From baa4ac308dafac6d72dfe0c0fcdad399aea797c7 Mon Sep 17 00:00:00 2001 From: Yi Liu Date: Mon, 19 Apr 2021 10:11:20 +0800 Subject: [PATCH] Configure cloud from keyvault uri (#20530) * identify and configure cloud environment from keyvault uri * add unit test to check url initialization * remove slash in base uri * refactor contructors * add changelog --- .../azure-security-keyvault-jca/CHANGELOG.md | 3 +- .../azure-security-keyvault-jca/README.md | 6 +- .../security/keyvault/jca/KeyVaultClient.java | 73 +++++++++++++------ .../keyvault/jca/KeyVaultKeyStore.java | 4 +- .../jca/KeyVaultLoadStoreParameter.java | 33 --------- .../azure/security/keyvault/jca/UriUtil.java | 41 +++++++++++ .../keyvault/jca/ClientSSLSample.java | 1 - .../keyvault/jca/ServerSSLSample.java | 1 - .../keyvault/jca/KeyVaultClientTest.java | 52 ++++++++++++- .../keyvault/jca/KeyVaultJcaProviderTest.java | 1 - .../keyvault/jca/KeyVaultKeyManagerTest.java | 1 - .../keyvault/jca/KeyVaultKeyStoreTest.java | 9 --- .../jca/KeyVaultLoadStoreParameterTest.java | 1 - .../keyvault/jca/ServerSocketTest.java | 2 - .../side/SampleApplicationConfiguration.java | 2 - .../CHANGELOG.md | 2 +- .../README.md | 6 +- 17 files changed, 151 insertions(+), 87 deletions(-) create mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java diff --git a/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md index 42ad7e1bebff4..ff7c160cb516e 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md @@ -1,7 +1,8 @@ # Release History ## 1.0.0-beta.6 (Unreleased) - +### Breaking Changes + - Remove configurable property of azure.keyvault.aad-authentication-url which is configured according to azure.keyvault.uri automatically [#20530](https://github.com/Azure/azure-sdk-for-java/pull/20530) ## 1.0.0-beta.5 (2021-03-22) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index d47be3b1b4d5b..16bfd9db31f99 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -38,7 +38,7 @@ az keyvault create --resource-group --name + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); @@ -46,7 +46,6 @@ Security.addProvider(provider); KeyStore keyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -67,7 +66,7 @@ Note if you want to use Azure Managed Identity, you should set the value of `azu ### Client side SSL If you are looking to integrate the JCA provider for client side socket connections, see the Apache HTTP client example below. - + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); @@ -75,7 +74,6 @@ Security.addProvider(provider); KeyStore keyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index b0f0a7d031618..e5667d9b64257 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -34,6 +34,7 @@ import java.util.Optional; import java.util.logging.Logger; +import static com.azure.security.keyvault.jca.UriUtil.getAADLoginURIByKeyVaultBaseUri; import static java.util.logging.Level.INFO; import static java.util.logging.Level.WARNING; @@ -46,12 +47,18 @@ class KeyVaultClient extends DelegateRestClient { * Stores the logger. */ private static final Logger LOGGER = Logger.getLogger(KeyVaultClient.class.getName()); + private static final String HTTPS_PREFIX = "https://"; /** * Stores the API version postfix. */ private static final String API_VERSION_POSTFIX = "?api-version=7.1"; + /** + * Stores the Key Vault cloud URI. + */ + private String keyVaultBaseUri; + /** * Stores the Azure Key Vault URL. */ @@ -85,51 +92,65 @@ class KeyVaultClient extends DelegateRestClient { private String managedIdentity; /** - * Constructor. + * Constructor for authentication with system-assigned managed identity. * * @param keyVaultUri the Azure Key Vault URI. */ KeyVaultClient(String keyVaultUri) { - super(RestClientFactory.createClient()); - LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri); - if (!keyVaultUri.endsWith("/")) { - keyVaultUri = keyVaultUri + "/"; - } - this.keyVaultUrl = keyVaultUri; + this(keyVaultUri, null, null, null, null); } /** - * Constructor. + * Constructor for authentication with user-assigned managed identity. * * @param keyVaultUri the Azure Key Vault URI. - * @param managedIdentity the managed identity object ID. + * @param managedIdentity the user-assigned managed identity object ID. */ KeyVaultClient(String keyVaultUri, String managedIdentity) { - super(RestClientFactory.createClient()); - LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri); - if (!keyVaultUri.endsWith("/")) { - keyVaultUri = keyVaultUri + "/"; - } - this.keyVaultUrl = keyVaultUri; - this.managedIdentity = managedIdentity; + this(keyVaultUri, null, null, null, managedIdentity); + } + + /** + * Constructor for authentication with service principal. + * + * @param keyVaultUri the Azure Key Vault URI. + * @param tenantId the tenant ID. + * @param clientId the client ID. + * @param clientSecret the client secret. + */ + KeyVaultClient(final String keyVaultUri, final String tenantId, final String clientId, final String clientSecret) { + this(keyVaultUri, tenantId, clientId, clientSecret, null); } + /** * Constructor. * * @param keyVaultUri the Azure Key Vault URI. - * @param aadAuthenticationUrl the Azure AD authentication URL. