从Node.js中的Azure keyvault获取正确的pfx文件

问题描述:

我想从azure keyvault获取pfx文件,而不是将其放在本地计算机上。我打算用这个来创建一个HTTPS服务器。从Node.js中的Azure keyvault获取正确的pfx文件

但是,当我从keyvault读取并写入本地的pfx文件时。该文件的大小似乎稍有变化,即使使用正确的密码,该文件也不再有效。我在java上也是这样,并且看起来不是平台特定的。

client.getSecret("https://sl-dev-keys.vault.azure.net/secrets/newcertpfx/888175c395264e6096bf0a02ef73de1a", function(getErr, getSecretBundle) {  
    if (getErr) throw getErr; 
    console.log('\n\nSecret ', getSecretBundle.value, ' is retrieved.\n'); 

    var fs = require('fs'); 
    var fileContent = getSecretBundle.value; 

    let writeStream = fs.createWriteStream('test.pfx'); 

    // write some data with a base64 encoding 
    writeStream.write(fileContent, 'base64'); 

    // the finish event is emitted when all data has been flushed from the stream 
    writeStream.on('finish',() => { 
     console.log('wrote all data to file'); 
    }); 

    // close the stream 
    writeStream.end('end'); 

如果证书文件需要存储在硬盘上,那么您可能需要使用密码对其进行加密。

以供参考,在这里是为获取PFX文件&将密码改回PowerShell脚本:

$kvSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $secretName 
$kvSecretBytes = [System.Convert]::FromBase64String($kvSecret.SecretValueText) 
$certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
$certCollection.Import($kvSecretBytes,$null,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable) 

$password = '******' 
$protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $password) 
$pfxPath = [Environment]::GetFolderPath("Desktop") + "\MyCert.pfx" 
[System.IO.File]::WriteAllBytes($pfxPath, $protectedCertificateBytes) 

要了解详情,pelase参考Get started with Azure Key Vault certificates

+0

谢谢但问题是我无法在node.js上实现这一点,因为在x509周围有utils是非常有限的。我能够在C#上实现这一点。这是可能的node.js? – Naveen