你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

CertificateClient class

  • 参考
包:
@azure/keyvault-certificates

要与 KeyVault 证书功能交互的客户端

构造函数

CertificateClient(string, TokenCredential, CertificateClientOptions)

创建 CertificateClient 的实例。

属性

vaultUrl

保管库的基 URL

方法

backupCertificate(string, OperationOptions)

请求将指定证书的备份下载到客户端。 将下载证书的所有版本。 此操作需要证书/备份权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");

生成证书的备份
beginCreateCertificate(string, CertificatePolicy, BeginCreateCertificateOptions)

创建新证书。 如果这是第一个版本,则会创建证书资源。 此函数返回一个长时间运行的操作轮询器,允许无限期地等待证书完全恢复。

注意:作为issuerName证书策略的 发送Self将创建自签名证书。

此操作需要证书/创建权限。

用法示例:

const client = new CertificateClient(url, credentials);
const certificatePolicy = {
  issuerName: "Self",
  subject: "cn=MyCert"
};
const createPoller = await client.beginCreateCertificate("MyCertificate", certificatePolicy);

// The pending certificate can be obtained by calling the following method:
const pendingCertificate = createPoller.getResult();

// Serializing the poller
const serialized = createPoller.toString();

// A new poller can be created with:
// const newPoller = await client.beginCreateCertificate("MyCertificate", certificatePolicy, { resumeFrom: serialized });

// Waiting until it's done
const certificate = await createPoller.pollUntilDone();
console.log(certificate);

创建证书
beginDeleteCertificate(string, CertificatePollerOptions)

DELETE 操作适用于存储在 Azure 密钥保管库 中的任何证书。 DELETE 不能应用于证书的单个版本。 此函数返回一个长时间运行的操作轮询器,允许无限期地等待证书完全恢复。

此操作需要证书/删除权限。

用法示例:

const client = new CertificateClient(url, credentials);
const createPoller = await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
await createPoller.pollUntilDone();

const deletePoller = await client.beginDeleteCertificate("MyCertificate");

// Serializing the poller
const serialized = deletePoller.toString();

// A new poller can be created with:
// const newPoller = await client.beginDeleteCertificate("MyCertificate", { resumeFrom: serialized });

// Waiting until it's done
const deletedCertificate = await deletePoller.pollUntilDone();
console.log(deletedCertificate);

从指定的密钥保管库中删除证书。
beginRecoverDeletedCertificate(string, CertificatePollerOptions)

恢复指定保管库中已删除的证书。 此操作只能在启用了软删除的保管库上执行。 此操作 此函数返回一个长时间运行的操作轮询器,允许无限期地等待证书完全恢复。

此操作需要证书/恢复权限。

用法示例:

const client = new CertificateClient(url, credentials);

const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();

const recoverPoller = await client.beginRecoverDeletedCertificate("MyCertificate");

// Serializing the poller
const serialized = deletePoller.toString();

// A new poller can be created with:
// const newPoller = await client.beginRecoverDeletedCertificate("MyCertificate", { resumeFrom: serialized });

// Waiting until it's done
const certificate = await recoverPoller.pollUntilDone();
console.log(certificate);

恢复已删除的证书
createIssuer(string, string, CreateIssuerOptions)

createIssuer 操作添加或更新指定的证书颁发者。 此操作需要 certificates/setissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");

设置指定的证书颁发者。
deleteCertificateOperation(string, OperationOptions)

删除正在创建过程中的指定证书的创建操作。 不再创建证书。 此操作需要证书/更新权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
await client.deleteCertificateOperation("MyCertificate");
await client.getCertificateOperation("MyCertificate"); // Throws error: Pending certificate not found: "MyCertificate"

删除证书的操作
deleteContacts(OperationOptions)

删除所有证书联系人。 此操作需要 certificates/managecontacts 权限。

用法示例:

let client = new CertificateClient(url, credentials);
await client.setContacts([{
  email: "b@b.com",
  name: "b",
  phone: "222222222222"
}]);
await client.deleteContacts();

删除所有证书联系人
deleteIssuer(string, OperationOptions)

deleteIssuer 操作会从保管库中永久删除指定的证书颁发者。 此操作需要 certificates/manageissuers/deleteissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Provider");
await client.deleteIssuer("IssuerName");

删除指定的证书颁发者。
getCertificate(string, OperationOptions)