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. + * @param managedIdentity the user-assigned managed identity object ID. */ - KeyVaultClient(final String keyVaultUri, final String aadAuthenticationUrl, - final String tenantId, final String clientId, final String clientSecret) { - this(keyVaultUri); - this.aadAuthenticationUrl = aadAuthenticationUrl; + KeyVaultClient(String keyVaultUri, String tenantId, String clientId, String clientSecret, String managedIdentity) { + super(RestClientFactory.createClient()); + LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri); + if (!keyVaultUri.endsWith("/")) { + keyVaultUri = keyVaultUri + "/"; + } + this.keyVaultUrl = keyVaultUri; + //Base Uri shouldn't end with a slash. + String domainNameSuffix = Optional.of(keyVaultUri) + .map(uri -> uri.split("\\.", 2)[1]) + .map(suffix -> suffix.substring(0, suffix.length() - 1)) + .get(); + keyVaultBaseUri = HTTPS_PREFIX + domainNameSuffix; + aadAuthenticationUrl = getAADLoginURIByKeyVaultBaseUri(keyVaultBaseUri); + this.tenantId = tenantId; this.clientId = clientId; this.clientSecret = clientSecret; + this.managedIdentity = managedIdentity; } /** @@ -143,7 +164,7 @@ private String getAccessToken() { try { AuthClient authClient = new AuthClient(); - String resource = URLEncoder.encode("https://vault.azure.net", "UTF-8"); + String resource = URLEncoder.encode(keyVaultBaseUri, "UTF-8"); if (managedIdentity != null) { managedIdentity = URLEncoder.encode(managedIdentity, "UTF-8"); } @@ -326,4 +347,12 @@ private PrivateKey createPrivateKeyFromPem(String pemString) KeyFactory factory = KeyFactory.getInstance("RSA"); return factory.generatePrivate(spec); } + + String getKeyVaultBaseUri() { + return keyVaultBaseUri; + } + + String getAadAuthenticationUrl() { + return aadAuthenticationUrl; + } } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 6ffdc71947b1b..4de4d7293aafd 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -93,13 +93,12 @@ public final class KeyVaultKeyStore extends KeyStoreSpi { public KeyVaultKeyStore() { creationDate = new Date(); String keyVaultUri = System.getProperty("azure.keyvault.uri"); - String aadAuthenticationUrl = System.getProperty("azure.keyvault.aad-authentication-url"); String tenantId = System.getProperty("azure.keyvault.tenant-id"); String clientId = System.getProperty("azure.keyvault.client-id"); String clientSecret = System.getProperty("azure.keyvault.client-secret"); String managedIdentity = System.getProperty("azure.keyvault.managed-identity"); if (clientId != null) { - keyVaultClient = new KeyVaultClient(keyVaultUri, aadAuthenticationUrl, tenantId, clientId, clientSecret); + keyVaultClient = new KeyVaultClient(keyVaultUri, tenantId, clientId, clientSecret); } else { keyVaultClient = new KeyVaultClient(keyVaultUri, managedIdentity); } @@ -226,7 +225,6 @@ public void engineLoad(KeyStore.LoadStoreParameter param) { if (parameter.getClientId() != null) { keyVaultClient = new KeyVaultClient( parameter.getUri(), - parameter.getAadAuthenticationUrl(), parameter.getTenantId(), parameter.getClientId(), parameter.getClientSecret()); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java index 5fa594e69ae81..7c187cafce121 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java @@ -10,18 +10,11 @@ */ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { - private static final String DEFAULT_AAD_AUTHENTICATION_URL = "https://login.microsoftonline.com/"; - /** * Stores the URI. */ private final String uri; - /** - * Stores the Azure AD authentication URL. - */ - private final String aadAuthenticationUrl; - /** * Stores the tenant id. */ @@ -59,7 +52,6 @@ public KeyVaultLoadStoreParameter(String uri) { */ public KeyVaultLoadStoreParameter(String uri, String managedIdentity) { this.uri = uri; - this.aadAuthenticationUrl = null; this.tenantId = null; this.clientId = null; this.clientSecret = null; @@ -75,23 +67,7 @@ public KeyVaultLoadStoreParameter(String uri, String managedIdentity) { * @param clientSecret the client secret. */ public KeyVaultLoadStoreParameter(String uri, String tenantId, String clientId, String clientSecret) { - this(uri, DEFAULT_AAD_AUTHENTICATION_URL, tenantId, clientId, clientSecret); - } - - - /** - * Constructor. - * - * @param uri the Azure Key Vault URI. - * @param aadAuthenticationUrl the Azure AD authentication URL. - * @param tenantId the tenant ID. - * @param clientId the client ID. - * @param clientSecret the client secret. - */ - public KeyVaultLoadStoreParameter(String uri, String aadAuthenticationUrl, - String tenantId, String clientId, String clientSecret) { this.uri = uri; - this.aadAuthenticationUrl = aadAuthenticationUrl; this.tenantId = tenantId; this.clientId = clientId; this.clientSecret = clientSecret; @@ -109,15 +85,6 @@ public KeyStore.ProtectionParameter getProtectionParameter() { return null; } - /** - * Get the Azure AD authentication URL. - * - * @return the Azure AD authentication