通过 .NET 库将 Azure 密钥保管库证书添加到 Azure Batch 帐户
Adding Azure key vault certificate to Azure Batch account via .NET libs
我需要自动创建 Azure Batch 帐户。其中一部分是从现有的 Azure 密钥保管库向帐户添加证书。我想我拥有我需要的所有部件,但我就是无法将它们全部组合在一起;我有一个 KeyVault.Models.CertificateBundle 对象和一个 Management.Batch.Models.BatchAccount 对象,但我不确定如何将一个对象放入另一个对象。
我的代码如下所示:
// Create Batch account
var storageAccount = new Models.AutoStorageBaseProperties(storageAccountId);
mgmtClient.BatchAccount.Create(resourceGroupName, accountName,
new Models.BatchAccountCreateParameters()
{
Location = clusterZone,
AutoStorage = storageAccount
});
string certName;
Models.CertificateCreateOrUpdateParameters certParams;
// Add certificate
using (KeyVaultClient kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetKeyVaultToken)))
{
var cert = kvClient.GetCertificateAsync(certId).GetAwaiter().GetResult();
string thumbprint = Convert.ToBase64String(cert.X509Thumbprint);
string cer = Convert.ToBase64String(cert.Cer);
certParams = new Models.CertificateCreateOrUpdateParameters(Convert.ToBase64String(cert.Cer), cert.Id, thumbprint: thumbprint, format: Models.CertificateFormat.Cer, type: cert.ContentType);
certName = $"SHA1-{thumbprint}"; // not sure about this one
}
// failing with a complaint about the cert name
mgmtClient.Certificate.Create(resourceGroupName, accountName, certName, certParams);
我在使用此代码时遇到的确切错误是:
'certificateName' does not match expected pattern '^[\w]+-[\w]+$'.
certName 看起来像 SHA1-XXXXXXXXXXXXXXXXXXXXXX+XXXX=。指纹中有一些非字母数字字符。我只是猜测这是 SHA1,但除此之外,我觉得这个名字很合适。我不确定我错过了什么。
我也很乐意接受某人对这个特定问题的更简单的解决方案。
'certificateName' does not match expected pattern '^[\w]+-[\w]+$'.
您可以调试代码并检查 Azure keyvault 中的指纹。在您的代码中,您从代码中获得的指纹与认证指纹不同。我通过以下代码获得了认证指纹。
X509Certificate2 x509 = new X509Certificate2();
x509.Import(cert.Cer);
var thumbprint = x509.Thumbprint;
下面是我用来将证书添加到 Azure 批处理帐户的演示代码。
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"cred file path");
var resourceGroup = "resourceGroup";
var accountName = "batchAccountName";
var subscriptionId = "subscriptionName";
var certificateIdentifier = "https://keyvaultName.vault.azure.net/certificates/certName/xxxxx";
var batchManagementClient = new BatchManagementClient(credentials)
{
SubscriptionId = subscriptionId
};
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient =
new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var cert = keyVaultClient.GetCertificateAsync(certificateIdentifier).Result;
X509Certificate2 x509 = new X509Certificate2();
x509.Import(cert.Cer);
var thumbprint = x509.Thumbprint;
var certConent = Convert.ToBase64String(cert.Cer);
var certName = $"SHA1-{thumbprint}";
var result= batchManagementClient.Certificate.CreateAsync(resourceGroup, accountName, certName, new CertificateCreateOrUpdateParametersInner
{
Thumbprint = thumbprint,
Data = certConent,
ThumbprintAlgorithm = "SHA1",
Format = CertificateFormat.Cer,
}).Result;
测试结果:
我需要自动创建 Azure Batch 帐户。其中一部分是从现有的 Azure 密钥保管库向帐户添加证书。我想我拥有我需要的所有部件,但我就是无法将它们全部组合在一起;我有一个 KeyVault.Models.CertificateBundle 对象和一个 Management.Batch.Models.BatchAccount 对象,但我不确定如何将一个对象放入另一个对象。
我的代码如下所示:
// Create Batch account
var storageAccount = new Models.AutoStorageBaseProperties(storageAccountId);
mgmtClient.BatchAccount.Create(resourceGroupName, accountName,
new Models.BatchAccountCreateParameters()
{
Location = clusterZone,
AutoStorage = storageAccount
});
string certName;
Models.CertificateCreateOrUpdateParameters certParams;
// Add certificate
using (KeyVaultClient kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetKeyVaultToken)))
{
var cert = kvClient.GetCertificateAsync(certId).GetAwaiter().GetResult();
string thumbprint = Convert.ToBase64String(cert.X509Thumbprint);
string cer = Convert.ToBase64String(cert.Cer);
certParams = new Models.CertificateCreateOrUpdateParameters(Convert.ToBase64String(cert.Cer), cert.Id, thumbprint: thumbprint, format: Models.CertificateFormat.Cer, type: cert.ContentType);
certName = $"SHA1-{thumbprint}"; // not sure about this one
}
// failing with a complaint about the cert name
mgmtClient.Certificate.Create(resourceGroupName, accountName, certName, certParams);
我在使用此代码时遇到的确切错误是:
'certificateName' does not match expected pattern '^[\w]+-[\w]+$'.
certName 看起来像 SHA1-XXXXXXXXXXXXXXXXXXXXXX+XXXX=。指纹中有一些非字母数字字符。我只是猜测这是 SHA1,但除此之外,我觉得这个名字很合适。我不确定我错过了什么。
我也很乐意接受某人对这个特定问题的更简单的解决方案。
'certificateName' does not match expected pattern '^[\w]+-[\w]+$'.
您可以调试代码并检查 Azure keyvault 中的指纹。在您的代码中,您从代码中获得的指纹与认证指纹不同。我通过以下代码获得了认证指纹。
X509Certificate2 x509 = new X509Certificate2();
x509.Import(cert.Cer);
var thumbprint = x509.Thumbprint;
下面是我用来将证书添加到 Azure 批处理帐户的演示代码。
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"cred file path");
var resourceGroup = "resourceGroup";
var accountName = "batchAccountName";
var subscriptionId = "subscriptionName";
var certificateIdentifier = "https://keyvaultName.vault.azure.net/certificates/certName/xxxxx";
var batchManagementClient = new BatchManagementClient(credentials)
{
SubscriptionId = subscriptionId
};
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient =
new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var cert = keyVaultClient.GetCertificateAsync(certificateIdentifier).Result;
X509Certificate2 x509 = new X509Certificate2();
x509.Import(cert.Cer);
var thumbprint = x509.Thumbprint;
var certConent = Convert.ToBase64String(cert.Cer);
var certName = $"SHA1-{thumbprint}";
var result= batchManagementClient.Certificate.CreateAsync(resourceGroup, accountName, certName, new CertificateCreateOrUpdateParametersInner
{
Thumbprint = thumbprint,
Data = certConent,
ThumbprintAlgorithm = "SHA1",
Format = CertificateFormat.Cer,
}).Result;
测试结果: