Package com.azure.security.keyvault.keys.cryptography

Class CryptographyClientBuilder

java.lang.Object

com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder

public final class CryptographyClientBuilder
extends Object

This class provides a fluent builder API to help aid the configuration and instantiation of the CryptographyAsyncClient and CryptographyClient, by calling buildAsyncClient() and buildClient() respectively It constructs an instance of the desired client.

The minimal configuration options required by cryptographyClientBuilder to build a CryptographyAsyncClient or a CryptographyClient are a credential and either a JSON Web Key or a Azure Key Vault key identifier.

To ensure correct behavior when performing operations such as Decrypt, Unwrap and Verify, it is recommended to use a CryptographyAsyncClient or CryptographyClient created for the specific key version that was used for the corresponding inverse operation: Encrypt, Wrap, or Sign, respectively.

 CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder()
     .keyIdentifier("<your-key-id>")
     .credential(new DefaultAzureCredentialBuilder().build())
     .buildAsyncClient();
 

 JsonWebKey jsonWebKey = new JsonWebKey().setId("SampleJsonWebKey");
 CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder()
     .jsonWebKey(jsonWebKey)
     .buildAsyncClient();
 

The log detail level, multiple custom policies and a custom http client can be optionally configured in the CryptographyClientBuilder.

 CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder()
     .keyIdentifier("<your-key-id>")
     .httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS))
     .addPolicy(new KeyVaultCredentialPolicy(new DefaultAzureCredentialBuilder().build()))
     .httpClient(HttpClient.createDefault())
     .buildAsyncClient();
 

Alternatively, a custom http pipeline with custom HttpPipelinePolicy policies can be specified. It provides finer control over the construction of CryptographyAsyncClient and CryptographyClient

 HttpPipeline pipeline = new HttpPipelineBuilder()
     .policies(new KeyVaultCredentialPolicy(new DefaultAzureCredentialBuilder().build()), new RetryPolicy())
     .build();
 CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder()
     .pipeline(pipeline)
     .keyIdentifier("<your-key-id>")
     .buildAsyncClient();
 

The minimal configuration options required by cryptographyClientBuilder to build CryptographyClient are jsonWebKey or Azure Key Vault key identifier and credential.

 CryptographyClient cryptographyClient = new CryptographyClientBuilder()
     .keyIdentifier("<your-key-id>")
     .credential(new DefaultAzureCredentialBuilder().build())
     .buildClient();
 

 JsonWebKey jsonWebKey = new JsonWebKey().setId("SampleJsonWebKey");
 CryptographyClient cryptographyClient = new CryptographyClientBuilder()
     .jsonWebKey(jsonWebKey)
     .buildClient();
 

See Also:

CryptographyAsyncClient, CryptographyClient

Constructor Summary

Constructors

Constructor	Description
CryptographyClientBuilder()	The constructor with defaults.

Method Summary

Modifier and Type	Method	Description
CryptographyClientBuilder	addPolicy(com.azure.core.http.policy.HttpPipelinePolicy policy)	Adds a policy to the set of existing policies that are executed after the client required policies.
CryptographyAsyncClient	buildAsyncClient()	Creates a CryptographyAsyncClient based on options set in the builder.
CryptographyClient	buildClient()	Creates a CryptographyClient based on options set in the builder.
CryptographyClientBuilder	clientOptions(com.azure.core.util.ClientOptions clientOptions)	Sets the ClientOptions which enables various options to be set on the client.
CryptographyClientBuilder	configuration(com.azure.core.util.Configuration configuration)	Sets the configuration store that is used during construction of the service client.
CryptographyClientBuilder	credential(com.azure.core.credential.TokenCredential credential)	Sets the credential to use when authenticating HTTP requests.
CryptographyClientBuilder	httpClient(com.azure.core.http.HttpClient client)	Sets the HTTP client to use for sending and receiving requests to and from the service.
CryptographyClientBuilder	httpLogOptions(com.azure.core.http.policy.HttpLogOptions logOptions)	Sets the logging configuration for HTTP requests and responses.
CryptographyClientBuilder	jsonWebKey(JsonWebKey jsonWebKey)	Sets the JsonWebKey to be used for local cryptography operations.
CryptographyClientBuilder	keyIdentifier(String keyId)	Sets the Azure Key Vault key identifier of the JSON Web Key to be used for cryptography operations.
CryptographyClientBuilder	pipeline(com.azure.core.http.HttpPipeline pipeline)	Sets the HTTP pipeline to use for the service client.
CryptographyClientBuilder	retryPolicy(com.azure.core.http.policy.RetryPolicy retryPolicy)	Sets the RetryPolicy that is used when each request is sent.
CryptographyClientBuilder	serviceVersion(CryptographyServiceVersion version)	Sets the CryptographyServiceVersion that is used when making API requests.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CryptographyClientBuilder

public CryptographyClientBuilder()

The constructor with defaults.

Method Detail

buildClient

public CryptographyClient buildClient()

Creates a CryptographyClient based on options set in the builder. Every time buildClient() is called, a new instance of CryptographyClient is created.

If jsonWebKey is set, then all other builder settings are ignored.

If pipeline is set, then the pipeline and jsonWebKey identifier are used to create the client. All other builder settings are ignored. If pipeline is not set, then an Azure Key Vault credential and JSON Web Key identifier are required to build the client.