获取特定证书提供的最新信息,包括证书的策略。 此操作需要证书/获取权限。

用法示例:

const client = new CertificateClient(url, credentials);
const poller = await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
await poller.pollUntilDone();
const certificate = await client.getCertificate("MyCertificate");
console.log(certificate);

从证书的名称检索证书, (包括证书策略)

getCertificateOperation(string, CertificatePollerOptions)

获取与指定证书关联的创建操作。 此操作需要证书/获取权限。 此函数返回一个长时间运行的操作轮询器,使你可以无限期地等待证书完全恢复。

用法示例:

const client = new CertificateClient(url, credentials);
const createPoller = await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});

const poller = await client.getCertificateOperation("MyCertificate");
const pendingCertificate = poller.getResult();

const certificateOperation = poller.getOperationState().certificateOperation;
console.log(certificateOperation);

获取证书的轮询程序操作
getCertificatePolicy(string, OperationOptions)

getCertificatePolicy 操作返回指定的密钥保管库中的指定证书策略资源。 此操作需要证书/获取权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
const policy = await client.getCertificatePolicy("MyCertificate");
console.log(policy);

获取证书的策略
getCertificateVersion(string, string, OperationOptions)

获取有关特定版本上的特定证书的信息。 它不会返回证书的策略。 此操作需要证书/获取权限。

用法示例:

const client = new CertificateClient(url, credentials);
const poller = await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
await poller.pollUntilDone();
const certificateWithPolicy = await client.getCertificate("MyCertificate");
const certificate = await client.getCertificateVersion("MyCertificate", certificateWithPolicy.properties.version!);
console.log(certificate);

从证书名称和指定版本检索证书
getContacts(OperationOptions)

返回指定密钥保管库中的证书联系人资源集。 此操作需要 certificates/managecontacts 权限。

用法示例:

let client = new CertificateClient(url, credentials);
await client.setContacts([{
  email: "b@b.com",
  name: "b",
  phone: "222222222222"
}]);
const contacts = await client.getContacts();
console.log(contacts);

设置证书联系人。
getDeletedCertificate(string, OperationOptions)

检索已删除的证书信息及其属性,例如保留间隔、计划的永久删除和当前删除恢复级别。 此操作需要证书/获取权限。

用法示例:

const client = new CertificateClient(url, credentials);
const deletedCertificate = await client.getDeletedCertificate("MyDeletedCertificate");
console.log("Deleted certificate:", deletedCertificate);

获取已删除的证书
getIssuer(string, OperationOptions)

getIssuer 操作返回指定的密钥保管库中的指定证书颁发者资源。 此操作需要 certificates/manageissuers/getissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
const certificateIssuer = await client.getIssuer("IssuerName");
console.log(certificateIssuer);

获取他指定的证书颁发者。
importCertificate(string, Uint8Array, ImportCertificateOptions)

将包含私钥的现有有效证书导入 Azure Key Vault。 要导入的证书可以采用 PFX 或 PEM 格式。 如果证书采用 PEM 格式,则 PEM 文件必须包含密钥和 x509 证书。 此操作需要证书/导入权限。

用法示例:

const client = new CertificateClient(url, credentials);
// See: @azure/keyvault-secrets
const certificateSecret = await secretClient.getSecret("MyCertificate");
const base64EncodedCertificate = certificateSecret.value!;
let buffer: Uint8Array;

if (isNode) {
  buffer = Buffer.from(base64EncodedCertificate, "base64");
} else {
  buffer = Uint8Array.from(atob(base64EncodedCertificate), (c) => c.charCodeAt(0));
}

await client.importCertificate("MyCertificate", buffer);

从证书的机密值导入证书
listDeletedCertificates(ListDeletedCertificatesOptions)

检索当前保管库中处于已删除状态并已准备好进行恢复或清除的证书。 此操作包括特定于删除的信息。 此操作需要 certificates/get/list 权限。 只能在已启用软删除的保管库上启用此操作。

用法示例:

const client = new CertificateClient(url, credentials);
for await (const deletedCertificate of client.listDeletedCertificates()) {
  console.log(deletedCertificate);
}
for await (const page of client.listDeletedCertificates().byPage()) {
  for (const deletedCertificate of page) {
    console.log(deletedCertificate);
  }
}

列出已删除的证书
listPropertiesOfCertificates(ListPropertiesOfCertificatesOptions)

