ClientCertificateCredentialBuilder Class
- java.
lang. Object - com.
azure. identity. CredentialBuilderBase<T> - com.
azure. identity. AadCredentialBuilderBase<T> - com.
azure. identity. ClientCertificateCredentialBuilder
- com.
- com.
- com.
public class ClientCertificateCredentialBuilder
extends AadCredentialBuilderBase<ClientCertificateCredentialBuilder>
Fluent credential builder for instantiating a ClientCertificateCredential.
The ClientCertificateCredential acquires a token via service principal authentication. It is a type of authentication in Azure that enables a non-interactive login to Microsoft Entra ID, allowing an application or service to authenticate itself with Azure resources. A Service Principal is essentially an identity created for an application in Microsoft Entra ID that can be used to authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides a way for the application to authenticate itself with Azure resources without needing to use a user's credentials. Microsoft Entra ID allows users to register service principals which can be used as an identity for authentication. A client certificate associated with the registered service principal is used as the password when authenticating the service principal. The ClientCertificateCredentialBuilder acquires an access token with a client certificate for a service principal/registered Microsoft Entra application. The tenantId, clientId and clientCertificate of the service principal are required for this credential to acquire an access token. It can be used both in Azure hosted and local development environments for authentication. For more information refer to the conceptual knowledge and configuration details.
Sample: Construct a simple ClientCertificateCredential
The following code sample demonstrates the creation of a ClientCertificateCredential, using the ClientCertificateCredentialBuilder to configure it. The tenantId
, clientId
and certificate
parameters are required to create ClientCertificateCredential. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.
TokenCredential clientCertificateCredential = new ClientCertificateCredentialBuilder().tenantId(tenantId)
.clientId(clientId)
.pemCertificate("<PATH-TO-PEM-CERTIFICATE>")
.build();
Sample: Construct a ClientCertificateCredential using ByteArrayInputStream
The following code sample demonstrates the creation of a ClientCertificateCredential, using the ClientCertificateCredentialBuilder to configure it. The tenantId
, clientId
and certificate
parameters are required to create ClientSecretCredential. The certificate
in this example is configured as a ByteArrayInputStream. This is helpful if the certificate is available in memory via a cert store.
ByteArrayInputStream certificateStream = new ByteArrayInputStream(certificateBytes);
TokenCredential certificateCredentialWithStream = new ClientCertificateCredentialBuilder().tenantId(tenantId)
.clientId(clientId)
.pemCertificate(certificateStream)
.build();
Sample: Construct a ClientCertificateCredential behind a proxy
The following code sample demonstrates the creation of a ClientCertificateCredential, using the ClientCertificateCredentialBuilder to configure it. The tenantId
, clientId
and certificate
parameters are required to create ClientSecretCredential. The proxyOptions
can be optionally configured to target a proxy. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.
TokenCredential certificateCredential = new ClientCertificateCredentialBuilder().tenantId(tenantId)
.clientId(clientId)
.pfxCertificate("<PATH-TO-PFX-CERTIFICATE>", "P@s$w0rd")
.proxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("10.21.32.43", 5465)))
.build();
Constructor Summary
Constructor | Description |
---|---|
ClientCertificateCredentialBuilder() |
Constructs an instance of Client |
Method Summary
Modifier and Type | Method and Description |
---|---|
Client |
build()
Creates a new ClientCertificateCredential with the current configurations. |
Client |
clientCertificatePassword(String clientCertificatePassword)
Sets the password of the client certificate for authenticating to Microsoft Entra ID. |
Client |
pemCertificate(InputStream certificate)
Sets the input stream holding the PEM certificate for authenticating to Microsoft Entra ID. |
Client |
pemCertificate(String certificatePath)
Sets the path of the PEM certificate for authenticating to Microsoft Entra ID. |
Client |
pfxCertificate(InputStream certificate)
Sets the input stream holding the PFX certificate for authenticating to Microsoft Entra ID. |
Client |
pfxCertificate(String certificatePath)
Sets the path of the PFX certificate for authenticating to Microsoft Entra ID. |
Client |
pfxCertificate(String certificatePath, String clientCertificatePassword)
Deprecated
This API is deprecated and will be removed. Specify the PFX certificate via pfxCertificate(String certificatePath) API and client certificate password via the clientCertificatePassword(String clientCertificatePassword) API as applicable.
Sets the path and password of the PFX certificate for authenticating to Microsoft Entra ID. |
Client |
sendCertificateChain(boolean sendCertificateChain)
Specifies if the x5c claim (public key of the certificate) should be sent as part of the authentication request and enable subject name / issuer based authentication. |
Client |
tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions)
Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default. |
Methods inherited from AadCredentialBuilderBase
Methods inherited from CredentialBuilderBase
Methods inherited from java.lang.Object
Constructor Details
ClientCertificateCredentialBuilder
public ClientCertificateCredentialBuilder()
Constructs an instance of ClientCertificateCredentialBuilder.
Method Details
build
public ClientCertificateCredential build()
Creates a new ClientCertificateCredential with the current configurations.
Returns:
clientCertificatePassword
public ClientCertificateCredentialBuilder clientCertificatePassword(String clientCertificatePassword)
Sets the password of the client certificate for authenticating to Microsoft Entra ID.
Parameters:
Returns:
pemCertificate
public ClientCertificateCredentialBuilder pemCertificate(InputStream certificate)
Sets the input stream holding the PEM certificate for authenticating to Microsoft Entra ID.
Parameters:
Returns:
pemCertificate
public ClientCertificateCredentialBuilder pemCertificate(String certificatePath)
Sets the path of the PEM certificate for authenticating to Microsoft Entra ID.
Parameters:
Returns:
pfxCertificate
public ClientCertificateCredentialBuilder pfxCertificate(InputStream certificate)
Sets the input stream holding the PFX certificate for authenticating to Microsoft Entra ID.
Parameters:
Returns:
pfxCertificate
public ClientCertificateCredentialBuilder pfxCertificate(String certificatePath)
Sets the path of the PFX certificate for authenticating to Microsoft Entra ID.
Parameters:
Returns:
pfxCertificate
@Deprecated
public ClientCertificateCredentialBuilder pfxCertificate(String certificatePath, String clientCertificatePassword)
Deprecated
Sets the path and password of the PFX certificate for authenticating to Microsoft Entra ID.
Parameters:
Returns:
sendCertificateChain
public ClientCertificateCredentialBuilder sendCertificateChain(boolean sendCertificateChain)
Specifies if the x5c claim (public key of the certificate) should be sent as part of the authentication request and enable subject name / issuer based authentication. The default value is false.
Parameters:
Returns:
tokenCachePersistenceOptions
public ClientCertificateCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions)
Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default. If configured, the credential will store tokens in a cache persisted to the machine, protected to the current user, which can be shared by other credentials and processes.
Parameters:
Returns:
Applies to
Azure SDK for Java