From f12cb5b08058d9497b03fd880ce380b3842b0031 Mon Sep 17 00:00:00 2001 From: Yi Liu Date: Mon, 12 Apr 2021 10:06:14 +0800 Subject: [PATCH 1/8] identity and configure cloud from keyvault uri --- .../security/keyvault/jca/Constants.java | 20 +++++++++ .../security/keyvault/jca/KeyVaultClient.java | 45 ++++++++++++++----- .../keyvault/jca/KeyVaultKeyStore.java | 4 +- .../jca/KeyVaultLoadStoreParameter.java | 33 -------------- .../keyvault/jca/ClientSSLSample.java | 1 - .../keyvault/jca/ServerSSLSample.java | 1 - .../keyvault/jca/KeyVaultJcaProviderTest.java | 1 - .../keyvault/jca/KeyVaultKeyStoreTest.java | 9 ---- .../jca/KeyVaultLoadStoreParameterTest.java | 1 - .../keyvault/jca/ServerSocketTest.java | 2 - .../side/SampleApplicationConfiguration.java | 2 - 11 files changed, 55 insertions(+), 64 deletions(-) create mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java new file mode 100644 index 000000000000..e74a58cc1166 --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java @@ -0,0 +1,20 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.security.keyvault.jca; + +/** + * Constants used for Key Vault related URLs. + */ +public class Constants { + + public static final String KEY_VAULT_BASE_URI_GLOBAL = "vault.azure.net/"; + public static final String KEY_VAULT_BASE_URI_CN = "vault.azure.cn/"; + public static final String KEY_VAULT_BASE_URI_US = "vault.usgovcloudapi.net/"; + public static final String KEY_VAULT_BASE_URI_DE = "vault.microsoftazure.de/"; + + public static final String AAD_LOGIN_GLOBAL_URI = "https://login.microsoftonline.com/"; + public static final String AAD_LOGIN_CN_URI = "https://login.partner.microsoftonline.cn/"; + public static final String AAD_LOGIN_US_URI = "https://login.microsoftonline.us/"; + public static final String AAD_LOGIN_DE_URI = "https://login.microsoftonline.de/"; +} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 0164a1ae1ba6..a7704284e493 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -35,6 +35,14 @@ import java.util.Optional; import java.util.logging.Logger; +import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_CN_URI; +import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_DE_URI; +import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_GLOBAL_URI; +import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_US_URI; +import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_CN; +import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_DE; +import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_GLOBAL; +import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_US; import static java.util.logging.Level.INFO; import static java.util.logging.Level.WARNING; @@ -47,12 +55,18 @@ class KeyVaultClient extends DelegateRestClient { * Stores the logger. */ private static final Logger LOGGER = Logger.getLogger(KeyVaultClient.class.getName()); + private static final String HTTPS_PREFIX = "https://"; /** * Stores the API version postfix. */ private static final String API_VERSION_POSTFIX = "?api-version=7.1"; + /** + * Stores the Key Vault cloud URI. + */ + private String keyVaultBaseUri; + /** * Stores the Azure Key Vault URL. */ @@ -97,6 +111,23 @@ class KeyVaultClient extends DelegateRestClient { keyVaultUri = keyVaultUri + "/"; } this.keyVaultUrl = keyVaultUri; + String dnsSuffix = keyVaultUri.split("\\.",2)[1]; + this.keyVaultBaseUri = HTTPS_PREFIX + dnsSuffix; + switch(dnsSuffix) + { + case KEY_VAULT_BASE_URI_GLOBAL : + this.aadAuthenticationUrl = AAD_LOGIN_GLOBAL_URI; + break; + case KEY_VAULT_BASE_URI_CN : + this.aadAuthenticationUrl = AAD_LOGIN_CN_URI; + break; + case KEY_VAULT_BASE_URI_US : + this.aadAuthenticationUrl = AAD_LOGIN_US_URI; + break; + case KEY_VAULT_BASE_URI_DE: + this.aadAuthenticationUrl = AAD_LOGIN_DE_URI; + break; + } } /** @@ -106,12 +137,7 @@ class KeyVaultClient extends DelegateRestClient { * @param managedIdentity the managed identity object ID. */ KeyVaultClient(String keyVaultUri, String managedIdentity) { - super(RestClientFactory.createClient()); - LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri); - if (!keyVaultUri.endsWith("/")) { - keyVaultUri = keyVaultUri + "/"; - } - this.keyVaultUrl = keyVaultUri; + this(keyVaultUri); this.managedIdentity = managedIdentity; } @@ -119,15 +145,12 @@ class KeyVaultClient extends DelegateRestClient { * Constructor. * * @param keyVaultUri the Azure Key Vault URI. - * @param aadAuthenticationUrl the Azure AD authentication URL. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. */ - KeyVaultClient(final String keyVaultUri, final String aadAuthenticationUrl, - final String tenantId, final String clientId, final String clientSecret) { + KeyVaultClient(final String keyVaultUri, final String tenantId, final String clientId, final String clientSecret) { this(keyVaultUri); - this.aadAuthenticationUrl = aadAuthenticationUrl; this.tenantId = tenantId; this.clientId = clientId; this.clientSecret = clientSecret; @@ -144,7 +167,7 @@ private String getAccessToken() { try { AuthClient authClient = new AuthClient(); - String resource = URLEncoder.encode("https://vault.azure.net", "UTF-8"); + String resource = URLEncoder.encode(keyVaultBaseUri, "UTF-8"); if (managedIdentity != null) { managedIdentity = URLEncoder.encode(managedIdentity, "UTF-8"); } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 0825389a98c4..7fa1f013e000 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -93,13 +93,12 @@ public final class KeyVaultKeyStore extends KeyStoreSpi { public KeyVaultKeyStore() { creationDate = new Date(); String keyVaultUri = System.getProperty("azure.keyvault.uri"); - String aadAuthenticationUrl = System.getProperty("azure.keyvault.aad-authentication-url"); String tenantId = System.getProperty("azure.keyvault.tenant-id"); String clientId = System.getProperty("azure.keyvault.client-id"); String clientSecret = System.getProperty("azure.keyvault.client-secret"); String managedIdentity = System.getProperty("azure.keyvault.managed-identity"); if (clientId != null) { - keyVaultClient = new KeyVaultClient(keyVaultUri, aadAuthenticationUrl, tenantId, clientId, clientSecret); + keyVaultClient = new KeyVaultClient(keyVaultUri, tenantId, clientId, clientSecret); } else { keyVaultClient = new KeyVaultClient(keyVaultUri, managedIdentity); } @@ -223,7 +222,6 @@ public void engineLoad(KeyStore.LoadStoreParameter param) { if (parameter.getClientId() != null) { keyVaultClient = new KeyVaultClient( parameter.getUri(), - parameter.getAadAuthenticationUrl(), parameter.getTenantId(), parameter.getClientId(), parameter.getClientSecret()); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java index 5fa594e69ae8..7c187cafce12 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java @@ -10,18 +10,11 @@ */ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { - private static final String DEFAULT_AAD_AUTHENTICATION_URL = "https://login.microsoftonline.com/"; - /** * Stores the URI. */ private final String uri; - /** - * Stores the Azure AD authentication URL. - */ - private final String aadAuthenticationUrl; - /** * Stores the tenant id. */ @@ -59,7 +52,6 @@ public KeyVaultLoadStoreParameter(String uri) { */ public KeyVaultLoadStoreParameter(String uri, String managedIdentity) { this.uri = uri; - this.aadAuthenticationUrl = null; this.tenantId = null; this.clientId = null; this.clientSecret = null; @@ -75,23 +67,7 @@ public KeyVaultLoadStoreParameter(String uri, String managedIdentity) { * @param clientSecret the client secret. */ public KeyVaultLoadStoreParameter(String uri, String tenantId, String clientId, String clientSecret) { - this(uri, DEFAULT_AAD_AUTHENTICATION_URL, tenantId, clientId, clientSecret); - } - - - /** - * Constructor. - * - * @param uri the Azure Key Vault URI. - * @param aadAuthenticationUrl the Azure AD authentication URL. - * @param tenantId the tenant ID. - * @param clientId the client ID. - * @param clientSecret the client secret. - */ - public KeyVaultLoadStoreParameter(String uri, String aadAuthenticationUrl, - String tenantId, String clientId, String clientSecret) { this.uri = uri; - this.aadAuthenticationUrl = aadAuthenticationUrl; this.tenantId = tenantId; this.clientId = clientId; this.clientSecret = clientSecret; @@ -109,15 +85,6 @@ public KeyStore.ProtectionParameter getProtectionParameter() { return null; } - /** - * Get the Azure AD authentication URL. - * - * @return the Azure AD authentication URL. - */ - public String getAadAuthenticationUrl() { - return aadAuthenticationUrl; - } - /** * Get the client id. * diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java index 8d4e5de63ad0..2fee65dbda8d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java @@ -31,7 +31,6 @@ public static void main(String[] args) throws Exception { KeyStore keyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java index 277b6f146032..abf6d7997da6 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java @@ -21,7 +21,6 @@ public static void main(String[] args) throws Exception { KeyStore keyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java index 8169304c35e2..698719fe0535 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java @@ -36,7 +36,6 @@ public void testGetCertificate() throws Exception { KeyStore keystore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java index 3f21b76a6484..751262427f8c 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java @@ -51,7 +51,6 @@ public void testEngineGetCertificate() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -64,7 +63,6 @@ public void testEngineGetCertificateAlias() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -77,7 +75,6 @@ public void testEngineGetCertificateChain() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -90,7 +87,6 @@ public void testEngineIsCertificateEntry() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -103,7 +99,6 @@ public void testEngineSetCertificateEntry() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -128,7 +123,6 @@ public void testEngineGetKey() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -141,7 +135,6 @@ public void testEngineIsKeyEntry() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -166,7 +159,6 @@ public void testEngineAliases() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -179,7 +171,6 @@ public void testEngineContainsAlias() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java index f042f23ba319..68912a740c48 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java @@ -19,7 +19,6 @@ public class KeyVaultLoadStoreParameterTest { public void testGetProtectionParameter() { KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), null, null, null diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index 668e61eb8137..29a8328ac8cd 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -60,7 +60,6 @@ public void testServerSocket() throws Exception { KeyStore ks = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - null, System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -166,7 +165,6 @@ public void testServerSocketWithSelfSignedClientTrust() throws Exception { KeyStore ks = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - null, System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/src/main/java/com/azure/spring/security/keyvault/certificates/sample/client/side/SampleApplicationConfiguration.java b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/src/main/java/com/azure/spring/security/keyvault/certificates/sample/client/side/SampleApplicationConfiguration.java index 6404389aa721..5ba9a58d5d4a 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/src/main/java/com/azure/spring/security/keyvault/certificates/sample/client/side/SampleApplicationConfiguration.java +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/src/main/java/com/azure/spring/security/keyvault/certificates/sample/client/side/SampleApplicationConfiguration.java @@ -27,7 +27,6 @@ public RestTemplate restTemplateWithTLS() throws Exception { KeyStore trustStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -50,7 +49,6 @@ public RestTemplate restTemplateWithMTLS() throws Exception { KeyStore azuerKeyVaultKeyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); From bc6e71a9013444580fd9aa6004a0417a874f25d1 Mon Sep 17 00:00:00 2001 From: Yi Liu Date: Tue, 13 Apr 2021 11:13:58 +0800 Subject: [PATCH 2/8] add unit test to check url initialization --- .../security/keyvault/jca/Constants.java | 8 +-- .../security/keyvault/jca/KeyVaultClient.java | 12 +++- .../keyvault/jca/KeyVaultClientTest.java | 56 +++++++++++++++++++ 3 files changed, 71 insertions(+), 5 deletions(-) create mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java index e74a58cc1166..db46dc12b357 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java @@ -8,10 +8,10 @@ */ public class Constants { - public static final String KEY_VAULT_BASE_URI_GLOBAL = "vault.azure.net/"; - public static final String KEY_VAULT_BASE_URI_CN = "vault.azure.cn/"; - public static final String KEY_VAULT_BASE_URI_US = "vault.usgovcloudapi.net/"; - public