Azure · YalinLi0312 · Mar 3, 2022 · Mar 1, 2022 · Mar 2, 2022
diff --git a/.vscode/cspell.json b/.vscode/cspell.json
@@ -74,7 +74,7 @@
     "sdk/identity/azure-identity/tests/pod-identity/**",
     "sdk/identity/azure-identity/tests/managed-identity-live/service-fabric/**",
     "sdk/keyvault/azure-keyvault-certificates/**",
-    "sdk/keyvault/azure-keyvault-keys/**",
+    "sdk/keyvault/azure-keyvault-keys/tests/keys.py",
     "sdk/mixedreality/azure-mixedreality-authentication/**",
     "sdk/modelsrepository/azure-iot-modelsrepository/**",
     "sdk/monitor/azure-monitor-opentelemetry-exporter/**",
@@ -119,14 +119,14 @@
     "aiohttp",
     "amqp",
     "apim",
-    "Apim",
     "asyncio",
     "azcmagent",
     "azsdk",
     "azurecr",
     "azuremgmtcore",
     "azuremgmtcommunication",
     "bdist",
+    "bstr",
     "byref",
     "cdll",
     "clientid",
@@ -141,13 +141,16 @@
     "ctypes",
     "dateutil",
     "ddos",
+    "decryptor",
     "delenv",
     "dependened",
     "deserialization",
     "docfx",
     "dotenv",
     "DWORD",
     "eastus",
+    "eckey",
+    "encryptor",
     "engsys",
     "envname",
     "fileno",
@@ -169,9 +172,12 @@
     "inprogress",
     "ipconfiguration",
     "ipconfigurations",
+    "iqmp",
     "iscoroutine",
     "iscsi",
     "ivar",
+    "jwks",
+    "keybak",
     "kube",
     "kubeconfig",
     "kubeconfigs",
@@ -181,6 +187,11 @@
     "livekvtestgetsecretperfsecret",
     "livekvtestlistperfsecret",
     "lmazuel",
+    "livekvtest",
+    "livekvtestdecryptperfkey",
+    "livekvtestgetkeyperfkey",
+    "livekvtestsignperfkey",
+    "livekvtestunwrapperfkey",
     "logz",
     "LPCWSTR",
     "Lucene",
@@ -198,6 +209,7 @@
     "noarch",
     "northcentralus",
     "nspkg",
+    "OAEP",
     "oauthlib",
     "objs",
     "odata",
@@ -226,11 +238,14 @@
     "revascularization",
     "riscv",
     "rollup",
+    "RSNULL",
     "rtsp",
     "rtype",
     "scbedd",
     "sdist",
     "secbak",
+    "SECG",
+    "SECP",
     "setfacl",
     "signalr",
     "signup",
@@ -243,9 +258,11 @@
     "Teradata",
     "timegm",
     "toxenv",
+    "tzname",
     "uamqp",
     "uksouth",
     "ukwest",
+    "unpadder",
     "unredacted",
     "upserted",
     "urandom",
@@ -260,6 +277,7 @@
     "usgovtexas",
     "usgovvirginia",
     "utid",
+    "Uvsc",
     "vcrpy",
     "verifysdist",
     "verifywhl",

@@ -23,7 +23,7 @@ def _get_exception_for_key_vault_error(cls, response):
         body = ContentDecodePolicy.deserialize_from_http_generics(response)
         message = "({}) {}".format(body["error"]["code"], body["error"]["message"])  # type: Optional[str]
     except (DecodeError, KeyError):
-        # Key Vault error response bodies should have the expected shape and be deserializable.
+        # Key Vault error response bodies should have the expected shape and be de-serializable.
         # If we somehow land here, we'll take HttpResponse's default message.
         message = None
 

@@ -41,7 +41,7 @@ def __init__(self, request_uri, challenge, response_headers=None):
             raise ValueError("Invalid challenge parameters")
 
         authorization_uri = self.get_authorization_server()
-        # the authoritzation server URI should look something like https://login.windows.net/tenant-id
+        # the authorization server URI should look something like https://login.windows.net/tenant-id
         uri_path = parse.urlparse(authorization_uri).path.lstrip("/")
         self.tenant_id = uri_path.split("/")[0] or None
 

@@ -32,7 +32,7 @@ def _validate_arguments(operation, algorithm, **kwargs):
     """Validates the arguments passed to perform an operation with a provided algorithm.
 
