com.microsoft.azure.keyvault.webkey.JsonWebKeyEncryptionAlgorithm Java Examples

private JsonWebKeyEncryptionAlgorithm getZoneKeyEncryptionAlgo() {
	JsonWebKeyEncryptionAlgorithm keyEncryptionAlgo;
	switch (zoneKeyEncryptionAlgo) {
	case "RSA_OAEP":
		keyEncryptionAlgo = JsonWebKeyEncryptionAlgorithm.RSA_OAEP;
		break;

	case "RSA_OAEP_256":
		keyEncryptionAlgo = JsonWebKeyEncryptionAlgorithm.RSA_OAEP_256;
		break;

	case "RSA1_5":
		keyEncryptionAlgo = JsonWebKeyEncryptionAlgorithm.RSA1_5;
		break;

	default:
		keyEncryptionAlgo = JsonWebKeyEncryptionAlgorithm.RSA_OAEP;
	}
	return keyEncryptionAlgo;
}
 

public byte[] dencryptZoneKey(byte[] encryptedByte) throws Exception {
	JsonWebKeyEncryptionAlgorithm keyEncryptionAlgo = getZoneKeyEncryptionAlgo();
	if (masterKeyBundle == null) {
		masterKeyBundle = keyVaultClient
				.getKey(keyVaultURL, azureMasterKey);
	}
	KeyOperationResult decryptResult = null;
	try {
		decryptResult = keyVaultClient.decryptAsync(
				masterKeyBundle.key().kid(), keyEncryptionAlgo,
				encryptedByte, null).get();

	} catch (Exception e) {
		throw new Exception("Error while decrypting zone key." + e);
	}
	return decryptResult.result();
}
 

public byte[] encryptZoneKey(Key zoneKey) throws Exception {
	JsonWebKeyEncryptionAlgorithm keyEncryptionAlgo = getZoneKeyEncryptionAlgo();
	KeyOperationResult encryptResult = null;
	
	if (masterKeyBundle == null) {
		masterKeyBundle = keyVaultClient
				.getKey(keyVaultURL, azureMasterKey);
	}
	try {
		encryptResult = keyVaultClient.encryptAsync(
				masterKeyBundle.key().kid(), keyEncryptionAlgo,
				zoneKey.getEncoded(), null).get();

	} catch (Exception e) {
		throw new Exception("Error while encrypting zone key." + e);
	}
	return encryptResult.result();
}
 

@Override
public ListenableFuture<byte[]> unwrapKeyAsync(byte[] ciphertext, String algorithm) {
    if (implementation == null) {
        return null;
    }

    if (Strings.isNullOrWhiteSpace(algorithm)) {
        algorithm = getDefaultKeyWrapAlgorithm();
    }

    // Never local
    ListenableFuture<KeyOperationResult> futureCall = 
            client.unwrapKeyAsync(
                    implementation.getKid(),
                    new JsonWebKeyEncryptionAlgorithm(algorithm),
                    ciphertext,
                    null);
    return Futures.transform(futureCall, new DecryptResultTransform(), MoreExecutors.directExecutor());
}
 

@Override
public ListenableFuture<byte[]> decryptAsync(byte[] ciphertext, byte[] iv, byte[] authenticationData, byte[] authenticationTag, String algorithm) {

    if (implementation == null) {
        return null;
    }

    if (Strings.isNullOrWhiteSpace(algorithm)) {
        algorithm = getDefaultEncryptionAlgorithm();
    }

    // Never local
    ListenableFuture<KeyOperationResult> futureCall =
            client.decryptAsync(
                    implementation.getKid(),
                    new JsonWebKeyEncryptionAlgorithm(algorithm),
                    ciphertext,
                    null);
    return Futures.transform(futureCall, new DecryptResultTransform(), MoreExecutors.directExecutor());
}
 

@Ignore("Mock framework doesn't support data plane")
public void canWrapAndUnwrap() throws Exception {
    Vault vault = createVault();
    String keyName = SdkContext.randomResourceName("key", 20);

    Key key = vault.keys().define(keyName)
            .withLocalKeyToImport(JsonWebKey.fromRSA(KeyPairGenerator.getInstance("RSA").generateKeyPair()))
            .create();

    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();

    byte[] wrapped = key.wrapKey(JsonWebKeyEncryptionAlgorithm.RSA1_5, secretKey.getEncoded());
    Assert.assertNotNull(wrapped);

    byte[] unwrapped = key.unwrapKey(JsonWebKeyEncryptionAlgorithm.RSA1_5, wrapped);
    Assert.assertNotNull(unwrapped);
    Assert.assertEquals(secretKey, new SecretKeySpec(unwrapped, "AES"));
}
 