循环访问保管库中所有证书的最新版本。 响应中提供了完整的证书标识符和属性。 不会为证书返回任何值。 此操作需要证书/列表权限。

用法示例:

const client = new CertificateClient(url, credentials);
// All in one call
for await (const certificateProperties of client.listPropertiesOfCertificates()) {
  console.log(certificateProperties);
}
// By pages
for await (const page of client.listPropertiesOfCertificates().byPage()) {
  for (const certificateProperties of page) {
    console.log(certificateProperties);
  }
}

列出指定证书的所有版本。
listPropertiesOfCertificateVersions(string, OperationOptions)

返回指定密钥保管库中证书的版本。 此操作需要证书/列表权限。

用法示例:

const client = new CertificateClient(url, credentials);
for await (const certificateProperties of client.listPropertiesOfCertificateVersions("MyCertificate")) {
  console.log(certificateProperties.version!);
}

列出证书的版本。
listPropertiesOfIssuers(OperationOptions)

返回指定密钥保管库中的证书颁发者资源集。 此操作需要 certificates/manageissuers/getissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
// All in one call
for await (const issuerProperties of client.listPropertiesOfIssuers()) {
  console.log(issuerProperties);
}
// By pages
for await (const page of client.listPropertiesOfIssuers().byPage()) {
  for (const issuerProperties of page) {
    console.log(issuerProperties);
  }
}

列出证书颁发者。
mergeCertificate(string, Uint8Array[], OperationOptions)

使用服务中当前可用的密钥对执行证书或证书链的合并。 此操作需要证书/创建权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Unknown",
  subject: "cn=MyCert"
});
const poller = await client.getCertificateOperation("MyCertificate");
const { csr } = poller.getOperationState().certificateOperation!;
const base64Csr = Buffer.from(csr!).toString("base64");
const wrappedCsr = ["-----BEGIN CERTIFICATE REQUEST-----", base64Csr, "-----END CERTIFICATE REQUEST-----"].join("\n");

const fs = require("fs");
fs.writeFileSync("test.csr", wrappedCsr);

// Certificate available locally made using:
//   openssl genrsa -out ca.key 2048
//   openssl req -new -x509 -key ca.key -out ca.crt
// You can read more about how to create a fake certificate authority here: https://gist.github.com/Soarez/9688998

const childProcess = require("child_process");
childProcess.execSync("openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out test.crt");
const base64Crt = fs.readFileSync("test.crt").toString().split("\n").slice(1, -1).join("");

await client.mergeCertificate("MyCertificate", [Buffer.from(base64Crt)]);

将已签名的证书请求合并到挂起的证书中
purgeDeletedCertificate(string, OperationOptions)

执行指定证书的不可逆删除操作,无法恢复。 如果恢复级别未指定“Purgeable”,则操作不可用。 此操作需要证书/清除权限。

用法示例:

const client = new CertificateClient(url, credentials);
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();
// Deleting a certificate takes time, make sure to wait before purging it
client.purgeDeletedCertificate("MyCertificate");

获取已删除的证书
restoreCertificateBackup(Uint8Array, OperationOptions)

将已备份的证书及其所有版本还原到保管库。 此操作需要证书/还原权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");
const poller = await client.beginDeleteCertificate("MyCertificate");
await poller.pollUntilDone();
// Some time is required before we're able to restore the certificate
await client.restoreCertificateBackup(backup!);

从备份还原证书
setContacts(CertificateContact[], OperationOptions)

设置密钥保管库的证书联系人。 此操作需要 certificates/managecontacts 权限。

用法示例:

let client = new CertificateClient(url, credentials);
await client.setContacts([{
  email: "b@b.com",
  name: "b",
  phone: "222222222222"
}]);

设置证书联系人。
updateCertificatePolicy(string, CertificatePolicy, OperationOptions)

汇报指定证书的证书策略。 此操作需要证书/更新权限。 获取证书的策略
updateCertificateProperties(string, string, UpdateCertificateOptions)

对给定证书应用指定的更新;更新的唯一元素是证书的属性。 此操作需要证书/更新权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});

// You may pass an empty string for version which will update
// the latest version of the certificate
await client.updateCertificateProperties("MyCertificate", "", {
  tags: {
    customTag: "value"
  }
});

汇报证书
updateIssuer(string, UpdateIssuerOptions)

updateIssuer 操作对指定的证书颁发者实体执行更新。 此操作需要 certificates/setissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
await client.updateIssuer("IssuerName", {
  provider: "Provider2"
});

汇报指定的证书颁发者。

构造函数详细信息

CertificateClient(string, TokenCredential, CertificateClientOptions)