static final String KEY_VAULT_BASE_URI_DE = "vault.microsoftazure.de/"; + public static final String KEY_VAULT_BASE_URI_GLOBAL = "https://vault.azure.net/"; + public static final String KEY_VAULT_BASE_URI_CN = "https://vault.azure.cn/"; + public static final String KEY_VAULT_BASE_URI_US = "https://vault.usgovcloudapi.net/"; + public static final String KEY_VAULT_BASE_URI_DE = "https://vault.microsoftazure.de/"; public static final String AAD_LOGIN_GLOBAL_URI = "https://login.microsoftonline.com/"; public static final String AAD_LOGIN_CN_URI = "https://login.partner.microsoftonline.cn/"; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index a7704284e493..8ab9fe15ab91 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -113,7 +113,7 @@ class KeyVaultClient extends DelegateRestClient { this.keyVaultUrl = keyVaultUri; String dnsSuffix = keyVaultUri.split("\\.",2)[1]; this.keyVaultBaseUri = HTTPS_PREFIX + dnsSuffix; - switch(dnsSuffix) + switch(keyVaultBaseUri) { case KEY_VAULT_BASE_URI_GLOBAL : this.aadAuthenticationUrl = AAD_LOGIN_GLOBAL_URI; @@ -127,6 +127,8 @@ class KeyVaultClient extends DelegateRestClient { case KEY_VAULT_BASE_URI_DE: this.aadAuthenticationUrl = AAD_LOGIN_DE_URI; break; + default: + throw new IllegalArgumentException("Property of azure.keyvault.uri is illegal."); } } @@ -350,4 +352,12 @@ private PrivateKey createPrivateKeyFromPem(String pemString) KeyFactory factory = KeyFactory.getInstance("RSA"); return factory.generatePrivate(spec); } + + String getKeyVaultBaseUri() { + return keyVaultBaseUri; + } + + String getAadAuthenticationUrl() { + return aadAuthenticationUrl; + } } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java new file mode 100644 index 000000000000..9dd9589178c2 --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java @@ -0,0 +1,56 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.security.keyvault.jca; + +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_CN_URI; +import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_DE_URI; +import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_GLOBAL_URI; +import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_US_URI; +import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_CN; +import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_DE; +import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_GLOBAL; +import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_US; +public class KeyVaultClientTest { + + private static final String KEY_VAULT_TEST_URI_GLOBAL = "https://fake.vault.azure.net/"; + private static final String KEY_VAULT_TEST_URI_CN = "https://fake.vault.azure.cn/"; + private static final String KEY_VAULT_TEST_URI_US = "https://fake.vault.usgovcloudapi.net/"; + private static final String KEY_VAULT_TEST_URI_DE = "https://fake.vault.microsoftazure.de/"; + + private KeyVaultClient kvClient; + + /** + * Test initialization of keyVaultBaseUri and aadAuthenticationUrl. + * + */ + @Test + public void testInitializationOfGlobalURI() { + kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_GLOBAL); + Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_GLOBAL); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_GLOBAL_URI); + } + + @Test + public void testInitializationOfCNURI() { + kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_CN); + Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_CN); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_CN_URI); + } + + @Test + public void testInitializationOfUSURI() { + kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_US); + Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_US); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_US_URI); + } + + @Test + public void testInitializationOfDEURI() { + kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_DE); + Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_DE); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_DE_URI); + } +} From b5d8adf649c0434bba992af6ae3c3fdc4acb4956 Mon Sep 17 00:00:00 2001 From: Yi Liu Date: Wed, 14 Apr 2021 11:09:12 +0800 Subject: [PATCH 3/8] fix pipeline error --- sdk/keyvault/azure-security-keyvault-jca/README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 0b1f336c67d6..a2b5cc320528 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -38,7 +38,7 @@ az keyvault