@Test
public void wrapUnwrapOperationsForKeyOperationsTest() throws Exception {

    JsonWebKey testKey = importTestKey();
    KeyIdentifier keyId = new KeyIdentifier(testKey.kid());

    // Test variables
    byte[] plainText = new byte[100];
    new Random(0x1234567L).nextBytes(plainText);
    byte[] cipherText;

    KeyOperationResult result;

    // wrap and unwrap using kid WO version
    {
        result = keyVaultClient.wrapKey(keyId.baseIdentifier(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, plainText);
        cipherText = result.result();

        result = keyVaultClient.unwrapKey(keyId.baseIdentifier(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, cipherText);
        Assert.assertArrayEquals(plainText, result.result());
    }

    // wrap and unwrap using full kid
    {
        result = keyVaultClient.wrapKey(testKey.kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, plainText);
        cipherText = result.result();

        result = keyVaultClient.unwrapKey(testKey.kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, cipherText);
        Assert.assertArrayEquals(plainText, result.result());
    }
}
 

@Test
public void encryptDecryptOperationsForKeyOperationsTest() throws Exception {

    JsonWebKey testKey = importTestKey();
    KeyIdentifier keyId = new KeyIdentifier(testKey.kid());

    // Test variables
    byte[] plainText = new byte[100];
    new Random(0x1234567L).nextBytes(plainText);
    byte[] cipherText;

    KeyOperationResult result;

    // encrypt and decrypt using kid WO version
    {
        result = keyVaultClient.encrypt(keyId.baseIdentifier(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, plainText);
        cipherText = result.result();

        result = keyVaultClient.decrypt(keyId.baseIdentifier(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, cipherText);
        Assert.assertArrayEquals(plainText, result.result());
    }

    // encrypt and decrypt using full kid
    {
        result = keyVaultClient.encrypt(testKey.kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, plainText);
        cipherText = result.result();

        result = keyVaultClient.decrypt(testKey.kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, cipherText);
        Assert.assertArrayEquals(plainText, result.result());
    }
}
 

@Override
public Observable<byte[]> encryptAsync(final JsonWebKeyEncryptionAlgorithm algorithm, final byte[] content) {
    return new KeyVaultFutures.ServiceFutureConverter<KeyOperationResult, byte[]>() {

        @Override
        protected ServiceFuture<KeyOperationResult> callAsync() {
            return vault.client().encryptAsync(inner().keyIdentifier().identifier(), algorithm, content, null);
        }

        @Override
        protected byte[] wrapModel(KeyOperationResult keyOperationResult) {
            return keyOperationResult.result();
        }
    }.toObservable();
}
 

@Ignore("Mock framework doesn't support data plane")
public void canEncryptAndDecrypt() throws Exception {
    Vault vault = createVault();
    String keyName = SdkContext.randomResourceName("key", 20);

    KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();

    Key key = vault.keys().define(keyName)
            .withLocalKeyToImport(JsonWebKey.fromRSA(keyPair))
            .create();

    Assert.assertNotNull(key);

    String s = "the quick brown fox jumps over the lazy dog";
    byte[] data = s.getBytes();

    // Remote encryption
    byte[] encrypted = key.encrypt(JsonWebKeyEncryptionAlgorithm.RSA1_5, data);
    Assert.assertNotNull(encrypted);

    byte[] decrypted = key.decrypt(JsonWebKeyEncryptionAlgorithm.RSA1_5, encrypted);
    Assert.assertEquals(s, new String(decrypted));

    // Local encryption
    Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
    encrypted = cipher.doFinal(data);

    decrypted = key.decrypt(JsonWebKeyEncryptionAlgorithm.RSA_OAEP, encrypted);
    Assert.assertEquals(s, new String(decrypted));
}
 

@Override
public Observable<byte[]> decryptAsync(final JsonWebKeyEncryptionAlgorithm algorithm, final byte[] content) {
    return new KeyVaultFutures.ServiceFutureConverter<KeyOperationResult, byte[]>() {

        @Override
        protected ServiceFuture<KeyOperationResult> callAsync() {
            return vault.client().decryptAsync(inner().keyIdentifier().identifier(), algorithm, content, null);
        }

        @Override
        protected byte[] wrapModel(KeyOperationResult keyOperationResult) {
            return keyOperationResult.result();
        }
    }.toObservable();
}
 

