorithm` + :param bytes ciphertext: encrypted bytes to decrypt + :rtype: :class:`~azure.keyvault.keys.crypto.DecryptResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import EncryptionAlgorithm + + result = await client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext) + print(result.decrypted_bytes) + + """ + + authentication_data = kwargs.pop("authentication_data", None) + authentication_tag = kwargs.pop("authentication_tag", None) + if authentication_data and not authentication_tag: + raise ValueError("'authentication_tag' is required when 'authentication_data' is specified") + + result = await self._client.decrypt( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm, ciphertext, **kwargs + ) + return DecryptResult(decrypted_bytes=result.result) + + async def wrap(self, algorithm: "KeyWrapAlgorithm", key: bytes, **kwargs: "Any") -> WrapKeyResult: + """ + Wrap a key with the client's key. Requires the keys/wrapKey permission. + + :param algorithm: wrapping algorithm to use + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.KeyWrapAlgorithm` + :param bytes key: key to wrap + :rtype: :class:`~azure.keyvault.keys.crypto.WrapKeyResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import KeyWrapAlgorithm + + # wrap returns a tuple with the wrapped bytes and the metadata required to unwrap the key + key_id, wrap_algorithm, wrapped_bytes = await client.wrap(KeyWrapAlgorithm.rsa_oaep, key_bytes) + + """ + + result = await self._client.wrap_key( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm=algorithm, value=key, **kwargs + ) + return WrapKeyResult(key_id=self.key_id, algorithm=algorithm, encrypted_key=result.result) + + async def unwrap(self, algorithm: "KeyWrapAlgorithm", encrypted_key: bytes, **kwargs: "Any") -> UnwrapKeyResult: + """ + Unwrap a key previously wrapped with the client's key. Requires the keys/unwrapKey permission. + + :param algorithm: wrapping algorithm to use + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.KeyWrapAlgorithm` + :param bytes encrypted_key: the wrapped key + :rtype: :class:`~azure.keyvault.keys.crypto.UnwrapKeyResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import KeyWrapAlgorithm + + result = await client.unwrap(KeyWrapAlgorithm.rsa_oaep, wrapped_bytes) + unwrapped_bytes = result.unwrapped_bytes + + """ + + result = await self._client.unwrap_key( + self._key_id.vault_url, + self._key_id.name, + self._key_id.version, + algorithm=algorithm, + value=encrypted_key, + **kwargs + ) + return UnwrapKeyResult(unwrapped_bytes=result.result) + + async def sign(self, algorithm: "SignatureAlgorithm", digest: bytes, **kwargs: "Any") -> SignResult: + """ + Create a signature from a digest using the client's key. Requires the keys/sign permission. + + :param algorithm: signing algorithm + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.SignatureAlgorithm` + :param bytes digest: hashed bytes to sign + :rtype: :class:`~azure.keyvault.keys.crypto.SignResult` + + Example: + + .. code-block:: python + + import hashlib + from azure.keyvault.keys.crypto import SignatureAlgorithm + + digest = hashlib.sha256(b"plaintext").digest() + + # sign returns a tuple with the signature and the metadata required to verify it + key_id, algorithm, signature = await client.sign(SignatureAlgorithm.rs256, digest) + + """ + + result = await self._client.sign( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm, digest, **kwargs + ) + return SignResult(key_id=self.key_id, algorithm=algorithm, signature=result.result) + + async def verify(self, algorithm: "SignatureAlgorithm", digest: bytes, signature: bytes, **kwargs: "Any") -> VerifyResult: + """ + Verify a signature using the client's key. Requires the keys/verify permission. + + :param algorithm: verification algorithm + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.SignatureAlgorithm` + :param bytes digest: + :param bytes signature: + :rtype: :class:`~azure.keyvault.keys.crypto.VerifyResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import SignatureAlgorithm + + verified = await client.verify(SignatureAlgorithm.rs256, digest, signature) + assert verified.result is True + + """ + + result = await self._client.verify( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm, digest, signature, **kwargs + ) + return VerifyResult(result=result.value) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/client.py new file mode 100644 index 000000000000..25fc5f12dec0 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/client.py @@ -0,0 +1,256 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +try: + from typing import TYPE_CHECKING +except ImportError: + TYPE_CHECKING = False + +if TYPE_CHECKING: + # pylint:disable=unused-import + from typing import Any, Optional, Union + from azure.core.credentials import TokenCredential + from . import EncryptionAlgorithm, KeyWrapAlgorithm, SignatureAlgorithm + +from azure.core.exceptions import HttpResponseError +import six + +from . import DecryptResult, EncryptResult, SignResult, VerifyResult, UnwrapKeyResult, WrapKeyResult +from ..models import Key +from .._shared import KeyVaultClientBase, parse_vault_id + + +class CryptographyClient(KeyVaultClientBase): + """ + Performs cryptographic operations using Azure Key Vault keys. + + :param key: + Either a :class:`~azure.keyvault.keys.models.Key` instance as returned by + :func:`~azure.keyvault.keys.KeyClient.get_key`, or a string. + If a string, the value must be the full identifier of an Azure Key Vault key with a version. + :type key: str or :class:`~azure.keyvault.keys.models.Key` + :param credential: An object which can provide an access token for the vault, such as a credential from + :mod:`azure.identity` + + Keyword arguments + - *api_version* - version of the Key Vault API to use. Defaults to the most recent. + """ + + def __init__(self, key, credential, **kwargs): + # type: (Union[Key, str], TokenCredential, Any) -> None + + if isinstance(key, Key): + self._key = key + self._key_id = parse_vault_id(key.id) + elif isinstance(key, six.text_type): + self._key = None + self._key_id = parse_vault_id(key) + self._get_key_forbidden = None # type: Optional[bool] + else: + raise ValueError("'key' must be a Key instance or a key ID string including a version") + + if not self._key_id.version: + raise ValueError("'key' must include a version") + + super(CryptographyClient, self).__init__(vault_url=self._key_id.vault_url, credential=credential, **kwargs) + + @property + def key_id(self): + # type: () -> str + """ + The full identifier of the client's key. + + :rtype: str + """ + return "/".join(self._key_id) + + def get_key(self): + # type: () -> Optional[Key] + """ + Get the client's :class:`~azure.keyvault.keys.models.Key`. + Can be ``None``, if the client lacks keys/get permission. + + :rtype: :class:`~azure.keyvault.keys.models.Key` or ``None`` + """ + + if not (self._key or self._get_key_forbidden): + try: + self._key = self._client.get_key(self._key_id.vault_url, self._key_id.name, self._key_id.version) + except HttpResponseError as ex: + self._get_key_forbidden = ex.status_code == 403 + return self._key + + def encrypt(self, algorithm, plaintext, **kwargs): + # type: (EncryptionAlgorithm, bytes, Any) -> EncryptResult + """ + Encrypt bytes using the client's key. Requires the keys/encrypt permission. + + This method encrypts only a single block of data, the size of which depends on the key and encryption algorithm. + + :param algorithm: encryption algorithm to use + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.EncryptionAlgorithm` + :param bytes plaintext: bytes to encrypt + :rtype: :class:`~azure.keyvault.keys.crypto.EncryptResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import EncryptionAlgorithm + + # encrypt returns a tuple with the ciphertext and the metadata required to decrypt it + key_id, algorithm, ciphertext, authentication_tag = client.encrypt(EncryptionAlgorithm.rsa_oaep, b"plaintext") + + """ + + result = self._client.encrypt( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm, plaintext, **kwargs + ) + return EncryptResult(key_id=self.key_id, algorithm=algorithm, ciphertext=result.result, authentication_tag=None) + + def decrypt(self, algorithm, ciphertext, **kwargs): + # type: (EncryptionAlgorithm, bytes, Any) -> DecryptResult + """ + Decrypt a single block of encrypted data using the client's key. Requires the keys/decrypt permission. + + This method decrypts only a single block of data, the size of which depends on the key and encryption algorithm. + + :param algorithm: encryption algorithm to use + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.EncryptionAlgorithm` + :param bytes ciphertext: encrypted bytes to decrypt + :rtype: :class:`~azure.keyvault.keys.crypto.DecryptResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import EncryptionAlgorithm + + result = client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext) + print(result.decrypted_bytes) + + """ + + authentication_data = kwargs.pop("authentication_data", None) + authentication_tag = kwargs.pop("authentication_tag", None) + if authentication_data and not authentication_tag: + raise ValueError("'authentication_tag' is required when 'authentication_data' is specified") + + result = self._client.decrypt( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm, ciphertext, **kwargs + ) + return DecryptResult(decrypted_bytes=result.result) + + def wrap(self, algorithm, key, **kwargs): + # type: (KeyWrapAlgorithm, bytes, Any) -> WrapKeyResult + """ + Wrap a key with the client's key. Requires the keys/wrapKey permission. + + :param algorithm: wrapping algorithm to use + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.KeyWrapAlgorithm` + :param bytes key: key to wrap + :rtype: :class:`~azure.keyvault.keys.crypto.WrapKeyResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import KeyWrapAlgorithm + + # wrap returns a tuple with the wrapped bytes and the metadata required to unwrap the key + key_id, wrap_algorithm, wrapped_bytes = client.wrap(KeyWrapAlgorithm.rsa_oaep, key_bytes) + + """ + + result = self._client.wrap_key( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm=algorithm, value=key, **kwargs + ) + return WrapKeyResult(key_id=self.key_id, algorithm=algorithm, encrypted_key=result.result) + + def unwrap(self, algorithm, encrypted_key, **kwargs): + # type: (KeyWrapAlgorithm, bytes, Any) -> UnwrapKeyResult + """ + Unwrap a key previously wrapped with the client's key. Requires the keys/unwrapKey permission. + + :param algorithm: wrapping algorithm to use + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.KeyWrapAlgorithm` + :param bytes encrypted_key: the wrapped key + :rtype: :class:`~azure.keyvault.keys.crypto.UnwrapKeyResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import KeyWrapAlgorithm + + result = client.unwrap(KeyWrapAlgorithm.rsa_oaep, wrapped_bytes) + unwrapped_bytes = result.unwrapped_bytes + + """ + + result = self._client.unwrap_key( + self._key_id.vault_url, + self._key_id.name, + self._key_id.version, + algorithm=algorithm, + value=encrypted_key, + **kwargs + ) + return UnwrapKeyResult(unwrapped_bytes=result.result) + + def sign(self, algorithm, digest, **kwargs): + # type: (SignatureAlgorithm, bytes, Any) -> SignResult + """ + Create a signature from a digest using the client's key. Requires the keys/sign permission. + + :param algorithm: signing algorithm + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.SignatureAlgorithm` + :param bytes digest: hashed bytes to sign + :rtype: :class:`~azure.keyvault.keys.crypto.SignResult` + + Example: + + .. code-block:: python + + import hashlib + from azure.keyvault.keys.crypto import SignatureAlgorithm + + digest = hashlib.sha256(b"plaintext").digest() + + # sign returns a tuple with the signature and the metadata required to verify it + key_id, algorithm, signature = client.sign(SignatureAlgorithm.rs256, digest) + + """ + + result = self._client.sign( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm, digest, **kwargs + ) + return SignResult(key_id=self.key_id, algorithm=algorithm, signature=result.result) + + def verify(self, algorithm, digest, signature, **kwargs): + # type: (SignatureAlgorithm, bytes, bytes, Any) -> VerifyResult + """ + Verify a signature using the client's key. Requires the keys/verify permission. + + :param algorithm: verification algorithm + :type algorithm: :class:`~azure.keyvault.keys.crypto.enums.SignatureAlgorithm` + :param bytes digest: + :param bytes signature: + :rtype: :class:`~azure.keyvault.keys.crypto.VerifyResult` + + Example: + + .. code-block:: python + + from azure.keyvault.keys.crypto import SignatureAlgorithm + + verified = client.verify(SignatureAlgorithm.rs256, digest, signature) + assert verified.result is True + + """ + + result = self._client.verify( + self._key_id.vault_url, self._key_id.name, self._key_id.version, algorithm, digest, signature, **kwargs + ) + return VerifyResult(result=result.value) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/enums.