com.microsoft.azure.keyvault.models.KeyOperationResult Java Examples

public byte[] dencryptZoneKey(byte[] encryptedByte) throws Exception {
	JsonWebKeyEncryptionAlgorithm keyEncryptionAlgo = getZoneKeyEncryptionAlgo();
	if (masterKeyBundle == null) {
		masterKeyBundle = keyVaultClient
				.getKey(keyVaultURL, azureMasterKey);
	}
	KeyOperationResult decryptResult = null;
	try {
		decryptResult = keyVaultClient.decryptAsync(
				masterKeyBundle.key().kid(), keyEncryptionAlgo,
				encryptedByte, null).get();

	} catch (Exception e) {
		throw new Exception("Error while decrypting zone key." + e);
	}
	return decryptResult.result();
}
 

public byte[] encryptZoneKey(Key zoneKey) throws Exception {
	JsonWebKeyEncryptionAlgorithm keyEncryptionAlgo = getZoneKeyEncryptionAlgo();
	KeyOperationResult encryptResult = null;
	
	if (masterKeyBundle == null) {
		masterKeyBundle = keyVaultClient
				.getKey(keyVaultURL, azureMasterKey);
	}
	try {
		encryptResult = keyVaultClient.encryptAsync(
				masterKeyBundle.key().kid(), keyEncryptionAlgo,
				zoneKey.getEncoded(), null).get();

	} catch (Exception e) {
		throw new Exception("Error while encrypting zone key." + e);
	}
	return encryptResult.result();
}
 

@Override
public Observable<byte[]> decrypt(VertxContext<Server> vertxContext, byte[] cipherBytes) {
    SfsVertx sfsVertx = vertxContext.vertx();
    return defer(() -> RxHelper.executeBlocking(sfsVertx.getOrCreateContext(), sfsVertx.getBackgroundPool(), () -> {
        try {
            CipherText instance = parseFrom(cipherBytes.clone());
            String keyIdentifier = instance.getKeyIdentifier();
            String algorithm = instance.getAlgorithm();
            byte[] data = instance.getData().toByteArray();
            Future<KeyOperationResult> future = kms.decryptAsync(keyIdentifier, algorithm, data);
            KeyOperationResult result = future.get(60, SECONDS);
            return result.getResult();
        } catch (InvalidProtocolBufferException | InterruptedException | ExecutionException | TimeoutException e) {
            throw new RuntimeException(e);
        }
    }));
}
 

@Override
public Observable<Encrypted> encrypt(VertxContext<Server> vertxContext, byte[] plainBytes) {
    SfsVertx sfsVertx = vertxContext.vertx();
    Context context = sfsVertx.getOrCreateContext();
    return defer(() -> RxHelper.executeBlocking(sfsVertx.getOrCreateContext(), sfsVertx.getBackgroundPool(), () -> {
        String algorithm = AlgorithmName;
        Future<KeyOperationResult> encrypted = kms.encryptAsync(azureKeyIdentifier, algorithm, plainBytes);
        try {
            KeyOperationResult result = encrypted.get(60, SECONDS);
            CipherText instance =
                    newBuilder()
                            .setAlgorithm(algorithm)
                            .setKeyIdentifier(result.getKid())
                            .setData(copyFrom(result.getResult()))
                            .build();
            return new Encrypted(instance.toByteArray(), format("xppsazure:%s", azureKeyIdentifier));
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            throw new RuntimeException(e);
        }
    }));
}
 

@Override
public ListenableFuture<byte[]> decryptAsync(byte[] ciphertext, byte[] iv, byte[] authenticationData, byte[] authenticationTag, String algorithm) {

    if (implementation == null) {
        return null;
    }

    if (Strings.isNullOrWhiteSpace(algorithm)) {
        algorithm = getDefaultEncryptionAlgorithm();
    }