create --resource-group --name + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); @@ -46,7 +46,6 @@ Security.addProvider(provider); KeyStore keyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -67,7 +66,7 @@ Note if you want to use Azure Managed Identity, you should set the value of `azu ### Client side SSL If you are looking to integrate the JCA provider for client side socket connections, see the Apache HTTP client example below. - + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); @@ -75,7 +74,6 @@ Security.addProvider(provider); KeyStore keyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); From f3c60f7587bccced0861222ed9c3f1ed85239050 Mon Sep 17 00:00:00 2001 From: Yi Liu Date: Wed, 14 Apr 2021 22:00:12 +0800 Subject: [PATCH 4/8] remove slash in base uri --- .../java/com/azure/security/keyvault/jca/Constants.java | 8 ++++---- .../com/azure/security/keyvault/jca/KeyVaultClient.java | 5 ++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java index db46dc12b357..13af7acc54d3 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java @@ -8,10 +8,10 @@ */ public class Constants { - public static final String KEY_VAULT_BASE_URI_GLOBAL = "https://vault.azure.net/"; - public static final String KEY_VAULT_BASE_URI_CN = "https://vault.azure.cn/"; - public static final String KEY_VAULT_BASE_URI_US = "https://vault.usgovcloudapi.net/"; - public static final String KEY_VAULT_BASE_URI_DE = "https://vault.microsoftazure.de/"; + public static final String KEY_VAULT_BASE_URI_GLOBAL = "https://vault.azure.net"; + public static final String KEY_VAULT_BASE_URI_CN = "https://vault.azure.cn"; + public static final String KEY_VAULT_BASE_URI_US = "https://vault.usgovcloudapi.net"; + public static final String KEY_VAULT_BASE_URI_DE = "https://vault.microsoftazure.de"; public static final String AAD_LOGIN_GLOBAL_URI = "https://login.microsoftonline.com/"; public static final String AAD_LOGIN_CN_URI = "https://login.partner.microsoftonline.cn/"; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index f970d56af332..534dcb295a7f 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -110,7 +110,10 @@ class KeyVaultClient extends DelegateRestClient { keyVaultUri = keyVaultUri + "/"; } this.keyVaultUrl = keyVaultUri; - String dnsSuffix = keyVaultUri.split("\\.",2)[1]; + String dnsSuffix = Optional.of(keyVaultUri) + .map(uri -> uri.split("\\.",2)[1]) + .map(suffix -> suffix.substring(0, suffix.length()-1)) + .get(); this.keyVaultBaseUri = HTTPS_PREFIX + dnsSuffix; switch(keyVaultBaseUri) { From 9dfa6cbee8e5105d5114412a0c84f1638910d301 Mon Sep 17 00:00:00 2001 From: Yi Liu Date: Thu, 15 Apr 2021 15:10:32 +0800 Subject: [PATCH 5/8] refactor contructors --- .../azure-security-keyvault-jca/README.md | 2 +- .../security/keyvault/jca/Constants.java | 20 ----- .../security/keyvault/jca/KeyVaultClient.java | 79 +++++++++---------- .../azure/security/keyvault/jca/UriUtil.java | 42 ++++++++++ .../keyvault/jca/KeyVaultClientTest.java | 24 +++--- .../README.md | 6 +- 6 files changed, 93 insertions(+), 80 deletions(-) delete mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java create mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index a98b87179cce..16bfd9db31f9 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -66,7 +66,7 @@ Note if you want to use Azure Managed Identity, you should set the value of `azu ### Client side SSL If you are looking to integrate the JCA provider for client side socket connections, see the Apache HTTP client example below. - + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java deleted file mode 100644 index 13af7acc54d3..000000000000 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.security.keyvault.jca; - -/** - * Constants used for Key Vault related URLs. - */ -public class Constants { - - public static final String KEY_VAULT_BASE_URI_GLOBAL = "https://vault.azure.net"; - public static final String KEY_VAULT_BASE_URI_CN = "https://vault.azure.cn"; - public static final String KEY_VAULT_BASE_URI_US = "https://vault.usgovcloudapi.net"; - public static final String KEY_VAULT_BASE_URI_DE = "https://vault.microsoftazure.de"; - - public static final String AAD_LOGIN_GLOBAL_URI = "https://login.microsoftonline.com/"; - public static final String AAD_LOGIN_CN_URI = "https://login.partner.microsoftonline.cn/"; - public static