URL. - */ - public String getAadAuthenticationUrl() { - return aadAuthenticationUrl; - } - /** * Get the client id. * diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java new file mode 100644 index 0000000000000..541a001494c8c --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/UriUtil.java @@ -0,0 +1,41 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.security.keyvault.jca; + +/** + * Constants used for Key Vault related URLs. + */ +public class UriUtil { + + public static final String KEY_VAULT_BASE_URI_GLOBAL = "https://vault.azure.net"; + public static final String KEY_VAULT_BASE_URI_CN = "https://vault.azure.cn"; + public static final String KEY_VAULT_BASE_URI_US = "https://vault.usgovcloudapi.net"; + public static final String KEY_VAULT_BASE_URI_DE = "https://vault.microsoftazure.de"; + + public static final String AAD_LOGIN_URI_GLOBAL = "https://login.microsoftonline.com/"; + public static final String AAD_LOGIN_URI_CN = "https://login.partner.microsoftonline.cn/"; + public static final String AAD_LOGIN_URI_US = "https://login.microsoftonline.us/"; + public static final String AAD_LOGIN_URI_DE = "https://login.microsoftonline.de/"; + + static String getAADLoginURIByKeyVaultBaseUri(String keyVaultBaseUri) { + String aadAuthenticationUrl; + switch (keyVaultBaseUri) { + case KEY_VAULT_BASE_URI_GLOBAL : + aadAuthenticationUrl = AAD_LOGIN_URI_GLOBAL; + break; + case KEY_VAULT_BASE_URI_CN : + aadAuthenticationUrl = AAD_LOGIN_URI_CN; + break; + case KEY_VAULT_BASE_URI_US : + aadAuthenticationUrl = AAD_LOGIN_URI_US; + break; + case KEY_VAULT_BASE_URI_DE: + aadAuthenticationUrl = AAD_LOGIN_URI_DE; + break; + default: + throw new IllegalArgumentException("Property of azure.keyvault.uri is illegal."); + } + return aadAuthenticationUrl; + } +} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java index 31758abe7a8d6..7c33da253b320 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java @@ -31,7 +31,6 @@ public static void main(String[] args) throws Exception { KeyStore keyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java index 277b6f146032f..abf6d7997da65 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java @@ -21,7 +21,6 @@ public static void main(String[] args) throws Exception { KeyStore keyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java index 0a23517d3501d..10df0c8bf6c70 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java @@ -3,19 +3,67 @@ package com.azure.security.keyvault.jca; +import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import java.security.cert.Certificate; import java.util.List; +import static com.azure.security.keyvault.jca.UriUtil.AAD_LOGIN_URI_CN; +import static com.azure.security.keyvault.jca.UriUtil.AAD_LOGIN_URI_DE; +import static com.azure.security.keyvault.jca.UriUtil.AAD_LOGIN_URI_GLOBAL; +import static com.azure.security.keyvault.jca.UriUtil.AAD_LOGIN_URI_US; +import static com.azure.security.keyvault.jca.UriUtil.KEY_VAULT_BASE_URI_CN; +import static com.azure.security.keyvault.jca.UriUtil.KEY_VAULT_BASE_URI_DE; +import static com.azure.security.keyvault.jca.UriUtil.KEY_VAULT_BASE_URI_GLOBAL; +import static com.azure.security.keyvault.jca.UriUtil.KEY_VAULT_BASE_URI_US; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; -@Disabled public class KeyVaultClientTest { + private static final String KEY_VAULT_TEST_URI_GLOBAL = "https://fake.vault.azure.net/"; + private static final String KEY_VAULT_TEST_URI_CN = "https://fake.vault.azure.cn/"; + private static final String KEY_VAULT_TEST_URI_US = "https://fake.vault.usgovcloudapi.net/"; + private static final String KEY_VAULT_TEST_URI_DE = "https://fake.vault.microsoftazure.de/"; + + private KeyVaultClient kvClient; + + /** + * Test initialization of keyVaultBaseUri and aadAuthenticationUrl. + * + */ + @Test + public void testInitializationOfGlobalURI() { + kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_GLOBAL); + Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_GLOBAL); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_GLOBAL); + } + + @Test + public void testInitializationOfCNURI() { + kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_CN); + Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_CN); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_CN); + } + + @Test + public void testInitializationOfUSURI() { + kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_US); + Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_US); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_US); + } + + @Test + public void testInitializationOfDEURI() { + kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_DE); + Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_DE); + Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_URI_DE); + } + @Test + @Disabled public void testGetAliases() { String tenantId = System.getProperty("azure.keyvault.tenant-id"); String clientId = System.getProperty("azure.keyvault.client-id"); @@ -31,6 +79,7 @@ public void testGetAliases() { } @Test + @Disabled public void