novotnyllc · ctthang · Dec 7, 2020
diff --git a/RSAKeyVaultProvider.Tests/KeyVaultConfigurationDiscoverer.cs b/RSAKeyVaultProvider.Tests/KeyVaultConfigurationDiscoverer.cs
@@ -2,7 +2,7 @@
 using Azure.Identity;
 using Azure.Security.KeyVault.Certificates;
 using Azure.Security.KeyVault.Keys;
-
+using Azure.Security.KeyVault.Keys.Cryptography;
 using RSAKeyVaultProvider;
 using System;
 using System.Security.Cryptography.X509Certificates;
@@ -12,7 +12,7 @@ namespace RSAKeyVaultProviderTests
 {
     internal static class KeyVaultConfigurationDiscoverer
     {
-        public static async Task<AzureKeyVaultMaterializedConfiguration> Materialize(AzureKeyVaultSignConfigurationSet configuration)
+        public static async Task<AzureKeyVaultMaterializedConfiguration> Materialize(AzureKeyVaultSignConfigurationSet configuration, CryptographyClientOptions options = null)
         {   
             TokenCredential credential = configuration.ManagedIdentity switch
             {
@@ -28,13 +28,13 @@ public static async Task<AzureKeyVaultMaterializedConfiguration> Materialize(Azu
                 var x509Certificate = new X509Certificate2(cert.Value.Cer);                               
                 var keyId = cert.Value.KeyId;
 
-                return new AzureKeyVaultMaterializedConfiguration(credential, keyId, publicCertificate: x509Certificate);
+                return new AzureKeyVaultMaterializedConfiguration(credential, keyId, publicCertificate: x509Certificate, options: options);
             }
             else if(configuration.Mode == KeyVaultMode.Key)
             {
                 var keyClient = new KeyClient(configuration.AzureKeyVaultUrl, credential);
                 var key = await keyClient.GetKeyAsync(configuration.AzureKeyVaultKeyName).ConfigureAwait(false);
-                return new AzureKeyVaultMaterializedConfiguration(credential, key.Value.Id, key.Value.Key);
+                return new AzureKeyVaultMaterializedConfiguration(credential, key.Value.Id, key.Value.Key, options: options);
             }
             throw new ArgumentOutOfRangeException(nameof(configuration));
         }
@@ -45,7 +45,8 @@ public class AzureKeyVaultMaterializedConfiguration
         public AzureKeyVaultMaterializedConfiguration(TokenCredential credential, 
                                                       Uri keyIdentifier, 
                                                       JsonWebKey key = null,
-                                                      X509Certificate2 publicCertificate = null)
+                                                      X509Certificate2 publicCertificate = null,
+                                                      CryptographyClientOptions options = null)
         {
 
 
@@ -56,8 +57,11 @@ public AzureKeyVaultMaterializedConfiguration(TokenCredential credential,
                 throw new ArgumentNullException(nameof(key), "Either key or publicCertificate must be set");
 
             Key = key;
+            cryptographyClientOptions = options;
         }
-
+
+        private readonly CryptographyClientOptions cryptographyClientOptions;
+
         /// <summary>
         /// Can be null if Key isn't part of an x509 certificate
         /// </summary>
@@ -75,20 +79,20 @@ public RSAKeyVault ToRSA()
         {
             if (PublicCertificate != null)
             {
-                return (RSAKeyVault)RSAFactory.Create(TokenCredential, KeyIdentifier, PublicCertificate);
+                return (RSAKeyVault)RSAFactory.Create(TokenCredential, KeyIdentifier, PublicCertificate, cryptographyClientOptions);
             }
 
-            return (RSAKeyVault)RSAFactory.Create(TokenCredential, KeyIdentifier, Key);
+            return (RSAKeyVault)RSAFactory.Create(TokenCredential, KeyIdentifier, Key, cryptographyClientOptions);
         }
 
         public ECDsaKeyVault ToECDsa()
         {
             if (PublicCertificate != null)
             {
-                return (ECDsaKeyVault)ECDsaFactory.Create(TokenCredential, KeyIdentifier, PublicCertificate);
+                return (ECDsaKeyVault)ECDsaFactory.Create(TokenCredential, KeyIdentifier, PublicCertificate, cryptographyClientOptions);
             }
 