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/enums.py new file mode 100644 index 000000000000..13c29c49e12e --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/enums.py @@ -0,0 +1,36 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +from enum import Enum + + +class KeyWrapAlgorithm(str, Enum): + """Key wrapping algorithms""" + + rsa_oaep = "RSA-OAEP" + rsa_oaep_256 = "RSA-OAEP-256" + rsa1_5 = "RSA1_5" + + +class EncryptionAlgorithm(str, Enum): + """Encryption algorithms""" + + rsa_oaep = "RSA-OAEP" + rsa_oaep_256 = "RSA-OAEP-256" + rsa1_5 = "RSA1_5" + + +class SignatureAlgorithm(str, Enum): + """Signature algorithms, described in https://tools.ietf.org/html/rfc7518""" + + ps256 = "PS256" #: RSASSA-PSS using SHA-256 and MGF1 with SHA-256 + ps384 = "PS384" #: RSASSA-PSS using SHA-384 and MGF1 with SHA-384 + ps512 = "PS512" #: RSASSA-PSS using SHA-512 and MGF1 with SHA-512 + rs256 = "RS256" #: RSASSA-PKCS1-v1_5 using SHA-256 + rs384 = "RS384" #: RSASSA-PKCS1-v1_5 using SHA-384 + rs512 = "RS512" #: RSASSA-PKCS1-v1_5 using SHA-512 + es256 = "ES256" #: ECDSA using P-256 and SHA-256 + es384 = "ES384" #: ECDSA using P-384 and SHA-384 + es512 = "ES512" #: ECDSA using P-521 and SHA-512 + es256_k = "ES256K" #: ECDSA using P-256K and SHA-256 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client.test_encrypt_and_decrypt.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client.test_encrypt_and_decrypt.yaml new file mode 100644 index 000000000000..80e7d5b968fc --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client.test_encrypt_and_decrypt.yaml @@ -0,0 +1,221 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: PUT + uri: https://vault899e11dd.vault.azure.net/keys/keycrypt899e11dd?api-version=7.0 + response: + body: + string: '' + headers: + cache-control: + - no-cache + content-length: + - '0' + date: + - Thu, 25 Jul 2019 21:56:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + www-authenticate: + - Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 401 + message: Unauthorized +- request: + body: '{"key": {"n": "AKCRTQAjSsaDshtMFdW-2Ie9yVnC5Xr1Suc06PAHINd10nXkVSB-N4TO62ClCkZV3XKnqU0nHo7o95WaZpym53W_DiO62umRtFKdl4UotL2QUh0y3SZWeWuoK2u_x2aMj17rUFN0f9GZMZ0pqEQNCPRBLVJ_-TEe2nGCWSC0exxGsRqz6R1zFkB-icfzQPe4WjQELOUXQ7J9RxhAPTTHtDivYYG-BeTRHrmF04JT1_6b9T_C8bAC0i0teT-nmlBLarQtBJKATXBx1yegbPOoiTqlQrFQP4MrKWNxtnB9Tcbjcvj-Z9je0ckI_eRc4DvAhqcUh_p15Dqg4GeaoNIO_jU", + "d": "Ynx9JGaBSP4iUsf6ZJ6opantRNdcdmzaQrKbZg6ZQE8Ohi1FYabJWvaoPSE-CiJEsDzShXZHMhUHN4X7Bn8BXaGQhK3p9HXgiwQKmix7oAJTu4ElUIyd8UC3UWHSZr40el4PaQD-HYu_eMzCXus34MnRiNbh_BUWm6T-Eidhk9d3kNIyaSi9YNDQHW6tjWrEhhq63O7JU1j9ZonFChZxpKk20jdkQKQURVAdpOdL-5j4I70ZxFuU6wHZj8DS8oRQfwGOvZKbgYDb5jgf3UNL_7eACqq92XPVX56vm7iKbqeyjCqAIx5y3hrSRIJtZlWCwjYnYQGd4unxDLi8wmJWSQ", + "qi": "AJ_nrkLpK8BPzVeARkvSHQyKwMWZ-a8CD95qsKfn0dOZAvXY-2xhQYTEwbED-0bpTNEKbIpA-ZkaHygmnzJkNbbFAnb9pkkzU8ZQqDP3JNgMfVIroWx58Oth9nJza2j7i-MkPRCUPEq3Ao0J52z7WJIiLji8TTVYW_NaiM1oxzsH", + "p": "ANHerI1o3dLB_VLVmZZVss8VZSYN5SaeQ_0qhfOSgOFwj__waCFmy2EG7l6l6f_Z-Y0L7Mn_LNov68lyWSFa2EuQUeVj4UoFHc5Di8ZUGiSsTwFM-XMtNuv8HmGgDYLL5BIJD3eTz71LdgW-Ez38OZH34b7VeG8zfeUDb8Hi30zz", + "key_ops": ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"], + "dp": "AMmhWb5yZcu6vJr8xJZ-t0_likxJRUMZAtEULaWZt2DgODj4y9JrZDJP6mvckzhQP0WXk2NuWbU2HR5pUeCN2wieG1B76VKoH76vfnaJDqT1NuJVBcP2SLHog3ffwZtMME5zjfygchG3kihqOSpwTQ9ETAqAJTkRC38fEhwAz_Cp", + "kty": "RSA", "q": "AMPcZrZBqbc82DO8Q5zTT8ZXRGWrW36KktMllaIk1W2RHnRiQiW0jBWmcCgqUcQNHa1LwumjyNqwx28QBS37BTvG7ULGUoio6LrOeoiBGEMj-U19sX6m37plEhj5Mak7j3OPPY_T9rohjTW5aGGg9YSwq4jdz0RrmBX00ofYOjI3", + "dq": "AKC9TAo9n2RDaggjdLXK8kiLrBVoaWFTpqXkzYXRhtsx4vWPAkxhfSnze05rVMl6HiXv7FnE0f0wYawzUJzoyuXBH0zS6D9BqCZPeF543AmWB27iPf38Q9Z8Rjr6oBgMSnGDV_mm8nDVQkeaDyE4cOZh-5UKvKShTKKQVwunmDNH", + "e": "AQAB"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '1724' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: PUT + uri: https://vault899e11dd.vault.azure.net/keys/keycrypt899e11dd?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vault899e11dd.vault.azure.net/keys/keycrypt899e11dd/06669bf3be054e00baff271677b662de","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"AKCRTQAjSsaDshtMFdW-2Ie9yVnC5Xr1Suc06PAHINd10nXkVSB-N4TO62ClCkZV3XKnqU0nHo7o95WaZpym53W_DiO62umRtFKdl4UotL2QUh0y3SZWeWuoK2u_x2aMj17rUFN0f9GZMZ0pqEQNCPRBLVJ_-TEe2nGCWSC0exxGsRqz6R1zFkB-icfzQPe4WjQELOUXQ7J9RxhAPTTHtDivYYG-BeTRHrmF04JT1_6b9T_C8bAC0i0teT-nmlBLarQtBJKATXBx1yegbPOoiTqlQrFQP4MrKWNxtnB9Tcbjcvj-Z9je0ckI_eRc4DvAhqcUh_p15Dqg4GeaoNIO_jU","e":"AQAB"},"attributes":{"enabled":true,"created":1564091794,"updated":1564091794,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: + - no-cache + content-length: + - '653' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 25 Jul 2019 21:56:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"value": "NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ", + "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '299' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vault899e11dd.vault.azure.net/keys/keycrypt899e11dd/06669bf3be054e00baff271677b662de/encrypt?api-version=7.0 + response: + body: + string: '{"kid":"https://vault899e11dd.vault.azure.net/keys/keycrypt899e11dd/06669bf3be054e00baff271677b662de","value":"EccW1iW_fq68ZQZFOvJ9DX_Tnf4kud6daHTOyXZCjhcyBr8TwEDOef_uJppgEvh9NbxL2XFHPpKOyBTRWOR2wpwGfYKzTDh2QJToXsbXq5zs4Gh2VqM7ar42o9umGGDueGeleATKNMsz-WIGO_P1ErnP-VbqqRvgqv72iBQKLRi855qGfSa3uKho-GMV3s8lnIgbgVozwLNg5vgj1bjq7rIZALq_x6a6opn8RCN9eQCrc-2kYjA_NBql-CDaQV1wA2acOqAHLyfpK5JihWUBkzTD1dVFsQw3stdUIrcLf3LYDwe3Ti9kxh6KPJv-4PjCbyiG5sQwJ66DmyeFFpuB-Q"}' + headers: + cache-control: + - no-cache + content-length: + - '455' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 25 Jul 2019 21:56:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"value": "EccW1iW_fq68ZQZFOvJ9DX_Tnf4kud6daHTOyXZCjhcyBr8TwEDOef_uJppgEvh9NbxL2XFHPpKOyBTRWOR2wpwGfYKzTDh2QJToXsbXq5zs4Gh2VqM7ar42o9umGGDueGeleATKNMsz-WIGO_P1ErnP-VbqqRvgqv72iBQKLRi855qGfSa3uKho-GMV3s8lnIgbgVozwLNg5vgj1bjq7rIZALq_x6a6opn8RCN9eQCrc-2kYjA_NBql-CDaQV1wA2acOqAHLyfpK5JihWUBkzTD1dVFsQw3stdUIrcLf3LYDwe3Ti9kxh6KPJv-4PjCbyiG5sQwJ66DmyeFFpuB-Q", + "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '374' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vault899e11dd.vault.azure.net/keys/keycrypt899e11dd/06669bf3be054e00baff271677b662de/decrypt?api-version=7.0 + response: + body: + string: '{"kid":"https://vault899e11dd.vault.azure.net/keys/keycrypt899e11dd/06669bf3be054e00baff271677b662de","value":"NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' + headers: + cache-control: + - no-cache + content-length: + - '380' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 25 Jul 2019 21:56:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client.test_sign_and_verify.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client.test_sign_and_verify.yaml new file mode 100644 index 000000000000..56aed2244bc7 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client.test_sign_and_verify.yaml @@ -0,0 +1,219 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: PUT + uri: https://vault44471023.vault.azure.net/keys/keysign44471023?api-version=7.0 + response: + body: + string: '' + headers: + cache-control: + - no-cache + content-length: + - '0' + date: + - Thu, 25 Jul 2019 21:34:51 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + www-authenticate: + - Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 401 + message: Unauthorized +- request: + body: '{"key": {"qi": "AJ_nrkLpK8BPzVeARkvSHQyKwMWZ-a8CD95qsKfn0dOZAvXY-2xhQYTEwbED-0bpTNEKbIpA-ZkaHygmnzJkNbbFAnb9pkkzU8ZQqDP3JNgMfVIroWx58Oth9nJza2j7i-MkPRCUPEq3Ao0J52z7WJIiLji8TTVYW_NaiM1oxzsH", + "e": "AQAB", "kty": "RSA", "q": "AMPcZrZBqbc82DO8Q5zTT8ZXRGWrW36KktMllaIk1W2RHnRiQiW0jBWmcCgqUcQNHa1LwumjyNqwx28QBS37BTvG7ULGUoio6LrOeoiBGEMj-U19sX6m37plEhj5Mak7j3OPPY_T9rohjTW5aGGg9YSwq4jdz0RrmBX00ofYOjI3", + "p": "ANHerI1o3dLB_VLVmZZVss8VZSYN5SaeQ_0qhfOSgOFwj__waCFmy2EG7l6l6f_Z-Y0L7Mn_LNov68lyWSFa2EuQUeVj4UoFHc5Di8ZUGiSsTwFM-XMtNuv8HmGgDYLL5BIJD3eTz71LdgW-Ez38OZH34b7VeG8zfeUDb8Hi30zz", + "n": "AKCRTQAjSsaDshtMFdW-2Ie9yVnC5Xr1Suc06PAHINd10nXkVSB-N4TO62ClCkZV3XKnqU0nHo7o95WaZpym53W_DiO62umRtFKdl4UotL2QUh0y3SZWeWuoK2u_x2aMj17rUFN0f9GZMZ0pqEQNCPRBLVJ_-TEe2nGCWSC0exxGsRqz6R1zFkB-icfzQPe4WjQELOUXQ7J9RxhAPTTHtDivYYG-BeTRHrmF04JT1_6b9T_C8bAC0i0teT-nmlBLarQtBJKATXBx1yegbPOoiTqlQrFQP4MrKWNxtnB9Tcbjcvj-Z9je0ckI_eRc4DvAhqcUh_p15Dqg4GeaoNIO_jU", + "dq": "AKC9TAo9n2RDaggjdLXK8kiLrBVoaWFTpqXkzYXRhtsx4vWPAkxhfSnze05rVMl6HiXv7FnE0f0wYawzUJzoyuXBH0zS6D9BqCZPeF543AmWB27iPf38Q9Z8Rjr6oBgMSnGDV_mm8nDVQkeaDyE4cOZh-5UKvKShTKKQVwunmDNH", + "key_ops": ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"], + "d": "Ynx9JGaBSP4iUsf6ZJ6opantRNdcdmzaQrKbZg6ZQE8Ohi1FYabJWvaoPSE-CiJEsDzShXZHMhUHN4X7Bn8BXaGQhK3p9HXgiwQKmix7oAJTu4ElUIyd8UC3UWHSZr40el4PaQD-HYu_eMzCXus34MnRiNbh_BUWm6T-Eidhk9d3kNIyaSi9YNDQHW6tjWrEhhq63O7JU1j9ZonFChZxpKk20jdkQKQURVAdpOdL-5j4I70ZxFuU6wHZj8DS8oRQfwGOvZKbgYDb5jgf3UNL_7eACqq92XPVX56vm7iKbqeyjCqAIx5y3hrSRIJtZlWCwjYnYQGd4unxDLi8wmJWSQ", + "dp": "AMmhWb5yZcu6vJr8xJZ-t0_likxJRUMZAtEULaWZt2DgODj4y9JrZDJP6mvckzhQP0WXk2NuWbU2HR5pUeCN2wieG1B76VKoH76vfnaJDqT1NuJVBcP2SLHog3ffwZtMME5zjfygchG3kihqOSpwTQ9ETAqAJTkRC38fEhwAz_Cp"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '1724' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: PUT + uri: https://vault44471023.vault.azure.net/keys/keysign44471023?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vault44471023.vault.azure.net/keys/keysign44471023/b93bf461234c49719f1f2e70bd5cd5ec","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"AKCRTQAjSsaDshtMFdW-2Ie9yVnC5Xr1Suc06PAHINd10nXkVSB-N4TO62ClCkZV3XKnqU0nHo7o95WaZpym53W_DiO62umRtFKdl4UotL2QUh0y3SZWeWuoK2u_x2aMj17rUFN0f9GZMZ0pqEQNCPRBLVJ_-TEe2nGCWSC0exxGsRqz6R1zFkB-icfzQPe4WjQELOUXQ7J9RxhAPTTHtDivYYG-BeTRHrmF04JT1_6b9T_C8bAC0i0teT-nmlBLarQtBJKATXBx1yegbPOoiTqlQrFQP4MrKWNxtnB9Tcbjcvj-Z9je0ckI_eRc4DvAhqcUh_p15Dqg4GeaoNIO_jU","e":"AQAB"},"attributes":{"enabled":true,"created":1564090492,"updated":1564090492,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: + - no-cache + content-length: + - '652' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 25 Jul 2019 21:34:52 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"value": "vgZc0NQUb6WMKX___V2JntcFRO_vszKwSAj7R2rL1zg", "alg": "RS256"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '72' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vault44471023.vault.azure.net/keys/keysign44471023/b93bf461234c49719f1f2e70bd5cd5ec/sign?api-version=7.0 + response: + body: + string: '{"kid":"https://vault44471023.vault.azure.net/keys/keysign44471023/b93bf461234c49719f1f2e70bd5cd5ec","value":"YX0IOuHlYW7IEVboW0c8M_geUfp2pKoCw7ujVZfXZOy0890603_QcjCSzuw_qUWehJ8IYVlfaXeF3Ebu36oB6cD8oG8OfI6rLM9BKQUR2KE5VoCBKAGit7FxhAnLRFGP69dF6gyO_wv_-zCJnXLIOg1Pu0K80WVSYkj6Wzczj35OQHEptDqRmxdwQoDYoEk5iYcb3JOeWC1frcGVEf9qs0yzwx1AbgkAOPElweovZZlleS6MALP0HTt7L5zJg7kjnCsuksVsEfM2R0_Mzt8nT24LczCNyZac50hHVkCepaZDRs26KodYnSs3doFlYOUJpCu8sxil7VBTEtFY38dENg"}' + headers: + cache-control: + - no-cache + content-length: + - '454' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 25 Jul 2019 21:34:52 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"digest": "vgZc0NQUb6WMKX___V2JntcFRO_vszKwSAj7R2rL1zg", "value": "YX0IOuHlYW7IEVboW0c8M_geUfp2pKoCw7ujVZfXZOy0890603_QcjCSzuw_qUWehJ8IYVlfaXeF3Ebu36oB6cD8oG8OfI6rLM9BKQUR2KE5VoCBKAGit7FxhAnLRFGP69dF6gyO_wv_-zCJnXLIOg1Pu0K80WVSYkj6Wzczj35OQHEptDqRmxdwQoDYoEk5iYcb3JOeWC1frcGVEf9qs0yzwx1AbgkAOPElweovZZlleS6MALP0HTt7L5zJg7kjnCsuksVsEfM2R0_Mzt8nT24LczCNyZac50hHVkCepaZDRs26KodYnSs3doFlYOUJpCu8sxil7VBTEtFY38dENg", + "alg": "RS256"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '428' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vault44471023.vault.azure.net/keys/keysign44471023/b93bf461234c49719f1f2e70bd5cd5ec/verify?api-version=7.0 + response: + body: + string: '{"value":true}' + headers: + cache-control: + - no-cache + content-length: + - '14' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 25 Jul 2019 21:34:52 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client.test_wrap_and_unwrap.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client.test_wrap_and_unwrap.yaml new file mode 100644 index 000000000000..517f2f73088a --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client.test_wrap_and_unwrap.yaml @@ -0,0 +1,211 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vault450e1034.vault.azure.net/keys/keywrap450e1034/create?api-version=7.0 + response: + body: + string: '' + headers: + cache-control: + - no-cache + content-length: + - '0' + date: + - Thu, 25 Jul 2019 21:34:52 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + www-authenticate: + - Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 401 + message: Unauthorized +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '14' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vault450e1034.vault.azure.net/keys/keywrap450e1034/create?