    // Never local
    ListenableFuture<KeyOperationResult> futureCall =
            client.decryptAsync(
                    implementation.getKid(),
                    new JsonWebKeyEncryptionAlgorithm(algorithm),
                    ciphertext,
                    null);
    return Futures.transform(futureCall, new DecryptResultTransform(), MoreExecutors.directExecutor());
}
 

@Override
public ListenableFuture<byte[]> unwrapKeyAsync(byte[] ciphertext, String algorithm) {
    if (implementation == null) {
        return null;
    }

    if (Strings.isNullOrWhiteSpace(algorithm)) {
        algorithm = getDefaultKeyWrapAlgorithm();
    }

    // Never local
    ListenableFuture<KeyOperationResult> futureCall = 
            client.unwrapKeyAsync(
                    implementation.getKid(),
                    new JsonWebKeyEncryptionAlgorithm(algorithm),
                    ciphertext,
                    null);
    return Futures.transform(futureCall, new DecryptResultTransform(), MoreExecutors.directExecutor());
}
 

@Override
public ListenableFuture<Pair<byte[], String>> signAsync(byte[] digest, String algorithm) throws NoSuchAlgorithmException {
    if (implementation == null) {
        return null;
    }

    if (Strings.isNullOrWhiteSpace(algorithm)) {
        algorithm = getDefaultSignatureAlgorithm();
    }
    
    // Never local
    ListenableFuture<KeyOperationResult>  futureCall = 
            client.signAsync(
                    implementation.getKid(),
                    new JsonWebKeySignatureAlgorithm(algorithm),
                    digest,
                    null);
    return Futures.transform(futureCall, new SignResultTransform(algorithm), MoreExecutors.directExecutor());
}
 

@Override
public Observable<byte[]> decryptAsync(final JsonWebKeyEncryptionAlgorithm algorithm, final byte[] content) {
    return new KeyVaultFutures.ServiceFutureConverter<KeyOperationResult, byte[]>() {

        @Override
        protected ServiceFuture<KeyOperationResult> callAsync() {
            return vault.client().decryptAsync(inner().keyIdentifier().identifier(), algorithm, content, null);
        }

        @Override
        protected byte[] wrapModel(KeyOperationResult keyOperationResult) {
            return keyOperationResult.result();
        }
    }.toObservable();
}
 

@Test
public void signVerifyOperationsForKeyOperationsTest() throws Exception {

    JsonWebKey testKey = importTestKey();
    KeyIdentifier keyId = new KeyIdentifier(testKey.kid());

    // Test variables
    byte[] plainText = new byte[100];
    new Random(0x1234567L).nextBytes(plainText);
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    md.update(plainText);
    byte[] digest = md.digest();
    byte[] signature;

    KeyOperationResult result;
    KeyVerifyResult verifyResult;

    // Using kid WO version
    {
        result = keyVaultClient.sign(keyId.baseIdentifier(), JsonWebKeySignatureAlgorithm.RS256, digest);
        signature = result.result();

        verifyResult = keyVaultClient.verify(keyId.baseIdentifier(), JsonWebKeySignatureAlgorithm.RS256, digest, signature);
        Assert.assertEquals(new Boolean(true), verifyResult.value());
    }

    // Using full kid
    {
        result = keyVaultClient.sign(testKey.kid(), JsonWebKeySignatureAlgorithm.RS256, digest);
        signature = result.result();

        verifyResult = keyVaultClient.verify(testKey.kid(), JsonWebKeySignatureAlgorithm.RS256, digest, signature);
        Assert.assertEquals(new Boolean(true), verifyResult.value());

    }
}
 

@Test
public void wrapUnwrapOperationsForKeyOperationsTest() throws Exception {

    JsonWebKey testKey = importTestKey();
    KeyIdentifier keyId = new KeyIdentifier(testKey.kid());

    // Test variables
    byte[] plainText = new byte[100];
    new Random(0x1234567L).nextBytes(plainText);
    byte[] cipherText;

    KeyOperationResult result;

