Share via

CryptographyClientBuilder Class

  • Reference
Package:
com.azure.security.keyvault.keys.cryptography
Maven Artifact:
com.azure:azure-security-keyvault-keys:4.9.0
  • java.lang.Object
    • com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder

Implements

ConfigurationTrait<CryptographyClientBuilder> HttpTrait<CryptographyClientBuilder> TokenCredentialTrait<CryptographyClientBuilder>

public final class CryptographyClientBuilder
implements TokenCredentialTrait<CryptographyClientBuilder>, HttpTrait<CryptographyClientBuilder>, ConfigurationTrait<CryptographyClientBuilder>

This class provides a fluent builder API to help aid the configuration and instantiation of the CryptographyAsyncClient and CryptographyClient, by calling buildAsyncClient() and buildClient() respectively It constructs an instance of the desired client.

The minimal configuration options required by CryptographyClientBuilder to build a CryptographyAsyncClient or a CryptographyClient are a TokenCredential and either a JsonWebKey or a Azure Key Vault key identifier.

CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder()
     .keyIdentifier("<your-key-id>")
     .credential(new DefaultAzureCredentialBuilder().build())
     .buildAsyncClient();

JsonWebKey jsonWebKey = new JsonWebKey().setId("SampleJsonWebKey");
 CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder()
     .jsonWebKey(jsonWebKey)
     .buildAsyncClient();

When a CryptographyAsyncClient or CryptographyClient gets created using a Azure Key Vault key identifier, the first time a cryptographic operation is attempted, the client will attempt to retrieve the key material from the service, cache it, and perform all future cryptographic operations locally, deferring to the service when that's not possible. If key retrieval and caching fails because of a non-retryable error, the client will not make any further attempts and will fall back to performing all cryptographic operations on the service side. Conversely, when a CryptographyAsyncClient or CryptographyClient gets created using a JsonWebKey, all cryptographic operations will be performed locally.

To ensure correct behavior when performing operations such as Decrypt, Unwrap and Verify, it is recommended to use a CryptographyAsyncClient or CryptographyClient created for the specific key version that was used for the corresponding inverse operation: Encrypt, Wrap, or Sign, respectively.

The log detail level, multiple custom policies and a custom HttpClient can be optionally configured in the CryptographyClientBuilder.

CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder()
     .keyIdentifier("<your-key-id>")
     .credential(new DefaultAzureCredentialBuilder().build())
     .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS))
     .httpClient(HttpClient.createDefault())
     .buildAsyncClient();

Constructor Summary

Constructor Description
CryptographyClientBuilder()

The constructor with defaults.

Method Summary

Modifier and Type Method and Description
CryptographyClientBuilder addPolicy(HttpPipelinePolicy policy)

Adds a HttpPipelinePolicy to apply on each request sent.
CryptographyAsyncClient buildAsyncClient()

Creates a CryptographyAsyncClient based on options set in the builder.
CryptographyClient buildClient()

Creates a CryptographyClient based on options set in the builder.
CryptographyClientBuilder clientOptions(ClientOptions clientOptions)

Allows for setting common properties such as application ID, headers, proxy configuration, etc.
CryptographyClientBuilder configuration(Configuration configuration)

Sets the configuration store that is used during construction of the service client.
CryptographyClientBuilder credential(TokenCredential credential)

Sets the TokenCredential used to authorize requests sent to the service.
CryptographyClientBuilder disableChallengeResourceVerification()

Disables verifying if the authentication challenge resource matches the Key Vault or Managed HSM domain.
CryptographyClientBuilder disableKeyCaching()

Disables local key caching and defers all cryptographic operations to the service.
CryptographyClientBuilder httpClient(HttpClient client)

Sets the HttpClient to use for sending and receiving requests to and from the service.
CryptographyClientBuilder httpLogOptions(HttpLogOptions logOptions)