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vault450e1034.vault.azure.net/keys/keywrap450e1034/95bd090ce5b548ad83bcad4807b1738f","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"znTj5Db3POvulzBMi670hpt7sny7mguu3xD_6-8AyHL1iTQDc-mtAnAgoZV0Oj_uE766ArKkPaZY_s0A8HU6yOKnxthMXO8iCaK415-dz03fAgdL6OgTikC_7-NdJMozatFzE3JpuuxoOEvz1eBRh6ukjMeHLyrJNZGkRlN-0uEGrQoR8bajiZTBUTxxBDILi8YFrG3hd45vD2HSYvLhDzgyYQ9C2pLn1pvKPQa0f0Uw-4TQqN2RbSIcCwWJueGqwOCHPoB1uwz2lTx2EH9zngLgI46tudfNawxYT8foNMEhr77THYorxc5brHYx8lvV64n82brJg25VblNiLJs2BQ","e":"AQAB"},"attributes":{"enabled":true,"created":1564090493,"updated":1564090493,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: + - no-cache + content-length: + - '651' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 25 Jul 2019 21:34:52 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"alg": "RSA-OAEP", "value": "NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '299' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vault450e1034.vault.azure.net/keys/keywrap450e1034/95bd090ce5b548ad83bcad4807b1738f/wrapkey?api-version=7.0 + response: + body: + string: '{"kid":"https://vault450e1034.vault.azure.net/keys/keywrap450e1034/95bd090ce5b548ad83bcad4807b1738f","value":"QAnvXMceHRynZs-tLnqZI9g2SKq60p6H5IlQGLJGbtcVUzkpLaOGlSXnmCAzpncxbFNfbHc8Dw_-ZPfotU5aPxSBxLu1sEqbC2JJ74BHrAtvXZRb4M4FAwuJex82bvgykExjTKgb96wjKFPPi7_OeJO-CXMLFngZ2klwp1fmbORVjMNkT5GWRbKD911eZwxTEyGY3KWjiqdBB-sMylalZlpP9pAHnZMk5sp3cuGK4cQVvqKkdIeDgzKhEZE5vwIvSAc2eE5iXGIaxjOYD0JivpVUQpYmtksPgGhB-ph9fymUKa6eCRybo5mGzYF_eS0XwpWfM9VTbLI96rmcsAO2dQ"}' + headers: + cache-control: + - no-cache + content-length: + - '454' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 25 Jul 2019 21:34:52 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"alg": "RSA-OAEP", "value": "QAnvXMceHRynZs-tLnqZI9g2SKq60p6H5IlQGLJGbtcVUzkpLaOGlSXnmCAzpncxbFNfbHc8Dw_-ZPfotU5aPxSBxLu1sEqbC2JJ74BHrAtvXZRb4M4FAwuJex82bvgykExjTKgb96wjKFPPi7_OeJO-CXMLFngZ2klwp1fmbORVjMNkT5GWRbKD911eZwxTEyGY3KWjiqdBB-sMylalZlpP9pAHnZMk5sp3cuGK4cQVvqKkdIeDgzKhEZE5vwIvSAc2eE5iXGIaxjOYD0JivpVUQpYmtksPgGhB-ph9fymUKa6eCRybo5mGzYF_eS0XwpWfM9VTbLI96rmcsAO2dQ"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '374' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vault450e1034.vault.azure.net/keys/keywrap450e1034/95bd090ce5b548ad83bcad4807b1738f/unwrapkey?api-version=7.0 + response: + body: + string: '{"kid":"https://vault450e1034.vault.azure.net/keys/keywrap450e1034/95bd090ce5b548ad83bcad4807b1738f","value":"NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' + headers: + cache-control: + - no-cache + content-length: + - '379' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 25 Jul 2019 21:34:52 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.872 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client_async.test_encrypt_and_decrypt.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client_async.test_encrypt_and_decrypt.yaml new file mode 100644 index 000000000000..5860a59d40c5 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client_async.test_encrypt_and_decrypt.yaml @@ -0,0 +1,178 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: PUT + uri: https://vaultfe22145a.vault.azure.net/keys/keycryptfe22145a?api-version=7.0 + response: + body: + string: '' + headers: + cache-control: no-cache + content-length: '0' + date: Wed, 31 Jul 2019 20:27:00 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + www-authenticate: Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 401 + message: Unauthorized + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultfe22145a.vault.azure.net + - /keys/keycryptfe22145a + - api-version=7.0 + - '' +- request: + body: '{"key": {"d": "Ynx9JGaBSP4iUsf6ZJ6opantRNdcdmzaQrKbZg6ZQE8Ohi1FYabJWvaoPSE-CiJEsDzShXZHMhUHN4X7Bn8BXaGQhK3p9HXgiwQKmix7oAJTu4ElUIyd8UC3UWHSZr40el4PaQD-HYu_eMzCXus34MnRiNbh_BUWm6T-Eidhk9d3kNIyaSi9YNDQHW6tjWrEhhq63O7JU1j9ZonFChZxpKk20jdkQKQURVAdpOdL-5j4I70ZxFuU6wHZj8DS8oRQfwGOvZKbgYDb5jgf3UNL_7eACqq92XPVX56vm7iKbqeyjCqAIx5y3hrSRIJtZlWCwjYnYQGd4unxDLi8wmJWSQ", + "n": "AKCRTQAjSsaDshtMFdW-2Ie9yVnC5Xr1Suc06PAHINd10nXkVSB-N4TO62ClCkZV3XKnqU0nHo7o95WaZpym53W_DiO62umRtFKdl4UotL2QUh0y3SZWeWuoK2u_x2aMj17rUFN0f9GZMZ0pqEQNCPRBLVJ_-TEe2nGCWSC0exxGsRqz6R1zFkB-icfzQPe4WjQELOUXQ7J9RxhAPTTHtDivYYG-BeTRHrmF04JT1_6b9T_C8bAC0i0teT-nmlBLarQtBJKATXBx1yegbPOoiTqlQrFQP4MrKWNxtnB9Tcbjcvj-Z9je0ckI_eRc4DvAhqcUh_p15Dqg4GeaoNIO_jU", + "qi": "AJ_nrkLpK8BPzVeARkvSHQyKwMWZ-a8CD95qsKfn0dOZAvXY-2xhQYTEwbED-0bpTNEKbIpA-ZkaHygmnzJkNbbFAnb9pkkzU8ZQqDP3JNgMfVIroWx58Oth9nJza2j7i-MkPRCUPEq3Ao0J52z7WJIiLji8TTVYW_NaiM1oxzsH", + "key_ops": ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"], + "dq": "AKC9TAo9n2RDaggjdLXK8kiLrBVoaWFTpqXkzYXRhtsx4vWPAkxhfSnze05rVMl6HiXv7FnE0f0wYawzUJzoyuXBH0zS6D9BqCZPeF543AmWB27iPf38Q9Z8Rjr6oBgMSnGDV_mm8nDVQkeaDyE4cOZh-5UKvKShTKKQVwunmDNH", + "kty": "RSA", "p": "ANHerI1o3dLB_VLVmZZVss8VZSYN5SaeQ_0qhfOSgOFwj__waCFmy2EG7l6l6f_Z-Y0L7Mn_LNov68lyWSFa2EuQUeVj4UoFHc5Di8ZUGiSsTwFM-XMtNuv8HmGgDYLL5BIJD3eTz71LdgW-Ez38OZH34b7VeG8zfeUDb8Hi30zz", + "q": "AMPcZrZBqbc82DO8Q5zTT8ZXRGWrW36KktMllaIk1W2RHnRiQiW0jBWmcCgqUcQNHa1LwumjyNqwx28QBS37BTvG7ULGUoio6LrOeoiBGEMj-U19sX6m37plEhj5Mak7j3OPPY_T9rohjTW5aGGg9YSwq4jdz0RrmBX00ofYOjI3", + "e": "AQAB", "dp": "AMmhWb5yZcu6vJr8xJZ-t0_likxJRUMZAtEULaWZt2DgODj4y9JrZDJP6mvckzhQP0WXk2NuWbU2HR5pUeCN2wieG1B76VKoH76vfnaJDqT1NuJVBcP2SLHog3ffwZtMME5zjfygchG3kihqOSpwTQ9ETAqAJTkRC38fEhwAz_Cp"}}' + headers: + Accept: + - application/json + Content-Length: + - '1724' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: PUT + uri: https://vaultfe22145a.vault.azure.net/keys/keycryptfe22145a?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vaultfe22145a.vault.azure.net/keys/keycryptfe22145a/eb8296e4069842718fe9b0b42cca36fe","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"AKCRTQAjSsaDshtMFdW-2Ie9yVnC5Xr1Suc06PAHINd10nXkVSB-N4TO62ClCkZV3XKnqU0nHo7o95WaZpym53W_DiO62umRtFKdl4UotL2QUh0y3SZWeWuoK2u_x2aMj17rUFN0f9GZMZ0pqEQNCPRBLVJ_-TEe2nGCWSC0exxGsRqz6R1zFkB-icfzQPe4WjQELOUXQ7J9RxhAPTTHtDivYYG-BeTRHrmF04JT1_6b9T_C8bAC0i0teT-nmlBLarQtBJKATXBx1yegbPOoiTqlQrFQP4MrKWNxtnB9Tcbjcvj-Z9je0ckI_eRc4DvAhqcUh_p15Dqg4GeaoNIO_jU","e":"AQAB"},"attributes":{"enabled":true,"created":1564604821,"updated":1564604821,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: no-cache + content-length: '653' + content-type: application/json; charset=utf-8 + date: Wed, 31 Jul 2019 20:27:01 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultfe22145a.vault.azure.net + - /keys/keycryptfe22145a + - api-version=7.0 + - '' +- request: + body: '{"alg": "RSA-OAEP", "value": "NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' + headers: + Accept: + - application/json + Content-Length: + - '299' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vaultfe22145a.vault.azure.net/keys/keycryptfe22145a/eb8296e4069842718fe9b0b42cca36fe/encrypt?api-version=7.0 + response: + body: + string: '{"kid":"https://vaultfe22145a.vault.azure.net/keys/keycryptfe22145a/eb8296e4069842718fe9b0b42cca36fe","value":"mfOUKgZgdPwfA6gDL6N8YkJ-JKkA2QFg5NHogOSqJfddaPF9GDolCMl6gQPEl1kUi059c-DSxz4eP36I6j0tCgEyv4OimBJ9-EcOKU3upfl5n5e-pEqqbA-KF007wJNn6S6p8-Q4kHXyj4Kieelvt_aCWbmSQdmMEvLB89uy4qUGR8_mJh4XZhxG3aKn7sKGxZv9P-zynR2KaBDTwd5ULNRVwnRyirf19ZH_F6-P6mxBvS-YxdOiD72Iu6eTIXFMpdyGbtqOCiJeq1iEnWdf0Ngb2lkKzcDyDEk3OHhbJhIUgdlJG3kEo-qh43A69lxmX635o3XQdoKlWHl7AXcXhw"}' + headers: + cache-control: no-cache + content-length: '455' + content-type: application/json; charset=utf-8 + date: Wed, 31 Jul 2019 20:27:01 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultfe22145a.vault.azure.net + - /keys/keycryptfe22145a/eb8296e4069842718fe9b0b42cca36fe/encrypt + - api-version=7.0 + - '' +- request: + body: '{"alg": "RSA-OAEP", "value": "mfOUKgZgdPwfA6gDL6N8YkJ-JKkA2QFg5NHogOSqJfddaPF9GDolCMl6gQPEl1kUi059c-DSxz4eP36I6j0tCgEyv4OimBJ9-EcOKU3upfl5n5e-pEqqbA-KF007wJNn6S6p8-Q4kHXyj4Kieelvt_aCWbmSQdmMEvLB89uy4qUGR8_mJh4XZhxG3aKn7sKGxZv9P-zynR2KaBDTwd5ULNRVwnRyirf19ZH_F6-P6mxBvS-YxdOiD72Iu6eTIXFMpdyGbtqOCiJeq1iEnWdf0Ngb2lkKzcDyDEk3OHhbJhIUgdlJG3kEo-qh43A69lxmX635o3XQdoKlWHl7AXcXhw"}' + headers: + Accept: + - application/json + Content-Length: + - '374' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vaultfe22145a.vault.azure.net/keys/keycryptfe22145a/eb8296e4069842718fe9b0b42cca36fe/decrypt?api-version=7.0 + response: + body: + string: '{"kid":"https://vaultfe22145a.vault.azure.net/keys/keycryptfe22145a/eb8296e4069842718fe9b0b42cca36fe","value":"NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' + headers: + cache-control: no-cache + content-length: '380' + content-type: application/json; charset=utf-8 + date: Wed, 31 Jul 2019 20:27:01 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultfe22145a.vault.azure.net + - /keys/keycryptfe22145a/eb8296e4069842718fe9b0b42cca36fe/decrypt + - api-version=7.0 + - '' +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client_async.test_sign_and_verify.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client_async.test_sign_and_verify.yaml new file mode 100644 index 000000000000..d28fb4edc7fa --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client_async.test_sign_and_verify.yaml @@ -0,0 +1,179 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: PUT + uri: https://vaultaed712a0.vault.azure.net/keys/keysignaed712a0?api-version=7.0 + response: + body: + string: '' + headers: + cache-control: no-cache + content-length: '0' + date: Wed, 31 Jul 2019 20:27:59 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + www-authenticate: Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 401 + message: Unauthorized + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultaed712a0.vault.azure.net + - /keys/keysignaed712a0 + - api-version=7.0 + - '' +- request: + body: '{"key": {"key_ops": ["encrypt", "decrypt", "sign", "verify", "wrapKey", + "unwrapKey"], "e": "AQAB", "n": "AKCRTQAjSsaDshtMFdW-2Ie9yVnC5Xr1Suc06PAHINd10nXkVSB-N4TO62ClCkZV3XKnqU0nHo7o95WaZpym53W_DiO62umRtFKdl4UotL2QUh0y3SZWeWuoK2u_x2aMj17rUFN0f9GZMZ0pqEQNCPRBLVJ_-TEe2nGCWSC0exxGsRqz6R1zFkB-icfzQPe4WjQELOUXQ7J9RxhAPTTHtDivYYG-BeTRHrmF04JT1_6b9T_C8bAC0i0teT-nmlBLarQtBJKATXBx1yegbPOoiTqlQrFQP4MrKWNxtnB9Tcbjcvj-Z9je0ckI_eRc4DvAhqcUh_p15Dqg4GeaoNIO_jU", + "q": "AMPcZrZBqbc82DO8Q5zTT8ZXRGWrW36KktMllaIk1W2RHnRiQiW0jBWmcCgqUcQNHa1LwumjyNqwx28QBS37BTvG7ULGUoio6LrOeoiBGEMj-U19sX6m37plEhj5Mak7j3OPPY_T9rohjTW5aGGg9YSwq4jdz0RrmBX00ofYOjI3", + "qi": "AJ_nrkLpK8BPzVeARkvSHQyKwMWZ-a8CD95qsKfn0dOZAvXY-2xhQYTEwbED-0bpTNEKbIpA-ZkaHygmnzJkNbbFAnb9pkkzU8ZQqDP3JNgMfVIroWx58Oth9nJza2j7i-MkPRCUPEq3Ao0J52z7WJIiLji8TTVYW_NaiM1oxzsH", + "kty": "RSA", "dq": "AKC9TAo9n2RDaggjdLXK8kiLrBVoaWFTpqXkzYXRhtsx4vWPAkxhfSnze05rVMl6HiXv7FnE0f0wYawzUJzoyuXBH0zS6D9BqCZPeF543AmWB27iPf38Q9Z8Rjr6oBgMSnGDV_mm8nDVQkeaDyE4cOZh-5UKvKShTKKQVwunmDNH", + "dp": "AMmhWb5yZcu6vJr8xJZ-t0_likxJRUMZAtEULaWZt2DgODj4y9JrZDJP6mvckzhQP0WXk2NuWbU2HR5pUeCN2wieG1B76VKoH76vfnaJDqT1NuJVBcP2SLHog3ffwZtMME5zjfygchG3kihqOSpwTQ9ETAqAJTkRC38fEhwAz_Cp", + "d": "Ynx9JGaBSP4iUsf6ZJ6opantRNdcdmzaQrKbZg6ZQE8Ohi1FYabJWvaoPSE-CiJEsDzShXZHMhUHN4X7Bn8BXaGQhK3p9HXgiwQKmix7oAJTu4ElUIyd8UC3UWHSZr40el4PaQD-HYu_eMzCXus34MnRiNbh_BUWm6T-Eidhk9d3kNIyaSi9YNDQHW6tjWrEhhq63O7JU1j9ZonFChZxpKk20jdkQKQURVAdpOdL-5j4I70ZxFuU6wHZj8DS8oRQfwGOvZKbgYDb5jgf3UNL_7eACqq92XPVX56vm7iKbqeyjCqAIx5y3hrSRIJtZlWCwjYnYQGd4unxDLi8wmJWSQ", + "p": "ANHerI1o3dLB_VLVmZZVss8VZSYN5SaeQ_0qhfOSgOFwj__waCFmy2EG7l6l6f_Z-Y0L7Mn_LNov68lyWSFa2EuQUeVj4UoFHc5Di8ZUGiSsTwFM-XMtNuv8HmGgDYLL5BIJD3eTz71LdgW-Ez38OZH34b7VeG8zfeUDb8Hi30zz"}}' + headers: + Accept: + - application/json + Content-Length: + - '1724' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: PUT + uri: https://vaultaed712a0.vault.azure.net/keys/keysignaed712a0?