Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mofnmodel #10195

Merged
merged 32 commits into from
Sep 1, 2020
Merged

Mofnmodel #10195

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
3a50214
Adding 7.2-preview version (#8397)
vasanthrajams Feb 14, 2020
4b6ab61
Merge branch 'dev-keyvault-Microsoft.KeyVault-7.2'
Mar 7, 2020
4abcda2
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Mar 11, 2020
29f5dea
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Apr 17, 2020
78c3398
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
May 6, 2020
af41d9a
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
May 26, 2020
23a6d0f
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
May 29, 2020
5f09ae9
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Jun 10, 2020
c2d80d3
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Jun 11, 2020
b9e4b30
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Jun 15, 2020
657170d
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Jun 20, 2020
2c181b4
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Jul 6, 2020
02820bd
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Jul 13, 2020
3d84f5c
Change the number of certificates user provides for security domain
Jul 17, 2020
3032874
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Jul 23, 2020
3283fac
Merge branch 'master' into mofnmodel
Jul 23, 2020
807433f
prettier check
Jul 22, 2020
d7dbf88
remove readyonly
Jul 23, 2020
e46e20d
Security domain object specification
Jul 30, 2020
2bde93d
internal review
Jul 31, 2020
31c579a
prettier fix
Jul 31, 2020
ab41357
model validation fixes
Jul 31, 2020
b7ad859
model validation
Jul 31, 2020
d94d796
security domain id
Aug 7, 2020
4170164
Removing Security Domain ID
Aug 27, 2020
8369318
Fixed a few more specs
Aug 28, 2020
711cb9f
model validation failures
Aug 28, 2020
0d001cb
pretty check
Aug 28, 2020
ffb7adb
changed tag
Aug 29, 2020
c986ef2
Merge branch 'master' of github.com:Azure/azure-rest-api-specs
Aug 29, 2020
1014097
Merge branch 'master' into mofnmodel
Aug 29, 2020
b74f987
tag change
Aug 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions custom-words.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1876,3 +1876,4 @@ watchlist
Watchlist
Mibps
ntfs
shamir_share
40 changes: 37 additions & 3 deletions ...e/Microsoft.KeyVault/preview/7.2-preview/examples/securitydomaindownloadpost-example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"parameters": {
"vaultBaseUrl": "https://myvault.vault.azure.net/",
"Certificates": {
"CertificateInfoObject": {
"certificates": [
{
"value": {
Expand Down Expand Up @@ -60,14 +60,48 @@
"e": "AQAB"
}
}
]
],
"required": 2
},
"api-version": "7.2-preview"
},
"responses": {
"200": {
"body": {
