SqlClient/src/Microsoft.Data.SqlClient/tests/Common/Fixtures/AzureKeyVaultKeyFixtureBase.cs at ff772ab4f3277437a5ff43968b0ebb70210a3752 · dotnet/SqlClient · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.

using System.Security.Cryptography;
using Azure.Core;
using Azure.Security.KeyVault.Keys;

namespace Microsoft.Data.SqlClient.Tests.Common.Fixtures;

/// <summary>
/// Provides a base class for managing Azure Key Vault keys in test fixtures.
/// </summary>
/// <remarks>
/// This class simplifies the creation and cleanup of RSA keys in an Azure Key Vault during testing
/// scenarios. It ensures that any keys created during the fixture's lifetime are properly deleted when the fixture is
/// disposed.
/// </remarks>
public abstract class AzureKeyVaultKeyFixtureBase : IDisposable
{
    private readonly KeyClient _keyClient;
    private readonly RandomNumberGenerator _randomGenerator;

    private readonly List<KeyVaultKey> _createdKeys = new List<KeyVaultKey>();

    protected AzureKeyVaultKeyFixtureBase(Uri keyVaultUri, TokenCredential keyVaultToken)
    {
        _keyClient = new KeyClient(keyVaultUri, keyVaultToken);
        _randomGenerator = RandomNumberGenerator.Create();
    }

    protected Uri CreateKey(string name, int keySize)
    {
        const int MaxConflictResolutions = 5;
        KeyVaultKey created;
        int i = 0;

        while (true)
        {
            CreateRsaKeyOptions createOptions = new CreateRsaKeyOptions(GenerateUniqueName(name)) { KeySize = keySize };

            try
            {
                created = _keyClient.CreateRsaKey(createOptions);
                break;
            }
            // It's possible for a key to already exist with the same name, even in a deleted state. If so, CreateRsaKey
            // will throw an exception with HTTP status code 409 (Conflict.)
            // We can't assume we possess permissions to purge or to recover the key, so regenerate the name and try again.
            // Only make MaxConflictResolutions attempts, to avoid possible infinite loops.
            catch (Azure.RequestFailedException conflictException)
                when (conflictException.Status == 409 && i < MaxConflictResolutions)
            {
                i++;
            }
        }

        _createdKeys.Add(created);
        return created.Id;
    }

    private string GenerateUniqueName(string name)
    {
        byte[] rndBytes = new byte[16];

        _randomGenerator.GetBytes(rndBytes);
        return name + "-" + BitConverter.ToString(rndBytes);
    }

    public void Dispose()
    {
        Dispose(true);
        GC.SuppressFinalize(this);
    }

    protected virtual void Dispose(bool disposing)
    {
        foreach (KeyVaultKey key in _createdKeys)
        {
            try
            {
                _keyClient.StartDeleteKey(key.Name).WaitForCompletion();
            }
            catch (Exception)
            {
                continue;
            }
        }

        _randomGenerator.Dispose();
    }
}