Sets the HttpLogOptions to use when sending and receiving requests to and from the service.
CryptographyClientBuilder jsonWebKey(JsonWebKey jsonWebKey)

Sets the JsonWebKey to be used for local cryptography operations.
CryptographyClientBuilder keyIdentifier(String keyId)

Sets the Azure Key Vault key identifier of the JSON Web Key to be used for cryptography operations.
CryptographyClientBuilder pipeline(HttpPipeline pipeline)

Sets the HttpPipeline to use for the service client.
CryptographyClientBuilder retryOptions(RetryOptions retryOptions)

Sets the RetryOptions for all the requests made through the client.
CryptographyClientBuilder retryPolicy(RetryPolicy retryPolicy)

Sets the RetryPolicy that is used when each request is sent.
CryptographyClientBuilder serviceVersion(CryptographyServiceVersion version)

Sets the CryptographyServiceVersion that is used when making API requests.

Methods inherited from java.lang.Object

clone equals finalize getClass hashCode notify notifyAll toString wait wait wait

Constructor Details

CryptographyClientBuilder

public CryptographyClientBuilder()

The constructor with defaults.

Method Details

addPolicy

public CryptographyClientBuilder addPolicy(HttpPipelinePolicy policy)

Adds a HttpPipelinePolicy to apply on each request sent.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

policy - A HttpPipelinePolicy.

Returns:

The updated CryptographyClientBuilder object.

buildAsyncClient

public CryptographyAsyncClient buildAsyncClient()

Creates a CryptographyAsyncClient based on options set in the builder. Every time buildAsyncClient() is called, a new instance of CryptographyAsyncClient is created.

If jsonWebKey(JsonWebKey jsonWebKey) is set, then all other builder settings are ignored.

If pipeline(HttpPipeline pipeline) is set, then the pipeline and keyIdentifier(String keyId)) are used to create the CryptographyAsyncClient. All other builder settings are ignored. If pipeline is not set, then an credential(TokenCredential credential) and keyIdentifier(String keyId) are required to build the CryptographyAsyncClient.

Returns:

A CryptographyAsyncClient with the options set from the builder.

buildClient

public CryptographyClient buildClient()

Creates a CryptographyClient based on options set in the builder. Every time buildClient() is called, a new instance of CryptographyClient is created.

If jsonWebKey(JsonWebKey jsonWebKey) is set, then all other builder settings are ignored.

If pipeline(HttpPipeline pipeline) is set, then the pipeline and keyIdentifier(String keyId) are used to create the CryptographyClient. All other builder settings are ignored. If pipeline is not set, then an credential(TokenCredential credential) and keyIdentifier(String keyId) are required to build the CryptographyClient.

Returns:

A CryptographyClient with the options set from the builder.

clientOptions

public CryptographyClientBuilder clientOptions(ClientOptions clientOptions)

Allows for setting common properties such as application ID, headers, proxy configuration, etc. Note that it is recommended that this method be called with an instance of the HttpClientOptions class (a subclass of the ClientOptions base class). The HttpClientOptions subclass provides more configuration options suitable for HTTP clients, which is applicable for any class that implements this HttpTrait interface.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

clientOptions - A configured instance of HttpClientOptions.

Returns:

The updated CryptographyClientBuilder object.

configuration

public CryptographyClientBuilder configuration(Configuration configuration)

Sets the configuration store that is used during construction of the service client. The default configuration store is a clone of the global configuration store, use NONE to bypass using configuration settings during construction.

Parameters:

configuration - The configuration store used to get configuration details.

Returns:

The updated CryptographyClientBuilder object.

credential

public CryptographyClientBuilder credential(TokenCredential credential)

Sets the TokenCredential used to authorize requests sent to the service. Refer to the Azure SDK for Java identity and authentication documentation for more details on proper usage of the TokenCredential type.

Parameters:

credential - TokenCredential used to authorize requests sent to the service.

