End to end TLS SSL

.gitignore

@@ -83,3 +83,7 @@ ClientAggregatePom.xml
 
 # Anaconda virtual env
 venv
+
+# NetBeans
+nbproject
+nb-configuration.xml

eng/versioning/external_dependencies.txt

@@ -63,6 +63,7 @@ org.apache.avro:avro-maven-plugin;1.9.2
 org.apache.commons:commons-compress;1.20
 org.apache.commons:commons-lang3;3.10
 org.apache.httpcomponents:httpclient;4.5.12
+org.apache.httpcomponents.client5:httpclient5;5.0.1
 org.apache.logging.log4j:log4j-api;2.13.3
 org.apache.logging.log4j:log4j-core;2.13.3
 org.apache.logging.log4j:log4j-slf4j-impl;2.13.3
@@ -79,6 +80,7 @@ org.powermock:powermock-api-mockito2;2.0.2
 org.powermock:powermock-module-junit4;2.0.2
 org.postgresql:postgresql;42.2.14
 org.slf4j:slf4j-api;1.7.30
+org.slf4j:slf4j-nop;1.7.30
 org.slf4j:slf4j-simple;1.7.30
 
 ## Spring boot dependency versions
@@ -232,6 +234,7 @@ org.apache.maven.plugins:maven-jxr-plugin;3.0.0
 org.apache.maven.plugins:maven-project-info-reports-plugin;3.0.0
 org.apache.maven.plugins:maven-release-plugin;2.5.3
 org.apache.maven.plugins:maven-resources-plugin;2.4.3
+org.apache.maven.plugins:maven-shade-plugin;3.2.4
 org.apache.maven.plugins:maven-site-plugin;3.7.1
 org.apache.maven.plugins:maven-source-plugin;3.0.1
 org.apache.maven.plugins:maven-surefire-plugin;3.0.0-M3

eng/versioning/version_client.txt

@@ -45,6 +45,7 @@ com.azure:azure-search-documents;11.1.1;11.2.0-beta.3
 com.azure:azure-search-perf;1.0.0-beta.1;1.0.0-beta.1
 com.azure:azure-security-keyvault-administration;4.0.0-beta.2;4.0.0-beta.3
 com.azure:azure-security-keyvault-certificates;4.1.2;4.2.0-beta.3
+com.azure:azure-security-keyvault-jca;1.0.0-beta.1;1.0.0-beta.1
 com.azure:azure-security-keyvault-keys;4.2.2;4.3.0-beta.3
 com.azure:azure-security-keyvault-secrets;4.2.2;4.3.0-beta.3
 com.azure:azure-sdk-template;1.2.1-beta.2;1.2.1-beta.16
@@ -66,6 +67,7 @@ com.azure.spring:azure-spring-boot-starter-active-directory-b2c;3.0.0-beta.1;3.0
 com.azure.spring:azure-spring-boot-starter-active-directory;3.0.0-beta.1;3.0.0-beta.1
 com.azure.spring:azure-spring-boot-starter-cosmos;3.0.0-beta.1;3.0.0-beta.1
 com.azure.spring:azure-spring-boot-starter-data-gremlin;3.0.0-beta.1;3.0.0-beta.1
+com.azure.spring:azure-spring-boot-starter-keyvault-certificates;3.0.0-beta.1;3.0.0-beta.1
 com.azure.spring:azure-spring-boot-starter-keyvault-secrets;3.0.0-beta.1;3.0.0-beta.1
 com.azure.spring:azure-spring-boot-starter-metrics;3.0.0-beta.1;3.0.0-beta.1
 com.azure.spring:azure-spring-boot-starter-servicebus-jms;3.0.0-beta.1;3.0.0-beta.1

sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md

@@ -0,0 +1,4 @@
+# Release History
+
+## 1.0.0-beta.1 (Unreleased)
+

sdk/keyvault/azure-security-keyvault-jca/README.md

@@ -0,0 +1,127 @@
+# JCA Provider for Azure Key Vault
+
+The JCA Provider for Azure Key Vault is a JCA provider for certificates in 
+Azure Key Vault. It is built on four principles:
+
+1. Must be extremely thin to run within a JVM
+1. Must not introduce any library version conflicts with Java app code dependencies
+1. Must not introduce any class loader hierarchy conflicts with Java app code dependencies
+1. Must be ready for "never trust, always verify and credential-free" Zero Trust environments.
+
+## Testing the version under development
+
+If you want to test the current version under development you will have to
+build and install it into your local Maven repository. To do so use the 
+following command line:
+
+```
+  mvn clean install -DskipTests=true
+```
+
+## Server side SSL
+
+If you are looking to integrate the JCA provider to create a SSLServerSocket
+see the example below.
+
+```java
+    KeyVaultJcaProvider provider = new KeyVaultJcaProvider();
+    Security.addProvider(provider);
+
+    KeyStore ks = KeyStore.getInstance("AzureKeyVault");
+    KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
+        System.getProperty("azure.keyvault.uri"), 
+        System.getProperty("azure.tenant.id"), 
+        System.getProperty("azure.client.id"),
+        System.getProperty("azure.client.secret"));
+    ks.load(parameter);
+
+    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+    kmf.init(ks, "".toCharArray());
+
+    SSLContext context = SSLContext.getInstance("TLS");
+    context.init(kmf.getKeyManagers(), null, null);
+
+    SSLServerSocketFactory factory = (SSLServerSocketFactory) context.getServerSocketFactory();
+    SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765);
+```
+
+Note if you want to use Azure managed identity, you should set the value
+of `azure.keyvault.uri`, and the rest of the parameters would be `null`.
+
+## Client side SSL
+
+If you are looking to integrate the JCA provider for client side socket 
+connections, see the Apache HTTP client example below.
+
+```java
+    KeyVaultJcaProvider provider = new KeyVaultJcaProvider();
+    Security.addProvider(provider);
+
+    KeyStore ks = KeyStore.getInstance("AzureKeyVault");
+    KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
+            System.getProperty("azure.keyvault.uri"), 
+            System.getProperty("azure.tenant.id"), 
+            System.getProperty("azure.client.id"),
+            System.getProperty("azure.client.secret"));
+    ks.load(parameter);
+
+    SSLContext sslContext = SSLContexts
+            .custom()
+            .loadTrustMaterial(ks, new TrustSelfSignedStrategy())
+            .build();
+
+    SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder
+            .create()
+            .setSslContext(sslContext)
+            .setHostnameVerifier((hostname, session) -> {
+                return true;
+            })
+            .build();
+
+    PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder
+            .create()
+            .setSSLSocketFactory(sslSocketFactory)
+            .build();
+
+    String result = null;
+
+    try ( CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) {
+        HttpGet httpGet = new HttpGet("https://localhost:8766");
+        HttpClientResponseHandler<String> responseHandler = (ClassicHttpResponse response) -> {
+            int status = response.getCode();
+            String result1 = "Not success";
+            if (status == 204) {
+                result1 = "Success";
+            }
+            return result1;
+        };
+        result = client.execute(httpGet, responseHandler);
+    } catch (IOException ioe) {
+        ioe.printStackTrace();
+    }
+```
+
+Note if you want to use Azure managed identity, you should set the value
+of `azure.keyvault.uri`, and the rest of the parameters would be `null`.
+
+## Spring Boot
+
+For Spring Boot applications see our [Spring Boot starter]<!--(../../spring/azure-spring-boot-starter-keyvault-certificates/README.md)-->.
+
+## Reference
+
+1. [Java Cryptography Architecture (JCA) Reference Guide](https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html)
+
+# Azure KeyVault JCA client library for Java
+
+# Getting started
+
+# Key concepts
+
+# Examples
+
+# Troubleshooting
+
+# Next steps
+
+# Contributing