Refactor remote / local crypto implementation #14129

maorleger · 2021-03-05T17:35:24Z

To allow for separation of concerns and better extensibility replace the existing implementation with a single client that maintains a list of crypto providers. Each provider is responsible for reporting the methods / algorithms it support and for doing cryptography.

Criteria:

Keyvault interaction should happen through a remote provider
RSA algorithms that are supported locally should happen through an RSA provider
The CryptographyClient should allow for extensibility by registering more providers
Each provider is unaware of other providers and cannot call other providers

## What This PR does a pure refactor of local cryptography from the existing implementation to provide some flexibility for upcoming AES algorithms and allow for a cleaner separation of concerns between local / remote providers. ## Why The existing implementation worked well but I hit a few bumps when trying to add support for AES algorithms which require different parameters crypto providers to conform to the same API our top-level clients do and allows for ease of extensibility when AES algorithms are added in the future. ## High level changes - Replaced the crypto algorithms with a crypto provider interface that supplies a common set of operations - Top level crypto client maintains a list of "providers" which are responsible for the crypto operations. Each provider isn't aware of other providers and the crypto client is responsible for sending the request to the right one. - Centralized validation to top-level client. Resolves #14129

Release microsoft.sql 2021 02 01 preview (Azure#14339) * Adds base for updating Microsoft.Sql from version preview/2020-11-01-preview to version 2021-02-01-preview * Updates readme * Updates API version in new specs and examples * Fix Integer format: S360 swagger lint issues in 2021-02-01 (Azure#13855) * Update integer format * update typo * Swagger Documentation for Outbound Firewall Rules (Azure#13820) * Swagger Documentation for Outbound Firewall Rules * Add the new file to v5 Co-authored-by: Vineet Mahadik <[email protected]> * Swagger Documentation For Database Resource With Ledger (Azure#13916) * adding database swagger files * modifying example * Fixing to be boolean * adding database extensions and database operations * adding other database examples * removing database_legacy, adding usages * removing usages * removing databases_legacy from readme * Swagger Documentation For Ledger Digest Upload (Azure#13871) * adding ledger api * Fixes from validation * removing required endpoint parameter, adding ledgerName (current) to id * removing 201 response from resource, renaming ledgerName * adding location to 202 results * fixing 202 response location * renaming files * updating files with new controller name + correct entity name * fixing readme * Dev brandong getrestorabledropped (Azure#14129) * Update RestorableDroppedDatabases API to add BackupStorageAccountType property * Update readme.md * Re-add elasticPoolId as a deprecated property * Update elasticPoolId description and remove trailing comma causing failures * Remove the unsupported deprecated property * Add 2021-02-01-preview minor changes (Azure#13942) * add 2021-02-01-preview for test * update with 2021-04-19 latest * update readme.md * update with latest master in DSMainDev * Carry IsInfraEncryptionEnabled to Database.json (Azure#14322) * carry latest minor changes. * re-format readme.md * remove 2020 11 01 RestorableDroppedManagedDatabases in V5 * Update readme file in 2021 02 01 dev branch to match the master branch (Azure#14336) * Carry IsInfraEncryptionEnabled to Database.json (Azure#14322) * carry latest minor changes. * re-format readme.md * remove 2020 11 01 RestorableDroppedManagedDatabases in V5 * update to match master branch readme.md Co-authored-by: Vineet Mahadik <[email protected]> Co-authored-by: Vineet Mahadik <[email protected]> Co-authored-by: rewongmicrosoft <[email protected]> Co-authored-by: brandong-ms <[email protected]> Co-authored-by: Arthur Ning <[email protected]>

maorleger added this to the [2021] April milestone Mar 5, 2021

ghost added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Mar 5, 2021

maorleger self-assigned this Mar 5, 2021

maorleger added Client This issue points to a problem in the data-plane of the library. KeyVault labels Mar 5, 2021

ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Mar 5, 2021

maorleger mentioned this issue Mar 5, 2021

[KeyVault] - Cryptography client refactoring #14077

Merged

maorleger closed this as completed in #14077 Mar 5, 2021

github-actions bot locked and limited conversation to collaborators Apr 12, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactor remote / local crypto implementation #14129

Refactor remote / local crypto implementation #14129

maorleger commented Mar 5, 2021

Refactor remote / local crypto implementation #14129

Refactor remote / local crypto implementation #14129

Comments

maorleger commented Mar 5, 2021