看来我靠近有一些工作定义这个类:
class WindowsStoreCertificateCredentials(clientId: String, certificate: X509Certificate, privateKey: PrivateKey) extends KeyVaultCredentials {
def getAuthResult(authority: String, resource: String): AuthenticationResult = {
val service = Executors.newFixedThreadPool(1)
val context = new AuthenticationContext(authority, false, service)
val certificateCredentials = AsymmetricKeyCredential.create(clientId, privateKey, certificate)
val authResultFuture = context.acquireToken(resource, certificateCredentials, null)
authResultFuture.get
}
override def doAuthenticate (authority: String, resource: String, scope: String): String = {
getAuthResult(authority, resource).getAccessToken
}
}
,并试图用它获得使用java.security.KeyStore中的证书X509Certificate对象和私钥后:
val client = new KeyVaultClient(new WindowsStoreCertificateCredentials(
id, privateKey, certificate,))
val test = client.getSecret("https:/...")
不幸的是,引发一个异常:
sun.security.mscapi.RSAPrivateKey cannot be cast to java.security.interfaces.RSAPrivateKey java.lang.ClassCastException: sun.security.mscapi.RSAPrivateKey cannot be cast to java.security.interfaces.RSAPrivateKey
我在GitHub上AzureAD打开一个问题/蔚的ActiveDirectory库换java和建议pull请求解决它,未完待续......
编辑:这是现在固定在AzureAD的版本1.2.0/azure-activedirectory-library-for-java。
它看起来像我不能使用这个构造函数,因为我没有后面的Azure应用程序。要特别指向Azure文档:我正在尝试执行与https://docs.microsoft.com/zh-CN/azure/key-vault/key-vault-use-from-web-application中的相同的第“使用证书进行身份验证而不是客户端秘密“。 – CanardMoussant