创建 CertificateClient 的实例。

new CertificateClient(vaultUrl: string, credential: TokenCredential, clientOptions?: CertificateClientOptions)

参数

vaultUrl

string

保管库的基 URL。 应验证此 URL 是否引用了有效的密钥保管库资源。 有关详细信息,请参阅https://aka.ms/azsdk/blog/vault-uri

credential
TokenCredential

一个 对象,该对象实现 TokenCredential 用于对服务的请求进行身份验证的 接口。 使用 @azure/identity 包创建满足需求的凭据。

clientOptions
CertificateClientOptions

用于配置密钥保管库 API 请求的管道选项。 省略此参数以使用默认管道配置。

属性详细信息

vaultUrl

保管库的基 URL

vaultUrl: string

属性值

string

方法详细信息

backupCertificate(string, OperationOptions)

请求将指定证书的备份下载到客户端。 将下载证书的所有版本。 此操作需要证书/备份权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");

生成证书的备份

function backupCertificate(certificateName: string, options?: OperationOptions): Promise<undefined | Uint8Array>

参数

certificateName

string

证书的名称

options
OperationOptions

可选参数

返回

Promise<undefined | Uint8Array>

beginCreateCertificate(string, CertificatePolicy, BeginCreateCertificateOptions)

创建新证书。 如果这是第一个版本,则会创建证书资源。 此函数返回一个长时间运行的操作轮询器,允许无限期地等待证书完全恢复。

注意:作为issuerName证书策略的 发送Self将创建自签名证书。

此操作需要证书/创建权限。

用法示例:

const client = new CertificateClient(url, credentials);
const certificatePolicy = {
  issuerName: "Self",
  subject: "cn=MyCert"
};
const createPoller = await client.beginCreateCertificate("MyCertificate", certificatePolicy);

// The pending certificate can be obtained by calling the following method:
const pendingCertificate = createPoller.getResult();

// Serializing the poller
const serialized = createPoller.toString();

// A new poller can be created with:
// const newPoller = await client.beginCreateCertificate("MyCertificate", certificatePolicy, { resumeFrom: serialized });

// Waiting until it's done
const certificate = await createPoller.pollUntilDone();
console.log(certificate);

创建证书

function beginCreateCertificate(certificateName: string, policy: CertificatePolicy, options?: BeginCreateCertificateOptions): Promise<PollerLikeWithCancellation<CreateCertificateState, KeyVaultCertificateWithPolicy>>

参数

certificateName

string

证书的名称

policy
CertificatePolicy
options
BeginCreateCertificateOptions

可选参数

返回

Promise<PollerLikeWithCancellation<CreateCertificateState, KeyVaultCertificateWithPolicy>>

beginDeleteCertificate(string, CertificatePollerOptions)

DELETE 操作适用于存储在 Azure 密钥保管库 中的任何证书。 DELETE 不能应用于证书的单个版本。 此函数返回一个长时间运行的操作轮询器,允许无限期地等待证书完全恢复。

此操作需要证书/删除权限。

用法示例:

const client = new CertificateClient(url, credentials);
const createPoller = await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
await createPoller.pollUntilDone();

const deletePoller = await client.beginDeleteCertificate("MyCertificate");

// Serializing the poller
const serialized = deletePoller.toString();

// A new poller can be created with:
// const newPoller = await client.beginDeleteCertificate("MyCertificate", { resumeFrom: serialized });

// Waiting until it's done
const deletedCertificate = await deletePoller.pollUntilDone();
console.log(deletedCertificate);

从指定的密钥保管库中删除证书。

function beginDeleteCertificate(certificateName: string, options?: CertificatePollerOptions): Promise<PollerLike<DeleteCertificateState, DeletedCertificate>>

参数

certificateName

string

证书的名称。

options
CertificatePollerOptions

可选参数

返回

Promise<PollerLike<DeleteCertificateState, DeletedCertificate>>

beginRecoverDeletedCertificate(string, CertificatePollerOptions)

恢复指定保管库中已删除的证书。 此操作只能在启用了软删除的保管库上执行。 此操作 此函数返回一个长时间运行的操作轮询器,允许无限期地等待证书完全恢复。

此操作需要证书/恢复权限。

用法示例:

const client = new CertificateClient(url, credentials);

const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();

const recoverPoller = await client.beginRecoverDeletedCertificate("MyCertificate");

// Serializing the poller
const serialized = deletePoller.toString();