"value": "{\"EncData\":{\"data\":[{\"compact_jwe\":\"ey$Jhb%232GciOiJkaXIiLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwia2lkIjoiZW5jbGF2ZS$J9..5eVwZFlsZQeYXQ11HPC_JJg.4d32grvkQBMxyGmncd82VHOggiFbtuaKX2wXvjU-vKukMAtS7oLl9QsSZZJ5s94xAz7Atye93e6gA_2tbHW0QEzLOXiuV-vZ342zP46dxV56bEEjENIOgzBWAfxUkuUdnYE2UDahGSJSbhNxo8URa44CaSAX682q_otmwqh0jgxk5ZcbHRdwpbSFZnfQ6SgHBqrvQUUpKlWJMJQNuWeEjmWaPkCOUnwkJ1ZLOnVj1AB8rlfj0qnEtBotc4V5066vztRDaTLEOV99lp08WRcRPAY2QVBSfhZdzslQ2baRukk6WOTI5KxIl0cf7o0db_zgoT6vluewXgzTSe6NTcrparwVJ-r6kxw12gkYJtrr3ytvOT_lgip5-7H3PLAgDDRDjHd_PEdNyPqsg56QjtVXBUwutQrfh46s_ATm0dFrhAF6Icf9H2rLDGCiFmKUn-CrtM3vErNzu9BMC8ekuSOe0t0XTnsKOjdiabE95MoRIqQYWQGfi02Rp2XO_lSEUnQJTNomd1IATKPiqqktE5YUu0OzDrVCdSGBGg5IDedmGSp0QIf8m7kSc8xYUsU1PTdJoSzgiOAue0ur_P1i2xr_BSSI6I4BJekw9e58qqBbWN-kc3swgLddsCfXqyW9RnNBvjQmnwdffv1O_4zF0wGVnohs6PYu-9RqIzLxgfHvnlBQbsauWlqpNfw5h_JpnoKW287vPc2iXRONHlGdd-4Mp3323JFbISM6NgGg8y6nUAdKASjyXuqR7bTnr3pNTpjF4523buuzKG3Q4nzr-jnWGPIpxeyBV6unEK0Aw3-QQpY7CG_s3-76P484gJm4vPum03I_V3tmnNt}]}}"
"data": {
"EncData": {
"data": [
{
"compact_jwe": "<encrypted data1>",
"tag": "hsm_backup"
},
{
"compact_jwe": "<encrypted data2>",
"tag": "base_enclave_backup"
},
{
"compact_jwe": "<encrypted data3>",
"tag": "partition_enclave_backup"
}
],
"kdf": "sp108_kdf"
},
"SharedKeys": {
"key_algorithm": "shamir_share",
"required": 2,
"enc_shares": [
{
"enc_key": "compact JWE wrapped share1",
"x5t_256": "bWFuZ2VkaHNtDQo"
},
{
"enc_key": "compact JWE wrapped share2",
"x5t_256": "bWFuZ2VkaHNta2V5dmF1bHQNCg"
}
]
},
"version": 2
}
}
}
}
Expand Down
1 change: 1 addition & 0 deletions ...ne/Microsoft.KeyVault/preview/7.2-preview/examples/securitydomaintransferkey-example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"responses": {
"200": {
"body": {
"key_format": "jwk",
"transfer_key": {
"kid": "https://myvault.vault.azure.net/transfer_key",
"kty": "RSA",
Expand Down
24 changes: 23 additions & 1 deletion ...icrosoft.KeyVault/preview/7.2-preview/examples/securitydomainuploadoperation-example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,29 @@
"parameters": {
"vaultBaseUrl": "https://myvault.vault.azure.net/",
"security_domain": {
"value": "<previously stored security domain>"
"value": {
"EncData": {
"data": [
{
"compact_jwe": "<encrypted data1>",
"tag": "hsm_backup"
},
{
"compact_jwe": "<encrypted data2>",
"tag": "base_enclave_backup"
},
{
"compact_jwe": "<encrypted data3>",
"tag": "partition_enclave_backup"
}
],
"kdf": "sp108_kdf"
},
"WrappedKey": {
"enc_key": "eyJhbGciOiJ",
"x5t_256": "h8ObF2NU85MhzEEE2JrSSGcF7aK2CiNrffef1r8mY"
}
}
},
"api-version": "7.2-preview"
},
Expand Down
189 changes: 168 additions & 21 deletions specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/securitydomain.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,20 +37,20 @@
"parameters": [
{
"in": "body",
"name": "Certificates",
"name": "CertificateInfoObject",
"required": true,
"schema": {
"$ref": "#/definitions/CertificateSet"
"$ref": "#/definitions/CertificateInfoObject"
},
"description": "Security domain download operation requires customer to provide three certificates containing public key in JWK format."
"description": "Security domain download operation requires customer to provide N certificates (minimum 3 and maximum 10) containing public key in JWK format."
