Tcl
Tcl
Azure Key Vault Get the Latest Version of a Certificate
See more Azure Key Vault Examples
Demonstrates how to get the latest version of a certificate in Azure Key Vault.Note: This example requires Chilkat v9.5.0.96 or later.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# See Azure Key Vault Get Certificates for a more detailed explanation
# for how Chilkat is automatically getting the OAuth2 access token for your application.
# Provide information needed for Chilkat to automatically get an OAuth2 access token as needed.
set json [new_CkJsonObject]
CkJsonObject_UpdateString $json "client_id" "APP_ID"
CkJsonObject_UpdateString $json "client_secret" "APP_PASSWORD"
CkJsonObject_UpdateString $json "resource" "https://vault.azure.net"
CkJsonObject_UpdateString $json "token_endpoint" "https://login.microsoftonline.com/TENANT_ID/oauth2/token"
set http [new_CkHttp]
# Instead of providing an actual access token, we give Chilkat the information that allows it to
# automatically fetch the access token using the OAuth2 client credentials flow.
CkHttp_put_AuthToken $http [CkJsonObject_emit $json]
# Replace VAULT_NAME with the name of your Azure Key Vault.
CkHttp_SetUrlVar $http "certName" "importCert01"
set sbResponse [new_CkStringBuilder]
set success [CkHttp_QuickGetSb $http "https://VAULT_NAME.vault.azure.net/certificates/{$certName}?api-version=7.4" $sbResponse]
if {$success == 0} then {
set statusCode [CkHttp_get_LastStatus $http]
if {$statusCode == 0} then {
# We did not get a response from the server..
puts [CkHttp_lastErrorText $http]
} else {
# We received a response, but it was an error.
puts "Error response status code: $statusCode"
puts "Error response:"
puts [CkStringBuilder_getAsString $sbResponse]
}
delete_CkJsonObject $json
delete_CkHttp $http
delete_CkStringBuilder $sbResponse
exit
}
set jsonResp [new_CkJsonObject]
CkJsonObject_LoadSb $jsonResp $sbResponse
CkJsonObject_put_EmitCompact $jsonResp 0
puts [CkJsonObject_emit $jsonResp]
# A sample JSON response is show at the bottom.
# Let's do two things with the result.
# 1) Load the DER of the cert into a Chilkat Cert object.
# 2) Get the Key Vault version id of the certificate.
set cert [new_CkCert]
set success [CkCert_LoadFromBase64 $cert [CkJsonObject_stringOf $jsonResp "cer"]]
if {$success == 0} then {
puts [CkCert_lastErrorText $cert]
puts "Failed to load certificate from Base64 DER."
delete_CkJsonObject $json
delete_CkHttp $http
delete_CkStringBuilder $sbResponse
delete_CkJsonObject $jsonResp
delete_CkCert $cert
exit
}
# The Azure Key Vault's "version" of the certificate is the hex string at the end of the "id", "kid", and "sid" JSON members.
# For example: "7140c8755ed14839b5d86a9f7e7f0497"
set sbId [new_CkStringBuilder]
CkStringBuilder_Append $sbId [CkJsonObject_stringOf $jsonResp "id"]
set certVersion [CkStringBuilder_getAfterFinal $sbId "/" 0]
puts "The key vault cert version is $certVersion"
# {
# "id": "https://kvchilkat.vault.azure.net/certificates/importCert01/7140c8755ed14839b5d86a9f7e7f0497",
# "kid": "https://kvchilkat.vault.azure.net/keys/importCert01/7140c8755ed14839b5d86a9f7e7f0497",
# "sid": "https://kvchilkat.vault.azure.net/secrets/importCert01/7140c8755ed14839b5d86a9f7e7f0497",
# "x5t": "I_e3776K5Q_6PN1HHvJoI2ZGQRQ",
# "cer": "MIIGXjCCB .... cjTsi7yIY=",
# "attributes": {
# "enabled": true,
# "nbf": 1633996800,
# "exp": 1728691199,
# "created": 1697411128,
# "updated": 1697411128,
# "recoveryLevel": "CustomizedRecoverable+Purgeable",
# "recoverableDays": 7
# },
# "policy": {
# "id": "https://kvchilkat.vault.azure.net/certificates/importCert01/policy",
# "key_props": {
# "exportable": true,
# "kty": "RSA",
# "key_size": 4096,
# "reuse_key": false
# },
# "secret_props": {
# "contentType": "application/x-pkcs12"
# },
# "x509_props": {
# "subject": "CN=\"Chilkat Software, Inc.\", O=\"Chilkat Software, Inc.\", S=Illinois, C=US",
# "ekus": [
# "1.3.6.1.5.5.7.3.3"
# ],
# "key_usage": [
# "digitalSignature"
# ],
# "validity_months": 37,
# "basic_constraints": {
# "ca": false
# }
# },
# "lifetime_actions": [
# {
# "trigger": {
# "lifetime_percentage": 80
# },
# "action": {
# "action_type": "EmailContacts"
# }
# }
# ],
# "issuer": {
# "name": "Unknown"
# },
# "attributes": {
# "enabled": true,
# "created": 1697411128,
# "updated": 1697411128
# }
# }
# }
delete_CkJsonObject $json
delete_CkHttp $http
delete_CkStringBuilder $sbResponse
delete_CkJsonObject $jsonResp
delete_CkCert $cert
delete_CkStringBuilder $sbId