certificate: Certificate object
In cloudyr/AzureKeyVault: Key and Secret Management in 'Azure'
Description
Fields
Methods
Arguments
Details
Value
See Also
Examples
Description
This class represents a certificate stored in a vault. It provides methods for carrying out operations, including encryption and decryption, signing and verification, and wrapping and unwrapping.
Fields
This class provides the following fields:
-
cer: The contents of the certificate, in CER format.
-
id: The ID of the certificate.
-
kid: The ID of the key backing the certificate.
-
sid: The ID of the secret backing the certificate.
-
contentType: The content type of the secret backing the certificate.
-
policy: The certificate management policy, containing the authentication details.
-
x5t: The thumbprint of the certificate.
Methods
This class provides the following methods:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
export(file)
export_cer(file)
sign(digest, ...)
verify(signature, digest, ...)
set_policy(subject=NULL, x509=NULL, issuer=NULL,
key=NULL, secret_type=NULL, actions=NULL,
attributes=NULL, wait=TRUE)
get_policy()
sync()
update_attributes(attributes=vault_object_attrs(), ...)
list_versions()
set_version(version=NULL)
delete(confirm=TRUE)
Arguments
-
file: For export and export_cer, a connection object or a character string naming a file to export to.
-
digest: For sign, a hash digest string to sign. For verify, a digest to compare to a signature.
-
signature: For verify, a signature string.
-
subject,x509,issuer,key,secret_type,actions,wait: These are the same arguments as used when creating a new certificate. See certificates for more information.
-
attributes: For update_attributes, the new attributes for the object, such as the expiry date and activation date. A convenient way to provide this is via the vault_object_attrs helper function.
-
...: For update_attributes, additional key-specific properties to update. For sign and verify, additional arguments for the corresponding key object methods. See keys and key.
-
version: For set_version, the version ID or NULL for the current version.
-
confirm: For delete, whether to ask for confirmation before deleting the key.
Details
export exports the full certificate to a file. The format wll be either PEM or PFX (aka PKCS#12), as set by the format argument when the certificate was created. export_cer exports the public key component, aka the CER file. Note that the public key can also be found in the cer field of the object.
sign uses the key associated with the a certificate to sign a digest, and verify checks a signature against a digest for authenticity. See below for an example of using sign to do OAuth authentication with certificate credentials.
set_policy updates the authentication details of a certificate: its issuer, identity, key type, renewal actions, and so on. get_policy returns the current policy of a certificate.
A certificate can have multiple versions, which are automatically generated when a cert is created with the same name as an existing cert. By default, this object contains the information for the most recent (current) version; use list_versions and set_version to change the version.
Value
For get_policy, a list of certificate policy details.
For list_versions, a data frame containing details of each version.
For set_version, the key object with the updated version.
See Also
certificates
Azure Key Vault documentation,
Azure Key Vault API reference
Examples
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
## Not run:
vault <- key_vault("mykeyvault")
cert <- vault$certificates$create("mynewcert")
cert$cer
cert$export("mynewcert.pem")
# new version of an existing certificate
vault$certificates$create("mynewcert", x509=cert_x509_properties(validity_months=24))
cert <- vault$certificates$get("mynewcert")
vers <- cert$list_versions()
cert$set_version(vers[2])
# updating an existing cert version
cert$set_policy(x509=cert_x509_properties(validity_months=12))
## signing a JSON web token (JWT) for authenticating with Azure Active Directory
app <- "app_id"
tenant <- "tenant_id"
claim <- jose::jwt_claim(
iss=app,
sub=app,
aud="https://login.microsoftonline.com/tenant_id/oauth2/token",
exp=as.numeric(Sys.time() + 60*60),
nbf=as.numeric(Sys.time())
)
# header includes cert thumbprint
header <- list(alg="RS256", typ="JWT", x5t=cert$x5t)
token_encode <- function(x)
{
jose::base64url_encode(jsonlite::toJSON(x, auto_unbox=TRUE))
}
token_contents <- paste(token_encode(header), token_encode(claim), sep=".")
# get the signature and concatenate it with header and claim to form JWT
sig <- cert$sign(openssl::sha256(charToRaw(token_contents)))
cert_creds <- paste(token_contents, sig, sep=".")