     :param KeyOperation operation: the type of operation being requested
-    :param EncyptionAlgorithm algorithm: the encryption algorithm to use for the operation
+    :param EncryptionAlgorithm algorithm: the encryption algorithm to use for the operation
     :keyword bytes iv: initialization vector
     :keyword bytes authentication_tag: authentication tag returned from an encryption
     :keyword bytes additional_authenticated_data: data that is authenticated but not encrypted

@@ -19,11 +19,11 @@ def __init__(self, key, iv, auth_data, auth_tag):
 
         self._aes_key = key[: len(key) // 2]
         self._hmac_key = key[len(key) // 2 :]
-        hash_algo = {256: hashes.SHA256(), 384: hashes.SHA384(), 512: hashes.SHA512()}[len(key) * 8]
+        hash_algorithm = {256: hashes.SHA256(), 384: hashes.SHA384(), 512: hashes.SHA512()}[len(key) * 8]
 
         self._cipher = Cipher(algorithms.AES(self._aes_key), modes.CBC(iv), backend=default_backend())
         self._tag = auth_tag or bytearray()
-        self._hmac = hmac.HMAC(self._hmac_key, hash_algo, backend=default_backend())
+        self._hmac = hmac.HMAC(self._hmac_key, hash_algorithm, backend=default_backend())
         self._auth_data_length = _int_to_fixed_length_bigendian_bytes(len(auth_data) * 8, 8)
 
         # prime the hash

@@ -34,7 +34,7 @@
     KeyCurveName.p_521: SECP521R1,
     "SECP256K1": SECP256K1,  # "SECP256K1" is from Key Vault 2016-10-01
 }
-_curve_to_default_algo = {
+_curve_to_default_algorithm = {
     KeyCurveName.p_256: Es256.name(),
     KeyCurveName.p_256_k: Ecdsa256.name(),
     KeyCurveName.p_384: Es384.name(),
@@ -44,13 +44,13 @@
 
 
 class EllipticCurveKey(Key):
-    _supported_signature_algorithms = frozenset(_curve_to_default_algo.values())
+    _supported_signature_algorithms = frozenset(_curve_to_default_algorithm.values())
 
     def __init__(self, x, y, d=None, kid=None, curve=None):
         super(EllipticCurveKey, self).__init__()
 
         self._kid = kid or str(uuid.uuid4())
-        self._default_algo = _curve_to_default_algo[curve]
+        self._default_algorithm = _curve_to_default_algorithm[curve]
         curve_cls = _kv_crv_to_crypto_cls[curve]
 
         public_numbers = EllipticCurvePublicNumbers(x, y, curve_cls())

@@ -36,4 +36,4 @@ def raise_if_time_invalid(not_before, expires_on):
     if not_before and not_before > now:
         raise ValueError("This client's key is not useable until {} (UTC)".format(not_before))
     if expires_on and expires_on <= now:
-        raise ValueError("This client's key expires_onired at {} (UTC)".format(expires_on))
+        raise ValueError("This client's key expired at {} (UTC)".format(expires_on))
@@ -237,7 +237,7 @@ def test_symmetric_encrypt_and_decrypt(self, key_client, **kwargs):
         assert imported_key is not None
         crypto_client = self.create_crypto_client(imported_key, api_version=key_client.api_version)
         # Use 256-bit AES algorithms for the 256-bit key
-        symmetric_algorithms = [algo for algo in EncryptionAlgorithm if algo.startswith("A256")]
+        symmetric_algorithms = [algorithm for algorithm in EncryptionAlgorithm if algorithm.startswith("A256")]
 
         supports_nothing = mock.Mock(supports=mock.Mock(return_value=False))
         with mock.patch(crypto_client.__module__ + ".get_local_cryptography_provider", lambda *_: supports_nothing):
@@ -296,7 +296,7 @@ def test_encrypt_local(self, key_client, is_hsm, **kwargs):
         key = self._create_rsa_key(key_client, key_name, size=4096, hardware_protected=is_hsm)
         crypto_client = self.create_crypto_client(key, api_version=key_client.api_version)
 
