使用Java連接Azure Key Vault時出錯
[英]Error Connecting Azure Key Vault using Java
問題描述
我是Azure相關概念的新手,並且在連接Azure密鑰保管庫時遇到問題。
請按如下所示找到我的代碼段,並讓我知道為什么會出現以下異常:
Get Key started.../n SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. Get Key failedjava.lang.RuntimeException: java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\\r\\nTrace ID: 13f8e909-89d8-472f-a1c1-9f4bcf693700\\r\\nCorrelation ID: bf818c41-4092-4f7d-8292-b1275a5da62f\\r\\nTimestamp: 2017-10-17 07:22:12Z","error":"invalid_client"} Exception in thread "main" java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\\r\\nTrace ID: 1234\\r\\nCorrelation ID: 123456\\r\\nTimestamp: 2017-10-17 07:22:12Z","error":"invalid_client"} at com.google.common.util.concurrent.AbstractFuture$Sync.getValue(AbstractFuture.java:299) at com.google.common.util.concurrent.AbstractFuture$Sync.get(AbstractFuture.java:286) at com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:116) at Program.main(Program.java:88)
相應的代碼正在嘗試連接Azure Key Vault:
KeyVaultCredentials kvCred = new ClientSecretKeyVaultCredential("clientID", "client Secret");
KeyVaultClient vc = new KeyVaultClient(kvCred);
byte[] byteText = textToEncrypt.getBytes("UTF-16");
/*************************************/
// Get Key from Key Vault
System.out.println("Get Key started.../n");
start = System.currentTimeMillis();
ServiceCallback<KeyBundle> serviceCallbackgetkey = new ServiceCallback<KeyBundle>(){
@Override
public void failure(Throwable t) {
System.out.println("Get Key failed"+t.toString());
}
@Override
public void success(KeyBundle result ) {//ServiceResponse
System.out.println("Get Key Success");
JsonWebKey myKey = result.key();
keyIdentifier = myKey.kid();
System.out.println("Key ID:"+keyIdentifier);
end = System.currentTimeMillis();
formatter = new DecimalFormat("#0.00000");
System.out.print("Get Key Execution time is " + formatter.format((end - start) / 1000d) + " seconds\n");
start = 0;
end =0;
}
};
ServiceCall<KeyBundle> call = vc.getKeyAsync(keyVaultURI, "MyKey1", serviceCallbackgetkey);
System.out.println(call.get());
注意:我在郵遞員中使用相同的Client-ID和Client Secret連接不同的REST api,並且運行良好。
另外,我嘗試從此處執行以下代碼。 但是面臨同樣的問題。
請幫助我確定為什么無法連接Vault。
2 個解決方案
解決方案1
1 2017-10-18 10:30:33
我試圖重現您的問題,但失敗了。
我認為您的問題可能是由於為您的應用程序授權keyvault API的permission所致。
您可以參考下面對我有用的代碼。
程序類別:
import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
import java.util.concurrent.ExecutionException;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
public class Program {
public static void main(String[] args)
throws InterruptedException, ExecutionException, URISyntaxException, UnsupportedEncodingException {
KeyVaultCredentials kvCred = new ClientSecretKeyVaultCredential("APP_ID", "APP_SECRET");
KeyVaultClient vc = new KeyVaultClient(kvCred);
String keyIdentifier = "https://jaygong.vault.azure.net/keys/jaytest/b21bae081025418c806d73affc2937e0";
System.out.println(vc.getKey(keyIdentifier));
}
}
ClientSecretKeyVaultCredential類:
import java.net.MalformedURLException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.ClientCredential;
import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
public class ClientSecretKeyVaultCredential extends KeyVaultCredentials {
private String applicationId;
private String applicationSecret;
public ClientSecretKeyVaultCredential(String applicationId, String applicationSecret) {
this.setApplicationId(applicationId);
this.setApplicationSecret(applicationSecret);
}
public String getApplicationId() {
return applicationId;
}
private void setApplicationId(String applicationId) {
this.applicationId = applicationId;
}
public String getApplicationSecret() {
return applicationSecret;
}
private void setApplicationSecret(String applicationSecret) {
this.applicationSecret = applicationSecret;
}
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
AuthenticationResult res = null;
try {
res = GetAccessToken(authorization, resource, applicationId, applicationSecret);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getAccessToken();
}
private AuthenticationResult GetAccessToken(String authorization, String resource, String clientID, String clientKey)
throws InterruptedException, ExecutionException {
AuthenticationContext ctx = null;
ExecutorService service = Executors.newFixedThreadPool(1);
try {
ctx = new AuthenticationContext(authorization, false, service);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Future<AuthenticationResult> resp = ctx.acquireToken(resource, new ClientCredential(
clientID, clientKey), null);
AuthenticationResult res = resp.get();
return res;
}
}
結果:
請注意,您應該授權您的應用程序使用密鑰或機密。 這是官方文檔中提到的powershell方法。
Set-AzureRmKeyVaultAccessPolicy -VaultName 'XXXXXXX' -ServicePrincipalName XXXXX -PermissionsToKeys decrypt,sign,get,unwrapKey
更新答案:
我不確定您的應用程序是否有權調用KeyVault API 。 您可以在門戶網站上添加此權限。
希望對您有幫助。
解決方案2
1 已采納 2017-10-20 14:12:56
找出問題所在,問題出在client_secret上,它在生成時具有一些特殊字符,例如%。 看來,天藍色的密鑰保險庫正在接受使用base64編碼及其特殊字符加密的客戶端機密。
How connect to Azure Key Vault from java backend using Azure Java SDK?
[英]How connect to Azure Key Vault from java backend using Azure Java SDK?
如何使用服務到服務身份驗證將Java本地開發到Azure Key Vault?
[英]How do you use service-to-service authentication for local development to Azure Key Vault using Java?
有沒有辦法使用對稱密鑰通過 Azure Key Vault 加密消息?
[英]Is there a way to encrypt a message with Azure Key Vault using a symmetric key?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
使用 Java 對 Azure Key Vault 進行身份驗證
使用 Java 的 Azure Key Vault 證書管理
How connect to Azure Key Vault from java backend using Azure Java SDK?
使用 Quarkus 連接到 Azure Key Vault
如何通過 Java SDK 在 Azure Key Vault 中創建密鑰?
如何使用服務到服務身份驗證將Java本地開發到Azure Key Vault?
使用 Java 中的 Key Vault 生成 SAS 令牌
有沒有辦法使用對稱密鑰通過 Azure Key Vault 加密消息?
在 Java 中通過 MSI 讀取 Azure Key Vault 機密
Azure Key Vault 參考 Java 代碼/Yaml 管道
相關標簽