Azure Key Vault Certificate Management using Java

0
votes

My solution involves creation of a certificate in keyvault using Java. Below are the ways I tried to do it but was not successful.

  1. DefaultAzureCredentialBuilder:The most basic form of creation of the certificate wherein I have to export the clientId, clientSecret and the tenantId in the environment variables and create a Certificate Client as below:
  CertificateClient certificateClient = new CertificateClientBuilder()
                                   .vaultUrl("https://valueUrl.vault.azure.net")
                                  .credential(new DefaultAzureCredentialBuilder().build()).buildClient();
  1. ADAL: This is the one I am more interested in as I can send in my details of client id, secret and tenantid and then instantiate the certificate client. I tried using this and still was not successful. The snippet is as below: 
     ClientCertificateCredential certCreds = new ClientCertificateCredentialBuilder()
                        .clientId("clientId")
                        .pfxCertificate("C:\\MyCerft.pfx", "123")
                        .tenantId("tenantId").build();
     CertificateClient certificateClient1 = new CertificateClientBuilder()
                        .vaultUrl("https://vaultUrl.vault.azure.net/")
                        .credential(certCreds).buildClient();

The source of the samples are from below:

But both the above throw out the same error of mismatch in signature in the credentialBuilder class as 

com.azure.security.keyvault.certificates.CertificateClientBuilder"'s signer information does not match
signer information of other classes in the same package

Below is dependencies in my pom file: 

<dependency>
  <groupId>com.azure</groupId>
  <artifactId>azure-security-keyvault-certificates</artifactId>
  <version>4.0.0</version>
</dependency>    `

<dependency>
  <groupId>com.azure</groupId>
  <artifactId>azure-identity</artifactId>
  <version>1.0.4</version> <!-- {x-version-update;com.azure:azure-identity;dependency} -->
</dependency>

I would really like to do it the second way as that is much safer and lets me do some config settings that I have to set in the first case. But, at this point, I would even take the first, in case there is an outcome there.

Also, I do not understand why for the second way, microsoft haven't given the client secret as a parameter but expect a certificate(pfx/pem) to the solution to authenticate. As, I believe the sdk should allow accept both ways of access.

Any suggestions on what am I possibly missing here would be of great help as this is something I picked straight from the official documentation from Microsoft.

Cheers

1
javaazureazure-active-directoryazure-keyvault

1 Answers

0
votes

It could be a BUG. I resolved it by using SDKs of the following version:

<!-- https://mvnrepository.com/artifact/com.azure/azure-identity -->
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.1.0-beta.2</version>
    <scope>test</scope>
</dependency>

<!-- https://mvnrepository.com/artifact/com.azure/azure-security-keyvault-certificates -->
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-security-keyvault-certificates</artifactId>
    <version>4.1.0-beta.1</version>
</dependency>