Issues with Authenticating GET Operation Status using Management Certificate in Azure

Mohamed Jbeli 0 Reputation points
2023-11-29T10:52:14.86+00:00

I'm encountering authentication problems while attempting to perform a GET operation status within Azure using a management certificate. I followed the steps outlined in this documentation to generate an SSL certificate and successfully uploaded it to Azure Key Vault.

However, upon using the uploaded certificate for authentication, I keep receiving the following error:

<code>ForbiddenError</code>

I referred to this Azure documentation for uploading the certificate to Key Vault. However, I'm stuck at the 7th step, particularly regarding the configuration file's placement and its contents.

Currently, I'm using a Java configuration class to handle SSL connections and certificate authentication within my application. Here's an excerpt of my Java configuration:

@Bean("SSlConfig")
    public RestTemplate customRestTemplate() {
        char[] emptyPass = {};
        // Get the certificate bytes from the retrieved certificate
        byte[] certBytes = certificate.getCer(); 
        try {
                        // Create a Certificate instance from the certificate bytes
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                        ByteArrayInputStream inputStream = new ByteArrayInputStream(certBytes);
                        Certificate certificate = certificateFactory.generateCertificate(inputStream);
                        // Retrieving private key
                        String base64PrivateKey = certifPrivateKey.getValue();
                        byte[] rawPrivateKey = Base64.getDecoder().decode(base64PrivateKey);
                        // Create KeyStore and load the certificate
                        KeyStore rsaKeyGenerator  = KeyStore.getInstance(KeyStore.getDefaultType());
                        ByteArrayInputStream keyStream = new ByteArrayInputStream(rawPrivateKey);
                        rsaKeyGenerator .load(keyStream, null);
                        close(keyStream);
                        Key rsaPrivateKey = rsaKeyGenerator .getKey(rsaKeyGenerator .aliases().nextElement(), emptyPass);
                        // Retrieving private key
                        // Importing certificate and private key into the KeyStore
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(null);
                        keyStore.setKeyEntry("my-service-certificate", rsaPrivateKey, emptyPass, new Certificate[] {certificate});
                        // Importing certificate and private key into the KeyStore
                        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
                                new SSLContextBuilder()
                                        .loadTrustMaterial(null, new TrustAllStrategy())
                                        .loadKeyMaterial(keyStore, emptyPass)
                                        .build(),
                                NoopHostnameVerifier.INSTANCE);
            HttpClientConnectionManager connectionManager = PoolingHttpClientConnectionManagerBuilder.create()
                    .setSSLSocketFactory(socketFactory)
                    .build();
            CloseableHttpClient httpClient = HttpClients.custom()
                    .setConnectionManager(connectionManager)
                    .evictExpiredConnections()
                    .setKeepAliveStrategy((httpResponse, httpContext) -> TimeValue.ofSeconds(10 * 1000))
                    .build();
            ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
            return new RestTemplate(requestFactory);
                    }catch (IOException | CertificateException
                            | NoSuchAlgorithmException | UnrecoverableKeyException
                            | KeyStoreException | KeyManagementException e) {
            log.error("Error!!!");
        }
        return null;
    }

And this is how I'm implementing the Get Operation Status:

 HttpHeaders headers = new HttpHeaders();
            headers.setContentType(MediaType.APPLICATION_JSON);
            headers.add("x-ms-version", "2009-10-01");
            // Set the request body
            HttpEntity
Not Monitored
Not Monitored
Tag not monitored by Microsoft.
37,538 questions
{count} votes