// A new poller can be created with:
// const newPoller = await client.beginRecoverDeletedCertificate("MyCertificate", { resumeFrom: serialized });

// Waiting until it's done
const certificate = await recoverPoller.pollUntilDone();
console.log(certificate);

恢复已删除的证书

function beginRecoverDeletedCertificate(certificateName: string, options?: CertificatePollerOptions): Promise<PollerLike<RecoverDeletedCertificateState, KeyVaultCertificateWithPolicy>>

参数

certificateName

string

已删除证书的名称

options
CertificatePollerOptions

可选参数

返回

Promise<PollerLike<RecoverDeletedCertificateState, KeyVaultCertificateWithPolicy>>

createIssuer(string, string, CreateIssuerOptions)

createIssuer 操作添加或更新指定的证书颁发者。 此操作需要 certificates/setissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");

设置指定的证书颁发者。

function createIssuer(issuerName: string, provider: string, options?: CreateIssuerOptions): Promise<CertificateIssuer>

参数

issuerName

string

颁发者的名称。

provider

string

颁发者提供程序。

options
CreateIssuerOptions

可选参数

返回

Promise<CertificateIssuer>

deleteCertificateOperation(string, OperationOptions)

删除正在创建过程中的指定证书的创建操作。 不再创建证书。 此操作需要证书/更新权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
await client.deleteCertificateOperation("MyCertificate");
await client.getCertificateOperation("MyCertificate"); // Throws error: Pending certificate not found: "MyCertificate"

删除证书的操作

function deleteCertificateOperation(certificateName: string, options?: OperationOptions): Promise<CertificateOperation>

参数

certificateName

string

证书的名称

options
OperationOptions

可选参数

返回

Promise<CertificateOperation>

deleteContacts(OperationOptions)

删除所有证书联系人。 此操作需要 certificates/managecontacts 权限。

用法示例:

let client = new CertificateClient(url, credentials);
await client.setContacts([{
  email: "b@b.com",
  name: "b",
  phone: "222222222222"
}]);
await client.deleteContacts();

删除所有证书联系人

function deleteContacts(options?: OperationOptions): Promise<undefined | CertificateContact[]>

参数

options
OperationOptions

可选参数

返回

Promise<undefined | CertificateContact[]>

deleteIssuer(string, OperationOptions)

deleteIssuer 操作会从保管库中永久删除指定的证书颁发者。 此操作需要 certificates/manageissuers/deleteissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Provider");
await client.deleteIssuer("IssuerName");

删除指定的证书颁发者。

function deleteIssuer(issuerName: string, options?: OperationOptions): Promise<CertificateIssuer>

参数

issuerName

string

颁发者的名称。

options
OperationOptions

可选参数

返回

Promise<CertificateIssuer>

getCertificate(string, OperationOptions)

获取特定证书提供的最新信息,包括证书的策略。 此操作需要证书/获取权限。

用法示例:

const client = new CertificateClient(url, credentials);
const poller = await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
await poller.pollUntilDone();
const certificate = await client.getCertificate("MyCertificate");
console.log(certificate);

从证书的名称检索证书, (包括证书策略) 

function getCertificate(certificateName: string, options?: OperationOptions): Promise<KeyVaultCertificateWithPolicy>

参数

certificateName

string

证书的名称

options
OperationOptions

可选参数

返回

Promise<KeyVaultCertificateWithPolicy>

getCertificateOperation(string, CertificatePollerOptions)

获取与指定证书关联的创建操作。 此操作需要证书/获取权限。 此函数返回一个长时间运行的操作轮询器,使你可以无限期地等待证书完全恢复。

用法示例:

const client = new CertificateClient(url, credentials);
const createPoller = await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});

const poller = await client.getCertificateOperation("MyCertificate");
const pendingCertificate = poller.getResult();

const certificateOperation = poller.getOperationState().certificateOperation;
console.log(certificateOperation);

获取证书的轮询程序操作

function getCertificateOperation(certificateName: string, options?: CertificatePollerOptions): Promise<PollerLikeWithCancellation<CertificateOperationState, KeyVaultCertificateWithPolicy>>

参数

certificateName

string

证书的名称

options
CertificatePollerOptions

可选参数

返回

Promise<PollerLikeWithCancellation<CertificateOperationState, KeyVaultCertificateWithPolicy>>

getCertificatePolicy(string, OperationOptions)

getCertificatePolicy 操作返回指定的密钥保管库中的指定证书策略资源。 此操作需要证书/获取权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
const policy = await client.getCertificatePolicy("MyCertificate");
console.log(policy);