final String AAD_LOGIN_US_URI = "https://login.microsoftonline.us/"; - public static final String AAD_LOGIN_DE_URI = "https://login.microsoftonline.de/"; -} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 534dcb295a7f..b6b72e6394aa 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -34,14 +34,7 @@ import java.util.Optional; import java.util.logging.Logger; -import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_CN_URI; -import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_DE_URI; -import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_GLOBAL_URI; -import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_US_URI; -import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_CN; -import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_DE; -import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_GLOBAL; -import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_US; +import static com.azure.security.keyvault.jca.UriUtil.getAADLoginURIByKeyVaultBaseUri; import static java.util.logging.Level.INFO; import static java.util.logging.Level.WARNING; @@ -99,54 +92,26 @@ class KeyVaultClient extends DelegateRestClient { private String managedIdentity; /** - * Constructor. + * Constructor for authentication with system-assigned managed identity. * * @param keyVaultUri the Azure Key Vault URI. */ KeyVaultClient(String keyVaultUri) { - super(RestClientFactory.createClient()); - LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri); - if (!keyVaultUri.endsWith("/")) { - keyVaultUri = keyVaultUri + "/"; - } - this.keyVaultUrl = keyVaultUri; - String dnsSuffix = Optional.of(keyVaultUri) - .map(uri -> uri.split("\\.",2)[1]) - .map(suffix -> suffix.substring(0, suffix.length()-1)) - .get(); - this.keyVaultBaseUri = HTTPS_PREFIX + dnsSuffix; - switch(keyVaultBaseUri) - { - case KEY_VAULT_BASE_URI_GLOBAL : - this.aadAuthenticationUrl = AAD_LOGIN_GLOBAL_URI; - break; - case KEY_VAULT_BASE_URI_CN : - this.aadAuthenticationUrl = AAD_LOGIN_CN_URI; - break; - case KEY_VAULT_BASE_URI_US : - this.aadAuthenticationUrl = AAD_LOGIN_US_URI; - break; - case KEY_VAULT_BASE_URI_DE: - this.aadAuthenticationUrl = AAD_LOGIN_DE_URI; - break; - default: - throw new IllegalArgumentException("Property of azure.keyvault.uri is illegal."); - } + this(keyVaultUri, null, null, null, null); } /** - * Constructor. + * Constructor for authentication with user-assigned managed identity. * * @param keyVaultUri the Azure Key Vault URI. - * @param managedIdentity the managed identity object ID. + * @param managedIdentity the user-assigned managed identity object ID. */ KeyVaultClient(String keyVaultUri, String managedIdentity) { - this(keyVaultUri); - this.managedIdentity = managedIdentity; + this(keyVaultUri, null, null, null, managedIdentity); } /** - * Constructor. + * Constructor for authentication with service principal. * * @param keyVaultUri the Azure Key Vault URI. * @param tenantId the tenant ID. @@ -154,10 +119,38 @@ class KeyVaultClient extends DelegateRestClient { * @param clientSecret the client secret. */ KeyVaultClient(final String keyVaultUri, final String tenantId, final String clientId, final String clientSecret) { - this(keyVaultUri); + this(keyVaultUri, tenantId, clientId, clientSecret, null); + } + + + /** + * Constructor. + * + * @param keyVaultUri the Azure Key Vault URI. + * @param tenantId the tenant ID. + * @param clientId the client ID. + * @param clientSecret the client secret. + * @param managedIdentity the user-assigned managed identity object ID. + */ + KeyVaultClient(String keyVaultUri, String tenantId, String clientId, String clientSecret, String managedIdentity) { + super(RestClientFactory.createClient()); + LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri); + if (!keyVaultUri.endsWith("/")) { + keyVaultUri = keyVaultUri + "/"; + } + this.keyVaultUrl = keyVaultUri; + //Base Uri shouldn't end with a slash. + String domainNameSuffix = Optional.of(keyVaultUri) + .map(uri -> uri.split("\\.",2)[1]) + .map(suffix -> suffix.substring(0, suffix.length()-1)) + .get(); + keyVaultBaseUri = HTTPS_PREFIX + domainNameSuffix; + aadAuthenticationUrl = getAADLoginURIByKeyVaultBaseUri(keyVaultBaseUri); + this.tenantId = tenantId; this.clientId = clientId; this.clientSecret = clientSecret; + this.managedIdentity = managedIdentity; } /** diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java new file mode 100644 index 000000000000..755792f6a8a4 --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java @@ -0,0 +1,42 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.security.keyvault.jca; + +/** + * Constants used for Key Vault related URLs. + */ +public class UriUtil { + + public static final String KEY_VAULT_BASE_URI_GLOBAL = "https://vault.azure.net"; + public static final String KEY_VAULT_BASE_URI_CN = "https://vault.azure.cn"; + public static final String KEY_VAULT_BASE_URI_US = "https://vault.usgovcloudapi.net"; + public static final String KEY_VAULT_BASE_URI_DE = "https://vault.microsoftazure.de"; + + public static final String AAD_LOGIN_URI_GLOBAL = "https://login.microsoftonline.com/"; + public static final String AAD_LOGIN_URI_CN = "https://login.partner.microsoftonline.cn/"; + public static final String AAD_LOGIN_URI_US = "https://login.microsoftonline.us/"; + public static final String AAD_LOGIN_URI_DE = "https://login.microsoftonline.de/"; + + static String getAADLoginURIByKeyVaultBaseUri(String keyVaultBaseUri) { + String aadAuthenticationUrl; + switch(keyVaultBaseUri) + { + case KEY_VAULT_BASE_URI_GLOBAL : + aadAuthenticationUrl = AAD_LOGIN_URI_GLOBAL; + break; + case KEY_VAULT_BASE_URI_CN : + aadAuthenticationUrl = AAD_LOGIN_URI_CN; + break; + case KEY_VAULT_BASE_URI_US : + aadAuthenticationUrl = AAD_LOGIN_URI_US; + break; + case KEY_VAULT_BASE_URI_DE: + aadAuthenticationUrl = AAD_LOGIN_URI_DE; + break; + default: + throw new IllegalArgumentException("Property of azure.keyvault.uri is illegal."); + } + return aadAuthenticationUrl; + } +} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java index 9dd9589178c2..0bf5c606cc6d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java @@ -5,14 +5,14 @@ import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; -import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_CN_URI; -import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_DE_URI; -import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_GLOBAL_URI; -import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_US_URI; -import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_CN; -import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_DE; -import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_GLOBAL; -import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_US; +import static com.azure.security.keyvault.jca.UriUtil.AAD_LOGIN_URI_CN; +import static com.azure.security.keyvault.jca.UriUtil.AAD_LOGIN_URI_DE; +import static com.azure.security.keyvault.jca.UriUtil.AAD_LOGIN_URI_GLOBAL; +import static com.azure.security.keyvault.jca.UriUtil.AAD_LOGIN_URI_US; +import static com.azure.security.keyvault.jca.UriUtil.KEY_VAULT_BASE_URI_CN; +import static com.azure.security.keyvault.jca.UriUtil.KEY_VAULT_BASE_URI_DE; +import static com.azure.security.keyvault.jca.UriUtil.KEY_VAULT_BASE_URI_GLOBAL; +import static com.azure.security.keyvault.jca.UriUtil.KEY_VAULT_BASE_URI_US; public class KeyVaultClientTest { private static final String KEY_VAULT_TEST_URI_GLOBAL = "https://fake.vault.azure.net/"; @@ -30,27 +30,27 @@ public class KeyVaultClientTest { public void testInitializationOfGlobalURI() { kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_GLOBAL); Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_GLOBAL); - Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_GLOBAL_URI); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_GLOBAL); } @Test public void testInitializationOfCNURI() { kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_CN); Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_CN); - Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_CN_URI); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_CN); } @Test public void testInitializationOfUSURI() { kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_US); Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_US); - Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_US_URI); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_US); } @Test public void testInitializationOfDEURI() { kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_DE); Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_DE); - Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_DE_URI); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_DE); } } diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index