    // wrap and unwrap using kid WO version
    {
        result = keyVaultClient.wrapKey(keyId.baseIdentifier(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, plainText);
        cipherText = result.result();

        result = keyVaultClient.unwrapKey(keyId.baseIdentifier(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, cipherText);
        Assert.assertArrayEquals(plainText, result.result());
    }

    // wrap and unwrap using full kid
    {
        result = keyVaultClient.wrapKey(testKey.kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, plainText);
        cipherText = result.result();

        result = keyVaultClient.unwrapKey(testKey.kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, cipherText);
        Assert.assertArrayEquals(plainText, result.result());
    }
}
 

@Test
public void encryptDecryptOperationsForKeyOperationsTest() throws Exception {

    JsonWebKey testKey = importTestKey();
    KeyIdentifier keyId = new KeyIdentifier(testKey.kid());

    // Test variables
    byte[] plainText = new byte[100];
    new Random(0x1234567L).nextBytes(plainText);
    byte[] cipherText;

    KeyOperationResult result;

    // encrypt and decrypt using kid WO version
    {
        result = keyVaultClient.encrypt(keyId.baseIdentifier(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, plainText);
        cipherText = result.result();

        result = keyVaultClient.decrypt(keyId.baseIdentifier(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, cipherText);
        Assert.assertArrayEquals(plainText, result.result());
    }

    // encrypt and decrypt using full kid
    {
        result = keyVaultClient.encrypt(testKey.kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, plainText);
        cipherText = result.result();

        result = keyVaultClient.decrypt(testKey.kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, cipherText);
        Assert.assertArrayEquals(plainText, result.result());
    }
}
 

@Override
public Observable<byte[]> encryptAsync(final JsonWebKeyEncryptionAlgorithm algorithm, final byte[] content) {
    return new KeyVaultFutures.ServiceFutureConverter<KeyOperationResult, byte[]>() {

        @Override
        protected ServiceFuture<KeyOperationResult> callAsync() {
            return vault.client().encryptAsync(inner().keyIdentifier().identifier(), algorithm, content, null);
        }

        @Override
        protected byte[] wrapModel(KeyOperationResult keyOperationResult) {
            return keyOperationResult.result();
        }
    }.toObservable();
}
 

@Override
public Observable<byte[]> signAsync(final JsonWebKeySignatureAlgorithm algorithm, final byte[] digest) {
    return new KeyVaultFutures.ServiceFutureConverter<KeyOperationResult, byte[]>() {

        @Override
        protected ServiceFuture<KeyOperationResult> callAsync() {
            return vault.client().signAsync(inner().keyIdentifier().identifier(), algorithm, digest, null);
        }

        @Override
        protected byte[] wrapModel(KeyOperationResult keyOperationResult) {
            return keyOperationResult.result();
        }
    }.toObservable();
}
 

@Override
public Observable<byte[]> wrapKeyAsync(final JsonWebKeyEncryptionAlgorithm algorithm, final byte[] key) {
    return new KeyVaultFutures.ServiceFutureConverter<KeyOperationResult, byte[]>() {

        @Override
        protected ServiceFuture<KeyOperationResult> callAsync() {
            return vault.client().wrapKeyAsync(inner().keyIdentifier().identifier(), algorithm, key, null);
        }

        @Override
        protected byte[] wrapModel(KeyOperationResult keyOperationResult) {
            return keyOperationResult.result();
        }
    }.toObservable();
}
 

@Override
public Observable<byte[]> unwrapKeyAsync(final JsonWebKeyEncryptionAlgorithm algorithm, final byte[] key) {
    return new KeyVaultFutures.ServiceFutureConverter<KeyOperationResult, byte[]>() {

        @Override
        protected ServiceFuture<KeyOperationResult> callAsync() {
            return vault.client().unwrapKeyAsync(inner().keyIdentifier().identifier(), algorithm, key, null);
        }

        @Override
        protected byte[] wrapModel(KeyOperationResult keyOperationResult) {
            return keyOperationResult.result();
        }
    }.toObservable();
}
 

@Test
public void keyAsyncForAsyncOperationsTest() throws Exception {

	String vault = getVaultUri();
	String keyname = "mykey";