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "Security domain download response",
"description": "This is the specification of the security domain as downloaded from the new pool",
"schema": {
"$ref": "#/definitions/SecurityDomainObject"
}
Expand Down Expand Up @@ -120,7 +120,7 @@
"description": "security domain",
"required": true,
"schema": {
"$ref": "#/definitions/SecurityDomainObject"
"$ref": "#/definitions/SecurityDomainUploadObject"
}
}
],
Expand Down Expand Up @@ -185,17 +185,24 @@
}
},
"definitions": {
"CertificateSet": {
"CertificateInfoObject": {
"properties": {
"certificates": {
"type": "array",
"items": {
"$ref": "#/definitions/SecurityDomainCertificateItem"
},
"minItems": 3,
"maxItems": 3,
"maxItems": 10,
"uniqueItems": true,
"description": "Three certificates needed from customer"
"description": "Certificates needed from customer"
},
"required": {
"description": "Customer to specify the number of certificates (minimum 2 and maximum 10) to restore security domain",
"type": "integer",
"default": 2,
"minimum": 2,
"maximum": 10
}
},
"required": [
Expand All @@ -215,8 +222,14 @@
},
"TransferKey": {
"properties": {
"key_format": {
"type": "string",
"default": "jwk",
"description": "Specifies the format of the transfer key"
},
"transfer_key": {
"$ref": "#/definitions/SecurityDomainJsonWebKey"
"$ref": "#/definitions/SecurityDomainJsonWebKey",
"description": "Specifies the transfer key in JWK format"
}
},
"required": [
Expand All @@ -225,10 +238,113 @@
},
"SecurityDomainObject": {
"properties": {
"value": {
"type": "string"
"data": {
"type": "object",
"properties": {
"EncData": {
"$ref": "#/definitions/EncDataSet",
"description": "Array of encrypted data set"
},
"SharedKeys": {
"properties": {
"key_algorithm": {
"type": "string",
"default": "shamir_share",
"description": "The Algorithm used for shared keys"
},
"required": {
"type": "integer",
"minimum": 2,
"maximum": 10,
"description": "The number of keys (minimum 2 and maximum 10) required for security domain. "
},
"enc_shares": {
"type": "array",
"items": {
"$ref": "#/definitions/Key",
"minItems": 3,
"maxItems": 10
},
"uniqueItems": true,
"description": "Compact JWE wrapped shares array"
}
},
"required": [
"key_algorithm",
"required",
"enc_shares"
],
"description": "Array of shared keys"
},
"version": {
"type": "integer"
}
},
"required": [
"EncData",
"SharedKeys",
"version"
]
}
}
},
"description": "Security domain",
"required": [
"data"
]
},
"EncDataSet": {
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/definitions/EncDataSetItem",
"minItems": 2
},
"description": "Array of encrypted security domain",
"uniqueItems": true
},
"kdf": {
"type": "string",
"default": "sp108_kdf",
"description": "The key derivation function used"
}
},
"required": [
"data",
"kdf"
]
},
"EncDataSetItem": {
"properties": {
"compact_jwe": {
"type": "string",
"description": "Encrypted data"
},
"tag": {
"type": "string",
"description": "hsm backup tag"
}
},
"required": [
"compact_jwe",
"tag"
]
},
"Key": {
"properties": {
"enc_key": {
"type": "string",
"description": "Compact JWE wrapped share"
},
"x5t_256": {
"type": "string",
"description": "SHA 256 hash of certificate"
}
},
"required": [
"enc_key",
"x5t_256"
]
},
"SecurityDomainOperationStatus": {
"properties": {
Expand Down Expand Up @@ -258,15 +374,7 @@
},
"kty": {
"type": "string",
"description": "JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. For security domain this value must be RSA",
"enum": [
"RSA",
"RSA-HSM"
],
"x-ms-enum": {
"name": "JsonWebKeyType",
"modelAsString": true
}
"description": "JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. For security domain this value must be RSA"
},
"key_ops": {
"type": "array",
Expand Down Expand Up @@ -310,12 +418,51 @@
"required": [
"kty",
"key_ops",
"alg",
"kid",
"x5c",
"x5t#S256",
"n",
"e"
]
},
"SecurityDomainUploadObject": {
"properties": {
"value": {
"type": "object",
"properties": {
"EncData": {
"$ref": "#/definitions/EncDataSet",
"description": "Array of encrypted data set"
},
"WrappedKey": {
"properties": {
"enc_key": {
"type": "string",
"description": "Encryption key used to encrypt the EncData"
},
"x5t_256": {
"type": "string",
"description": "Thumbprint used to determine which certificate was used to encrypt the enc_key field"
}
},
"required": [
"enc_key",
"x5t_256"
],
"description": "Key object containing the encryption key used to encrypt EncData object"
}
},
"required": [
"EncData",
"WrappedKey"
]
}
},
"description": "Security domain object uploaded to a new pool",
"required": [
"value"
]
}
},
"parameters": {
Expand Down