-        rsa_encrypt_algorithms = [algo for algo in EncryptionAlgorithm if algo.startswith("RSA")]
+        rsa_encrypt_algorithms = [algorithm for algorithm in EncryptionAlgorithm if algorithm.startswith("RSA")]
         for encrypt_algorithm in rsa_encrypt_algorithms:
             result = crypto_client.encrypt(encrypt_algorithm, self.plaintext)
             self.assertEqual(result.key_id, key.id)
@@ -313,7 +313,7 @@ def test_encrypt_local_from_jwk(self, key_client, is_hsm, **kwargs):
         crypto_client = self.create_crypto_client(key, api_version=key_client.api_version)
         local_client = CryptographyClient.from_jwk(key.key)
 
-        rsa_encrypt_algorithms = [algo for algo in EncryptionAlgorithm if algo.startswith("RSA")]
+        rsa_encrypt_algorithms = [algorithm for algorithm in EncryptionAlgorithm if algorithm.startswith("RSA")]
         for encrypt_algorithm in rsa_encrypt_algorithms:
             result = local_client.encrypt(encrypt_algorithm, self.plaintext)
             self.assertEqual(result.key_id, key.id)
@@ -388,7 +388,7 @@ def test_wrap_local(self, key_client, is_hsm, **kwargs):
         key = self._create_rsa_key(key_client, key_name, size=4096, hardware_protected=is_hsm)
         crypto_client = self.create_crypto_client(key, api_version=key_client.api_version)
 
-        for wrap_algorithm in (algo for algo in KeyWrapAlgorithm if algo.startswith("RSA")):
+        for wrap_algorithm in (algorithm for algorithm in KeyWrapAlgorithm if algorithm.startswith("RSA")):
             result = crypto_client.wrap_key(wrap_algorithm, self.plaintext)
             self.assertEqual(result.key_id, key.id)
 
@@ -404,7 +404,7 @@ def test_wrap_local_from_jwk(self, key_client, is_hsm, **kwargs):
         crypto_client = self.create_crypto_client(key, api_version=key_client.api_version)
         local_client = CryptographyClient.from_jwk(key.key)
 
-        for wrap_algorithm in (algo for algo in KeyWrapAlgorithm if algo.startswith("RSA")):
+        for wrap_algorithm in (algorithm for algorithm in KeyWrapAlgorithm if algorithm.startswith("RSA")):
             result = local_client.wrap_key(wrap_algorithm, self.plaintext)
             self.assertEqual(result.key_id, key.id)
 
@@ -529,8 +529,8 @@ def test_operations(key, expected_error_substrings, encrypt_algorithms, wrap_alg
         # operations should not succeed with a key whose nbf is in the future
         the_year_3000 = datetime(3000, 1, 1, tzinfo=_UTC)
 
-        rsa_wrap_algorithms = [algo for algo in KeyWrapAlgorithm if algo.startswith("RSA")]
-        rsa_encryption_algorithms = [algo for algo in EncryptionAlgorithm if algo.startswith("RSA")]
+        rsa_wrap_algorithms = [algorithm for algorithm in KeyWrapAlgorithm if algorithm.startswith("RSA")]
+        rsa_encryption_algorithms = [algorithm for algorithm in EncryptionAlgorithm if algorithm.startswith("RSA")]
         key_name = self.get_resource_name("rsa-not-yet-valid")
         not_yet_valid_key = self._create_rsa_key(
             key_client, key_name, not_before=the_year_3000, hardware_protected=is_hsm

@@ -232,7 +232,7 @@ async def test_symmetric_encrypt_and_decrypt(self, key_client, **kwargs):
         assert imported_key is not None
         crypto_client = self.create_crypto_client(imported_key, is_async=True, api_version=key_client.api_version)
         # Use 256-bit AES algorithms for the 256-bit key
-        symmetric_algorithms = [algo for algo in EncryptionAlgorithm if algo.startswith("A256")]
+        symmetric_algorithms = [algorithm for algorithm in EncryptionAlgorithm if algorithm.startswith("A256")]
 
         supports_nothing = mock.Mock(supports=mock.Mock(return_value=False))
         with mock.patch(crypto_client.__module__ + ".get_local_cryptography_provider", lambda *_: supports_nothing):
@@ -288,7 +288,7 @@ async def test_encrypt_local(self, key_client, is_hsm, **kwargs):
         key = await self._create_rsa_key(key_client, key_name, size=4096, hardware_protected=is_hsm)
         crypto_client = self.create_crypto_client(key, is_async=True, api_version=key_client.api_version)
 
