import com.microsoft.azure.keyvault.KeyVaultClient; //導入依賴的package包/類
/**
* Creates a secret in Azure Key Vault and returns its ID.
*
* @param secretName
* The name of the secret to create
* @return The ID of the created secret
* @throws InterruptedException
* @throws ExecutionException
* @throws NoSuchAlgorithmException
* @throws URISyntaxException
* @throws MalformedURLException
*/
public static String SetUpKeyVaultSecret(String secretName)
throws InterruptedException, ExecutionException,
NoSuchAlgorithmException, URISyntaxException, MalformedURLException {
KeyVaultClient cloudVault = GetKeyVaultClient();
if (Utility.vaultURL == null || Utility.vaultURL.isEmpty()) {
throw new IllegalArgumentException("No Keyvault URL specified.");
}
try {
// Delete the secret if it exists.
cloudVault.deleteSecretAsync(Utility.vaultURL, secretName).get();
} catch (ExecutionException ex) {
boolean keyNotFound = false;
if (ex.getCause().getClass() == ServiceException.class) {
ServiceException serviceException = (ServiceException) ex
.getCause();
if (serviceException.getHttpStatusCode() == 404) {
keyNotFound = true;
}
}
if (!keyNotFound) {
System.out
.println("Unable to access the specified vault. Please confirm the KVClientId, KVClientKey, and VaultUri are valid in the app.config file.");
System.out
.println("Also ensure that the client ID has previously been granted full permissions for Key Vault secrets using the Set-AzureKeyVaultAccessPolicy command with the -PermissionsToSecrets parameter.");
System.out.println("Press any key to exit");
Scanner input = new Scanner(System.in);
input.nextLine();
input.close();
throw ex;
}
}
// Create a 256bit symmetric key and convert it to Base64.
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(256); // Note that we cannot use SymmetricKey.KeySize256,
// because this resolves to '0x20'.
SecretKey wrapKey = keyGen.generateKey();
// Store the Base64 of the key in the key vault. Note that the
// content-type of the secret must
// be application/octet-stream or the KeyVaultKeyResolver will not load
// it as a key.
Map headers = new HashMap();
headers.put("Content-Type", "application/octet-stream");
Secret cloudSecret = cloudVault.setSecretAsync(Utility.vaultURL,
secretName, Base64.encodeBase64String(wrapKey.getEncoded()),
"application/octet-stream", null, null).get();
// Return the base identifier of the secret. This will be resolved to
// the current version of the secret.
return cloudSecret.getSecretIdentifier().getBaseIdentifier();
}