获取证书的策略

function getCertificatePolicy(certificateName: string, options?: OperationOptions): Promise<CertificatePolicy>

参数

certificateName

string

证书的名称

options
OperationOptions

可选参数

返回

Promise<CertificatePolicy>

getCertificateVersion(string, string, OperationOptions)

获取有关特定版本上的特定证书的信息。 它不会返回证书的策略。 此操作需要证书/获取权限。

用法示例:

const client = new CertificateClient(url, credentials);
const poller = await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
await poller.pollUntilDone();
const certificateWithPolicy = await client.getCertificate("MyCertificate");
const certificate = await client.getCertificateVersion("MyCertificate", certificateWithPolicy.properties.version!);
console.log(certificate);

从证书名称和指定版本检索证书

function getCertificateVersion(certificateName: string, version: string, options?: OperationOptions): Promise<KeyVaultCertificate>

参数

certificateName

string

证书的名称

version

string

证书的特定版本

options
OperationOptions

可选参数

返回

Promise<KeyVaultCertificate>

getContacts(OperationOptions)

返回指定密钥保管库中的证书联系人资源集。 此操作需要 certificates/managecontacts 权限。

用法示例:

let client = new CertificateClient(url, credentials);
await client.setContacts([{
  email: "b@b.com",
  name: "b",
  phone: "222222222222"
}]);
const contacts = await client.getContacts();
console.log(contacts);

设置证书联系人。

function getContacts(options?: OperationOptions): Promise<undefined | CertificateContact[]>

参数

options
OperationOptions

可选参数

返回

Promise<undefined | CertificateContact[]>

getDeletedCertificate(string, OperationOptions)

检索已删除的证书信息及其属性,例如保留间隔、计划的永久删除和当前删除恢复级别。 此操作需要证书/获取权限。

用法示例:

const client = new CertificateClient(url, credentials);
const deletedCertificate = await client.getDeletedCertificate("MyDeletedCertificate");
console.log("Deleted certificate:", deletedCertificate);

获取已删除的证书

function getDeletedCertificate(certificateName: string, options?: OperationOptions): Promise<DeletedCertificate>

参数

certificateName

string

证书的名称

options
OperationOptions

可选参数

返回

Promise<DeletedCertificate>

getIssuer(string, OperationOptions)

getIssuer 操作返回指定的密钥保管库中的指定证书颁发者资源。 此操作需要 certificates/manageissuers/getissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
const certificateIssuer = await client.getIssuer("IssuerName");
console.log(certificateIssuer);

获取他指定的证书颁发者。

function getIssuer(issuerName: string, options?: OperationOptions): Promise<CertificateIssuer>

参数

issuerName

string

颁发者的名称。

options
OperationOptions

可选参数

返回

Promise<CertificateIssuer>

importCertificate(string, Uint8Array, ImportCertificateOptions)

将包含私钥的现有有效证书导入 Azure Key Vault。 要导入的证书可以采用 PFX 或 PEM 格式。 如果证书采用 PEM 格式,则 PEM 文件必须包含密钥和 x509 证书。 此操作需要证书/导入权限。

用法示例:

const client = new CertificateClient(url, credentials);
// See: @azure/keyvault-secrets
const certificateSecret = await secretClient.getSecret("MyCertificate");
const base64EncodedCertificate = certificateSecret.value!;
let buffer: Uint8Array;

if (isNode) {
  buffer = Buffer.from(base64EncodedCertificate, "base64");
} else {
  buffer = Uint8Array.from(atob(base64EncodedCertificate), (c) => c.charCodeAt(0));
}

await client.importCertificate("MyCertificate", buffer);

从证书的机密值导入证书

function importCertificate(certificateName: string, certificateBytes: Uint8Array, options?: ImportCertificateOptions): Promise<KeyVaultCertificateWithPolicy>

参数

certificateName

string

证书的名称

certificateBytes

Uint8Array

包含 X.509 证书和私钥的证书的 PFX 或 ASCII PEM 格式值

options
ImportCertificateOptions

可选参数

返回

Promise<KeyVaultCertificateWithPolicy>

listDeletedCertificates(ListDeletedCertificatesOptions)

检索当前保管库中处于已删除状态并已准备好进行恢复或清除的证书。 此操作包括特定于删除的信息。 此操作需要 certificates/get/list 权限。 只能在已启用软删除的保管库上启用此操作。