	CreateKeyRequest createKeyRequest = new CreateKeyRequest.Builder(vault, keyname, JsonWebKeyType.RSA).build();
	KeyBundle keyBundle = keyVaultClient.createKeyAsync(createKeyRequest, null).get();
	Assert.assertNotNull(keyBundle);

	UpdateKeyRequest updateKeyRequest = new UpdateKeyRequest.Builder(keyBundle.key().kid()).build();
	keyBundle = keyVaultClient.updateKeyAsync(updateKeyRequest, null).get();
	Assert.assertNotNull(keyBundle);

	keyBundle = keyVaultClient.getKeyAsync(keyBundle.key().kid(), null).get();
	Assert.assertNotNull(keyBundle);

	List<KeyItem> keyItems = keyVaultClient.listKeysAsync(vault, 2, null).get();
	Assert.assertNotNull(keyItems);

	List<KeyItem> keyVersionItems = keyVaultClient.listKeyVersionsAsync(vault, keyname, 2, null).get();
	Assert.assertNotNull(keyVersionItems);

	BackupKeyResult backupResult = keyVaultClient.backupKeyAsync(vault, keyname, null).get();
	Assert.assertNotNull(backupResult);

	keyVaultClient.deleteKeyAsync(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name(), null).get();
	pollOnKeyDeletion(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name());
	keyVaultClient.purgeDeletedKey(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name());
	if (isRecordMode()) {
		Thread.sleep(20000);
	}

	KeyBundle restoreResult = keyVaultClient.restoreKeyAsync(vault, backupResult.value(), null).get();
	Assert.assertNotNull(restoreResult);

	KeyOperationResult encryptResult = keyVaultClient
			.encryptAsync(keyBundle.key().kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, new byte[100], null).get();
	Assert.assertNotNull(encryptResult);

	KeyOperationResult decryptResult = keyVaultClient.decryptAsync(keyBundle.key().kid(),
			JsonWebKeyEncryptionAlgorithm.RSA_OAEP, encryptResult.result(), null).get();
	Assert.assertNotNull(decryptResult);

	KeyOperationResult wrapResult = keyVaultClient
			.wrapKeyAsync(keyBundle.key().kid(), JsonWebKeyEncryptionAlgorithm.RSA_OAEP, new byte[100], null).get();
	Assert.assertNotNull(wrapResult);

	KeyOperationResult unwrapResult = keyVaultClient.unwrapKeyAsync(keyBundle.key().kid(),
			JsonWebKeyEncryptionAlgorithm.RSA_OAEP, wrapResult.result(), null).get();
	Assert.assertNotNull(unwrapResult);

	byte[] plainText = new byte[100];
	new Random(0x1234567L).nextBytes(plainText);
	MessageDigest md = MessageDigest.getInstance("SHA-256");
	md.update(plainText);
	byte[] digest = md.digest();
	KeyOperationResult signResult = keyVaultClient
			.signAsync(keyBundle.key().kid(), JsonWebKeySignatureAlgorithm.RS256, digest, null).get();
	Assert.assertNotNull(signResult);

	KeyVerifyResult verifypResult = keyVaultClient.verifyAsync(keyBundle.key().kid(),
			JsonWebKeySignatureAlgorithm.RS256, digest, signResult.result(), null).get();
	Assert.assertTrue(verifypResult.value());

	keyBundle = keyVaultClient
			.deleteKeyAsync(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name(), null).get();
	Assert.assertNotNull(keyBundle);
	pollOnKeyDeletion(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name());
	keyVaultClient.purgeDeletedKey(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name());
	if (isRecordMode()) {
		Thread.sleep(20000);
	}
	// Get the unavailable key to throw exception -> it gets stuck

	try {
		keyVaultClient.deleteKeyAsync(keyBundle.keyIdentifier().vault(), keyBundle.keyIdentifier().name(), null)
				.get();
	} catch (ExecutionException ex) {