AzureAuth::get_azure_token("resource_url", tenant, app, certificate=cert_creds)
## End(Not run)
cloudyr/AzureKeyVault documentation built on Sept. 19, 2021, 8:49 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Description Fields Methods Arguments Details Value See Also Examples
Description
This class represents a certificate stored in a vault. It provides methods for carrying out operations, including encryption and decryption, signing and verification, and wrapping and unwrapping.
Fields
This class provides the following fields:
-
cer: The contents of the certificate, in CER format. -
id: The ID of the certificate. -
kid: The ID of the key backing the certificate. -
sid: The ID of the secret backing the certificate. -
contentType: The content type of the secret backing the certificate. -
policy: The certificate management policy, containing the authentication details. -
x5t: The thumbprint of the certificate.
Methods
This class provides the following methods:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | export(file)
export_cer(file)
sign(digest, ...)
verify(signature, digest, ...)
set_policy(subject=NULL, x509=NULL, issuer=NULL,
key=NULL, secret_type=NULL, actions=NULL,
attributes=NULL, wait=TRUE)
get_policy()
sync()
update_attributes(attributes=vault_object_attrs(), ...)
list_versions()
set_version(version=NULL)
delete(confirm=TRUE)
|
Arguments
-
file: Forexportandexport_cer, a connection object or a character string naming a file to export to. -
digest: Forsign, a hash digest string to sign. Forverify, a digest to compare to a signature. -
signature: Forverify, a signature string. -
subject,x509,issuer,key,secret_type,actions,wait: These are the same arguments as used when creating a new certificate. See certificates for more information. -
attributes: Forupdate_attributes, the new attributes for the object, such as the expiry date and activation date. A convenient way to provide this is via the vault_object_attrs helper function. -
...: Forupdate_attributes, additional key-specific properties to update. Forsignandverify, additional arguments for the corresponding key object methods. See keys and key. -
version: Forset_version, the version ID or NULL for the current version. -
confirm: Fordelete, whether to ask for confirmation before deleting the key.
Details
export exports the full certificate to a file. The format wll be either PEM or PFX (aka PKCS#12), as set by the format argument when the certificate was created. export_cer exports the public key component, aka the CER file. Note that the public key can also be found in the cer field of the object.
sign uses the key associated with the a certificate to sign a digest, and verify checks a signature against a digest for authenticity. See below for an example of using sign to do OAuth authentication with certificate credentials.
set_policy updates the authentication details of a certificate: its issuer, identity, key type, renewal actions, and so on. get_policy returns the current policy of a certificate.
A certificate can have multiple versions, which are automatically generated when a cert is created with the same name as an existing cert. By default, this object contains the information for the most recent (current) version; use list_versions and set_version to change the version.
Value
For get_policy, a list of certificate policy details.
For list_versions, a data frame containing details of each version.
For set_version, the key object with the updated version.
See Also
certificates
Azure Key Vault documentation, Azure Key Vault API reference
Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | ## Not run:
vault <- key_vault("mykeyvault")
cert <- vault$certificates$create("mynewcert")
cert$cer
cert$export("mynewcert.pem")
# new version of an existing certificate
vault$certificates$create("mynewcert", x509=cert_x509_properties(validity_months=24))
cert <- vault$certificates$get("mynewcert")
vers <- cert$list_versions()
cert$set_version(vers[2])
# updating an existing cert version
cert$set_policy(x509=cert_x509_properties(validity_months=12))
## signing a JSON web token (JWT) for authenticating with Azure Active Directory
app <- "app_id"
tenant <- "tenant_id"
claim <- jose::jwt_claim(
iss=app,
sub=app,
aud="https://login.microsoftonline.com/tenant_id/oauth2/token",
exp=as.numeric(Sys.time() + 60*60),
nbf=as.numeric(Sys.time())
)
# header includes cert thumbprint
header <- list(alg="RS256", typ="JWT", x5t=cert$x5t)
token_encode <- function(x)
{
jose::base64url_encode(jsonlite::toJSON(x, auto_unbox=TRUE))
}
token_contents <- paste(token_encode(header), token_encode(claim), sep=".")
# get the signature and concatenate it with header and claim to form JWT
sig <- cert$sign(openssl::sha256(charToRaw(token_contents)))
cert_creds <- paste(token_contents, sig, sep=".")
AzureAuth::get_azure_token("resource_url", tenant, app, certificate=cert_creds)
## End(Not run)
|
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.