通过 .NET 库将 Azure 密钥保管库证书添加到 Azure Batch 帐户
我需要自动创建 Azure Batch 帐户。其中一部分是从现有 Azure 密钥保管库向帐户添加证书。我想我拥有我需要的所有部件,但我无法将它们全部组合在一起;我有一个KeyVault.Models.CertificateBundle对象和一个Management.Batch.Models.BatchAccount对象,但我不确定如何让一个对象进入另一个对象。
我的代码如下所示:
// Create Batch account
var storageAccount = new Models.AutoStorageBaseProperties(storageAccountId);
mgmtClient.BatchAccount.Create(resourceGroupName, accountName,
new Models.BatchAccountCreateParameters()
{
Location = clusterZone,
AutoStorage = storageAccount
});
string certName;
Models.CertificateCreateOrUpdateParameters certParams;
// Add certificate
using (KeyVaultClient kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetKeyVaultToken)))
{
var cert = kvClient.GetCertificateAsync(certId).GetAwaiter().GetResult();
string thumbprint = Convert.ToBase64String(cert.X509Thumbprint);
string cer = Convert.ToBase64String(cert.Cer);
certParams = new Models.CertificateCreateOrUpdateParameters(Convert.ToBase64String(cert.Cer), cert.Id, thumbprint: thumbprint, format: Models.CertificateFormat.Cer, type: cert.ContentType);
certName = $"SHA1-{thumbprint}"; // not sure about this one
}
// failing with a complaint about the cert name
mgmtClient.Certificate.Create(resourceGroupName, accountName, certName, certParams);
我使用此代码得到的确切错误是:
'certificateName' does not match expected pattern '^[\\w]+-[\\w]+$'.
certName看起来像SHA1-XXXXXXXXXXXXXXXXXXXXXX+XXXX=。指纹中有一些非字母数字字符。我只是猜测这是 SHA1,但除此之外,这个名字对我来说很合适。我不确定我错过了什么。
我也很乐意接受某人对这个特定问题的更简单的解决方案。
胡子哥哥1回答
-
慕斯709654
'certificateName' 与预期的模式 '^[\w]+-[\w]+$' 不匹配。您可以调试代码并检查 Azure 密钥库中的指纹。在您的代码中,您从代码中获得的指纹与认证指纹不同。我使用以下代码获得了认证指纹。X509Certificate2 x509 = new X509Certificate2();x509.Import(cert.Cer);var thumbprint = x509.Thumbprint;下面是我用来将证书添加到 Azure 批处理帐户的演示代码。var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"cred file path");var resourceGroup = "resourceGroup";var accountName = "batchAccountName";var subscriptionId = "subscriptionName";var certificateIdentifier = "https://keyvaultName.vault.azure.net/certificates/certName/xxxxx";var batchManagementClient = new BatchManagementClient(credentials) { SubscriptionId = subscriptionId };var azureServiceTokenProvider = new AzureServiceTokenProvider();var keyVaultClient = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));var cert = keyVaultClient.GetCertificateAsync(certificateIdentifier).Result;X509Certificate2 x509 = new X509Certificate2();x509.Import(cert.Cer);var thumbprint = x509.Thumbprint;var certConent = Convert.ToBase64String(cert.Cer);var certName = $"SHA1-{thumbprint}";var result= batchManagementClient.Certificate.CreateAsync(resourceGroup, accountName, certName, new CertificateCreateOrUpdateParametersInner { Thumbprint = thumbprint, Data = certConent, ThumbprintAlgorithm = "SHA1", Format = CertificateFormat.Cer, }).Result;测试结果:
随时随地看视频慕课网APP
PHP