-        rsa_encrypt_algorithms = [algo for algo in EncryptionAlgorithm if algo.startswith("RSA")]
+        rsa_encrypt_algorithms = [algorithm for algorithm in EncryptionAlgorithm if algorithm.startswith("RSA")]
         for encrypt_algorithm in rsa_encrypt_algorithms:
             result = await crypto_client.encrypt(encrypt_algorithm, self.plaintext)
             self.assertEqual(result.key_id, key.id)
@@ -305,7 +305,7 @@ async def test_encrypt_local_from_jwk(self, key_client, is_hsm, **kwargs):
         crypto_client = self.create_crypto_client(key, is_async=True, api_version=key_client.api_version)
         local_client = CryptographyClient.from_jwk(key.key)
 
-        rsa_encrypt_algorithms = [algo for algo in EncryptionAlgorithm if algo.startswith("RSA")]
+        rsa_encrypt_algorithms = [algorithm for algorithm in EncryptionAlgorithm if algorithm.startswith("RSA")]
         for encrypt_algorithm in rsa_encrypt_algorithms:
             result = await local_client.encrypt(encrypt_algorithm, self.plaintext)
             self.assertEqual(result.key_id, key.id)
@@ -380,7 +380,7 @@ async def test_wrap_local(self, key_client, is_hsm, **kwargs):
         key = await self._create_rsa_key(key_client, key_name, size=4096, hardware_protected=is_hsm)
         crypto_client = self.create_crypto_client(key, is_async=True, api_version=key_client.api_version)
 
-        for wrap_algorithm in (algo for algo in KeyWrapAlgorithm if algo.startswith("RSA")):
+        for wrap_algorithm in (algorithm for algorithm in KeyWrapAlgorithm if algorithm.startswith("RSA")):
             result = await crypto_client.wrap_key(wrap_algorithm, self.plaintext)
             self.assertEqual(result.key_id, key.id)
 
@@ -396,7 +396,7 @@ async def test_wrap_local_from_jwk(self, key_client, is_hsm, **kwargs):
         crypto_client = self.create_crypto_client(key, is_async=True, api_version=key_client.api_version)
         local_client = CryptographyClient.from_jwk(key.key)
 
-        for wrap_algorithm in (algo for algo in KeyWrapAlgorithm if algo.startswith("RSA")):
+        for wrap_algorithm in (algorithm for algorithm in KeyWrapAlgorithm if algorithm.startswith("RSA")):
             result = await local_client.wrap_key(wrap_algorithm, self.plaintext)
             self.assertEqual(result.key_id, key.id)
 
@@ -521,8 +521,8 @@ async def test_operations(key, expected_error_substrings, encrypt_algorithms, wr
         # operations should not succeed with a key whose nbf is in the future
         the_year_3000 = datetime(3000, 1, 1, tzinfo=_UTC)
 
-        rsa_wrap_algorithms = [algo for algo in KeyWrapAlgorithm if algo.startswith("RSA")]
-        rsa_encryption_algorithms = [algo for algo in EncryptionAlgorithm if algo.startswith("RSA")]
+        rsa_wrap_algorithms = [algorithm for algorithm in KeyWrapAlgorithm if algorithm.startswith("RSA")]
+        rsa_encryption_algorithms = [algorithm for algorithm in EncryptionAlgorithm if algorithm.startswith("RSA")]
         key_name = self.get_resource_name("rsa-not-yet-valid")
         not_yet_valid_key = await self._create_rsa_key(
             key_client, key_name, not_before=the_year_3000, hardware_protected=is_hsm

@@ -674,7 +674,7 @@ def test_get_cryptography_client(self, client, is_hsm, **kwargs):
         assert "RSA-OAEP" == result.algorithm
         assert plaintext == result.plaintext
 
-        # try ommitting the key version
+        # try omitting the key version
         crypto_client = client.get_cryptography_client(key_name)
         # both clients should use the same generated client
         assert client._client == crypto_client._client

@@ -671,7 +671,7 @@ async def test_get_cryptography_client(self, client, is_hsm, **kwargs):
         assert "RSA-OAEP" == result.algorithm
         assert plaintext == result.plaintext
 
-        # try ommitting the key version
+        # try omitting the key version
         crypto_client = client.get_cryptography_client(key_name)
         # both clients should use the same generated client
         assert client._client == crypto_client._client