-            return (ECDsaKeyVault)ECDsaFactory.Create(TokenCredential, KeyIdentifier, Key);
+            return (ECDsaKeyVault)ECDsaFactory.Create(TokenCredential, KeyIdentifier, Key, cryptographyClientOptions);
         }
     }
 }
diff --git a/RSAKeyVaultProvider.Tests/RSAKeyVaultProviderTests.cs b/RSAKeyVaultProvider.Tests/RSAKeyVaultProviderTests.cs
@@ -4,6 +4,8 @@
 using System.Text;
 using Xunit;
 using RSAKeyVaultProvider;
+using Azure.Security.KeyVault.Keys.Cryptography;
+using Azure.Core.Pipeline;
 
 namespace RSAKeyVaultProviderTests
 {
@@ -196,6 +198,25 @@ public async Task ShouldHashDataAndVerifyWithKey()
 
         }
 
+        [AzureFact]
+        public async Task ShouldHashDataAndVerifyWorkWithCustomCryptographyClientOptions()
+        {
+            var cryptographyClientOptions = new CryptographyClientOptions
+            {
+                Transport = new HttpClientTransport()
+            };
+            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration, cryptographyClientOptions);
+            using (var rsa = materialized.ToRSA())
+            {
+                var data = new byte[] { 1, 2, 3 };
+
+                var signature = rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+                var result = rsa.VerifyData(data, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+                Assert.True(result);
+            }
+
+        }
+
         [AzureFact]
         public async Task SignDataShouldThrowForUnsupportedHashAlgorithm()
         {

diff --git a/RSAKeyVaultProvider/ECDsaKeyVaultExtensions.cs b/RSAKeyVaultProvider/ECDsaKeyVaultExtensions.cs
@@ -4,6 +4,7 @@
 
 using Azure.Core;
 using Azure.Security.KeyVault.Keys;
+using Azure.Security.KeyVault.Keys.Cryptography;
 
 namespace RSAKeyVaultProvider
 {
@@ -19,7 +20,7 @@ public static class ECDsaFactory
         /// <param name="keyId"></param>
         /// <param name="key"></param>
         /// <returns></returns>
-        public static ECDsa Create(TokenCredential credential, Uri keyId, JsonWebKey key)
+        public static ECDsa Create(TokenCredential credential, Uri keyId, JsonWebKey key, CryptographyClientOptions options = null)
         {
             if (credential is null)
                 throw new ArgumentNullException(nameof(credential));
@@ -30,7 +31,7 @@ public static ECDsa Create(TokenCredential credential, Uri keyId, JsonWebKey key
             if (key is null)
                 throw new ArgumentNullException(nameof(key));
 
-            return new ECDsaKeyVault(new KeyVaultContext(credential, keyId, key));
+            return new ECDsaKeyVault(new KeyVaultContext(credential, keyId, key, options));
         }
 
         /// <summary>
@@ -40,7 +41,7 @@ public static ECDsa Create(TokenCredential credential, Uri keyId, JsonWebKey key
         /// <param name="keyId"></param>
         /// <param name="publicCertificate"></param>
         /// <returns></returns>
-        public static ECDsa Create(TokenCredential credential, Uri keyId, X509Certificate2 publicCertificate)
+        public static ECDsa Create(TokenCredential credential, Uri keyId, X509Certificate2 publicCertificate, CryptographyClientOptions options = null)
         {
             if (credential is null)
                 throw new ArgumentNullException(nameof(credential));
@@ -51,7 +52,7 @@ public static ECDsa Create(TokenCredential credential, Uri keyId, X509Certificat
             if (publicCertificate is null)
                 throw new ArgumentNullException(nameof(publicCertificate));
 
