Sample code for 30+ languages & platforms
Tcl

Azure Key Vault Get the Latest Version of a Certificate

See more Azure Key Vault Examples

Demonstrates how to get the latest version of a certificate in Azure Key Vault.

Note: This example requires Chilkat v9.5.0.96 or later.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# See Azure Key Vault Get Certificates for a more detailed explanation
# for how Chilkat is automatically getting the OAuth2 access token for your application.

# Provide information needed for Chilkat to automatically get an OAuth2 access token as needed.
set json [new_CkJsonObject]

CkJsonObject_UpdateString $json "client_id" "APP_ID"
CkJsonObject_UpdateString $json "client_secret" "APP_PASSWORD"
CkJsonObject_UpdateString $json "resource" "https://vault.azure.net"
CkJsonObject_UpdateString $json "token_endpoint" "https://login.microsoftonline.com/TENANT_ID/oauth2/token"

set http [new_CkHttp]

# Instead of providing an actual access token, we give Chilkat the information that allows it to 
# automatically fetch the access token using the OAuth2 client credentials flow.
CkHttp_put_AuthToken $http [CkJsonObject_emit $json]

# Replace VAULT_NAME with the name of your Azure Key Vault.
CkHttp_SetUrlVar $http "certName" "importCert01"

set sbResponse [new_CkStringBuilder]

set success [CkHttp_QuickGetSb $http "https://VAULT_NAME.vault.azure.net/certificates/{$certName}?api-version=7.4" $sbResponse]
if {$success == 0} then {

    set statusCode [CkHttp_get_LastStatus $http]
    if {$statusCode == 0} then {
        # We did not get a response from the server..
        puts [CkHttp_lastErrorText $http]
    }     else {
        # We received a response, but it was an error.
        puts "Error response status code: $statusCode"
        puts "Error response:"
        puts [CkStringBuilder_getAsString $sbResponse]
    }

    delete_CkJsonObject $json
    delete_CkHttp $http
    delete_CkStringBuilder $sbResponse
    exit
}

set jsonResp [new_CkJsonObject]

CkJsonObject_LoadSb $jsonResp $sbResponse
CkJsonObject_put_EmitCompact $jsonResp 0

puts [CkJsonObject_emit $jsonResp]

# A sample JSON response is show at the bottom.

# Let's do two things with the result.
# 1) Load the DER of the cert into a Chilkat Cert object.
# 2) Get the Key Vault version id of the certificate.

set cert [new_CkCert]

set success [CkCert_LoadFromBase64 $cert [CkJsonObject_stringOf $jsonResp "cer"]]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    puts "Failed to load certificate from Base64 DER."
    delete_CkJsonObject $json
    delete_CkHttp $http
    delete_CkStringBuilder $sbResponse
    delete_CkJsonObject $jsonResp
    delete_CkCert $cert
    exit
}

# The Azure Key Vault's "version" of the certificate is the hex string at the end of the "id", "kid", and "sid" JSON members.
# For example:  "7140c8755ed14839b5d86a9f7e7f0497"
set sbId [new_CkStringBuilder]

CkStringBuilder_Append $sbId [CkJsonObject_stringOf $jsonResp "id"]
set certVersion [CkStringBuilder_getAfterFinal $sbId "/" 0]
puts "The key vault cert version is $certVersion"

# {
#   "id": "https://kvchilkat.vault.azure.net/certificates/importCert01/7140c8755ed14839b5d86a9f7e7f0497",
#   "kid": "https://kvchilkat.vault.azure.net/keys/importCert01/7140c8755ed14839b5d86a9f7e7f0497",
#   "sid": "https://kvchilkat.vault.azure.net/secrets/importCert01/7140c8755ed14839b5d86a9f7e7f0497",
#   "x5t": "I_e3776K5Q_6PN1HHvJoI2ZGQRQ",
#   "cer": "MIIGXjCCB .... cjTsi7yIY=",
#   "attributes": {
#     "enabled": true,
#     "nbf": 1633996800,
#     "exp": 1728691199,
#     "created": 1697411128,
#     "updated": 1697411128,
#     "recoveryLevel": "CustomizedRecoverable+Purgeable",
#     "recoverableDays": 7
#   },
#   "policy": {
#     "id": "https://kvchilkat.vault.azure.net/certificates/importCert01/policy",
#     "key_props": {
#       "exportable": true,
#       "kty": "RSA",
#       "key_size": 4096,
#       "reuse_key": false
#     },
#     "secret_props": {
#       "contentType": "application/x-pkcs12"
#     },
#     "x509_props": {
#       "subject": "CN=\"Chilkat Software, Inc.\", O=\"Chilkat Software, Inc.\", S=Illinois, C=US",
#       "ekus": [
#         "1.3.6.1.5.5.7.3.3"
#       ],
#       "key_usage": [
#         "digitalSignature"
#       ],
#       "validity_months": 37,
#       "basic_constraints": {
#         "ca": false
#       }
#     },
#     "lifetime_actions": [
#       {
#         "trigger": {
#           "lifetime_percentage": 80
#         },
#         "action": {
#           "action_type": "EmailContacts"
#         }
#       }
#     ],
#     "issuer": {
#       "name": "Unknown"
#     },
#     "attributes": {
#       "enabled": true,
#       "created": 1697411128,
#       "updated": 1697411128
#     }
#   }
# }

delete_CkJsonObject $json
delete_CkHttp $http
delete_CkStringBuilder $sbResponse
delete_CkJsonObject $jsonResp
delete_CkCert $cert
delete_CkStringBuilder $sbId