@Override
public Observable<byte[]> unwrapKeyAsync(final JsonWebKeyEncryptionAlgorithm algorithm, final byte[] key) {
    return new KeyVaultFutures.ServiceFutureConverter<KeyOperationResult, byte[]>() {

        @Override
        protected ServiceFuture<KeyOperationResult> callAsync() {
            return vault.client().unwrapKeyAsync(inner().keyIdentifier().identifier(), algorithm, key, null);
        }

        @Override
        protected byte[] wrapModel(KeyOperationResult keyOperationResult) {
            return keyOperationResult.result();
        }
    }.toObservable();
}
 

@Override
public Observable<byte[]> wrapKeyAsync(final JsonWebKeyEncryptionAlgorithm algorithm, final byte[] key) {
    return new KeyVaultFutures.ServiceFutureConverter<KeyOperationResult, byte[]>() {

        @Override
        protected ServiceFuture<KeyOperationResult> callAsync() {
            return vault.client().wrapKeyAsync(inner().keyIdentifier().identifier(), algorithm, key, null);
        }

        @Override
        protected byte[] wrapModel(KeyOperationResult keyOperationResult) {
            return keyOperationResult.result();
        }
    }.toObservable();
}
 

@Override
public byte[] unwrapKey(JsonWebKeyEncryptionAlgorithm algorithm, byte[] key) {
    return vault.client().unwrapKey(inner().keyIdentifier().identifier(), algorithm, key).result();
}
 

@Override
public byte[] wrapKey(JsonWebKeyEncryptionAlgorithm algorithm, byte[] key) {
    return vault.client().wrapKey(inner().keyIdentifier().identifier(), algorithm, key).result();
}
 

@Override
public byte[] decrypt(JsonWebKeyEncryptionAlgorithm algorithm, byte[] content) {
    return vault.client().decrypt(inner().keyIdentifier().identifier(), algorithm, content).result();
}
 

@Override
public byte[] encrypt(JsonWebKeyEncryptionAlgorithm algorithm, byte[] content) {
    return vault.client().encrypt(inner().keyIdentifier().identifier(), algorithm, content).result();
}
 

@Test
public void keyAsyncForAsyncOperationsTest() throws Exception {

	String vault = getVaultUri();
	String keyname = "mykey";

	CreateKeyRequest createKeyRequest = new CreateKeyRequest.Builder(vault, keyname, JsonWebKeyType.RSA).build();
	KeyBundle keyBundle = keyVaultClient.createKeyAsync(createKeyRequest, null).get();
	Assert.assertNotNull(keyBundle);

	UpdateKeyRequest updateKeyRequest = new UpdateKeyRequest.Builder(keyBundle.key().kid()).build();
	keyBundle = keyVaultClient.updateKeyAsync(updateKeyRequest, null).get();
	Assert.assertNotNull(keyBundle);

	keyBundle = keyVaultClient.getKeyAsync(keyBundle.key().kid(), null).get();
	Assert.assertNotNull(keyBundle);

	List<KeyItem> keyItems = keyVaultClient.listKeysAsync(vault, 2, null).get();
	Assert.assertNotNull(keyItems);

	List<KeyItem> keyVersionItems = keyVaultClient.listKeyVersionsAsync(vault, keyname, 2, null).get();
	Assert.assertNotNull(keyVersionItems);

	BackupKeyResult backupResult = keyVaultClient.backupKeyAsync(vault, keyname, null).get();
	Assert.assertNotNull(backupResult);

	keyVaultClient.deleteKeyAsync(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name(), null).get();
	pollOnKeyDeletion(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name());
	keyVaultClient.purgeDeletedKey(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name());
	if (isRecordMode()) {
		Thread.sleep(20000);
	}

	KeyBundle restoreResult = keyVaultClient.restoreKeyAsync(vault, backupResult.value(), null).get();
	Assert.assertNotNull(restoreResult);

	KeyOperationResult encryptResult = keyVaultClient
			.encryptAsync(keyBundle.key().kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, new byte[100], null).get();
	Assert.assertNotNull(encryptResult);

	KeyOperationResult decryptResult = keyVaultClient.decryptAsync(keyBundle.key().kid(),
			JsonWebKeyEncryptionAlgorithm.RSA_OAEP, encryptResult.result(), null).get();
	Assert.assertNotNull(decryptResult);