用法示例:

const client = new CertificateClient(url, credentials);
for await (const deletedCertificate of client.listDeletedCertificates()) {
  console.log(deletedCertificate);
}
for await (const page of client.listDeletedCertificates().byPage()) {
  for (const deletedCertificate of page) {
    console.log(deletedCertificate);
  }
}

列出已删除的证书

function listDeletedCertificates(options?: ListDeletedCertificatesOptions): PagedAsyncIterableIterator<DeletedCertificate, DeletedCertificate[], PageSettings>

参数

options
ListDeletedCertificatesOptions

可选参数

返回

PagedAsyncIterableIterator<DeletedCertificate, DeletedCertificate[], PageSettings>

listPropertiesOfCertificates(ListPropertiesOfCertificatesOptions)

循环访问保管库中所有证书的最新版本。 响应中提供了完整的证书标识符和属性。 不会为证书返回任何值。 此操作需要证书/列表权限。

用法示例:

const client = new CertificateClient(url, credentials);
// All in one call
for await (const certificateProperties of client.listPropertiesOfCertificates()) {
  console.log(certificateProperties);
}
// By pages
for await (const page of client.listPropertiesOfCertificates().byPage()) {
  for (const certificateProperties of page) {
    console.log(certificateProperties);
  }
}

列出指定证书的所有版本。

function listPropertiesOfCertificates(options?: ListPropertiesOfCertificatesOptions): PagedAsyncIterableIterator<CertificateProperties, CertificateProperties[], PageSettings>

参数

options
ListPropertiesOfCertificatesOptions

可选参数

返回

PagedAsyncIterableIterator<CertificateProperties, CertificateProperties[], PageSettings>

listPropertiesOfCertificateVersions(string, OperationOptions)

返回指定密钥保管库中证书的版本。 此操作需要证书/列表权限。

用法示例:

const client = new CertificateClient(url, credentials);
for await (const certificateProperties of client.listPropertiesOfCertificateVersions("MyCertificate")) {
  console.log(certificateProperties.version!);
}

列出证书的版本。

function listPropertiesOfCertificateVersions(certificateName: string, options?: OperationOptions): PagedAsyncIterableIterator<CertificateProperties, CertificateProperties[], PageSettings>

参数

certificateName

string

证书的名称。

options
OperationOptions

可选参数

返回

PagedAsyncIterableIterator<CertificateProperties, CertificateProperties[], PageSettings>

listPropertiesOfIssuers(OperationOptions)

返回指定密钥保管库中的证书颁发者资源集。 此操作需要 certificates/manageissuers/getissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
// All in one call
for await (const issuerProperties of client.listPropertiesOfIssuers()) {
  console.log(issuerProperties);
}
// By pages
for await (const page of client.listPropertiesOfIssuers().byPage()) {
  for (const issuerProperties of page) {
    console.log(issuerProperties);
  }
}

列出证书颁发者。

function listPropertiesOfIssuers(options?: OperationOptions): PagedAsyncIterableIterator<IssuerProperties, IssuerProperties[], PageSettings>

参数

options
OperationOptions

可选参数

返回

PagedAsyncIterableIterator<IssuerProperties, IssuerProperties[], PageSettings>

mergeCertificate(string, Uint8Array[], OperationOptions)

使用服务中当前可用的密钥对执行证书或证书链的合并。 此操作需要证书/创建权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Unknown",
  subject: "cn=MyCert"
});
const poller = await client.getCertificateOperation("MyCertificate");
const { csr } = poller.getOperationState().certificateOperation!;
const base64Csr = Buffer.from(csr!).toString("base64");
const wrappedCsr = ["-----BEGIN CERTIFICATE REQUEST-----", base64Csr, "-----END CERTIFICATE REQUEST-----"].join("\n");

const fs = require("fs");
fs.writeFileSync("test.csr", wrappedCsr);

// Certificate available locally made using:
//   openssl genrsa -out ca.key 2048
//   openssl req -new -x509 -key ca.key -out ca.crt
// You can read more about how to create a fake certificate authority here: https://gist.github.com/Soarez/9688998

const childProcess = require("child_process");
childProcess.execSync("openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out test.crt");
const base64Crt = fs.readFileSync("test.crt").toString().split("\n").slice(1, -1).join("");

await client.mergeCertificate("MyCertificate", [Buffer.from(base64Crt)]);