		Throwable t = ex.getCause();
		if (t instanceof KeyVaultErrorException) {
			Assert.assertEquals("KeyNotFound", ((KeyVaultErrorException) t).body().error().code());
		} else
			throw ex;
	}

}
 

@Override
public byte[] apply(KeyOperationResult result) {
    return result.result();
}
 

@Override
public Pair<byte[], String> apply(KeyOperationResult input) {

    return Pair.of(input.result(), algorithm);
}
 

/**
 * Wraps a symmetric key using the specified key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be wrapped
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
public ServiceFuture<KeyOperationResult> wrapKeyAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return wrapKeyAsync(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value,
            serviceCallback);
}
 

/**
 * Creates a signature from a digest using the specified key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be signed
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
public ServiceFuture<KeyOperationResult> signAsync(String keyIdentifier, JsonWebKeySignatureAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return signAsync(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value,
            serviceCallback);
}
 

/**
 * Unwraps a symmetric key using the specified key in the vault that has
 * initially been used for wrapping the key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be unwrapped
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
public ServiceFuture<KeyOperationResult> unwrapKeyAsync(String keyIdentifier,
        JsonWebKeyEncryptionAlgorithm algorithm, byte[] value,
        final ServiceCallback<KeyOperationResult> serviceCallback) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return unwrapKeyAsync(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value,
            serviceCallback);
}
 

/**
 * Decrypts a single block of encrypted data.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be decrypted
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
public ServiceFuture<KeyOperationResult> decryptAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return decryptAsync(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value,
            serviceCallback);
}
 

/**
 * Encrypts an arbitrary sequence of bytes using an encryption key that is
 * stored in a key vault.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be encrypted
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
public ServiceFuture<KeyOperationResult> encryptAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return encryptAsync(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value,
            serviceCallback);
}
 

/**
 * Encrypts an arbitrary sequence of bytes using an encryption key that is
 * stored in a key vault.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be encrypted
 * @return the KeyOperationResult if successful.
 */
public KeyOperationResult encrypt(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return encrypt(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value);
}
 

/**
 * Wraps a symmetric key using the specified key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be wrapped
 * @param serviceCallback
 *            the async ServiceCallback to handle successful and failed
 *            responses.
 * @return the {@link ServiceFuture} object
 */
ServiceFuture<KeyOperationResult> wrapKeyAsync(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm,
        byte[] value, final ServiceCallback<KeyOperationResult> serviceCallback);
 

/**
 * Creates a signature from a digest using the specified key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be signed
 * @return the KeyOperationResult if successful.
 */
public KeyOperationResult sign(String keyIdentifier, JsonWebKeySignatureAlgorithm algorithm, byte[] value) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return sign(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value);
}
 

/**
 * Decrypts a single block of encrypted data.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the content to be decrypted
 * @return the KeyOperationResult if successful.
 */
public KeyOperationResult decrypt(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return decrypt(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value);
}
 

/**
 * Unwraps a symmetric key using the specified key in the vault that has
 * initially been used for wrapping the key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be unwrapped
 *
 * @return the KeyOperationResult if successful.
 */
KeyOperationResult unwrapKey(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value);
 

/**
 * Wraps a symmetric key using the specified key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be wrapped
 * @return the KeyOperationResult if successful.
 */
public KeyOperationResult wrapKey(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return wrapKey(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value);
}
 

/**
 * Unwraps a symmetric key using the specified key in the vault that has
 * initially been used for wrapping the key.
 *
 * @param keyIdentifier
 *            The full key identifier
 * @param algorithm
 *            algorithm identifier
 * @param value
 *            the key to be unwrapped
 * @return the KeyOperationResult if successful.
 */
public KeyOperationResult unwrapKey(String keyIdentifier, JsonWebKeyEncryptionAlgorithm algorithm, byte[] value) {
    KeyIdentifier id = new KeyIdentifier(keyIdentifier);
    return unwrapKey(id.vault(), id.name(), id.version() == null ? "" : id.version(), algorithm, value);
}