-            return new ECDsaKeyVault(new KeyVaultContext(credential, keyId, publicCertificate));
+            return new ECDsaKeyVault(new KeyVaultContext(credential, keyId, publicCertificate, options));
         }
     }
 }
diff --git a/RSAKeyVaultProvider/KeyVaultContext.cs b/RSAKeyVaultProvider/KeyVaultContext.cs
@@ -18,20 +18,20 @@ public struct KeyVaultContext
         /// <summary>
         /// Creates a new Key Vault context.
         /// </summary>
-        public KeyVaultContext(TokenCredential credential, Uri keyId, JsonWebKey key)
+        public KeyVaultContext(TokenCredential credential, Uri keyId, JsonWebKey key, CryptographyClientOptions options = null)
         {            
             KeyIdentifier = keyId ?? throw new ArgumentNullException(nameof(keyId));
             Key = key ?? throw new ArgumentNullException(nameof(key));
 
 
-            cryptographyClient = new CryptographyClient(keyId, credential);
+            cryptographyClient = new CryptographyClient(keyId, credential, options);
             Certificate = null;            
         }
 
         /// <summary>
         /// Creates a new Key Vault context.
         /// </summary>
-        public KeyVaultContext(TokenCredential credential, Uri keyId, X509Certificate2 publicCertificate)
+        public KeyVaultContext(TokenCredential credential, Uri keyId, X509Certificate2 publicCertificate, CryptographyClientOptions options = null)
         {
             if (credential is null)
             {
@@ -41,7 +41,7 @@ public KeyVaultContext(TokenCredential credential, Uri keyId, X509Certificate2 p
             Certificate = publicCertificate ?? throw new ArgumentNullException(nameof(publicCertificate));
             KeyIdentifier = keyId ?? throw new ArgumentNullException(nameof(keyId));
 
-            cryptographyClient = new CryptographyClient(keyId, credential);
+            cryptographyClient = new CryptographyClient(keyId, credential, options);
 
             string algorithm = publicCertificate.GetKeyAlgorithm();
 

diff --git a/RSAKeyVaultProvider/RSAKeyVaultExtensions.cs b/RSAKeyVaultProvider/RSAKeyVaultExtensions.cs
@@ -4,6 +4,7 @@
 
 using Azure.Core;
 using Azure.Security.KeyVault.Keys;
+using Azure.Security.KeyVault.Keys.Cryptography;
 
 namespace RSAKeyVaultProvider
 {
@@ -19,7 +20,7 @@ public static class RSAFactory
         /// <param name="keyId"></param>
         /// <param name="key"></param>
         /// <returns></returns>
-        public static RSA Create(TokenCredential credential, Uri keyId, JsonWebKey key)
+        public static RSA Create(TokenCredential credential, Uri keyId, JsonWebKey key, CryptographyClientOptions options = null)
         {
             if (credential == null)
             {
@@ -36,7 +37,7 @@ public static RSA Create(TokenCredential credential, Uri keyId, JsonWebKey key)
                 throw new ArgumentNullException(nameof(key));
             }
 
-            return new RSAKeyVault(new KeyVaultContext(credential, keyId, key));
+            return new RSAKeyVault(new KeyVaultContext(credential, keyId, key, options));
         }
 
         /// <summary>
@@ -46,7 +47,7 @@ public static RSA Create(TokenCredential credential, Uri keyId, JsonWebKey key)
         /// <param name="keyId"></param>
         /// <param name="publicCertificate"></param>
         /// <returns></returns>
-        public static RSA Create(TokenCredential credential, Uri keyId, X509Certificate2 publicCertificate)
+        public static RSA Create(TokenCredential credential, Uri keyId, X509Certificate2 publicCertificate, CryptographyClientOptions options = null)
         {
             if (credential == null)
             {
@@ -63,7 +64,7 @@ public static RSA Create(TokenCredential credential, Uri keyId, X509Certificate2
                 throw new ArgumentNullException(nameof(publicCertificate));
             }
 
-            return new RSAKeyVault(new KeyVaultContext(credential, keyId, publicCertificate));
+            return new RSAKeyVault(new KeyVaultContext(credential, keyId, publicCertificate, options));
         }
     }
 }