Description
Query/Question
How to use certificate received from Azure Key-Vault for Client-Auth under SSL Context.
Why is this not a Bug or a feature Request?
This is a query on how to use Certificate from Key-Vault as Client-Certificate under SSL Context. Error received from Server is as if no client certificate got actually attached under SSL Context.
When same certificate is used from a resource folder location and used in same code, code works fine.
So, doesn't seems to be a bug or new feature but more on request for guideline on some missing steps.
Setup (please complete the following information if applicable):
OS: Windows 10
IDE: IntelliJ
Library/Libraries: azure-spring-boot-starter-keyvault-certificates: 3.14.0, azure-identity: 1.13.2, azure-security-keyvault-certificates: 4.6.6
Following code is being used to fetch cert from Key-Vault and use the same as Client Certificate:
`
KeyVaultCertificateWithPolicy certificateWithPolicy = certificateClient.getCertificate(certName);
System.out.printf("\nRecevied certificate with name \"%s\", "
+ "version %s and secret id %s%n"
+ "expiry date: %s%n"
+ "Issuer: %s%n",
certificateWithPolicy.getProperties().getName(), certificateWithPolicy.getProperties().getVersion(),
certificateWithPolicy.getSecretId(),
certificateWithPolicy.getProperties().getExpiresOn(),
certificateWithPolicy.getPolicy().getIssuerName()
);
byte[] cerContent = certificateWithPolicy.getCer();
SSLConnectionSocketFactory socketFactory = null;
CloseableHttpClient httpClient = null;
try {
System.out.println(" Inside TRY Block");
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate certificate =
(X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(cerContent));
KeyStore azureKeyVaultKeyStore = KeyStore.getInstance("PKCS12");
azureKeyVaultKeyStore.load(null, null);
azureKeyVaultKeyStore.setCertificateEntry("<name>", certificate);
System.out.println(azureKeyVaultKeyStore
.isCertificateEntry("<name>"));
System.out.println(" Cert Loaded Completed "+ certificate.getType()+" Content ="+ certificate.getPublicKey() );
SSLContext sslContext = SSLContexts.custom()
.setKeyStoreType("PKCS12")
.loadKeyMaterial(azureKeyVaultKeyStore, null)
.build();
SSLConnectionSocketFactory sslConFactory =
new SSLConnectionSocketFactory(sslContext,allowAll);
httpClient = HttpClients.custom().setSSLSocketFactory(sslConFactory).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
String sslTest = "https://<URI>";
String body = "{\"Hello\": 124}";
HttpHeaders headers = new HttpHeaders();
headers.set("Accept", "application/json");
headers.set("Content-Type", "application/json");
headers.set("Hello", "124");
HttpEntity<String> request = new HttpEntity<String>(body, headers);
try {
ResponseEntity<String> result = restTemplate.postForEntity(sslTest, request, String.class);
System.out.println(result.getStatusCodeValue() + " Body:" + result.getBody());
} catch (Exception e) {
e.printStackTrace();
}
`
Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report
[ Y ] Query Added
[ Y ] Setup information Added
Metadata
Assignees
Labels
Type
Projects
Status
Untriaged