1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# pylint: disable=line-too-long,useless-suppression
# ------------------------------------
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
import json
import pytest
from azure.keyvault.securitydomain.aio import SecurityDomainClient
from _shared.async_test_case import KeyVaultTestCase
from _async_test_case import ClientPreparer
from utils import get_certificate_info, write_security_domain, write_transfer_key
class TestSecurityDomain(KeyVaultTestCase):
@pytest.mark.asyncio
@pytest.mark.live_test_only
@ClientPreparer()
async def test_security_domain_download_and_upload(
self, client: SecurityDomainClient, upload_client: SecurityDomainClient, **kwargs
):
# Before running this test, create security domain certificates
# 1. Create private keys: `openssl genrsa -pubout -out <>-certificate[0-2].key 2048`
# 2. Create certificates: `openssl req -new -x509 -days 365 -key <>-certificate[0-2].key -out <>-certificate[0-2].cer`
certs_object = get_certificate_info()
poller = await client.begin_download(certificate_info=certs_object, skip_activation_polling=True)
result = await poller.result()
status = await client.get_download_status()
assert status.status
assert status.status.lower() == "inprogress"
assert result.value
key = await upload_client.get_transfer_key()
jwk = str(key.transfer_key)
transfer_key = json.loads(jwk)
write_transfer_key(transfer_key)
write_security_domain(result.value)
# At this point, use the Azure CLI to encrypt the security domain to prepare for upload
# `az keyvault security-domain restore-blob --sd-exchange-key <>-transfer-key.pem --sd-file <>-security-domain.json --sd-wrapping-keys <>-certificate0.key <>-certificate1.key <>-certificate2.key --sd-file-restore-blob <>-restore-blob.json`
poller = await upload_client.begin_upload(security_domain=result)
result = await poller.result()
assert result is None
status = await upload_client.get_upload_status()
assert status.status
assert status.status.lower() == "success"
|
