我正嘗試從pfx證書中的Azure Java SDK創建KeyVaultClient對象。我發現了一個關於如何在C#中做到這一點的清晰文檔,但必須知道如何在Java中執行此操作。Azure KeyVaultClient:使用Java中的證書進行身份驗證
我能夠從用戶帳戶keystore獲得Windows證書,但我真的不知道要傳遞給KeyVaultClient構造函數的內容。它看起來像接受TokenCredentials類型的對象,但是我找不到任何有關如何實際構建其中一個(需要「標記」和「方案」)的文檔。
看來我靠近有一些工作定義這個類:
class WindowsStoreCertificateCredentials(clientId: String, certificate: X509Certificate, privateKey: PrivateKey) extends KeyVaultCredentials {
def getAuthResult(authority: String, resource: String): AuthenticationResult = {
val service = Executors.newFixedThreadPool(1)
val context = new AuthenticationContext(authority, false, service)
val certificateCredentials = AsymmetricKeyCredential.create(clientId, privateKey, certificate)
val authResultFuture = context.acquireToken(resource, certificateCredentials, null)
authResultFuture.get
}
override def doAuthenticate (authority: String, resource: String, scope: String): String = {
getAuthResult(authority, resource).getAccessToken
}
}
,並試圖用它獲得使用java.security.KeyStore中的證書X509Certificate對象和私鑰後:
val client = new KeyVaultClient(new WindowsStoreCertificateCredentials(
id, privateKey, certificate,))
val test = client.getSecret("https:/...")
不幸的是,引發一個異常:
sun.security.mscapi.RSAPrivateKey cannot be cast to java.security.interfaces.RSAPrivateKey java.lang.ClassCastException: sun.security.mscapi.RSAPrivateKey cannot be cast to java.security.interfaces.RSAPrivateKey
我在GitHub上AzureAD打開一個問題/蔚的ActiveDirectory庫換java和建議pull請求解決它,未完待續......
編輯:這是現在固定在AzureAD的版本1.2.0/azure-activedirectory-library-for-java。
這聽起來像你想知道如何使用Azure的SDK的Java創建通過與所需的參數ServiceClientCredentials credentials構造方法的KeyVaultClient對象,作爲javadoc說。
這是我的示例代碼。
import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.CloudException;
import com.microsoft.azure.credentials.ApplicationTokenCredentials;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.management.Azure;
import com.microsoft.rest.credentials.ServiceClientCredentials;
String clientId = "xxxx";
String domain = "xxxx"; // The same as tenant_id
String secret = "xxxx"; // The same as client_secret or keys
AzureEnvironment environment = AzureEnvironment.AZURE;
ServiceClientCredentials credentials = new ApplicationTokenCredentials(clientId, domain, secret, environment);
// New a KeyVaultClient object
KeyVaultClient kvClient = new KeyValutClient(credentials);
爲參照,你可以參考在Azure官方document得到的參數clientId,domain & secret在Azure管理門戶。爲天青的Java SDK的API的更多細節,請查看javadocs
它看起來像我不能使用這個構造函數,因爲我沒有後面的Azure應用程序。要特別指向Azure文檔:我正在嘗試執行與https://docs.microsoft.com/zh-CN/azure/key-vault/key-vault-use-from-web-application中的相同的第「使用證書進行身份驗證而不是客戶端祕密「。 – CanardMoussant