testGetCertificate() { String tenantId = System.getProperty("azure.keyvault.tenant-id"); String clientId = System.getProperty("azure.keyvault.client-id"); @@ -46,6 +95,7 @@ public void testGetCertificate() { } @Test + @Disabled public void testGetKey() { String tenantId = System.getProperty("azure.keyvault.tenant-id"); String clientId = System.getProperty("azure.keyvault.client-id"); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java index 9c631e4474466..4816630a26402 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java @@ -38,7 +38,6 @@ public void testGetCertificate() throws Exception { KeyStore keystore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerTest.java index 42b6a0f2a872b..3b7a41163a6ac 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerTest.java @@ -28,7 +28,6 @@ public void setEnvironmentProperty() throws KeyStoreException, NoSuchAlgorithmEx KeyStore keyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java index bafc86f4fae2c..9e33bcaf0f8df 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java @@ -53,7 +53,6 @@ public void testEngineGetCertificate() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -66,7 +65,6 @@ public void testEngineGetCertificateAlias() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -79,7 +77,6 @@ public void testEngineGetCertificateChain() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -92,7 +89,6 @@ public void testEngineIsCertificateEntry() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -105,7 +101,6 @@ public void testEngineSetCertificateEntry() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -130,7 +125,6 @@ public void testEngineGetKey() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -143,7 +137,6 @@ public void testEngineIsKeyEntry() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -168,7 +161,6 @@ public void testEngineAliases() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -181,7 +173,6 @@ public void testEngineContainsAlias() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java index 139372d08054e..aee130668cec0 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java @@ -21,7 +21,6 @@ public class KeyVaultLoadStoreParameterTest { public void testGetProtectionParameter() { KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), null, null, null diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index a5e93c249f156..63b43fbdd6742 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -62,7 +62,6 @@ public void testServerSocket() throws Exception { KeyStore ks = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - null, System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -165,7 +164,6 @@ public void testServerSocketWithSelfSignedClientTrust() throws Exception { KeyStore ks = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - null, System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/src/main/java/com/azure/spring/security/keyvault/certificates/sample/client/side/SampleApplicationConfiguration.java b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/src/main/java/com/azure/spring/security/keyvault/certificates/sample/client/side/SampleApplicationConfiguration.java index 6404389aa7217..5ba9a58d5d4a8 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/src/main/java/com/azure/spring/security/keyvault/certificates/sample/client/side/SampleApplicationConfiguration.java +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/src/main/java/com/azure/spring/security/keyvault/certificates/sample/client/side/SampleApplicationConfiguration.java @@ -27,7 +27,6 @@ public RestTemplate restTemplateWithTLS() throws Exception { KeyStore trustStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -50,7 +49,6 @@ public RestTemplate restTemplateWithMTLS() throws Exception { KeyStore azuerKeyVaultKeyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md index 247f1d350fa0a..5bee48c86f8c8 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md @@ -1,7 +1,7 @@ # Release History ## 3.0.0-beta.6 (Unreleased) - +- Remove configurable property of azure.keyvault.aad-authentication-url which is configured according to azure.keyvault.uri automatically [#20530](https://github.com/Azure/azure-sdk-for-java/pull/20530) ## 3.0.0-beta.5 (2021-03-22) ### New Features diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index e7132be2fc2dd..6074db3ef27eb 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -170,14 +170,13 @@ Make sure the client-id can access target Key Vault. Configure a `RestTemplate` bean which set the `AzureKeyVault` as trust store: - + ```java @Bean public RestTemplate restTemplateWithTLS() throws Exception { KeyStore trustStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret")); @@ -246,14 +245,13 @@ server: Step 2. On the client side, update `RestTemplate`. Example: - + ```java @Bean public RestTemplate restTemplateWithMTLS() throws Exception { KeyStore azuerKeyVaultKeyStore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.keyvault.aad-authentication-url"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret"));