Python script to print out information to configure an Azure app's keyCredentials entry.

azure-key-credentials.py

#!/usr/bin/env python3

import os
import sys
from base64 import b64encode
from uuid import uuid4

try:
    from cryptography import x509
    from cryptography.hazmat.backends import default_backend
    from cryptography.hazmat.primitives import hashes
except ImportError:
    print("Please install cryptography: `pip install cryptography`")
    sys.exit(1)

if len(sys.argv) < 2 or not os.path.exists(sys.argv[1]):
    print("Specify the path to the certificate as the first argument:\n"
          "\tpython %s /path/to/cert" % sys.argv[0].rsplit('/')[-1])
    sys.exit(1)

with open(sys.argv[1], 'rb') as fp:
    _cert_string = fp.read()
    _cert_x509 = x509.load_pem_x509_certificate(_cert_string,
                                                default_backend())
    cert_fp_hash = b64encode(_cert_x509.fingerprint(hashes.SHA1())).decode()
    cert_base64 = _cert_string.decode().replace('\n', '')
    cert_base64 = cert_base64.replace('-----BEGIN CERTIFICATE-----', '')
    cert_base64 = cert_base64.replace('-----END CERTIFICATE-----', '')
key_id = uuid4()

print(f'Custom Key Identifier (SHA1 hash of certificate fingerprint): {cert_fp_hash}')
print(f'Key ID: {key_id}')
print(f'Base64 encoded certificate:\n{cert_base64}\n')

print(f'''Azure App credentials format:
{{
  "customKeyIdentifier": "{cert_fp_hash}",
  "keyId": "{key_id}",
  "type": "AsymmetricX509Cert",
  "usage": "Verify",
  "value": "{cert_base64}"
}}
''')