corda / com.r3.corda.networkmanage.common.cryptoservice.azurekeyvault / AzureKeyVaultCryptoService

AzureKeyVaultCryptoService

class AzureKeyVaultCryptoService : CryptoService<AzureKeyVaultCredentials, AzureKeyVaultKeyConfig>

Implementation of a CryptoService that is backed by an Azure Key Vault cloud HSM.

Uses the Azure Key Vault Java API https://docs.microsoft.com/en-us/java/api/overview/azure/keyvault.

Types

AzureKeyVaultException

 class AzureKeyVaultException : CryptoServiceException

Constructors

<init>

 AzureKeyVaultCryptoService(keyVaultUrl: String, protection: <ERROR CLASS>)

Implementation of a CryptoService that is backed by an Azure Key Vault cloud HSM.

Functions

authenticate

 fun authenticate(credentials: AzureKeyVaultCredentials): Unit

Authenticate a user against the underlying crypto provider using given credentials.

containsKey

 fun containsKey(alias: String): Boolean

Check if this CryptoService contains an entry for the given alias.

generateAndStoreKeyPair

 fun generateAndStoreKeyPair(keyConfig: AzureKeyVaultKeyConfig): PublicKey

Generate a key pair and a basic self-signed certificate and store within the underlying key store.

generateRandomLong

 fun generateRandomLong(): Long

Generate a random Long using the underlying Provider.

getAuthenticatedUsers

 fun getAuthenticatedUsers(): List<String>

Return the list of users currently authenticated against the underlying crypto provider.

getCertificate

 fun getCertificate(alias: String): Certificate

Returns the Certificate of the entry for the given alias.

getPublicKey

 fun getPublicKey(alias: String): PublicKey

Returns the PublicKey of the entry for the given alias.

getSigner

 fun getSigner(alias: String, password: String?): <ERROR CLASS>

Returns ContentSigner for the key identified by the input alias.

isAuthenticated

 fun isAuthenticated(): Boolean

Boolean flag indicating whether further authentication is needed to use stored keys.

logOut

 fun logOut(): Unit

Reset the authentication state for the underlying crypto provider.

sign

 fun sign(alias: String, data: ByteArray, signAlgorithm: String?, password: String?): ByteArray

Sign a ByteArray using the private key identified by the input alias. Returns the signature bytes formatted according to the signature scheme. The signAlgorithm if specified determines the signature scheme used for signing, if not specified then the signature scheme is based on the private key scheme.

updateCertificate

 fun updateCertificate(keyConfig: AzureKeyVaultKeyConfig, certificateChain: List<X509Certificate>): Unit

Update the certificate chain within the underlying key store.