def __init__(self, tenant_id=None, client_id=None, client_secret=None, usecertificate=True,key_vault_name=None):
if usecertificate:
self._aad = AAD(resource=self._resource)
self._key_vault_name = key_vault_name
else:
self._key_vault_name = key_vault_name
self._aad = AAD(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret, resource=self._resource,usecertificate=False)
class Key_Vault:
_key_vault_name = None
_aad = None
_resource = 'https://vault.azure.net'
def __init__(self, tenant_id=None, client_id=None, client_secret=None, usecertificate=True,key_vault_name=None):
if usecertificate:
self._aad = AAD(resource=self._resource)
self._key_vault_name = key_vault_name
else:
self._key_vault_name = key_vault_name
self._aad = AAD(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret, resource=self._resource,usecertificate=False)
def get_public_key(self,key_name):
token = self._aad.get_token()
endpoint = 'https://' + self._key_vault_name + '.vault.azure.net/keys/' + key_name + '?api-version='+_API_VERSION
headers = {'Content-Type':'application/json', 'Authorization': 'Bearer ' + token["access_token"]}
response = requests.get(endpoint,headers=headers)
if response.content["error"]:
public_key = None
else:
key_det = response.content["key"]
rsa_impl = RSA.RSAImplementation(use_fast_math=False)
public_key = res_impl.construct((key_det["n"],key_det["e"]))
return public_key
def get_secret(self, key_vault_secret_name):
token = self._aad.get_token()
endpoint = 'https://' + self._key_vault_name + '.vault.azure.net/secrets/' + key_vault_secret_name + '?api-version=2015-06-01'
headers = {'Content-Type':'application/json','Authorization': 'Bearer ' + token["access_token"]}
response = requests.Response()
response = requests.get(endpoint, headers=headers)
json_val = response.json()
return json['value']
def encrypt(self, key_vault_key_name, alg, value):
token = self._aad.get_token()
endpoint = 'https://' + self._key_vault_name + '.vault.azure.net/keys/' + key_vault_key_name + '/encrypt?api-version='+_API_VERSION
headers = {'Content-Type':'application/json','Authorization':'Bearer ' + token["access_token"]}
payload = json.dumps({'alg': str(alg),'value':base64.b64encode(value)})
response = requests.Response()
response = requests.post(endpoint, data=payload, headers=headers)
json_val = response.json()
return json_val['value']
def decrypt(self, key_vault_key_name, alg, value):
token = self._aad.get_token()
endpoint = 'https://' + self._key_vault_name + '.vault.azure.net/keys/' + key_vault_key_name + '/decrypt?api-version=2015-06-01'
headers = {'Content-Type': 'application/json','Authorization':'Bearer ' + token["access_token"]}
#print('raw value :' + value)
#value = value + '=' * (4 - len(value) % 4)
payload = json.dumps({'alg': alg,'value':value})
response = requests.Response()
response = requests.post(endpoint, data=payload, headers=headers)
json_val = response.json()
print('raw response ' + response.content)
response_value = json_val['value']
#print('response value as is '+ response_value)
response_value = response_value + '=' * (4 - len(response_value) % 4)
#print('response value minus padding')
return base64.urlsafe_b64decode(response_value)