From 3921af07a1265fa7482be240b2047b12ba0a05bb Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Tue, 29 Jun 2021 08:50:14 +0800 Subject: [PATCH] 1. Make KeyVaultJcaProvider can work when keyvault-uri is not set. (#22488) 2. Delete unused property: azure.keyvault.aad-authentication-url 3. Reuse the code in test. 4. Rename KeyVaultProperties to AzureKeyVaultProperties. 5. Add AzureCertPathProperties. --- .../keyvault/jca/KeyVaultClientTest.java | 59 +++++++------------ .../starter/AzureCertPathProperties.java | 42 +++++++++++++ ...ties.java => AzureKeyVaultProperties.java} | 4 +- ...tCertificatesEnvironmentPostProcessor.java | 5 -- 4 files changed, 65 insertions(+), 45 deletions(-) create mode 100644 sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/AzureCertPathProperties.java rename sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/{KeyVaultProperties.java => AzureKeyVaultProperties.java} (97%) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java index a5510b9dcf000..9428349470d64 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java @@ -28,81 +28,64 @@ public class KeyVaultClientTest { private static final String KEY_VAULT_TEST_URI_US = "https://fake.vault.usgovcloudapi.net/"; private static final String KEY_VAULT_TEST_URI_DE = "https://fake.vault.microsoftazure.de/"; - private KeyVaultClient kvClient; + private KeyVaultClient keyVaultClient; /** * Test initialization of keyVaultBaseUri and aadAuthenticationUrl. - * */ @Test public void testInitializationOfGlobalURI() { - kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_GLOBAL, null); - Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_GLOBAL); - Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_GLOBAL); + keyVaultClient = new KeyVaultClient(KEY_VAULT_TEST_URI_GLOBAL, null); + Assertions.assertEquals(keyVaultClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_GLOBAL); + Assertions.assertEquals(keyVaultClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_GLOBAL); } @Test public void testInitializationOfCNURI() { - kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_CN, null); - Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_CN); - Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_CN); + keyVaultClient = new KeyVaultClient(KEY_VAULT_TEST_URI_CN, null); + Assertions.assertEquals(keyVaultClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_CN); + Assertions.assertEquals(keyVaultClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_CN); } @Test public void testInitializationOfUSURI() { - kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_US, null); - Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_US); - Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_US); + keyVaultClient = new KeyVaultClient(KEY_VAULT_TEST_URI_US, null); + Assertions.assertEquals(keyVaultClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_US); + Assertions.assertEquals(keyVaultClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_US); } @Test public void testInitializationOfDEURI() { - kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_DE, null); - Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_DE); - Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_DE); + keyVaultClient = new KeyVaultClient(KEY_VAULT_TEST_URI_DE, null); + Assertions.assertEquals(keyVaultClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_DE); + Assertions.assertEquals(keyVaultClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_DE); } @Test @Disabled public void testGetAliases() { - String tenantId = System.getProperty("azure.keyvault.tenant-id"); - String clientId = System.getProperty("azure.keyvault.client-id"); - String clientSecret = System.getProperty("azure.keyvault.client-secret"); - String keyVaultUri = System.getProperty("azure.keyvault.uri"); - KeyVaultClient keyVaultClient = new KeyVaultClient( - keyVaultUri, System.getProperty("azure.keyvault.aad-authentication-url"), - tenantId, - clientId, - clientSecret); - List result = keyVaultClient.getAliases(); + List result = getKeyVaultClient().getAliases(); assertNotNull(result); } @Test @Disabled public void testGetCertificate() { - String tenantId = System.getProperty("azure.keyvault.tenant-id"); - String clientId = System.getProperty("azure.keyvault.client-id"); - String clientSecret = System.getProperty("azure.keyvault.client-secret"); - String keyVaultUri = System.getProperty("azure.keyvault.uri"); - KeyVaultClient keyVaultClient = new KeyVaultClient( - keyVaultUri, System.getProperty("azure.keyvault.aad-authentication-url"), - tenantId, - clientId, - clientSecret); - Certificate certificate = keyVaultClient.getCertificate("myalias"); + Certificate certificate = getKeyVaultClient().getCertificate("myalias"); assertNotNull(certificate); } @Test @Disabled public void testGetKey() { + assertNull(getKeyVaultClient().getKey("myalias", null)); + } + + private KeyVaultClient getKeyVaultClient() { + String keyVaultUri = System.getProperty("azure.keyvault.uri"); String tenantId = System.getProperty("azure.keyvault.tenant-id"); String clientId = System.getProperty("azure.keyvault.client-id"); String clientSecret = System.getProperty("azure.keyvault.client-secret"); - String keyVaultUri = System.getProperty("azure.keyvault.uri"); - KeyVaultClient keyVaultClient = new KeyVaultClient( - keyVaultUri, System.getProperty("azure.keyvault.aad-authentication-url"), tenantId, clientId, clientSecret); - assertNull(keyVaultClient.getKey("myalias", null)); + return new KeyVaultClient(keyVaultUri, tenantId, clientId, clientSecret); } } diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/AzureCertPathProperties.java b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/AzureCertPathProperties.java new file mode 100644 index 0000000000000..c7fd683fda3f0 --- /dev/null +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/AzureCertPathProperties.java @@ -0,0 +1,42 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. +package com.azure.spring.security.keyvault.certificates.starter; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.context.properties.EnableConfigurationProperties; + +/** + * This is used to generate spring-configuration-metadata.json + * + * @see Metadata + */ +@EnableConfigurationProperties({ AzureCertPathProperties.class }) +@ConfigurationProperties("azure.cert-path") +public class AzureCertPathProperties { + + /** + * The path to put custom certificates + */ + private String custom; + + /** + * The path to put well-known certificates + */ + private String wellKnown; + + public String getCustom() { + return custom; + } + + public String getWellKnown() { + return wellKnown; + } + + public void setCustom(String custom) { + this.custom = custom; + } + + public void setWellKnown(String wellKnown) { + this.wellKnown = wellKnown; + } +} diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultProperties.java b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/AzureKeyVaultProperties.java similarity index 97% rename from sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultProperties.java rename to sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/AzureKeyVaultProperties.java index 1c485c0a1ec13..3e4941e174283 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultProperties.java +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/AzureKeyVaultProperties.java @@ -10,9 +10,9 @@ * * @see Metadata */ -@EnableConfigurationProperties({ KeyVaultProperties.class }) +@EnableConfigurationProperties({ AzureKeyVaultProperties.class }) @ConfigurationProperties("azure.keyvault") -public class KeyVaultProperties { +public class AzureKeyVaultProperties { /** * The URI to the Azure Key Vault used */ diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java index 4035b33dc80dc..9a88aa450f66e 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java @@ -27,11 +27,6 @@ public class KeyVaultCertificatesEnvironmentPostProcessor implements Environment @Override public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) { - if (environment.getProperty("azure.keyvault.uri") == null) { - return; - } - - putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.aad-authentication-url"); putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.uri"); putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.tenant-id"); putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.client-id");