Package com.azure.identity

Class ClientCertificateCredentialBuilder

java.lang.Object
com.azure.identity.CredentialBuilderBase<T>
com.azure.identity.AadCredentialBuilderBase<ClientCertificateCredentialBuilder>
com.azure.identity.ClientCertificateCredentialBuilder
All Implemented Interfaces:
com.azure.core.client.traits.HttpTrait<ClientCertificateCredentialBuilder>
public class ClientCertificateCredentialBuilder extends AadCredentialBuilderBase<ClientCertificateCredentialBuilder>
Fluent credential builder for instantiating a ClientCertificateCredential.

The ClientCertificateCredential acquires a token via service principal authentication. It is a type of authentication in Azure that enables a non-interactive login to Azure Active Directory (Azure AD) , allowing an application or service to authenticate itself with Azure resources. A Service Principal is essentially an identity created for an application in Azure AD that can be used to authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides a way for the application to authenticate itself with Azure resources without needing to use a user's credentials. Azure Active Directory (Azure AD) allows users to register service principals which can be used as an identity for authentication. A client certificate associated with the registered service principal is used as the password when authenticating the service principal. The ClientCertificateCredentialBuilder acquires an access token with a client certificate for a service principal/registered AAD application. The tenantId, clientId and clientCertificate of the service principal are required for this credential to acquire an access token. It can be used both in Azure hosted and local development environments for authentication. For more information refer to the conceptual knowledge and configuration details.

Sample: Construct a simple ClientCertificateCredential

The following code sample demonstrates the creation of a ClientCertificateCredential, using the ClientCertificateCredentialBuilder to configure it. The tenantId, clientId and certificate parameters are required to create ClientCertificateCredential. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential clientCertificateCredential = new ClientCertificateCredentialBuilder()
     .tenantId(tenantId)
     .clientId(clientId)
     .pemCertificate("<PATH-TO-PEM-CERTIFICATE>")
     .build();

Sample: Construct a ClientCertificateCredential behind a proxy

The following code sample demonstrates the creation of a ClientCertificateCredential, using the ClientCertificateCredentialBuilder to configure it. The tenantId, clientId and certificate parameters are required to create ClientSecretCredential. The proxyOptions can be optionally configured to target a proxy. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential certificateCredential = new ClientCertificateCredentialBuilder()
     .tenantId(tenantId)
     .clientId(clientId)
     .pfxCertificate("<PATH-TO-PFX-CERTIFICATE>", "P@s$w0rd")
     .proxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("10.21.32.43", 5465)))
     .build();
See Also:

  • Constructor Details

    • ClientCertificateCredentialBuilder

      public ClientCertificateCredentialBuilder()

  • Method Details

    • pemCertificate

      public ClientCertificateCredentialBuilder pemCertificate(String certificatePath)
      Sets the path of the PEM certificate for authenticating to AAD.
      Parameters:
      certificatePath - the PEM file containing the certificate
      Returns:
      An updated instance of this builder.

    • pfxCertificate

      public ClientCertificateCredentialBuilder pfxCertificate(String certificatePath, String clientCertificatePassword)
      Sets the path and password of the PFX certificate for authenticating to AAD.
      Parameters:
      certificatePath - the password protected PFX file containing the certificate
      clientCertificatePassword - the password protecting the PFX file
      Returns:
      An updated instance of this builder.

    • tokenCachePersistenceOptions

      public ClientCertificateCredentialBuilder tokenCachePersistenceOptions(TokenCachePersistenceOptions tokenCachePersistenceOptions)
      Configures the persistent shared token cache options and enables the persistent token cache which is disabled by default. If configured, the credential will store tokens in a cache persisted to the machine, protected to the current user, which can be shared by other credentials and processes.
      Parameters:
      tokenCachePersistenceOptions - the token cache configuration options
      Returns:
      An updated instance of this builder with the token cache options configured.

    • sendCertificateChain

      public ClientCertificateCredentialBuilder sendCertificateChain(boolean sendCertificateChain)
      Specifies if the x5c claim (public key of the certificate) should be sent as part of the authentication request and enable subject name / issuer based authentication. The default value is false.
      Parameters:
      sendCertificateChain - the flag to indicate if certificate chain should be sent as part of authentication request.
      Returns:
      An updated instance of this builder.

    • build

      public ClientCertificateCredential build()
      Creates a new ClientCertificateCredential with the current configurations.
      Returns:
      a ClientCertificateCredential with the current configurations.