DataFlex
DataFlex
Azure Key Vault Find Certificate
See more Azure Key Vault Examples
Let's say you have the certificate locally, but not with the private key. You only have the certificate, such as in a .cer file, but not the .pfx. The purpose of this example is to show how to find the same certificate in Azure Key Vault, and return the Azure Key Vault's name for the certificate.Note: This example requires Chilkat v9.5.0.96 or later.
Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoCert
Handle hoBdThumbprint
String sSeek_x5t
Handle hoJson
Handle hoHttp
Variant vSbResponse
Handle hoSbResponse
Integer iStatusCode
Handle hoJsonResp
Variant vJsonRec
Handle hoJsonRec
Handle hoSbId
String sCertName
String sTemp1
Boolean bTemp1
Move False To iSuccess
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// We have a .cer file locally, and we want to find this same certificate in Azure Key Vault
// because we'll need Azure Key Vault's name (and version) for the certificate if we are going to ask
// Key Vault to sign using the cert's private key.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
Get ComLoadFromFile Of hoCert "qa_data/certs/myCert.cer" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
// Let's the the SHA1 thumbprint for our cert in base64url format. This is the "x5t" member that we'll
// be seeking in the list of certificates returned from Azure Key Vault.
Get Create (RefClass(cComChilkatBinData)) To hoBdThumbprint
If (Not(IsComObjectCreated(hoBdThumbprint))) Begin
Send CreateComObject of hoBdThumbprint
End
Get ComSha1Thumbprint Of hoCert To sTemp1
Get ComAppendEncoded Of hoBdThumbprint sTemp1 "hex" To iSuccess
Get ComGetEncoded Of hoBdThumbprint "base64url" To sSeek_x5t
Showln "Seeking the cert with x5t = " sSeek_x5t
// Provide information needed for Chilkat to automatically get an OAuth2 access token as needed.
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
Get ComUpdateString Of hoJson "client_id" "APP_ID" To iSuccess
Get ComUpdateString Of hoJson "client_secret" "APP_PASSWORD" To iSuccess
Get ComUpdateString Of hoJson "resource" "https://vault.azure.net" To iSuccess
Get ComUpdateString Of hoJson "token_endpoint" "https://login.microsoftonline.com/TENANT_ID/oauth2/token" To iSuccess
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
// Instead of providing an actual access token, we give Chilkat the information that allows it to
// automatically fetch the access token using the OAuth2 client credentials flow.
Get ComEmit Of hoJson To sTemp1
Set ComAuthToken Of hoHttp To sTemp1
// Download JSON containing information about the certs in the Azure Key Vault.
// Replace VAULT_NAME with the name of your Azure Key Vault.
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbResponse
If (Not(IsComObjectCreated(hoSbResponse))) Begin
Send CreateComObject of hoSbResponse
End
Get pvComObject of hoSbResponse to vSbResponse
Get ComQuickGetSb Of hoHttp "https://VAULT_NAME.vault.azure.net/certificates?api-version=7.4" vSbResponse To iSuccess
If (iSuccess = False) Begin
Get ComLastStatus Of hoHttp To iStatusCode
If (iStatusCode = 0) Begin
// We did not get a response from the server..
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
End
Else Begin
// We received a response, but it was an error.
Showln "Error response status code: " iStatusCode
Showln "Error response:"
Get ComGetAsString Of hoSbResponse To sTemp1
Showln sTemp1
End
Procedure_Return
End
Get Create (RefClass(cComChilkatJsonObject)) To hoJsonResp
If (Not(IsComObjectCreated(hoJsonResp))) Begin
Send CreateComObject of hoJsonResp
End
Get pvComObject of hoSbResponse to vSbResponse
Get ComLoadSb Of hoJsonResp vSbResponse To iSuccess
Set ComEmitCompact Of hoJsonResp To False
// The JSON will contain an array of certs like this:
// {
// "value": [
// {
// "id": "https://kvchilkat.vault.azure.net/certificates/BadSSL",
// "x5t": "U04xLnb8Ww7BKkW9dD7P1cCHNDY",
// "attributes": {
// "enabled": true,
// "nbf": 1674409014,
// "exp": 1737481014,
// "created": 1697294224,
// "updated": 1697294224
// },
// "subject": ""
// },
// ...
// ...
// Find the record having an "x5t" value equal to the one we're seeking.
Get ComFindRecord Of hoJsonResp "value" "x5t" sSeek_x5t True To vJsonRec
If (IsComObject(vJsonRec)) Begin
Get Create (RefClass(cComChilkatJsonObject)) To hoJsonRec
Set pvComObject Of hoJsonRec To vJsonRec
End
Get ComLastMethodSuccess Of hoJsonResp To bTemp1
If (bTemp1 = False) Begin
Showln "Did not find a matching certificate."
End
Else Begin
Showln "Found the matching certificate."
// The id is a value such as https://kvchilkat.vault.azure.net/certificates/BadSSL
Get ComStringOf Of hoJsonRec "id" To sTemp1
Showln "id: " sTemp1
// The name of the certificate is the last word after the final "/", such as "BadSSL"
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbId
If (Not(IsComObjectCreated(hoSbId))) Begin
Send CreateComObject of hoSbId
End
Get ComStringOf Of hoJsonRec "id" To sTemp1
Get ComAppend Of hoSbId sTemp1 To iSuccess
Get ComGetAfterFinal Of hoSbId "/" False To sCertName
Showln "name: " sCertName
Send Destroy of hoJsonRec
End
Send Destroy of hoJsonResp
End_Procedure