|
41 | 41 | import com.azure.security.keyvault.keys.implementation.models.KeyVaultKeysModelsUtils; |
42 | 42 | import com.azure.security.keyvault.keys.implementation.models.RandomBytes; |
43 | 43 | import com.azure.security.keyvault.keys.models.CreateEcKeyOptions; |
| 44 | +import com.azure.security.keyvault.keys.models.CreateExternalKeyOptions; |
44 | 45 | import com.azure.security.keyvault.keys.models.CreateKeyOptions; |
45 | 46 | import com.azure.security.keyvault.keys.models.CreateOctKeyOptions; |
46 | 47 | import com.azure.security.keyvault.keys.models.CreateRsaKeyOptions; |
@@ -370,6 +371,109 @@ static HttpResponseException mapCreateKeyException(HttpResponseException e) { |
370 | 371 | : e; |
371 | 372 | } |
372 | 373 |
|
| 374 | + /** |
| 375 | + * Registers an external key with a Managed HSM and stores it in the key vault. An external key references key |
| 376 | + * material that is owned by an external Hardware Security Module (HSM); the Managed HSM stores only a reference to |
| 377 | + * that material. It requires the {@code keys/create} permission. |
| 378 | + * |
| 379 | + * <p>External keys are mutually exclusive with a {@link KeyType key type}, so no key type is sent to the service. |
| 380 | + * External keys are only supported on Managed HSM configured to use External Key Management (EKM), with service |
| 381 | + * version {@code 2026-01-01-preview} or newer. They are not supported on a standard Key Vault.</p> |
| 382 | + * |
| 383 | + * <p><strong>Code Samples</strong></p> |
| 384 | + * <p>Registers an external key which activates in one day and expires in one year. Subscribes to the call |
| 385 | + * asynchronously and prints out the newly {@link KeyVaultKey created key} details when a response has been |
| 386 | + * received.</p> |
| 387 | + * <!-- src_embed com.azure.security.keyvault.keys.KeyAsyncClient.createExternalKey#CreateExternalKeyOptions --> |
| 388 | + * <pre> |
| 389 | + * CreateExternalKeyOptions createExternalKeyOptions = |
| 390 | + * new CreateExternalKeyOptions("keyName", new ExternalKey("external-key-reference-id")) |
| 391 | + * .setNotBefore(OffsetDateTime.now().plusDays(1)) |
| 392 | + * .setExpiresOn(OffsetDateTime.now().plusYears(1)); |
| 393 | + * |
| 394 | + * keyAsyncClient.createExternalKey(createExternalKeyOptions) |
| 395 | + * .contextWrite(Context.of("key1", "value1", "key2", "value2")) |
| 396 | + * .subscribe(key -> |
| 397 | + * System.out.printf("Created external key with name: %s and id: %s %n", key.getName(), |
| 398 | + * key.getId())); |
| 399 | + * </pre> |
| 400 | + * <!-- end com.azure.security.keyvault.keys.KeyAsyncClient.createExternalKey#CreateExternalKeyOptions --> |
| 401 | + * |
| 402 | + * @param createExternalKeyOptions The {@link CreateExternalKeyOptions options object} containing information about |
| 403 | + * the external key being registered. |
| 404 | + * |
| 405 | + * @return A {@link Mono} containing the {@link KeyVaultKey created key}. |
| 406 | + * |
| 407 | + * @throws HttpResponseException If {@link CreateExternalKeyOptions#getName()} is an empty string. |
| 408 | + * @throws NullPointerException If {@code createExternalKeyOptions} is null. |
| 409 | + */ |
| 410 | + @ServiceMethod(returns = ReturnType.SINGLE) |
| 411 | + public Mono<KeyVaultKey> createExternalKey(CreateExternalKeyOptions createExternalKeyOptions) { |
| 412 | + return createExternalKeyWithResponse(createExternalKeyOptions).flatMap(FluxUtil::toMono); |
| 413 | + } |
| 414 | + |
| 415 | + /** |
| 416 | + * Registers an external key with a Managed HSM and stores it in the key vault. An external key references key |
| 417 | + * material that is owned by an external Hardware Security Module (HSM); the Managed HSM stores only a reference to |
| 418 | + * that material. It requires the {@code keys/create} permission. |
| 419 | + * |
| 420 | + * <p>External keys are mutually exclusive with a {@link KeyType key type}, so no key type is sent to the service. |
| 421 | + * External keys are only supported on Managed HSM configured to use External Key Management (EKM), with service |
| 422 | + * version {@code 2026-01-01-preview} or newer. They are not supported on a standard Key Vault.</p> |
| 423 | + * |
| 424 | + * <p><strong>Code Samples</strong></p> |
| 425 | + * <p>Registers an external key which activates in one day and expires in one year. Subscribes to the call |
| 426 | + * asynchronously and prints out the newly {@link KeyVaultKey created key} details contained in the |
| 427 | + * {@link Response HTTP response} when it has been received.</p> |
| 428 | + * <!-- src_embed com.azure.security.keyvault.keys.KeyAsyncClient.createExternalKeyWithResponse#CreateExternalKeyOptions --> |
| 429 | + * <pre> |
| 430 | + * CreateExternalKeyOptions options = |
| 431 | + * new CreateExternalKeyOptions("keyName", new ExternalKey("external-key-reference-id")) |
| 432 | + * .setNotBefore(OffsetDateTime.now().plusDays(1)) |
| 433 | + * .setExpiresOn(OffsetDateTime.now().plusYears(1)); |
| 434 | + * |
| 435 | + * keyAsyncClient.createExternalKeyWithResponse(options) |
| 436 | + * .contextWrite(Context.of("key1", "value1", "key2", "value2")) |
| 437 | + * .subscribe(response -> |
| 438 | + * System.out.printf("Created external key with name: %s and id: %s %n", |
| 439 | + * response.getValue().getName(), response.getValue().getId())); |
| 440 | + * </pre> |
| 441 | + * <!-- end com.azure.security.keyvault.keys.KeyAsyncClient.createExternalKeyWithResponse#CreateExternalKeyOptions --> |
| 442 | + * |
| 443 | + * @param createExternalKeyOptions The {@link CreateExternalKeyOptions options object} containing information about |
| 444 | + * the external key being registered. |
| 445 | + * |
| 446 | + * @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the |
| 447 | + * {@link KeyVaultKey created key}. |
| 448 | + * |
| 449 | + * @throws HttpResponseException If {@link CreateExternalKeyOptions#getName()} is an empty string. |
| 450 | + * @throws NullPointerException If {@code createExternalKeyOptions} is null. |
| 451 | + */ |
| 452 | + @ServiceMethod(returns = ReturnType.SINGLE) |
| 453 | + public Mono<Response<KeyVaultKey>> |
| 454 | + createExternalKeyWithResponse(CreateExternalKeyOptions createExternalKeyOptions) { |
| 455 | + try { |
| 456 | + if (createExternalKeyOptions == null) { |
| 457 | + return monoError(LOGGER, new NullPointerException("'createExternalKeyOptions' cannot be null.")); |
| 458 | + } |
| 459 | + |
| 460 | + KeyCreateParameters keyCreateParameters = new KeyCreateParameters(createExternalKeyOptions.getKeyType()) |
| 461 | + .setKeyOps(createExternalKeyOptions.getKeyOperations()) |
| 462 | + .setKeyAttributes(createKeyAttributes(createExternalKeyOptions)) |
| 463 | + .setTags(createExternalKeyOptions.getTags()) |
| 464 | + .setReleasePolicy(mapKeyReleasePolicy(createExternalKeyOptions.getReleasePolicy())); |
| 465 | + |
| 466 | + return implClient |
| 467 | + .createKeyWithResponseAsync(createExternalKeyOptions.getName(), |
| 468 | + BinaryData.fromObject(keyCreateParameters), EMPTY_OPTIONS) |
| 469 | + .onErrorMap(HttpResponseException.class, KeyAsyncClient::mapCreateKeyException) |
| 470 | + .map(response -> new SimpleResponse<>(response, |
| 471 | + createKeyVaultKey(response.getValue().toObject(KeyBundle.class)))); |
| 472 | + } catch (RuntimeException e) { |
| 473 | + return monoError(LOGGER, e); |
| 474 | + } |
| 475 | + } |
| 476 | + |
373 | 477 | /** |
374 | 478 | * Creates a new {@link KeyVaultKey key} and stores it in the key vault. The create key operation can be used to |
375 | 479 | * create any {@link KeyType keyType} in Azure Key Vault. If a {@link KeyVaultKey key} with the provided name |
|
0 commit comments