@azure/identity 2.1.0 → 3.0.0-alpha.20220804.2

package/dist/index.js

@@ -189,7 +189,7 @@ function getIdentityTokenEndpointSuffix(tenantId) {
 /**
  * Current version of the `@azure/identity` package.
  */
-const SDK_VERSION = `2.1.0`;
+const SDK_VERSION = `3.0.0-beta.1`;
 /**
  * The default client ID for authentication
  * @internal
@@ -1918,9 +1918,26 @@ class MsalClientCertificate extends MsalNode {
     async init(options) {
         try {
             const parts = await parseCertificate(this.configuration, this.sendCertificateChain);
+            let privateKey;
+            if (this.configuration.certificatePassword !== undefined) {
+                const privateKeyObject = crypto.createPrivateKey({
+                    key: parts.certificateContents,
+                    passphrase: this.configuration.certificatePassword,
+                    format: "pem",
+                });
+                privateKey = privateKeyObject
+                    .export({
+                    format: "pem",
+                    type: "pkcs8",
+                })
+                    .toString();
+            }
+            else {
+                privateKey = parts.certificateContents;
+            }
             this.msalConfig.auth.clientCertificate = {
                 thumbprint: parts.thumbprint,
-                privateKey: parts.certificateContents,
+                privateKey: privateKey,
                 x5c: parts.x5c,
             };
         }
@@ -2095,6 +2112,7 @@ const AllSupportedEnvironmentVariables = [
     "AZURE_CLIENT_ID",
     "AZURE_CLIENT_SECRET",
     "AZURE_CLIENT_CERTIFICATE_PATH",
+    "AZURE_CLIENT_CERTIFICATE_PASSWORD",
     "AZURE_USERNAME",
     "AZURE_PASSWORD",
 ];
@@ -2115,6 +2133,7 @@ class EnvironmentCredential {
      * Environment variables used for client credential authentication:
      * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
      * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
+     * - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
      *
      * Alternatively, users can provide environment variables for username and password authentication:
      * - `AZURE_USERNAME`: Username to authenticate with.
@@ -2140,9 +2159,10 @@ class EnvironmentCredential {
             return;
         }
         const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;
+        const certificatePassword = process.env.AZURE_CLIENT_CERTIFICATE_PASSWORD;
         if (tenantId && clientId && certificatePath) {
             logger$d.info(`Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`);
-            this._credential = new ClientCertificateCredential(tenantId, clientId, { certificatePath }, options);
+            this._credential = new ClientCertificateCredential(tenantId, clientId, { certificatePath, certificatePassword }, options);
             return;
         }
         const username = process.env.AZURE_USERNAME;