e7132be2fc2d..6074db3ef27e 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -170,14 +170,13 @@ Make sure the client-id can access target Key Vault. Configure a `RestTemplate` bean which set the `AzureKeyVault` as trust store: - + ```java @Bean public RestTemplate restTemplateWithTLS() throws Exception { KeyStore trustStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -246,14 +245,13 @@ server: Step 2. On the client side, update `RestTemplate`. Example: - + ```java @Bean public RestTemplate restTemplateWithMTLS() throws Exception { KeyStore azuerKeyVaultKeyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); From 83203db84d2d02b2457b924fc4609a90a134124d Mon Sep 17 00:00:00 2001 From: Yi Liu Date: Thu, 15 Apr 2021 17:10:33 +0800 Subject: [PATCH 6/8] fix checkstyle errors --- .../java/com/azure/security/keyvault/jca/KeyVaultClient.java | 4 ++-- .../main/java/com/azure/security/keyvault/jca/UriUtil.java | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index b6b72e6394aa..e5667d9b6425 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -141,8 +141,8 @@ class KeyVaultClient extends DelegateRestClient { this.keyVaultUrl = keyVaultUri; //Base Uri shouldn't end with a slash. String domainNameSuffix = Optional.of(keyVaultUri) - .map(uri -> uri.split("\\.",2)[1]) - .map(suffix -> suffix.substring(0, suffix.length()-1)) + .map(uri -> uri.split("\\.", 2)[1]) + .map(suffix -> suffix.substring(0, suffix.length() - 1)) .get(); keyVaultBaseUri = HTTPS_PREFIX + domainNameSuffix; aadAuthenticationUrl = getAADLoginURIByKeyVaultBaseUri(keyVaultBaseUri); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java index 755792f6a8a4..541a001494c8 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java @@ -20,8 +20,7 @@ public class UriUtil { static String getAADLoginURIByKeyVaultBaseUri(String keyVaultBaseUri) { String aadAuthenticationUrl; - switch(keyVaultBaseUri) - { + switch (keyVaultBaseUri) { case KEY_VAULT_BASE_URI_GLOBAL : aadAuthenticationUrl = AAD_LOGIN_URI_GLOBAL; break; From 18d956ab2a7cb21c1ec6ef283c46969bdec49274 Mon Sep 17 00:00:00 2001 From: Yi Liu Date: Mon, 19 Apr 2021 09:35:32 +0800 Subject: [PATCH 7/8] add changelog --- sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md | 3 ++- .../CHANGELOG.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md index 42ad7e1bebff..17cad36e0da8 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md @@ -1,7 +1,8 @@ # Release History ## 1.0.0-beta.6 (Unreleased) - +### Breaking Changes + - Remove configurable property of azure.keyvault.aad-authentication-url. ## 1.0.0-beta.5 (2021-03-22) diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md index 247f1d350fa0..1b06083e130d 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md @@ -1,7 +1,7 @@ # Release History ## 3.0.0-beta.6 (Unreleased) - +- Remove configurable property of azure.keyvault.aad-authentication-url. ## 3.0.0-beta.5 (2021-03-22) ### New Features From 27f9f21ebee6eeb94b8592d07880c8a7b83dc7de Mon Sep 17 00:00:00 2001 From: Yi Liu Date: Mon, 19 Apr 2021 09:43:51 +0800 Subject: [PATCH 8/8] udpate changelog with pr url --- sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md | 2 +- .../CHANGELOG.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md index 17cad36e0da8..ff7c160cb516 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md @@ -2,7 +2,7 @@ ## 1.0.0-beta.6 (Unreleased) ### Breaking Changes - - Remove configurable property of azure.keyvault.aad-authentication-url. + - Remove configurable property of azure.keyvault.aad-authentication-url which is configured according to azure.keyvault.uri automatically [#20530](https://github.com/Azure/azure-sdk-for-java/pull/20530) ## 1.0.0-beta.5 (2021-03-22) diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md index 1b06083e130d..5bee48c86f8c 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md @@ -1,7 +1,7 @@ # Release History ## 3.0.0-beta.6 (Unreleased) -- Remove configurable property of azure.keyvault.aad-authentication-url. +- Remove configurable property of azure.keyvault.aad-authentication-url which is configured according to azure.keyvault.uri automatically [#20530](https://github.com/Azure/azure-sdk-for-java/pull/20530) ## 3.0.0-beta.5 (2021-03-22) ### New Features