	KeyOperationResult wrapResult = keyVaultClient
			.wrapKeyAsync(keyBundle.key().kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, new byte[100], null).get();
	Assert.assertNotNull(wrapResult);

	KeyOperationResult unwrapResult = keyVaultClient.unwrapKeyAsync(keyBundle.key().kid(),
			JsonWebKeyEncryptionAlgorithm.RSA_OAEP, wrapResult.result(), null).get();
	Assert.assertNotNull(unwrapResult);

	byte[] plainText = new byte[100];
	new Random(0x1234567L).nextBytes(plainText);
	MessageDigest md = MessageDigest.getInstance("SHA-256");
	md.update(plainText);
	byte[] digest = md.digest();
	KeyOperationResult signResult = keyVaultClient
			.signAsync(keyBundle.key().kid(), JsonWebKeySignatureAlgorithm.RS256, digest, null).get();
	Assert.assertNotNull(signResult);

	KeyVerifyResult verifypResult = keyVaultClient.verifyAsync(keyBundle.key().kid(),
			JsonWebKeySignatureAlgorithm.RS256, digest, signResult.result(), null).get();
	Assert.assertTrue(verifypResult.value());

	keyBundle = keyVaultClient
			.deleteKeyAsync(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name(), null).get();
	Assert.assertNotNull(keyBundle);
	pollOnKeyDeletion(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name());
	keyVaultClient.purgeDeletedKey(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name());
	if (isRecordMode()) {
		Thread.sleep(20000);
	}
	// Get the unavailable key to throw exception -> it gets stuck

	try {
		keyVaultClient.deleteKeyAsync(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name(), null)
				.get();
	} catch (ExecutionException ex) {

		Throwable t = ex.getCause();
		if (t instanceof KeyVaultErrorException) {
			Assert.assertEquals("KeyNotFound", ((KeyVaultErrorException) t).body().error().code());
		} else
			throw ex;
	}

}
 

/**
 * Decrypts a single block of encrypted data.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be decrypted
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
public ServiceFuture<KeyOperationResult> decryptAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return decryptAsync(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value,
            serviceCallback);
}
 

/**
 * Encrypts an arbitrary sequence of bytes using an encryption key that is
 * stored in a key vault.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be encrypted
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
public ServiceFuture<KeyOperationResult> encryptAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return encryptAsync(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value,
            serviceCallback);
}
 

/**
 * Unwraps a symmetric key using the specified key in the vault that has
 * initially been used for wrapping the key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be unwrapped
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
public ServiceFuture<KeyOperationResult> unwrapKeyAsync(String keyIdentifier,
        JsonWebKeyEncryptionAlgorithm algorithm, byte[] value,
        final ServiceCallback<KeyOperationResult> serviceCallback) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return unwrapKeyAsync(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value,
            serviceCallback);
}
 

/**
 * Wraps a symmetric key using the specified key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be wrapped
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
public ServiceFuture<KeyOperationResult> wrapKeyAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return wrapKeyAsync(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value,
            serviceCallback);
}
 

/**
 * Wraps a symmetric key using the specified key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be wrapped
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
ServiceFuture<KeyOperationResult> wrapKeyAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback);
 

/**
 * Decrypts a single block of encrypted data.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be decrypted
 * @return the KeyOperationResult if successful.
 */
public KeyOperationResult decrypt(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return decrypt(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value);
}
 

/**
 * Encrypts an arbitrary sequence of bytes using an encryption key that is
 * stored in a key vault.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be encrypted
 * @return the KeyOperationResult if successful.
 */
public KeyOperationResult encrypt(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return encrypt(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value);
}
 

/**
 * Wraps a symmetric key using the specified key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be wrapped
 * @return the KeyOperationResult if successful.
 */
public KeyOperationResult wrapKey(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return wrapKey(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value);
}
 

/**
 * Unwraps a symmetric key using the specified key in the vault that has
 * initially been used for wrapping the key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be unwrapped
 * @return the KeyOperationResult if successful.
 */
public KeyOperationResult unwrapKey(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return unwrapKey(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value);
}
 

/**
 * Decrypts a single block of encrypted data.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be decrypted
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
ServiceFuture<KeyOperationResult> decryptAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback);
 

/**
 * Decrypts a single block of encrypted data.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be decrypted
 *
 * @return the KeyOperationResult if successful.
 */
KeyOperationResult decrypt(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value);
 

/**
 * Encrypts an arbitrary sequence of bytes using an encryption key that is
 * stored in a key vault.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be encrypted
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
ServiceFuture<KeyOperationResult> encryptAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback);