Problem importing a certificate

[Courela]

Question

Hello,
I'm using Azure SDK to import a certificate to KeyVault. I'm using a method called
Azure.Security.KeyVault.Certificates.ImportCertificate

which translates into a call to an endpoint
/certificates/{certificateName}/import

as I can see in this Lowkey-Vault file (using V7_3)
https://github.com/nagyesta/lowkey-vault/blob/main/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/controller/v7_3/CertificateController.java#L50

The problem is that Lowkey-Vault says that the endpoint being called is
/certificates//someIdpName/import?api-version=7.3

I don't know why the endpoint has two slashes in between /certificates and someIdpName/import...
Is this something you can help me with? Do you know where that extra slash is coming from? Maybe this is a question to be asked in Azure SDK forum...

Thanks in advance.

[nagyesta]

Hi @Courela ,
thanks for raising this question, and thanks for trying Lowkey Vault!

I am very bad at .Net, but I guess it might be an SDK bug, because the duplicate / is not justified.

The methods in question might be these:

The Azure.Security.KeyVault.Certificates.ImportCertificate appears to perform this call:

https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificateClient.cs#L896

Containing CertificatesPath, "/", importCertificateOptions.Name, "/import" where CertificatesPath ends with a / already according to this line:
https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificateClient.cs#L25

Then the SendRequest method will just merge the path together I guess:
https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Shared/src/KeyVaultPipeline.cs#L212-L219

---

Do you need this import to happen because that is the workload you need to test, or is it part of the test setup?

If it is the test setup, then you may want to consider loading the vault contents at startup as a workaround while the SDK bug is being fixed.

Thank you!

[Courela]

Thank you for the investigation! I agree, it should be because of that method call with "/" as parameter, when CertificatesPath already has a slash at the end.
I need this for a real scenario, importing a certificate is the operation I need to perform. I'll raise the question in SDK forum.
Thank you very much!

[nagyesta]

Thank you and best of luck! Please let me know in case there is anything I can do on Lowkey Vault side!

[Courela]

I opened a bug on Azure SDK forum
Azure/azure-sdk-for-net#47636

[Courela]

That's really it, I managed to compile the source code without the end slash on CertificatesPath and it called the right endpoint
/certificates/someCertName/import?api-version=7.3

[nagyesta]

Great news, I am glad it is confirmed!

[Courela]

And now it fails when I try to create a self-signed certificate...
No endpoint POST /certificatessaml2p-developmentsaml/create.

The slash needs to be in CertificatesPath variable, the ImportCertificate method (and probably the Async too) is the one that adds an extra slash when it shouldn't.