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vaultaed712a0.vault.azure.net/keys/keysignaed712a0/42f9726822d941bdaf4740843e286563","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"AKCRTQAjSsaDshtMFdW-2Ie9yVnC5Xr1Suc06PAHINd10nXkVSB-N4TO62ClCkZV3XKnqU0nHo7o95WaZpym53W_DiO62umRtFKdl4UotL2QUh0y3SZWeWuoK2u_x2aMj17rUFN0f9GZMZ0pqEQNCPRBLVJ_-TEe2nGCWSC0exxGsRqz6R1zFkB-icfzQPe4WjQELOUXQ7J9RxhAPTTHtDivYYG-BeTRHrmF04JT1_6b9T_C8bAC0i0teT-nmlBLarQtBJKATXBx1yegbPOoiTqlQrFQP4MrKWNxtnB9Tcbjcvj-Z9je0ckI_eRc4DvAhqcUh_p15Dqg4GeaoNIO_jU","e":"AQAB"},"attributes":{"enabled":true,"created":1564604880,"updated":1564604880,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: no-cache + content-length: '652' + content-type: application/json; charset=utf-8 + date: Wed, 31 Jul 2019 20:28:00 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultaed712a0.vault.azure.net + - /keys/keysignaed712a0 + - api-version=7.0 + - '' +- request: + body: '{"value": "vgZc0NQUb6WMKX___V2JntcFRO_vszKwSAj7R2rL1zg", "alg": "RS256"}' + headers: + Accept: + - application/json + Content-Length: + - '72' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vaultaed712a0.vault.azure.net/keys/keysignaed712a0/42f9726822d941bdaf4740843e286563/sign?api-version=7.0 + response: + body: + string: '{"kid":"https://vaultaed712a0.vault.azure.net/keys/keysignaed712a0/42f9726822d941bdaf4740843e286563","value":"YX0IOuHlYW7IEVboW0c8M_geUfp2pKoCw7ujVZfXZOy0890603_QcjCSzuw_qUWehJ8IYVlfaXeF3Ebu36oB6cD8oG8OfI6rLM9BKQUR2KE5VoCBKAGit7FxhAnLRFGP69dF6gyO_wv_-zCJnXLIOg1Pu0K80WVSYkj6Wzczj35OQHEptDqRmxdwQoDYoEk5iYcb3JOeWC1frcGVEf9qs0yzwx1AbgkAOPElweovZZlleS6MALP0HTt7L5zJg7kjnCsuksVsEfM2R0_Mzt8nT24LczCNyZac50hHVkCepaZDRs26KodYnSs3doFlYOUJpCu8sxil7VBTEtFY38dENg"}' + headers: + cache-control: no-cache + content-length: '454' + content-type: application/json; charset=utf-8 + date: Wed, 31 Jul 2019 20:28:00 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultaed712a0.vault.azure.net + - /keys/keysignaed712a0/42f9726822d941bdaf4740843e286563/sign + - api-version=7.0 + - '' +- request: + body: '{"digest": "vgZc0NQUb6WMKX___V2JntcFRO_vszKwSAj7R2rL1zg", "value": "YX0IOuHlYW7IEVboW0c8M_geUfp2pKoCw7ujVZfXZOy0890603_QcjCSzuw_qUWehJ8IYVlfaXeF3Ebu36oB6cD8oG8OfI6rLM9BKQUR2KE5VoCBKAGit7FxhAnLRFGP69dF6gyO_wv_-zCJnXLIOg1Pu0K80WVSYkj6Wzczj35OQHEptDqRmxdwQoDYoEk5iYcb3JOeWC1frcGVEf9qs0yzwx1AbgkAOPElweovZZlleS6MALP0HTt7L5zJg7kjnCsuksVsEfM2R0_Mzt8nT24LczCNyZac50hHVkCepaZDRs26KodYnSs3doFlYOUJpCu8sxil7VBTEtFY38dENg", + "alg": "RS256"}' + headers: + Accept: + - application/json + Content-Length: + - '428' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vaultaed712a0.vault.azure.net/keys/keysignaed712a0/42f9726822d941bdaf4740843e286563/verify?api-version=7.0 + response: + body: + string: '{"value":true}' + headers: + cache-control: no-cache + content-length: '14' + content-type: application/json; charset=utf-8 + date: Wed, 31 Jul 2019 20:28:00 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultaed712a0.vault.azure.net + - /keys/keysignaed712a0/42f9726822d941bdaf4740843e286563/verify + - api-version=7.0 + - '' +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client_async.test_wrap_and_unwrap.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client_async.test_wrap_and_unwrap.yaml new file mode 100644 index 000000000000..110ede2958cb --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_crypto_client_async.test_wrap_and_unwrap.yaml @@ -0,0 +1,173 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vaultaf9e12b1.vault.azure.net/keys/keywrapaf9e12b1/create?api-version=7.0 + response: + body: + string: '' + headers: + cache-control: no-cache + content-length: '0' + date: Wed, 31 Jul 2019 20:26:59 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + www-authenticate: Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 401 + message: Unauthorized + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultaf9e12b1.vault.azure.net + - /keys/keywrapaf9e12b1/create + - api-version=7.0 + - '' +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Content-Length: + - '14' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vaultaf9e12b1.vault.azure.net/keys/keywrapaf9e12b1/create?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vaultaf9e12b1.vault.azure.net/keys/keywrapaf9e12b1/c16b525ccd3348798ebd34d52308cfb8","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"s1DwdoP3FyqfYOboUXJvighsBvhdmhI3CYClwO0LDfOimNgKPVwhThIlH7kFxuJLNn-j4w4k7-nu4UOZKqHcN3CE5dMlmQr1-QNgldLJEuDMMecD0KAJL5A8tQp5c5onuVMt4eqEyX2crXPrO-r4Zi7acTPJzQVaGKh0c50LIMYrXbXQ5B4irgpaRzvSfBONY0yPvXYbOvrbh77kKlrnyQCclSouyvrUbkve20g1VGV6DHXlx0cNmSdK9yZCdKHFXCa-_R8aV40k6vqbTOJ-K81AzhLvBYsY2kIvC8Z7GxD4ZYlprNCUyCh5Tf45lSyj3UROUIHFNU4uQ53WroIMfQ","e":"AQAB"},"attributes":{"enabled":true,"created":1564604821,"updated":1564604821,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: no-cache + content-length: '651' + content-type: application/json; charset=utf-8 + date: Wed, 31 Jul 2019 20:27:00 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultaf9e12b1.vault.azure.net + - /keys/keywrapaf9e12b1/create + - api-version=7.0 + - '' +- request: + body: '{"value": "NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ", + "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Content-Length: + - '299' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vaultaf9e12b1.vault.azure.net/keys/keywrapaf9e12b1/c16b525ccd3348798ebd34d52308cfb8/wrapkey?api-version=7.0 + response: + body: + string: '{"kid":"https://vaultaf9e12b1.vault.azure.net/keys/keywrapaf9e12b1/c16b525ccd3348798ebd34d52308cfb8","value":"H4OYHnOc0TLI7twTyENI9cJlCXit-HBDzxRSXdYxKkCrtobO3p0wN55EoyN0QFZ7n-eM2Nchm_o8NrsgVqKysUzM9_P6y8gME155-HJv71ccVr9uIgLsXhQYmSGeYJkjri-eBn63Q29zDnYviVJnUjb9CfUDILqNdmK_KdTeDBHZAFd4SRv24hE0h35SnHxHUG0HVY5SGAKNOao94B24Rn9q79rugyX2FdhCWU2INTSiYHtueh_qA7QY0b6Ko-viIzdMvHgDIsuUdY-qwn3VJZpwTzEuAj3lvv69HAIYFTXzpkt5To_pTyniZVCiTaufbC-NM1DfDAJHH820LGfVbw"}' + headers: + cache-control: no-cache + content-length: '454' + content-type: application/json; charset=utf-8 + date: Wed, 31 Jul 2019 20:27:00 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultaf9e12b1.vault.azure.net + - /keys/keywrapaf9e12b1/c16b525ccd3348798ebd34d52308cfb8/wrapkey + - api-version=7.0 + - '' +- request: + body: '{"value": "H4OYHnOc0TLI7twTyENI9cJlCXit-HBDzxRSXdYxKkCrtobO3p0wN55EoyN0QFZ7n-eM2Nchm_o8NrsgVqKysUzM9_P6y8gME155-HJv71ccVr9uIgLsXhQYmSGeYJkjri-eBn63Q29zDnYviVJnUjb9CfUDILqNdmK_KdTeDBHZAFd4SRv24hE0h35SnHxHUG0HVY5SGAKNOao94B24Rn9q79rugyX2FdhCWU2INTSiYHtueh_qA7QY0b6Ko-viIzdMvHgDIsuUdY-qwn3VJZpwTzEuAj3lvv69HAIYFTXzpkt5To_pTyniZVCiTaufbC-NM1DfDAJHH820LGfVbw", + "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Content-Length: + - '374' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - python/3.5.4 (Windows-10-10.0.18362-SP0) azure-core/1.0.0b2 azsdk-python-azure-keyvault/7.0 + method: POST + uri: https://vaultaf9e12b1.vault.azure.net/keys/keywrapaf9e12b1/c16b525ccd3348798ebd34d52308cfb8/unwrapkey?api-version=7.0 + response: + body: + string: '{"kid":"https://vaultaf9e12b1.vault.azure.net/keys/keywrapaf9e12b1/c16b525ccd3348798ebd34d52308cfb8","value":"NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' + headers: + cache-control: no-cache + content-length: '379' + content-type: application/json; charset=utf-8 + date: Wed, 31 Jul 2019 20:27:00 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.160.58;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.872 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultaf9e12b1.vault.azure.net + - /keys/keywrapaf9e12b1/c16b525ccd3348798ebd34d52308cfb8/unwrapkey + - api-version=7.0 + - '' +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto.test_encrypt_decrypt.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto.test_encrypt_decrypt.yaml new file mode 100644 index 000000000000..5005033c7c07 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto.test_encrypt_decrypt.yaml @@ -0,0 +1,214 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault67c4112b.vault.azure.net/keys/crypto-test-encrypt-key67c4112b/create?api-version=7.0 + response: + body: + string: '{"error":{"code":"Unauthorized","message":"Request is missing a Bearer + or PoP token."}}' + headers: + cache-control: + - no-cache + content-length: + - '87' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 18:51:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + www-authenticate: + - Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 401 + message: Unauthorized +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '14' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault67c4112b.vault.azure.net/keys/crypto-test-encrypt-key67c4112b/create?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vault67c4112b.vault.azure.net/keys/crypto-test-encrypt-key67c4112b/09ff9d216ba94476b6867d53780b5bac","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"tDJYqn1mN2Bh1ZmWUAAk-6GiYOf4lNFVeLN82kUslv_Py8w2vW9-ihj-cgrwQwAhRJHkV54PviD8dDdc0YQ26UaIS2W2ss-ozi_xNywslFGSboutlXQ9RZ-rkNZ2zyzTwDcML3Q2l_cG9poPNOajV6VAypZSaKBGAXDh4k01g5PrSmCmqyfV7fMH_BP2vfUWnGarIrwrX70aXf5YcaqcVAFpCffiCSLQSEn77QlhDCNVsrwlm1XnZ225AUhH_caMz2HJscDxLXmowu1qGXb7KR9FZ1NAUNfULgYVW8KtRQdXAC2rH56v-Wn-DVnGl0TQ-UqRLNRfcGtNCwGUdT53lw","e":"AQAB"},"attributes":{"enabled":true,"created":1565117466,"updated":1565117466,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: + - no-cache + content-length: + - '667' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 18:51:05 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"alg": "RSA-OAEP", "value": "cGxhaW50ZXh0"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '44' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault67c4112b.vault.azure.net/keys/crypto-test-encrypt-key67c4112b/09ff9d216ba94476b6867d53780b5bac/encrypt?api-version=7.0 + response: + body: + string: '{"kid":"https://vault67c4112b.vault.azure.net/keys/crypto-test-encrypt-key67c4112b/09ff9d216ba94476b6867d53780b5bac","value":"oEPT5pJb1jpSvd6LXyt_LJeQkqucjoMTWrBnGRUEQcyZP2ZIyX-hY5-Kpgwjp8BtaF7a9_SauyawdFdKLUqOML6gEM-FfeEBsba278W1rUEbQUCGPrmaHGzXgzYkL50ffevCXFYgfKG1CGQ3VqYc_BWSZDua32T99avxaZptCnzy6eYEuwD2uYfObVRIHcV8wbqsMbkERmlxkWuB_Ptj9diNE-rRS9zWjBjrBwW3oGbwdjsDjXJAKkZTZJ7Jf29QIfR2wYDXdPuVyroLNMxqndohhXJ8BWbsWDu1drWO0BPXDzq-PiU70iXckMVejDgMlPnS82k1mbEL-67j31_O_w"}' + headers: + cache-control: + - no-cache + content-length: + - '470' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 18:51:05 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"alg": "RSA-OAEP", "value": "oEPT5pJb1jpSvd6LXyt_LJeQkqucjoMTWrBnGRUEQcyZP2ZIyX-hY5-Kpgwjp8BtaF7a9_SauyawdFdKLUqOML6gEM-FfeEBsba278W1rUEbQUCGPrmaHGzXgzYkL50ffevCXFYgfKG1CGQ3VqYc_BWSZDua32T99avxaZptCnzy6eYEuwD2uYfObVRIHcV8wbqsMbkERmlxkWuB_Ptj9diNE-rRS9zWjBjrBwW3oGbwdjsDjXJAKkZTZJ7Jf29QIfR2wYDXdPuVyroLNMxqndohhXJ8BWbsWDu1drWO0BPXDzq-PiU70iXckMVejDgMlPnS82k1mbEL-67j31_O_w"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '374' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault67c4112b.vault.azure.net/keys/crypto-test-encrypt-key67c4112b/09ff9d216ba94476b6867d53780b5bac/decrypt?api-version=7.0 + response: + body: + string: '{"kid":"https://vault67c4112b.vault.azure.net/keys/crypto-test-encrypt-key67c4112b/09ff9d216ba94476b6867d53780b5bac","value":"cGxhaW50ZXh0"}' + headers: + cache-control: + - no-cache + content-length: + - '140' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 18:51:05 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto.test_sign_verify.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto.test_sign_verify.yaml new file mode 100644 index 000000000000..a983de4952fd --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto.test_sign_verify.yaml @@ -0,0 +1,215 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault25cf0f71.vault.azure.net/keys/crypto-test-wrapping-key25cf0f71/create?api-version=7.0 + response: + body: + string: '{"error":{"code":"Unauthorized","message":"Request is missing a Bearer + or PoP token."}}' + headers: + cache-control: + - no-cache + content-length: + - '87' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 20:41:31 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + www-authenticate: + - Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 401 + message: Unauthorized +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '14' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault25cf0f71.vault.azure.net/keys/crypto-test-wrapping-key25cf0f71/create?