将已签名的证书请求合并到挂起的证书中

function mergeCertificate(certificateName: string, x509Certificates: Uint8Array[], options?: OperationOptions): Promise<KeyVaultCertificateWithPolicy>

参数

certificateName

string

证书的名称

x509Certificates

Uint8Array[]

要合并的证书 ()

options
OperationOptions

可选参数

返回

Promise<KeyVaultCertificateWithPolicy>

purgeDeletedCertificate(string, OperationOptions)

执行指定证书的不可逆删除操作,无法恢复。 如果恢复级别未指定“Purgeable”,则操作不可用。 此操作需要证书/清除权限。

用法示例:

const client = new CertificateClient(url, credentials);
const deletePoller = await client.beginDeleteCertificate("MyCertificate");
await deletePoller.pollUntilDone();
// Deleting a certificate takes time, make sure to wait before purging it
client.purgeDeletedCertificate("MyCertificate");

获取已删除的证书

function purgeDeletedCertificate(certificateName: string, options?: OperationOptions): Promise<null>

参数

certificateName

string

要清除的已删除证书的名称

options
OperationOptions

可选参数

返回

Promise<null>

restoreCertificateBackup(Uint8Array, OperationOptions)

将已备份的证书及其所有版本还原到保管库。 此操作需要证书/还原权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});
const backup = await client.backupCertificate("MyCertificate");
const poller = await client.beginDeleteCertificate("MyCertificate");
await poller.pollUntilDone();
// Some time is required before we're able to restore the certificate
await client.restoreCertificateBackup(backup!);

从备份还原证书

function restoreCertificateBackup(backup: Uint8Array, options?: OperationOptions): Promise<KeyVaultCertificateWithPolicy>

参数

backup

Uint8Array

要从中还原的备份证书

options
OperationOptions

可选参数

返回

Promise<KeyVaultCertificateWithPolicy>

setContacts(CertificateContact[], OperationOptions)

设置密钥保管库的证书联系人。 此操作需要 certificates/managecontacts 权限。

用法示例:

let client = new CertificateClient(url, credentials);
await client.setContacts([{
  email: "b@b.com",
  name: "b",
  phone: "222222222222"
}]);

设置证书联系人。

function setContacts(contacts: CertificateContact[], options?: OperationOptions): Promise<undefined | CertificateContact[]>

参数

contacts

CertificateContact[]

要使用的联系人

options
OperationOptions

可选参数

返回

Promise<undefined | CertificateContact[]>

updateCertificatePolicy(string, CertificatePolicy, OperationOptions)

汇报指定证书的证书策略。 此操作需要证书/更新权限。 获取证书的策略

function updateCertificatePolicy(certificateName: string, policy: CertificatePolicy, options?: OperationOptions): Promise<CertificatePolicy>

参数

certificateName

string

证书的名称

policy
CertificatePolicy

证书策略

options
OperationOptions

可选参数

返回

Promise<CertificatePolicy>

updateCertificateProperties(string, string, UpdateCertificateOptions)

对给定证书应用指定的更新;更新的唯一元素是证书的属性。 此操作需要证书/更新权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.beginCreateCertificate("MyCertificate", {
  issuerName: "Self",
  subject: "cn=MyCert"
});

// You may pass an empty string for version which will update
// the latest version of the certificate
await client.updateCertificateProperties("MyCertificate", "", {
  tags: {
    customTag: "value"
  }
});

汇报证书

function updateCertificateProperties(certificateName: string, version: string, options?: UpdateCertificateOptions): Promise<KeyVaultCertificate>

参数

certificateName

string

证书的名称

version

string

要更新的证书版本 (空字符串将更新最新版本)

options
UpdateCertificateOptions

选项,包括要更新的内容

返回

Promise<KeyVaultCertificate>

updateIssuer(string, UpdateIssuerOptions)

updateIssuer 操作对指定的证书颁发者实体执行更新。 此操作需要 certificates/setissuers 权限。

用法示例:

const client = new CertificateClient(url, credentials);
await client.createIssuer("IssuerName", "Test");
await client.updateIssuer("IssuerName", {
  provider: "Provider2"
});

汇报指定的证书颁发者。

function updateIssuer(issuerName: string, options?: UpdateIssuerOptions): Promise<CertificateIssuer>

参数

issuerName

string

颁发者的名称。

options
UpdateIssuerOptions

可选参数

返回

Promise<CertificateIssuer>