Returns:

The updated CryptographyClientBuilder object.

disableChallengeResourceVerification

public CryptographyClientBuilder disableChallengeResourceVerification()

Disables verifying if the authentication challenge resource matches the Key Vault or Managed HSM domain. This verification is performed by default.

Returns:

The updated CryptographyClientBuilder object.

disableKeyCaching

public CryptographyClientBuilder disableKeyCaching()

Disables local key caching and defers all cryptographic operations to the service.

This method will have no effect if used in conjunction with the jsonWebKey(JsonWebKey jsonWebKey) method.

Returns:

The updated CryptographyClientBuilder object.

httpClient

public CryptographyClientBuilder httpClient(HttpClient client)

Sets the HttpClient to use for sending and receiving requests to and from the service.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

client - The HttpClient to use for requests.

Returns:

The updated CryptographyClientBuilder object.

httpLogOptions

public CryptographyClientBuilder httpLogOptions(HttpLogOptions logOptions)

Sets the HttpLogOptions to use when sending and receiving requests to and from the service. If a logLevel is not provided, default value of HttpLogDetailLevel#NONE is set.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

logOptions - The HttpLogOptions to use when sending and receiving requests to and from the service.

Returns:

The updated CryptographyClientBuilder object.

jsonWebKey

public CryptographyClientBuilder jsonWebKey(JsonWebKey jsonWebKey)

Sets the JsonWebKey to be used for local cryptography operations.

If jsonWebKey is provided, then all other builder settings are ignored.

Parameters:

jsonWebKey - The JSON Web Key to be used for local cryptography operations.

Returns:

The updated CryptographyClientBuilder object.

keyIdentifier

public CryptographyClientBuilder keyIdentifier(String keyId)

Sets the Azure Key Vault key identifier of the JSON Web Key to be used for cryptography operations. You should validate that this URL references a valid Key Vault or Managed HSM resource. Refer to the following documentation for details.

To ensure correct behavior when performing operations such as Decrypt, Unwrap and Verify, it is recommended to use a CryptographyAsyncClient or CryptographyClient created for the specific key version that was used for the corresponding inverse operation: Encrypt Wrap, or Sign, respectively.

Parameters:

keyId - The Azure Key Vault key identifier of the JSON Web Key stored in the key vault.

Returns:

The updated CryptographyClientBuilder object.

pipeline

public CryptographyClientBuilder pipeline(HttpPipeline pipeline)

Sets the HttpPipeline to use for the service client.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

The keyIdentifier(String keyId) is not ignored when pipeline is set.

Parameters:

pipeline - HttpPipeline to use for sending service requests and receiving responses.

Returns:

The updated CryptographyClientBuilder object.

retryOptions

public CryptographyClientBuilder retryOptions(RetryOptions retryOptions)

Sets the RetryOptions for all the requests made through the client.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Setting this is mutually exclusive with using retryPolicy(RetryPolicy retryPolicy).

Parameters:

retryOptions - The RetryOptions to use for all the requests made through the client.

Returns:

The updated CryptographyClientBuilder object.

retryPolicy

public CryptographyClientBuilder retryPolicy(RetryPolicy retryPolicy)

Sets the RetryPolicy that is used when each request is sent. The default retry policy will be used in the pipeline, if not provided. Setting this is mutually exclusive with using retryOptions(RetryOptions retryOptions).

Parameters:

retryPolicy - User's RetryPolicy applied to each request.

Returns:

The updated CryptographyClientBuilder object.

serviceVersion

public CryptographyClientBuilder serviceVersion(CryptographyServiceVersion version)

Sets the CryptographyServiceVersion that is used when making API requests.

If a service version is not provided, the service version that will be used will be the latest known service version based on the version of the client library being used. If no service version is specified, updating to a newer version the client library will have the result of potentially moving to a newer service version.

Parameters:

version - CryptographyServiceVersion of the service to be used when making requests.

Returns:

The updated CryptographyClientBuilder object.

Applies to