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vault25cf0f71.vault.azure.net/keys/crypto-test-wrapping-key25cf0f71/126edc8a93b940849c3aefbd8e419f2e","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"yUNrZ-sxfyE3qQUIBW3EVbXV2dh6KRYbuivk-o0Q3hNfNLooOy9e3Qr6WQ-bNai8wm6WB3s68Qr3UvqycEphHrgfouhNQySz0CuxLYuqEeGHsbQiwnGqoofZxUXHFt2FupqlKBKk-0nc0aiq5lBxGupQ7JjB9pgk7jx4fGykm9oS5CFm9bUkeWQ6oQPiWidEDGzrOs98y7fu2J0-WzSMs5ZuAsbUBmEQkqiLfrXJj3wSfp9lm_qOfo5sFAGcWKcm8n1WIN2adhJyuy4owEomDAdIJrz1CkYHp4NohvhQMwlwMPp9qG-vaUhbNOxLOcwVRnRiXB3CHDap4NwEhs2U1Q","e":"AQAB"},"attributes":{"enabled":true,"created":1565124092,"updated":1565124092,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: + - no-cache + content-length: + - '668' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 20:41:32 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"value": "ltYuKr0-Qt5fUDMPuO_ExVmYNSeAd7IemqCzPB3wehw", "alg": "RS256"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '72' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault25cf0f71.vault.azure.net/keys/crypto-test-wrapping-key25cf0f71/126edc8a93b940849c3aefbd8e419f2e/sign?api-version=7.0 + response: + body: + string: '{"kid":"https://vault25cf0f71.vault.azure.net/keys/crypto-test-wrapping-key25cf0f71/126edc8a93b940849c3aefbd8e419f2e","value":"NYZH3aGVRFmQX2n5rScTZK2zCBNZ5QL0THqxSlXtDgcC2Vex4zCt8BLN9tbzAO6T9wdPvzB7vfcBgmtCGGrjIiUe0k9IxF1xE-uU4VEpl8PFSVdevLyYwePV3BNL9NcMLi48-EjwtEQEj9-WX4P1Umozmg4L4cDayYqweCEB_pDlrMMV1k8IzcXmeSS_MOwSfNObqxZ4CVBh18dGM_5FVxLqp2wSNmgWWrp-lM4ZWl_fTENgX4_idBw85OZufSbFwZumH4c0U1wI9yjwbP4x3Erneo2ispjwt0kTWw3JA8kPGWIHENioDn9jq5saLsy9qad5hSmf-5dklqGUgYCQ2A"}' + headers: + cache-control: + - no-cache + content-length: + - '471' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 20:41:32 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"value": "NYZH3aGVRFmQX2n5rScTZK2zCBNZ5QL0THqxSlXtDgcC2Vex4zCt8BLN9tbzAO6T9wdPvzB7vfcBgmtCGGrjIiUe0k9IxF1xE-uU4VEpl8PFSVdevLyYwePV3BNL9NcMLi48-EjwtEQEj9-WX4P1Umozmg4L4cDayYqweCEB_pDlrMMV1k8IzcXmeSS_MOwSfNObqxZ4CVBh18dGM_5FVxLqp2wSNmgWWrp-lM4ZWl_fTENgX4_idBw85OZufSbFwZumH4c0U1wI9yjwbP4x3Erneo2ispjwt0kTWw3JA8kPGWIHENioDn9jq5saLsy9qad5hSmf-5dklqGUgYCQ2A", + "digest": "ltYuKr0-Qt5fUDMPuO_ExVmYNSeAd7IemqCzPB3wehw", "alg": "RS256"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '428' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault25cf0f71.vault.azure.net/keys/crypto-test-wrapping-key25cf0f71/126edc8a93b940849c3aefbd8e419f2e/verify?api-version=7.0 + response: + body: + string: '{"value":true}' + headers: + cache-control: + - no-cache + content-length: + - '14' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 20:41:32 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto.test_wrap_unwrap.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto.test_wrap_unwrap.yaml new file mode 100644 index 000000000000..9bbb389b2054 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto.test_wrap_unwrap.yaml @@ -0,0 +1,216 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault26720f82.vault.azure.net/keys/crypto-test-wrapping-key26720f82/create?api-version=7.0 + response: + body: + string: '{"error":{"code":"Unauthorized","message":"Request is missing a Bearer + or PoP token."}}' + headers: + cache-control: + - no-cache + content-length: + - '87' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 18:51:02 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + www-authenticate: + - Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 401 + message: Unauthorized +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '14' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault26720f82.vault.azure.net/keys/crypto-test-wrapping-key26720f82/create?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vault26720f82.vault.azure.net/keys/crypto-test-wrapping-key26720f82/7d2eee90ef73400c8b0f1b931cadd286","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"xjOcDkmGd5H7YRDPvLaETsBFY_pc0AXqi8SPIVYfXNy4s3eWAIYfgrBpYQgtmXwktBX6pDda9ViWJZCpYjSr5fDaLZ_4hZcfy3sC_b7Bi_spuwW6P2MlTj55HAa-kcD8RawzZ1t8WCQwYU58NjXJqndiIflJxDSuQQRrJnGJ5_haox5N23-H9CUREcTf-Bg05d0A3G1XX1xcQrlOog3r4W8weiklWLk1fz0yiXuEfJwpjuy-CCbs6GmMUL6BQY7CeSXsNWLLeFiFiiRetY7Gy067FxzJ2pUUa1NEkly8Vi9zLcdtKdvI_8PcelBt2F4THEAbLkg6hGlPxYq9TIWU5Q","e":"AQAB"},"attributes":{"enabled":true,"created":1565117464,"updated":1565117464,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: + - no-cache + content-length: + - '668' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 18:51:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"value": "NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ", + "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '299' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault26720f82.vault.azure.net/keys/crypto-test-wrapping-key26720f82/7d2eee90ef73400c8b0f1b931cadd286/wrapkey?api-version=7.0 + response: + body: + string: '{"kid":"https://vault26720f82.vault.azure.net/keys/crypto-test-wrapping-key26720f82/7d2eee90ef73400c8b0f1b931cadd286","value":"A2kl2_SLNw55AvA3VF3MDYCfn8X_wWPuDyFVBGbBNOT6LynS6SevnUDp_UNvQ0UW5jfQ2FvF-RylAGxRJeg_pscv3qS4P18tikQESST9zhv_2TDopa646LM0TqJcOZ365o9UnD5yAz5SYnLJ4U69dpOm7i2o2l8lGAzN1XBCk5uetiNjRNZzfedk4FkY8nWavqMMuaybO-XF300RgkRZ5TtFDHyqb4CX3nJy18B31F3W-kfLQ82TLSpYYnWPAjszAbRUswtoIlUy_AZ7T39YNo4IvwI-EF3Hwl0qjpzNcxlvKkBI0DfH9np654cNEFvVsF2rDcCRtzrxtCB3P9_1ag"}' + headers: + cache-control: + - no-cache + content-length: + - '471' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 18:51:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"value": "A2kl2_SLNw55AvA3VF3MDYCfn8X_wWPuDyFVBGbBNOT6LynS6SevnUDp_UNvQ0UW5jfQ2FvF-RylAGxRJeg_pscv3qS4P18tikQESST9zhv_2TDopa646LM0TqJcOZ365o9UnD5yAz5SYnLJ4U69dpOm7i2o2l8lGAzN1XBCk5uetiNjRNZzfedk4FkY8nWavqMMuaybO-XF300RgkRZ5TtFDHyqb4CX3nJy18B31F3W-kfLQ82TLSpYYnWPAjszAbRUswtoIlUy_AZ7T39YNo4IvwI-EF3Hwl0qjpzNcxlvKkBI0DfH9np654cNEFvVsF2rDcCRtzrxtCB3P9_1ag", + "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '374' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault26720f82.vault.azure.net/keys/crypto-test-wrapping-key26720f82/7d2eee90ef73400c8b0f1b931cadd286/unwrapkey?api-version=7.0 + response: + body: + string: '{"kid":"https://vault26720f82.vault.azure.net/keys/crypto-test-wrapping-key26720f82/7d2eee90ef73400c8b0f1b931cadd286","value":"NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' + headers: + cache-control: + - no-cache + content-length: + - '396' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Aug 2019 18:51:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000;includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-network-info: + - addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: + - westus + x-ms-keyvault-service-version: + - 1.1.0.875 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto_async.test_encrypt_decrypt_async.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto_async.test_encrypt_decrypt_async.yaml new file mode 100644 index 000000000000..d96d110c7a3a --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto_async.test_encrypt_decrypt_async.yaml @@ -0,0 +1,174 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault56281625.vault.azure.net/keys/crypto-test-encrypt-key56281625/create?api-version=7.0 + response: + body: + string: '{"error":{"code":"Unauthorized","message":"Request is missing a Bearer + or PoP token."}}' + headers: + cache-control: no-cache + content-length: '87' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:23 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + www-authenticate: Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 401 + message: Unauthorized + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vault56281625.vault.azure.net + - /keys/crypto-test-encrypt-key56281625/create + - api-version=7.0 + - '' +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Content-Length: + - '14' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault56281625.vault.azure.net/keys/crypto-test-encrypt-key56281625/create?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vault56281625.vault.azure.net/keys/crypto-test-encrypt-key56281625/a98723620a7c4127ac5bcbe7a1eccb8a","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"sogA005siH9ZQYLXiVX4hWLZex8uI0cYFSEoVy8iI8wBVi-KOKfe_B3Gq1lxZ95iWc2Pr8QWI3ERVwh9gve4EUgU0wgugXjxpCHd6KcD3rhvWapiaJnWH7oXSaKddWnf-E9igfB9uIjpNPV2G4xP0shcE9WGs-FexWcaHkgwtiIr1BF7ZinDV3dJfT-pgJVGx2waozG7uUPVCzZ9v-PdHqrzI9LEyiUpvOGRHkon-5vEyNbTgZRa18eXZCoDfmYog9AVttF3JUX_IGnCgBmoYJUVQsdtYnGu0WAS1wZyNBqUkVDQTVZNOInu6z2f1MitWIQCYFJfO7itbCP2zSo0TQ","e":"AQAB"},"attributes":{"enabled":true,"created":1565124144,"updated":1565124144,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: no-cache + content-length: '667' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:24 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vault56281625.vault.azure.net + - /keys/crypto-test-encrypt-key56281625/create + - api-version=7.0 + - '' +- request: + body: '{"value": "cGxhaW50ZXh0", "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Content-Length: + - '44' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault56281625.vault.azure.net/keys/crypto-test-encrypt-key56281625/a98723620a7c4127ac5bcbe7a1eccb8a/encrypt?api-version=7.0 + response: + body: + string: '{"kid":"https://vault56281625.vault.azure.net/keys/crypto-test-encrypt-key56281625/a98723620a7c4127ac5bcbe7a1eccb8a","value":"nD9896Hk90OUqgLy4rUvl3jT_0n2wsjmlJnNfPlo6SRjrWP-GLyYWHPqtnnX5jIUpX_-LJi4PXEtheT3XEnmrGp8XF7xrFp2RQGxMuizE1dzH8RgA_anBMxjdwxANUFFfTOFJPsymLtpyp5v1LvwUbyI_EsYP6LUIEasglbt8Z_jfj68oc85q2yML17zlzwNxC2Ex-whXA1UexK3E5fApPp_L8RxQQ4PSU0iHdm-aWMIQWLnuDJVbIKeQGn1Rm38tP4xbEAMBKEcmV0tRLjS1T2m59-m9A846KMqNN0-9IZOxivZ_DHZ6lUaDzzR2K7tTr2C0R_fXdP-xUOthauJtw"}' + headers: + cache-control: no-cache + content-length: '470' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:24 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vault56281625.vault.azure.net + - /keys/crypto-test-encrypt-key56281625/a98723620a7c4127ac5bcbe7a1eccb8a/encrypt + - api-version=7.0 + - '' +- request: + body: '{"value": "nD9896Hk90OUqgLy4rUvl3jT_0n2wsjmlJnNfPlo6SRjrWP-GLyYWHPqtnnX5jIUpX_-LJi4PXEtheT3XEnmrGp8XF7xrFp2RQGxMuizE1dzH8RgA_anBMxjdwxANUFFfTOFJPsymLtpyp5v1LvwUbyI_EsYP6LUIEasglbt8Z_jfj68oc85q2yML17zlzwNxC2Ex-whXA1UexK3E5fApPp_L8RxQQ4PSU0iHdm-aWMIQWLnuDJVbIKeQGn1Rm38tP4xbEAMBKEcmV0tRLjS1T2m59-m9A846KMqNN0-9IZOxivZ_DHZ6lUaDzzR2K7tTr2C0R_fXdP-xUOthauJtw", + "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Content-Length: + - '374' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vault56281625.vault.azure.net/keys/crypto-test-encrypt-key56281625/a98723620a7c4127ac5bcbe7a1eccb8a/decrypt?api-version=7.0 + response: + body: + string: '{"kid":"https://vault56281625.vault.azure.net/keys/crypto-test-encrypt-key56281625/a98723620a7c4127ac5bcbe7a1eccb8a","value":"cGxhaW50ZXh0"}' + headers: + cache-control: no-cache + content-length: '140' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:24 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vault56281625.vault.azure.net + - /keys/crypto-test-encrypt-key56281625/a98723620a7c4127ac5bcbe7a1eccb8a/decrypt + - api-version=7.0 + - '' +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto_async.test_sign_verify_async.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto_async.test_sign_verify_async.yaml new file mode 100644 index 000000000000..230b23fde3ac --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto_async.test_sign_verify_async.yaml @@ -0,0 +1,174 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vaultffd4146b.vault.azure.net/keys/crypto-test-wrapping-keyffd4146b/create?api-version=7.0 + response: + body: + string: '{"error":{"code":"Unauthorized","message":"Request is missing a Bearer + or PoP token."}}' + headers: + cache-control: no-cache + content-length: '87' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:23 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + www-authenticate: Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 401 + message: Unauthorized + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultffd4146b.vault.azure.net + - /keys/crypto-test-wrapping-keyffd4146b/create + - api-version=7.0 + - '' +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Content-Length: + - '14' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vaultffd4146b.vault.azure.net/keys/crypto-test-wrapping-keyffd4146b/create?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vaultffd4146b.vault.azure.net/keys/crypto-test-wrapping-keyffd4146b/37d3064aa0b247daa9654743d3a10f41","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"y4UjgfY4mhmJ_2Ae3hecvgt7XhfQtlpVqby_HZTTAFKHJIBM4YWa3w7TJInY3M6vUyXb0VJuKCk9yPhvoy0zyjDyXJAFhryyZJrEsJ_VLWrwj6xE8skk4KlI38BefvLq_PvCiA7e98EUbWIZMvqCpd-LJJEm5QKjo_7U0QqZwqibpbRsW8XWtzkjYv1EOOALhwOQFbpaEnYxGRbBKkbpRAlAejllM2Vr-NX-S6__clEiAsZR97XV2aEVlIvx_4DIoc_KmH9C6QkAJzi9VLqkunQ2Zs39JzsVUB2lu-4re7QHi1NtnEzZqh-0ONCd7yFDHidnkl7CUiUEQTD7OX2wHw","e":"AQAB"},"attributes":{"enabled":true,"created":1565124144,"updated":1565124144,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: no-cache + content-length: '668' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:24 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultffd4146b.vault.azure.net + - /keys/crypto-test-wrapping-keyffd4146b/create + - api-version=7.0 + - '' +- request: + body: '{"value": "ltYuKr0-Qt5fUDMPuO_ExVmYNSeAd7IemqCzPB3wehw", "alg": "RS256"}' + headers: + Accept: + - application/json + Content-Length: + - '72' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vaultffd4146b.vault.azure.net/keys/crypto-test-wrapping-keyffd4146b/37d3064aa0b247daa9654743d3a10f41/sign?api-version=7.0 + response: + body: + string: '{"kid":"https://vaultffd4146b.vault.azure.net/keys/crypto-test-wrapping-keyffd4146b/37d3064aa0b247daa9654743d3a10f41","value":"SXpruv-ld0knl0ij5qGFghTlY5vP4x2IMK7pdA2gjSRKTYvizcmtjA38AgxcvE5aIVEnaTKW5a1qiJJzYJOvxUPde8hb_1CxDHcPATOsoc0aCSOfoznJE016_rTGFCoimXL3t76GfzA6mdFmwXK2tRdgKvoZ7c59a1OoZyDydyp0ZqvRHIXWNYZCNP-B0UaYx1aDFAiNJ9noU9GphPL4_64s97z702PlxQc3V0iWlQapObcYGrT879j36ezaCNoVxyTA5p664A69WGwVLKu7V0GLT4WaPOtH7YmVyZL6WktII23Z3vMoa08oQNSQFbG0-GCQIDsr72nQz55u2fGllA"}' + headers: + cache-control: no-cache + content-length: '471' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:24 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultffd4146b.vault.azure.net + - /keys/crypto-test-wrapping-keyffd4146b/37d3064aa0b247daa9654743d3a10f41/sign + - api-version=7.0 + - '' +- request: + body: '{"digest": "ltYuKr0-Qt5fUDMPuO_ExVmYNSeAd7IemqCzPB3wehw", "value": "SXpruv-ld0knl0ij5qGFghTlY5vP4x2IMK7pdA2gjSRKTYvizcmtjA38AgxcvE5aIVEnaTKW5a1qiJJzYJOvxUPde8hb_1CxDHcPATOsoc0aCSOfoznJE016_rTGFCoimXL3t76GfzA6mdFmwXK2tRdgKvoZ7c59a1OoZyDydyp0ZqvRHIXWNYZCNP-B0UaYx1aDFAiNJ9noU9GphPL4_64s97z702PlxQc3V0iWlQapObcYGrT879j36ezaCNoVxyTA5p664A69WGwVLKu7V0GLT4WaPOtH7YmVyZL6WktII23Z3vMoa08oQNSQFbG0-GCQIDsr72nQz55u2fGllA", + "alg": "RS256"}' + headers: + Accept: + - application/json + Content-Length: + - '428' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vaultffd4146b.vault.azure.net/keys/crypto-test-wrapping-keyffd4146b/37d3064aa0b247daa9654743d3a10f41/verify?api-version=7.0 + response: + body: + string: '{"value":true}' + headers: + cache-control: no-cache + content-length: '14' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:24 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultffd4146b.vault.azure.net + - /keys/crypto-test-wrapping-keyffd4146b/37d3064aa0b247daa9654743d3a10f41/verify + - api-version=7.0 + - '' +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto_async.test_wrap_unwrap_async.