示例#1
0
 def __init__(self, tenant_id=None, client_id=None, client_secret=None, usecertificate=True,key_vault_name=None):
     if usecertificate:
         self._aad = AAD(resource=self._resource)
         self._key_vault_name = key_vault_name
     else:
         self._key_vault_name = key_vault_name
         self._aad = AAD(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret, resource=self._resource,usecertificate=False)
示例#2
0
class Key_Vault:
    _key_vault_name = None
    _aad = None
    _resource = 'https://vault.azure.net'
        
    def __init__(self, tenant_id=None, client_id=None, client_secret=None, usecertificate=True,key_vault_name=None):
        if usecertificate:
            self._aad = AAD(resource=self._resource)
            self._key_vault_name = key_vault_name
        else:
            self._key_vault_name = key_vault_name
            self._aad = AAD(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret, resource=self._resource,usecertificate=False)
    
    def get_public_key(self,key_name):
        token = self._aad.get_token()        
        endpoint = 'https://' + self._key_vault_name + '.vault.azure.net/keys/' + key_name + '?api-version='+_API_VERSION
        headers = {'Content-Type':'application/json', 'Authorization': 'Bearer ' + token["access_token"]}
        response = requests.get(endpoint,headers=headers)
        if response.content["error"]:
            public_key = None
        else:
            key_det = response.content["key"]
            rsa_impl = RSA.RSAImplementation(use_fast_math=False)
            public_key = res_impl.construct((key_det["n"],key_det["e"]))
        return public_key

    def get_secret(self, key_vault_secret_name):
        token = self._aad.get_token()
        endpoint = 'https://' + self._key_vault_name + '.vault.azure.net/secrets/' + key_vault_secret_name + '?api-version=2015-06-01'
        headers = {'Content-Type':'application/json','Authorization': 'Bearer ' + token["access_token"]}
        response = requests.Response()
        response = requests.get(endpoint, headers=headers)
        json_val = response.json()
        return json['value']

    def encrypt(self, key_vault_key_name, alg, value):
        token = self._aad.get_token()
        endpoint = 'https://' + self._key_vault_name + '.vault.azure.net/keys/' + key_vault_key_name + '/encrypt?api-version='+_API_VERSION
        headers = {'Content-Type':'application/json','Authorization':'Bearer ' + token["access_token"]}
        payload = json.dumps({'alg': str(alg),'value':base64.b64encode(value)})
        
	response = requests.Response()
        response = requests.post(endpoint, data=payload, headers=headers)
        
	json_val = response.json()
	return json_val['value']

    def decrypt(self, key_vault_key_name, alg, value):
        token = self._aad.get_token()
        endpoint = 'https://' + self._key_vault_name + '.vault.azure.net/keys/' + key_vault_key_name + '/decrypt?api-version=2015-06-01'
        headers = {'Content-Type': 'application/json','Authorization':'Bearer ' + token["access_token"]}
        #print('raw value :' + value)
	#value = value + '=' * (4 - len(value) % 4)
	payload = json.dumps({'alg': alg,'value':value})
        response = requests.Response()
        response = requests.post(endpoint, data=payload, headers=headers)
        json_val = response.json()
        print('raw response ' + response.content)
	response_value = json_val['value']
        #print('response value as is '+ response_value)
	response_value = response_value + '=' * (4 - len(response_value) % 4)
	#print('response value minus padding')
        return base64.urlsafe_b64decode(response_value)