Returns:

A CryptographyClient with the options set from the builder.

Throws:

IllegalStateException - If credential(TokenCredential) is null or keyIdentifier(String) is empty or null.

buildAsyncClient

public CryptographyAsyncClient buildAsyncClient()

Creates a CryptographyAsyncClient based on options set in the builder. Every time buildAsyncClient() is called, a new instance of CryptographyAsyncClient is created.

If jsonWebKey is set, then all other builder settings are ignored.

If pipeline is set, then the pipeline and jsonWebKey identifier) are used to create the async client. All other builder settings are ignored. If pipeline is not set, then an Azure Key Vault credential and JSON Web Key identifier are required to build the async client.

Returns:

A CryptographyAsyncClient with the options set from the builder.

Throws:

IllegalStateException - If credential(TokenCredential) is null or keyIdentifier(String) is empty or null.

keyIdentifier

public CryptographyClientBuilder keyIdentifier(String keyId)

Sets the Azure Key Vault key identifier of the JSON Web Key to be used for cryptography operations.

To ensure correct behavior when performing operations such as Decrypt, Unwrap and Verify, it is recommended to use a CryptographyAsyncClient or CryptographyClient created for the specific key version that was used for the corresponding inverse operation: Encrypt Wrap, or Sign, respectively.

Parameters:

keyId - The Azure Key Vault key identifier of the JSON Web Key stored in the key vault.

Returns:

The updated CryptographyClientBuilder object.

Throws:

NullPointerException - If keyId is null.

credential

public CryptographyClientBuilder credential(com.azure.core.credential.TokenCredential credential)

Sets the credential to use when authenticating HTTP requests.

Parameters:

credential - The credential to use for authenticating HTTP requests.

Returns:

The updated CryptographyClientBuilder object.

Throws:

NullPointerException - If credential is null.

jsonWebKey

public CryptographyClientBuilder jsonWebKey(JsonWebKey jsonWebKey)

Sets the JsonWebKey to be used for local cryptography operations.

If jsonWebKey is provided, then all other builder settings are ignored.

Parameters:

jsonWebKey - The JSON Web Key to be used for local cryptography operations.

Returns:

The updated CryptographyClientBuilder object.

Throws:

NullPointerException - If jsonWebKey is null.

httpLogOptions

public CryptographyClientBuilder httpLogOptions(com.azure.core.http.policy.HttpLogOptions logOptions)

Sets the logging configuration for HTTP requests and responses.

If logLevel is not provided, default value of HttpLogDetailLevel.NONE is set.

Parameters:

logOptions - The logging configuration to use when sending and receiving HTTP requests/responses.

Returns:

The updated CryptographyClientBuilder object.

addPolicy

public CryptographyClientBuilder addPolicy(com.azure.core.http.policy.HttpPipelinePolicy policy)

Adds a policy to the set of existing policies that are executed after the client required policies.

Parameters:

policy - The policy to be added.

Returns:

The updated CryptographyClientBuilder object.

Throws:

NullPointerException - If policy is null.

httpClient

public CryptographyClientBuilder httpClient(com.azure.core.http.HttpClient client)

Sets the HTTP client to use for sending and receiving requests to and from the service.

Parameters:

client - The HTTP client to use for requests.

Returns:

The updated CryptographyClientBuilder object.

pipeline

public CryptographyClientBuilder pipeline(com.azure.core.http.HttpPipeline pipeline)

Sets the HTTP pipeline to use for the service client. If pipeline is set, all other settings are ignored, aside from JSON Web Key identifier.

Parameters:

pipeline - The HTTP pipeline to use for sending service requests and receiving responses.

Returns:

The updated CryptographyClientBuilder object.

configuration

public CryptographyClientBuilder configuration(com.azure.core.util.Configuration configuration)

Sets the configuration store that is used during construction of the service client. The default configuration store is a clone of the global configuration store, use Configuration.NONE to bypass using configuration settings during construction.

Parameters:

configuration - The configuration store used to get configuration details.

Returns:

The updated CryptographyClientBuilder object.

serviceVersion

public CryptographyClientBuilder serviceVersion(CryptographyServiceVersion version)

Sets the CryptographyServiceVersion that is used when making API requests.

If a service version is not provided, the service version that will be used will be the latest known service version based on the version of the client library being used. If no service version is specified, updating to a newer version the client library will have the result of potentially moving to a newer service version.

Parameters:

version - CryptographyServiceVersion of the service to be used when making requests.

Returns:

The updated CryptographyClientBuilder object.

retryPolicy

public CryptographyClientBuilder retryPolicy(com.azure.core.http.policy.RetryPolicy retryPolicy)

Sets the RetryPolicy that is used when each request is sent. The default retry policy will be used in the pipeline, if not provided.

Parameters:

retryPolicy - User's RetryPolicy applied to each request.

Returns:

The updated CryptographyClientBuilder object.

clientOptions

public CryptographyClientBuilder clientOptions(com.azure.core.util.ClientOptions clientOptions)

Sets the ClientOptions which enables various options to be set on the client. For example setting an applicationId using ClientOptions.setApplicationId(String) to configure the UserAgentPolicy for telemetry/monitoring purposes.

More About Azure Core: Telemetry policy

Parameters:

clientOptions - The ClientOptions to be set on the client.

Returns:

The updated CryptographyClientBuilder object.