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto_async.test_wrap_unwrap_async.yaml new file mode 100644 index 000000000000..c8f93362c823 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_examples_crypto_async.test_wrap_unwrap_async.yaml @@ -0,0 +1,175 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Content-Length: + - '0' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vaultec147c.vault.azure.net/keys/crypto-test-wrapping-keyec147c/create?api-version=7.0 + response: + body: + string: '{"error":{"code":"Unauthorized","message":"Request is missing a Bearer + or PoP token."}}' + headers: + cache-control: no-cache + content-length: '87' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:23 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + www-authenticate: Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", + resource="https://vault.azure.net" + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 401 + message: Unauthorized + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultec147c.vault.azure.net + - /keys/crypto-test-wrapping-keyec147c/create + - api-version=7.0 + - '' +- request: + body: '{"kty": "RSA"}' + headers: + Accept: + - application/json + Content-Length: + - '14' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vaultec147c.vault.azure.net/keys/crypto-test-wrapping-keyec147c/create?api-version=7.0 + response: + body: + string: '{"key":{"kid":"https://vaultec147c.vault.azure.net/keys/crypto-test-wrapping-keyec147c/1fc8b548b37a49bda7f1ad24c7b97774","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"wrxcNX4WKjxyGx0sg2gP1xk8NIKU58HaIVjqUtQRvPNMJ3vV4aBMHD3y2WmXgCBF-8_Iyzso6a08PCjaCMmReyCaZ0G5bHppqLCNfRsO32vhmOr7dcxxG8ObUHX9yrAvKQabrQ7V9hIV25m7hWyKQiXdDPqdZVufRso5QW1lCyRZmMmvlNkkR3QhD5Ykh2puIeaPoddz7Mjc8jN4k6wRzvO51NLghgIVL6Ur6YdKCY-MG2p1lXBVbwGbzvVs2VZAar0WIo7v9-CY7f1mKWa5TUY2cRsUqeXBlVNqXF1ve5vHHvrqnZwP6fVZ4vLrH0A7jzIJbm7-wmOqpZKEN44ysQ","e":"AQAB"},"attributes":{"enabled":true,"created":1565124144,"updated":1565124144,"recoveryLevel":"Purgeable"}}' + headers: + cache-control: no-cache + content-length: '664' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:24 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultec147c.vault.azure.net + - /keys/crypto-test-wrapping-keyec147c/create + - api-version=7.0 + - '' +- request: + body: '{"value": "NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ", + "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Content-Length: + - '299' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vaultec147c.vault.azure.net/keys/crypto-test-wrapping-keyec147c/1fc8b548b37a49bda7f1ad24c7b97774/wrapkey?api-version=7.0 + response: + body: + string: '{"kid":"https://vaultec147c.vault.azure.net/keys/crypto-test-wrapping-keyec147c/1fc8b548b37a49bda7f1ad24c7b97774","value":"NIDjQMfBjWHtFCS3aGr7UJF5jWf4HS9RbC9AzyF-xPk3sBVPUWV4KVyZIYhbGTB_uOerMBneu64FslucLI-Lkv12_zv67g9OTdc5cbjwBob1_KWEmpLSWyiMVs75JeSq9lpSZoRPOM5InDO8tP9rInRB6P2M9RWeqo-hm80Vwbb6aO56XABAoArIT446aVGGi8gAGnX2jTxiZooNZE22JGupF_3FQTd8e-3ZBmQoHlsYlxXZFz0wMrjCNHfpceYo7jO4opAx6-HzBFGSXBhFhnFwTdxbDLDPW1Cc0PI9bJZ22zz-xVvslU1Ozxl7-uAg8aBRIGz2cDxVgYreY4KBkA"}' + headers: + cache-control: no-cache + content-length: '467' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:24 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultec147c.vault.azure.net + - /keys/crypto-test-wrapping-keyec147c/1fc8b548b37a49bda7f1ad24c7b97774/wrapkey + - api-version=7.0 + - '' +- request: + body: '{"value": "NIDjQMfBjWHtFCS3aGr7UJF5jWf4HS9RbC9AzyF-xPk3sBVPUWV4KVyZIYhbGTB_uOerMBneu64FslucLI-Lkv12_zv67g9OTdc5cbjwBob1_KWEmpLSWyiMVs75JeSq9lpSZoRPOM5InDO8tP9rInRB6P2M9RWeqo-hm80Vwbb6aO56XABAoArIT446aVGGi8gAGnX2jTxiZooNZE22JGupF_3FQTd8e-3ZBmQoHlsYlxXZFz0wMrjCNHfpceYo7jO4opAx6-HzBFGSXBhFhnFwTdxbDLDPW1Cc0PI9bJZ22zz-xVvslU1Ozxl7-uAg8aBRIGz2cDxVgYreY4KBkA", + "alg": "RSA-OAEP"}' + headers: + Accept: + - application/json + Content-Length: + - '374' + Content-Type: + - application/json; charset=utf-8 + User-Agent: + - azsdk-python-keyvault-keys/4.0.0b2 Python/3.5.4 (Windows-10-10.0.18362-SP0) + method: POST + uri: https://vaultec147c.vault.azure.net/keys/crypto-test-wrapping-keyec147c/1fc8b548b37a49bda7f1ad24c7b97774/unwrapkey?api-version=7.0 + response: + body: + string: '{"kid":"https://vaultec147c.vault.azure.net/keys/crypto-test-wrapping-keyec147c/1fc8b548b37a49bda7f1ad24c7b97774","value":"NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' + headers: + cache-control: no-cache + content-length: '392' + content-type: application/json; charset=utf-8 + date: Tue, 06 Aug 2019 20:42:24 GMT + expires: '-1' + pragma: no-cache + server: Microsoft-IIS/10.0 + strict-transport-security: max-age=31536000;includeSubDomains + x-aspnet-version: 4.0.30319 + x-content-type-options: nosniff + x-ms-keyvault-network-info: addr=131.107.174.186;act_addr_fam=InterNetwork; + x-ms-keyvault-region: westus + x-ms-keyvault-service-version: 1.1.0.875 + x-powered-by: ASP.NET + status: + code: 200 + message: OK + url: !!python/object/new:yarl.URL + state: !!python/tuple + - !!python/object/new:urllib.parse.SplitResult + - https + - vaultec147c.vault.azure.net + - /keys/crypto-test-wrapping-keyec147c/1fc8b548b37a49bda7f1ad24c7b97774/unwrapkey + - api-version=7.0 + - '' +version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_key_client.test_key_wrap_and_unwrap.yaml b/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_key_client.test_key_wrap_and_unwrap.yaml deleted file mode 100644 index eec4f40c91e5..000000000000 --- a/sdk/keyvault/azure-keyvault-keys/tests/recordings/test_key_client.test_key_wrap_and_unwrap.yaml +++ /dev/null @@ -1,315 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - Content-Length: - - '0' - Content-Type: - - application/json; charset=utf-8 - User-Agent: - - azsdk-python-keyvault-keys/4.0.0b2 Python/2.7.15 (Windows-10-10.0.18362) - method: POST - uri: https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/create?api-version=7.0 - response: - body: - string: !!python/unicode - headers: - cache-control: - - no-cache - content-length: - - '0' - date: - - Mon, 05 Aug 2019 23:35:54 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - Microsoft-IIS/10.0 - strict-transport-security: - - max-age=31536000;includeSubDomains - www-authenticate: - - Bearer authorization="https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47", - resource="https://vault.azure.net" - x-aspnet-version: - - 4.0.30319 - x-content-type-options: - - nosniff - x-ms-keyvault-network-info: - - addr=131.107.160.58;act_addr_fam=InterNetwork; - x-ms-keyvault-region: - - westus - x-ms-keyvault-service-version: - - 1.1.0.872 - x-powered-by: - - ASP.NET - status: - code: 401 - message: Unauthorized -- request: - body: !!python/unicode '{"kty": "RSA"}' - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - Content-Length: - - '14' - Content-Type: - - application/json; charset=utf-8 - User-Agent: - - azsdk-python-keyvault-keys/4.0.0b2 Python/2.7.15 (Windows-10-10.0.18362) - method: POST - uri: https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/create?api-version=7.0 - response: - body: - string: !!python/unicode '{"key":{"kid":"https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/d46e07a9669243a694d2d51b1eafbe83","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"kTm17rAfCchf6K0MRZgm0JJhzs4D6cYTKJUfNNfHwXFbtKfJWmMIFGDVeesOsPz6CutTvU4nPwrOKb3vdLZfiQY47iEckpl4lykftg1bzSXMMwyWs372H6IuSfhAmtHAXAwBkevwuFpGuFFNPAS3n2VLVDYgfIn-RUQJsRZLpu2RO-vJd5nX6-e2UoMr7nB0E5iwupXTRGDjaiIS1v3B-DDBg0euSMmFZf-Ii5T6R7inyjvu9AxkhRB2lkadEoP5nKO2ZNsNPpk-CQX4zLbiC5JtJiCziNAHnAlhU90-0eQA-qbDV9OGy9VBCG8zcq4ppNPvhqPrZuSKfiWy0l5E3Q","e":"AQAB"},"attributes":{"enabled":true,"created":1565048155,"updated":1565048155,"recoveryLevel":"Purgeable"}}' - headers: - cache-control: - - no-cache - content-length: - - '651' - content-type: - - application/json; charset=utf-8 - date: - - Mon, 05 Aug 2019 23:35:54 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - Microsoft-IIS/10.0 - strict-transport-security: - - max-age=31536000;includeSubDomains - x-aspnet-version: - - 4.0.30319 - x-content-type-options: - - nosniff - x-ms-keyvault-network-info: - - addr=131.107.160.58;act_addr_fam=InterNetwork; - x-ms-keyvault-region: - - westus - x-ms-keyvault-service-version: - - 1.1.0.872 - x-powered-by: - - ASP.NET - status: - code: 200 - message: OK -- request: - body: !!python/unicode '{"alg": "RSA-OAEP", "value": "NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - Content-Length: - - '299' - Content-Type: - - application/json; charset=utf-8 - User-Agent: - - azsdk-python-keyvault-keys/4.0.0b2 Python/2.7.15 (Windows-10-10.0.18362) - method: POST - uri: https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/wrapkey?api-version=7.0 - response: - body: - string: !!python/unicode '{"kid":"https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/d46e07a9669243a694d2d51b1eafbe83","value":"ZquldOo5Trg2gE2hHyjP-vezkSdc5avGTv8TI2vTtFTu7tT9JNFSbDaeej3XX2TBiJNPiDWSTsvLrH-YQqPWrYZ48_6uaD-Lv40_xP8KO2mxwYshZgr-MbMp_35h4N8OhUZeGB6UbLtrQIRVkuStgkFZI7K729mVRB9TutsfoKdi6q4hAmC0D2lJlAfuyIgpL4QMkva23vKLj-fC-OXvqhMiBdyYsJTeUUEQGK2CELlKlYoj5WidReOqg2QSeT6wKZaAy_h2vAk9ylP88ISZymIp5dJ_4l2AwYTOQ8gD6j5hY0xb9UZ25OR6uWulj8gUqvG17M-tvMRb8aKH2c8lRA"}' - headers: - cache-control: - - no-cache - content-length: - - '454' - content-type: - - application/json; charset=utf-8 - date: - - Mon, 05 Aug 2019 23:35:54 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - Microsoft-IIS/10.0 - strict-transport-security: - - max-age=31536000;includeSubDomains - x-aspnet-version: - - 4.0.30319 - x-content-type-options: - - nosniff - x-ms-keyvault-network-info: - - addr=131.107.160.58;act_addr_fam=InterNetwork; - x-ms-keyvault-region: - - westus - x-ms-keyvault-service-version: - - 1.1.0.872 - x-powered-by: - - ASP.NET - status: - code: 200 - message: OK -- request: - body: !!python/unicode '{"alg": "RSA-OAEP", "value": "ZquldOo5Trg2gE2hHyjP-vezkSdc5avGTv8TI2vTtFTu7tT9JNFSbDaeej3XX2TBiJNPiDWSTsvLrH-YQqPWrYZ48_6uaD-Lv40_xP8KO2mxwYshZgr-MbMp_35h4N8OhUZeGB6UbLtrQIRVkuStgkFZI7K729mVRB9TutsfoKdi6q4hAmC0D2lJlAfuyIgpL4QMkva23vKLj-fC-OXvqhMiBdyYsJTeUUEQGK2CELlKlYoj5WidReOqg2QSeT6wKZaAy_h2vAk9ylP88ISZymIp5dJ_4l2AwYTOQ8gD6j5hY0xb9UZ25OR6uWulj8gUqvG17M-tvMRb8aKH2c8lRA"}' - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - Content-Length: - - '374' - Content-Type: - - application/json; charset=utf-8 - User-Agent: - - azsdk-python-keyvault-keys/4.0.0b2 Python/2.7.15 (Windows-10-10.0.18362) - method: POST - uri: https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/unwrapkey?api-version=7.0 - response: - body: - string: !!python/unicode '{"kid":"https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/d46e07a9669243a694d2d51b1eafbe83","value":"NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' - headers: - cache-control: - - no-cache - content-length: - - '379' - content-type: - - application/json; charset=utf-8 - date: - - Mon, 05 Aug 2019 23:35:54 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - Microsoft-IIS/10.0 - strict-transport-security: - - max-age=31536000;includeSubDomains - x-aspnet-version: - - 4.0.30319 - x-content-type-options: - - nosniff - x-ms-keyvault-network-info: - - addr=131.107.160.58;act_addr_fam=InterNetwork; - x-ms-keyvault-region: - - westus - x-ms-keyvault-service-version: - - 1.1.0.872 - x-powered-by: - - ASP.NET - status: - code: 200 - message: OK -- request: - body: !!python/unicode '{"alg": "RSA-OAEP", "value": "NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - Content-Length: - - '299' - Content-Type: - - application/json; charset=utf-8 - User-Agent: - - azsdk-python-keyvault-keys/4.0.0b2 Python/2.7.15 (Windows-10-10.0.18362) - method: POST - uri: https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/d46e07a9669243a694d2d51b1eafbe83/wrapkey?api-version=7.0 - response: - body: - string: !!python/unicode '{"kid":"https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/d46e07a9669243a694d2d51b1eafbe83","value":"TXInRqZCbAA1OP4olI34ciKjLwdDo9boku3EuDZ4_LMcG60BZ-4eIIzZI3wg8RJ01sgcOX9YliHQYWmwQNHO3xrc861WOrFH6FElWOT9C7nibhHMsLAeW3bhsHKGXLQBln14kSKzqKELqGBwNgfmey8ae3HjRU2U4Gjojev3rb5ws91QwPDv8Iw5j3BWaFrgHJHdUwlnxYNrjVxdzM7PZqf_ZdBdorDGNqL_zCeyw8LGPmG1Iv4bYHaZE0DjOoWukZJCrXzK9DU_ZM1ItGvJOoM0pu-dZOOIrLvzlgJ5LhXV2zaf6kgH3prbOHDIyRFKmYV1S9SuFMA7TLWdPOdLEA"}' - headers: - cache-control: - - no-cache - content-length: - - '454' - content-type: - - application/json; charset=utf-8 - date: - - Mon, 05 Aug 2019 23:35:54 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - Microsoft-IIS/10.0 - strict-transport-security: - - max-age=31536000;includeSubDomains - x-aspnet-version: - - 4.0.30319 - x-content-type-options: - - nosniff - x-ms-keyvault-network-info: - - addr=131.107.160.58;act_addr_fam=InterNetwork; - x-ms-keyvault-region: - - westus - x-ms-keyvault-service-version: - - 1.1.0.872 - x-powered-by: - - ASP.NET - status: - code: 200 - message: OK -- request: - body: !!python/unicode '{"alg": "RSA-OAEP", "value": "TXInRqZCbAA1OP4olI34ciKjLwdDo9boku3EuDZ4_LMcG60BZ-4eIIzZI3wg8RJ01sgcOX9YliHQYWmwQNHO3xrc861WOrFH6FElWOT9C7nibhHMsLAeW3bhsHKGXLQBln14kSKzqKELqGBwNgfmey8ae3HjRU2U4Gjojev3rb5ws91QwPDv8Iw5j3BWaFrgHJHdUwlnxYNrjVxdzM7PZqf_ZdBdorDGNqL_zCeyw8LGPmG1Iv4bYHaZE0DjOoWukZJCrXzK9DU_ZM1ItGvJOoM0pu-dZOOIrLvzlgJ5LhXV2zaf6kgH3prbOHDIyRFKmYV1S9SuFMA7TLWdPOdLEA"}' - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - Content-Length: - - '374' - Content-Type: - - application/json; charset=utf-8 - User-Agent: - - azsdk-python-keyvault-keys/4.0.0b2 Python/2.7.15 (Windows-10-10.0.18362) - method: POST - uri: https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/d46e07a9669243a694d2d51b1eafbe83/unwrapkey?api-version=7.0 - response: - body: - string: !!python/unicode '{"kid":"https://vault51cf1084.vault.azure.net/keys/keywrap51cf1084/d46e07a9669243a694d2d51b1eafbe83","value":"NTA2M2U2YWFhODQ1ZjE1MDIwMDU0Nzk0NGZkMTk5Njc5Yzk4ZWQ2Zjk5ZGEwYTBiMmRhZmVhZjFmNDY4NDQ5NmZkNTMyYzFjMjI5OTY4Y2I5ZGVlNDQ5NTdmY2VmN2NjZWY1OWNlZGEwYjM2MmU1NmJjZDc4ZmQzZmFlZTU3ODFjNjIzYzBiYjIyYjM1YmVhYmRlMDY2NGZkMzBlMGU4MjRhYmEzZGQxYjBhZmZmYzRhM2Q5NTVlZGUyMGNmNmE4NTRkNTJjZmQ"}' - headers: - cache-control: - - no-cache - content-length: - - '379' - content-type: - - application/json; charset=utf-8 - date: - - Mon, 05 Aug 2019 23:35:54 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - Microsoft-IIS/10.0 - strict-transport-security: - - max-age=31536000;includeSubDomains - x-aspnet-version: - - 4.0.30319 - x-content-type-options: - - nosniff - x-ms-keyvault-network-info: - - addr=131.107.160.58;act_addr_fam=InterNetwork; - x-ms-keyvault-region: - - westus - x-ms-keyvault-service-version: - - 1.1.0.872 - x-powered-by: - - ASP.NET - status: - code: 200 - message: OK -version: 1 diff --git a/sdk/keyvault/azure-keyvault-keys/tests/test_crypto_client.py b/sdk/keyvault/azure-keyvault-keys/tests/test_crypto_client.py new file mode 100644 index 000000000000..44739bbade91 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/test_crypto_client.py @@ -0,0 +1,117 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +import codecs +import hashlib + +from azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm, KeyWrapAlgorithm, SignatureAlgorithm +from azure.keyvault.keys._shared._generated.v7_0.models import JsonWebKey +from devtools_testutils import ResourceGroupPreparer +from keys_preparer import VaultClientPreparer +from keys_test_case import KeyVaultTestCase + + +class CryptoClientTests(KeyVaultTestCase): + plaintext = b"5063e6aaa845f150200547944fd199679c98ed6f99da0a0b2dafeaf1f4684496fd532c1c229968cb9dee44957fcef7ccef59ceda0b362e56bcd78fd3faee5781c623c0bb22b35beabde0664fd30e0e824aba3dd1b0afffc4a3d955ede20cf6a854d52cfd" + + def _validate_rsa_key_bundle(self, key_attributes, vault, key_name, kty, key_ops): + prefix = "/".join(s.strip("/") for s in [vault, "keys", key_name]) + key = key_attributes.key_material + kid = key_attributes.id + self.assertTrue(kid.index(prefix) == 0, "Key Id should start with '{}', but value is '{}'".format(prefix, kid)) + self.assertEqual(key.kty, kty, "kty should by '{}', but is '{}'".format(key, key.kty)) + self.assertTrue(key.n and key.e, "Bad RSA public material.") + self.assertEqual(key_ops, key.key_ops, "keyOps should be '{}', but is '{}'".format(key_ops, key.key_ops)) + self.assertTrue(key_attributes.created and key_attributes.updated, "Missing required date attributes.") + + def _import_test_key(self, client, name): + def _to_bytes(hex): + if len(hex) % 2: + hex = "0{}".format(hex) + return codecs.decode(hex, "hex_codec") + + key = JsonWebKey( + kty="RSA", + key_ops=["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"], + n=_to_bytes( + "00a0914d00234ac683b21b4c15d5bed887bdc959c2e57af54ae734e8f00720d775d275e455207e3784ceeb60a50a4655dd72a7a94d271e8ee8f7959a669ca6e775bf0e23badae991b4529d978528b4bd90521d32dd2656796ba82b6bbfc7668c8f5eeb5053747fd199319d29a8440d08f4412d527ff9311eda71825920b47b1c46b11ab3e91d7316407e89c7f340f7b85a34042ce51743b27d4718403d34c7b438af6181be05e4d11eb985d38253d7fe9bf53fc2f1b002d22d2d793fa79a504b6ab42d0492804d7071d727a06cf3a8893aa542b1503f832b296371b6707d4dc6e372f8fe67d8ded1c908fde45ce03bc086a71487fa75e43aa0e0679aa0d20efe35" + ), + e=_to_bytes("10001"), + d=_to_bytes( + "627c7d24668148fe2252c7fa649ea8a5a9ed44d75c766cda42b29b660e99404f0e862d4561a6c95af6a83d213e0a2244b03cd28576473215073785fb067f015da19084ade9f475e08b040a9a2c7ba00253bb8125508c9df140b75161d266be347a5e0f6900fe1d8bbf78ccc25eeb37e0c9d188d6e1fc15169ba4fe12276193d77790d2326928bd60d0d01d6ead8d6ac4861abadceec95358fd6689c50a1671a4a936d2376440a41445501da4e74bfb98f823bd19c45b94eb01d98fc0d2f284507f018ebd929b8180dbe6381fdd434bffb7800aaabdd973d55f9eaf9bb88a6ea7b28c2a80231e72de1ad244826d665582c2362761019de2e9f10cb8bcc2625649" + ), + p=_to_bytes( + "00d1deac8d68ddd2c1fd52d5999655b2cf1565260de5269e43fd2a85f39280e1708ffff0682166cb6106ee5ea5e9ffd9f98d0becc9ff2cda2febc97259215ad84b9051e563e14a051dce438bc6541a24ac4f014cf9732d36ebfc1e61a00d82cbe412090f7793cfbd4b7605be133dfc3991f7e1bed5786f337de5036fc1e2df4cf3" + ), + q=_to_bytes( + "00c3dc66b641a9b73cd833bc439cd34fc6574465ab5b7e8a92d32595a224d56d911e74624225b48c15a670282a51c40d1dad4bc2e9a3c8dab0c76f10052dfb053bc6ed42c65288a8e8bace7a8881184323f94d7db17ea6dfba651218f931a93b8f738f3d8fd3f6ba218d35b96861a0f584b0ab88ddcf446b9815f4d287d83a3237" + ), + dp=_to_bytes( + "00c9a159be7265cbbabc9afcc4967eb74fe58a4c4945431902d1142da599b760e03838f8cbd26b64324fea6bdc9338503f459793636e59b5361d1e6951e08ddb089e1b507be952a81fbeaf7e76890ea4f536e25505c3f648b1e88377dfc19b4c304e738dfca07211b792286a392a704d0f444c0a802539110b7f1f121c00cff0a9" + ), + dq=_to_bytes( + "00a0bd4c0a3d9f64436a082374b5caf2488bac1568696153a6a5e4cd85d186db31e2f58f024c617d29f37b4e6b54c97a1e25efec59c4d1fd3061ac33509ce8cae5c11f4cd2e83f41a8264f785e78dc0996076ee23dfdfc43d67c463afaa0180c4a718357f9a6f270d542479a0f213870e661fb950abca4a14ca290570ba7983347" + ), + qi=_to_bytes( + "009fe7ae42e92bc04fcd5780464bd21d0c8ac0c599f9af020fde6ab0a7e7d1d39902f5d8fb6c614184c4c1b103fb46e94cd10a6c8a40f9991a1f28269f326435b6c50276fda6493353c650a833f724d80c7d522ba16c79f0eb61f672736b68fb8be3243d10943c4ab7028d09e76cfb5892222e38bc4d35585bf35a88cd68c73b07" + ), + ) + imported_key = client.import_key(name, key) + self._validate_rsa_key_bundle(imported_key, client.vault_url, name, key.kty, key.key_ops) + return imported_key + + @ResourceGroupPreparer() + @VaultClientPreparer() + def test_encrypt_and_decrypt(self, vault_client, **kwargs): + # TODO: use iv, authentication_data + key_name = self.get_resource_name("keycrypt") + key_client = vault_client.keys + + imported_key = self._import_test_key(key_client, key_name) + crypto_client = key_client.get_cryptography_client(imported_key) + + key_id, algorithm, ciphertext, authentication_tag = crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, self.plaintext) + self.assertEqual(key_id, imported_key.id) + assert authentication_tag is None + + result = crypto_client.decrypt(algorithm, ciphertext) + self.assertEqual(self.plaintext, result.decrypted_bytes) + + @ResourceGroupPreparer() + @VaultClientPreparer() + def test_sign_and_verify(self, vault_client, **kwargs): + key_client = vault_client.keys + + key_name = self.get_resource_name("keysign") + + md = hashlib.sha256() + md.update(self.plaintext) + digest = md.digest() + + imported_key = self._import_test_key(key_client, key_name) + crypto_client = key_client.get_cryptography_client(imported_key) + + key_id, algorithm, signature = crypto_client.sign(SignatureAlgorithm.rs256, digest) + self.assertEqual(key_id, imported_key.id) + + verified = crypto_client.verify(algorithm, digest, signature) + self.assertTrue(verified.result) + + @ResourceGroupPreparer() + @VaultClientPreparer() + def test_wrap_and_unwrap(self, vault_client, **kwargs): + key_name = self.get_resource_name("keywrap") + key_client = vault_client.keys + + created_key = key_client.create_key(key_name, "RSA") + self.assertIsNotNone(created_key) + crypto_client = key_client.get_cryptography_client(created_key) + + # Wrap a key with the created key, then unwrap it. The wrapped key's bytes should round-trip. + key_bytes = self.plaintext + key_id, wrap_algorithm, wrapped_bytes = crypto_client.wrap(KeyWrapAlgorithm.rsa_oaep, key_bytes) + self.assertEqual(key_id, created_key.id) + + result = crypto_client.unwrap(wrap_algorithm, wrapped_bytes) + self.assertEqual(key_bytes, result.unwrapped_bytes) diff --git a/sdk/keyvault/azure-keyvault-keys/tests/test_crypto_client_async.py b/sdk/keyvault/azure-keyvault-keys/tests/test_crypto_client_async.py new file mode 100644 index 000000000000..b43aafd19d57 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/test_crypto_client_async.py @@ -0,0 +1,120 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +import codecs +import hashlib + +from azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm, KeyWrapAlgorithm, SignatureAlgorithm +from azure.keyvault.keys._shared._generated.v7_0.models import JsonWebKey +from devtools_testutils import ResourceGroupPreparer +from keys_async_preparer import AsyncVaultClientPreparer +from keys_async_test_case import AsyncKeyVaultTestCase + + +class CryptoClientTests(AsyncKeyVaultTestCase): + plaintext = b"5063e6aaa845f150200547944fd199679c98ed6f99da0a0b2dafeaf1f4684496fd532c1c229968cb9dee44957fcef7ccef59ceda0b362e56bcd78fd3faee5781c623c0bb22b35beabde0664fd30e0e824aba3dd1b0afffc4a3d955ede20cf6a854d52cfd" + + def _validate_rsa_key_bundle(self, key_attributes, vault, key_name, kty, key_ops): + prefix = "/".join(s.strip("/") for s in [vault, "keys", key_name]) + key = key_attributes.key_material + kid = key_attributes.id + self.assertTrue(kid.index(prefix) == 0, "Key Id should start with '{}', but value is '{}'".format(prefix, kid)) + self.assertEqual(key.kty, kty, "kty should by '{}', but is '{}'".format(key, key.kty)) + self.assertTrue(key.n and key.e, "Bad RSA public material.") + self.assertEqual(key_ops, key.key_ops, "keyOps should be '{}', but is '{}'".format(key_ops, key.key_ops)) + self.assertTrue(key_attributes.created and key_attributes.updated, "Missing required date attributes.") + + async def _import_test_key(self, client, name): + def _to_bytes(hex): + if len(hex) % 2: + hex = "0{}".format(hex) + return codecs.decode(hex, "hex_codec") + + key = JsonWebKey( + kty="RSA", + key_ops=["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"], + n=_to_bytes( + "00a0914d00234ac683b21b4c15d5bed887bdc959c2e57af54ae734e8f00720d775d275e455207e3784ceeb60a50a4655dd72a7a94d271e8ee8f7959a669ca6e775bf0e23badae991b4529d978528b4bd90521d32dd2656796ba82b6bbfc7668c8f5eeb5053747fd199319d29a8440d08f4412d527ff9311eda71825920b47b1c46b11ab3e91d7316407e89c7f340f7b85a34042ce51743b27d4718403d34c7b438af6181be05e4d11eb985d38253d7fe9bf53fc2f1b002d22d2d793fa79a504b6ab42d0492804d7071d727a06cf3a8893aa542b1503f832b296371b6707d4dc6e372f8fe67d8ded1c908fde45ce03bc086a71487fa75e43aa0e0679aa0d20efe35" + ), + e=_to_bytes("10001"), + d=_to_bytes( + "627c7d24668148fe2252c7fa649ea8a5a9ed44d75c766cda42b29b660e99404f0e862d4561a6c95af6a83d213e0a2244b03cd28576473215073785fb067f015da19084ade9f475e08b040a9a2c7ba00253bb8125508c9df140b75161d266be347a5e0f6900fe1d8bbf78ccc25eeb37e0c9d188d6e1fc15169ba4fe12276193d77790d2326928bd60d0d01d6ead8d6ac4861abadceec95358fd6689c50a1671a4a936d2376440a41445501da4e74bfb98f823bd19c45b94eb01d98fc0d2f284507f018ebd929b8180dbe6381fdd434bffb7800aaabdd973d55f9eaf9bb88a6ea7b28c2a80231e72de1ad244826d665582c2362761019de2e9f10cb8bcc2625649" + ), + p=_to_bytes( + "00d1deac8d68ddd2c1fd52d5999655b2cf1565260de5269e43fd2a85f39280e1708ffff0682166cb6106ee5ea5e9ffd9f98d0becc9ff2cda2febc97259215ad84b9051e563e14a051dce438bc6541a24ac4f014cf9732d36ebfc1e61a00d82cbe412090f7793cfbd4b7605be133dfc3991f7e1bed5786f337de5036fc1e2df4cf3" + ), + q=_to_bytes( + "00c3dc66b641a9b73cd833bc439cd34fc6574465ab5b7e8a92d32595a224d56d911e74624225b48c15a670282a51c40d1dad4bc2e9a3c8dab0c76f10052dfb053bc6ed42c65288a8e8bace7a8881184323f94d7db17ea6dfba651218f931a93b8f738f3d8fd3f6ba218d35b96861a0f584b0ab88ddcf446b9815f4d287d83a3237" + ), + dp=_to_bytes( + "00c9a159be7265cbbabc9afcc4967eb74fe58a4c4945431902d1142da599b760e03838f8cbd26b64324fea6bdc9338503f459793636e59b5361d1e6951e08ddb089e1b507be952a81fbeaf7e76890ea4f536e25505c3f648b1e88377dfc19b4c304e738dfca07211b792286a392a704d0f444c0a802539110b7f1f121c00cff0a9" + ), + dq=_to_bytes( + "00a0bd4c0a3d9f64436a082374b5caf2488bac1568696153a6a5e4cd85d186db31e2f58f024c617d29f37b4e6b54c97a1e25efec59c4d1fd3061ac33509ce8cae5c11f4cd2e83f41a8264f785e78dc0996076ee23dfdfc43d67c463afaa0180c4a718357f9a6f270d542479a0f213870e661fb950abca4a14ca290570ba7983347" + ), + qi=_to_bytes( + "009fe7ae42e92bc04fcd5780464bd21d0c8ac0c599f9af020fde6ab0a7e7d1d39902f5d8fb6c614184c4c1b103fb46e94cd10a6c8a40f9991a1f28269f326435b6c50276fda6493353c650a833f724d80c7d522ba16c79f0eb61f672736b68fb8be3243d10943c4ab7028d09e76cfb5892222e38bc4d35585bf35a88cd68c73b07" + ), + ) + imported_key = await client.import_key(name, key) + self._validate_rsa_key_bundle(imported_key, client.vault_url, name, key.kty, key.key_ops) + return imported_key + + @ResourceGroupPreparer() + @AsyncVaultClientPreparer() + @AsyncKeyVaultTestCase.await_prepared_test + async def test_encrypt_and_decrypt(self, vault_client, **kwargs): + # TODO: use iv, authentication_data + key_name = self.get_resource_name("keycrypt") + key_client = vault_client.keys + + imported_key = await self._import_test_key(key_client, key_name) + crypto_client = key_client.get_cryptography_client(imported_key) + + key_id, algorithm, ciphertext, authentication_tag = await crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, self.plaintext) + self.assertEqual(key_id, imported_key.id) + assert authentication_tag is None + + result = await crypto_client.decrypt(algorithm, ciphertext) + self.assertEqual(self.plaintext, result.decrypted_bytes) + + @ResourceGroupPreparer() + @AsyncVaultClientPreparer() + @AsyncKeyVaultTestCase.await_prepared_test + async def test_sign_and_verify(self, vault_client, **kwargs): + key_client = vault_client.keys + + key_name = self.get_resource_name("keysign") + + md = hashlib.sha256() + md.update(self.plaintext) + digest = md.digest() + + imported_key = await self._import_test_key(key_client, key_name) + crypto_client = key_client.get_cryptography_client(imported_key) + + key_id, algorithm, signature = await crypto_client.sign(SignatureAlgorithm.rs256, digest) + self.assertEqual(key_id, imported_key.id) + + verified = await crypto_client.verify(algorithm, digest, signature) + self.assertTrue(verified.result) + + @ResourceGroupPreparer() + @AsyncVaultClientPreparer() + @AsyncKeyVaultTestCase.await_prepared_test + async def test_wrap_and_unwrap(self, vault_client, **kwargs): + key_name = self.get_resource_name("keywrap") + key_client = vault_client.keys + + created_key = await key_client.create_key(key_name, "RSA") + self.assertIsNotNone(created_key) + crypto_client = key_client.get_cryptography_client(created_key) + + # Wrap a key with the created key, then unwrap it. The wrapped key's bytes should round-trip. + key_bytes = self.plaintext + key_id, wrap_algorithm, wrapped_bytes = await crypto_client.wrap(KeyWrapAlgorithm.rsa_oaep, key_bytes) + self.assertEqual(key_id, created_key.id) + + result = await crypto_client.unwrap(wrap_algorithm, wrapped_bytes) + self.assertEqual(key_bytes, result.unwrapped_bytes) diff --git a/sdk/keyvault/azure-keyvault-keys/tests/test_examples_crypto.py b/sdk/keyvault/azure-keyvault-keys/tests/test_examples_crypto.py new file mode 100644 index 000000000000..b46790081130 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/test_examples_crypto.py @@ -0,0 +1,95 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +from devtools_testutils import ResourceGroupPreparer +from keys_preparer import VaultClientPreparer +from keys_test_case import KeyVaultTestCase + + +class TestCryptoExamples(KeyVaultTestCase): + # pylint:disable=unused-variable + + @ResourceGroupPreparer() + @VaultClientPreparer() + def test_encrypt_decrypt(self, vault_client, **kwargs): + key_client = vault_client.keys + key_name = self.get_resource_name("crypto-test-encrypt-key") + key = key_client.create_rsa_key(key_name, hsm=False) + client = key_client.get_cryptography_client(key) + + # [START encrypt] + + from azure.keyvault.keys.crypto import EncryptionAlgorithm + + # encrypt returns a tuple with the ciphertext and the metadata required to decrypt it + key_id, algorithm, ciphertext, authentication_tag = client.encrypt(EncryptionAlgorithm.rsa_oaep, b"plaintext") + + # [END encrypt] + + # [START decrypt] + + from azure.keyvault.keys.crypto import EncryptionAlgorithm + + result = client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext) + print(result.decrypted_bytes) + + # [END decrypt] + + pass + + @ResourceGroupPreparer() + @VaultClientPreparer() + def test_wrap_unwrap(self, vault_client, **kwargs): + key_client = vault_client.keys + key_name = self.get_resource_name("crypto-test-wrapping-key") + key = key_client.create_rsa_key(key_name, hsm=False) + client = key_client.get_cryptography_client(key) + + key_bytes = b"5063e6aaa845f150200547944fd199679c98ed6f99da0a0b2dafeaf1f4684496fd532c1c229968cb9dee44957fcef7ccef59ceda0b362e56bcd78fd3faee5781c623c0bb22b35beabde0664fd30e0e824aba3dd1b0afffc4a3d955ede20cf6a854d52cfd" + + # [START wrap] + + from azure.keyvault.keys.crypto import KeyWrapAlgorithm + + # wrap returns a tuple with the wrapped bytes and the metadata required to unwrap the key + key_id, wrap_algorithm, wrapped_bytes = client.wrap(KeyWrapAlgorithm.rsa_oaep, key_bytes) + + # [END wrap] + + # [START unwrap] + from azure.keyvault.keys.crypto import KeyWrapAlgorithm + + result = client.unwrap(KeyWrapAlgorithm.rsa_oaep, wrapped_bytes) + unwrapped_bytes = result.unwrapped_bytes + + # [END unwrap] + + @ResourceGroupPreparer() + @VaultClientPreparer() + def test_sign_verify(self, vault_client, **kwargs): + key_client = vault_client.keys + key_name = self.get_resource_name("crypto-test-wrapping-key") + key = key_client.create_rsa_key(key_name, hsm=False) + client = key_client.get_cryptography_client(key) + + # [START sign] + + import hashlib + from azure.keyvault.keys.crypto import SignatureAlgorithm + + digest = hashlib.sha256(b"plaintext").digest() + + # sign returns a tuple with the signature and the metadata required to verify it + key_id, algorithm, signature = client.sign(SignatureAlgorithm.rs256, digest) + + # [END sign] + + # [START verify] + + from azure.keyvault.keys.crypto import SignatureAlgorithm + + verified = client.verify(SignatureAlgorithm.rs256, digest, signature) + assert verified.result is True + + # [END verify] diff --git a/sdk/keyvault/azure-keyvault-keys/tests/test_examples_crypto_async.py b/sdk/keyvault/azure-keyvault-keys/tests/test_examples_crypto_async.py new file mode 100644 index 000000000000..06439acaea9e --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/tests/test_examples_crypto_async.py @@ -0,0 +1,97 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ +from devtools_testutils import ResourceGroupPreparer +from keys_async_preparer import AsyncVaultClientPreparer +from keys_async_test_case import AsyncKeyVaultTestCase + + +class TestCryptoExamples(AsyncKeyVaultTestCase): + # pylint:disable=unused-variable + + @ResourceGroupPreparer() + @AsyncVaultClientPreparer() + @AsyncKeyVaultTestCase.await_prepared_test + async def test_encrypt_decrypt_async(self, vault_client, **kwargs): + key_client = vault_client.keys + key_name = self.get_resource_name("crypto-test-encrypt-key") + key = await key_client.create_rsa_key(key_name, hsm=False) + client = key_client.get_cryptography_client(key) + + # [START encrypt] + + from azure.keyvault.keys.crypto import EncryptionAlgorithm + + # encrypt returns a tuple with the ciphertext and the metadata required to decrypt it + key_id, algorithm, ciphertext, authentication_tag = await client.encrypt(EncryptionAlgorithm.rsa_oaep, b"plaintext") + + # [END encrypt] + + # [START decrypt] + + from azure.keyvault.keys.crypto import EncryptionAlgorithm + + result = await client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext) + print(result.decrypted_bytes) + + # [END decrypt] + + pass + + @ResourceGroupPreparer() + @AsyncVaultClientPreparer() + @AsyncKeyVaultTestCase.await_prepared_test + async def test_wrap_unwrap_async(self, vault_client, **kwargs): + key_client = vault_client.keys + key_name = self.get_resource_name("crypto-test-wrapping-key") + key = await key_client.create_rsa_key(key_name, hsm=False) + client = key_client.get_cryptography_client(key) + + key_bytes = b"5063e6aaa845f150200547944fd199679c98ed6f99da0a0b2dafeaf1f4684496fd532c1c229968cb9dee44957fcef7ccef59ceda0b362e56bcd78fd3faee5781c623c0bb22b35beabde0664fd30e0e824aba3dd1b0afffc4a3d955ede20cf6a854d52cfd" + + # [START wrap] + + from azure.keyvault.keys.crypto import KeyWrapAlgorithm + + # wrap returns a tuple with the wrapped bytes and the metadata required to unwrap the key + key_id, wrap_algorithm, wrapped_bytes = await client.wrap(KeyWrapAlgorithm.rsa_oaep, key_bytes) + + # [END wrap] + + # [START unwrap] + from azure.keyvault.keys.crypto import KeyWrapAlgorithm + + result = await client.unwrap(KeyWrapAlgorithm.rsa_oaep, wrapped_bytes) + + # [END unwrap] + + @ResourceGroupPreparer() + @AsyncVaultClientPreparer() + @AsyncKeyVaultTestCase.await_prepared_test + async def test_sign_verify_async(self, vault_client, **kwargs): + key_client = vault_client.keys + key_name = self.get_resource_name("crypto-test-wrapping-key") + key = await key_client.create_rsa_key(key_name, hsm=False) + client = key_client.get_cryptography_client(key) + + # [START sign] + + import hashlib + from azure.keyvault.keys.crypto import SignatureAlgorithm + + digest = hashlib.sha256(b"plaintext").digest() + + # sign returns a tuple with the signature and the metadata required to verify it + key_id, algorithm, signature = await client.sign(SignatureAlgorithm.rs256, digest) + + # [END sign] + + # [START verify] + + from azure.keyvault.keys.crypto import SignatureAlgorithm + + verified = await client.verify(SignatureAlgorithm.rs256, digest, signature) + assert verified.result is True + + # [END verify] diff --git a/sdk/keyvault/azure-keyvault-keys/tests/test_key_client.py b/sdk/keyvault/azure-keyvault-keys/tests/test_key_client.py index 0f736d0e5bcd..2cef4c2c8b8a 100644 --- a/sdk/keyvault/azure-keyvault-keys/tests/test_key_client.py +++ b/sdk/keyvault/azure-keyvault-keys/tests/test_key_client.py @@ -340,32 +340,3 @@ def test_purge(self, vault_client, **kwargs): # validate none are returned by list_deleted_keys deleted = [s.name for s in client.list_deleted_keys()] self.assertTrue(not any(s in deleted for s in key_names)) - - @ResourceGroupPreparer() - @VaultClientPreparer() - def test_key_wrap_and_unwrap(self, vault_client, **kwargs): - self.assertIsNotNone(vault_client) - client = vault_client.keys - key_name = self.get_resource_name("keywrap") - - # create key - created_bundle = client.create_key(key_name, "RSA") - self.assertIsNotNone(created_bundle) - plain_text = b"5063e6aaa845f150200547944fd199679c98ed6f99da0a0b2dafeaf1f4684496fd532c1c229968cb9dee44957fcef7ccef59ceda0b362e56bcd78fd3faee5781c623c0bb22b35beabde0664fd30e0e824aba3dd1b0afffc4a3d955ede20cf6a854d52cfd" - - # wrap without version - result = client.wrap_key(created_bundle.name, "RSA-OAEP", plain_text) - cipher_text = result.value - - # unwrap without version - result = client.unwrap_key(created_bundle.name, "RSA-OAEP", cipher_text) - self.assertEqual(plain_text, result.value) - - # wrap with version - result = client.wrap_key(created_bundle.name, "RSA-OAEP", plain_text, version=created_bundle.version) - cipher_text = result.value - self.assertIsNotNone(cipher_text) - - # unwrap with version - result = client.unwrap_key(created_bundle.name, "RSA-OAEP", cipher_text, version=created_bundle.version) - self.assertEqual(plain_text, result.value)