diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index f6efb38fbe056..d53ac82c551df 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -1,51 +1,49 @@ -# JCA Provider for Azure Key Vault +# Azure Key Vault JCA client library for Java + +# Getting started + +# Key concepts The JCA Provider for Azure Key Vault is a JCA provider for certificates in Azure Key Vault. It is built on four principles: -1. Must be extremely thin to run within a JVM -1. Must not introduce any library version conflicts with Java app code dependencies -1. Must not introduce any class loader hierarchy conflicts with Java app code dependencies +1. Must be extremely thin to run within a JVM. +1. Must not introduce any library version conflicts with Java app code dependencies. +1. Must not introduce any class loader hierarchy conflicts with Java app code dependencies. 1. Must be ready for "never trust, always verify and credential-free" Zero Trust environments. -## Testing the version under development - -If you want to test the current version under development you will have to -build and install it into your local Maven repository. To do so use the -following command line: - -``` - mvn clean install -DskipTests=true -``` +# Examples ## Server side SSL -If you are looking to integrate the JCA provider to create a SSLServerSocket +If you are looking to integrate the JCA provider to create an SSLServerSocket see the example below. + + ```java - KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); - Security.addProvider(provider); +KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); +Security.addProvider(provider); - KeyStore ks = KeyStore.getInstance("AzureKeyVault"); - KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( - System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.tenant.id"), - System.getProperty("azure.client.id"), - System.getProperty("azure.client.secret")); - ks.load(parameter); +KeyStore ks = KeyStore.getInstance("AzureKeyVault"); +KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); +ks.load(parameter); - KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - kmf.init(ks, "".toCharArray()); +KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); +kmf.init(ks, "".toCharArray()); - SSLContext context = SSLContext.getInstance("TLS"); - context.init(kmf.getKeyManagers(), null, null); +SSLContext context = SSLContext.getInstance("TLS"); +context.init(kmf.getKeyManagers(), null, null); - SSLServerSocketFactory factory = (SSLServerSocketFactory) context.getServerSocketFactory(); - SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765); +SSLServerSocketFactory factory = context.getServerSocketFactory(); +SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765); ``` -Note if you want to use Azure managed identity, you should set the value +Note if you want to use Azure Managed Identity, you should set the value of `azure.keyvault.uri`, and the rest of the parameters would be `null`. ## Client side SSL @@ -53,75 +51,79 @@ of `azure.keyvault.uri`, and the rest of the parameters would be `null`. If you are looking to integrate the JCA provider for client side socket connections, see the Apache HTTP client example below. + + ```java - KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); - Security.addProvider(provider); - - KeyStore ks = KeyStore.getInstance("AzureKeyVault"); - KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( - System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.tenant.id"), - System.getProperty("azure.client.id"), - System.getProperty("azure.client.secret")); - ks.load(parameter); - - SSLContext sslContext = SSLContexts - .custom() - .loadTrustMaterial(ks, new TrustSelfSignedStrategy()) - .build(); - - SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> { - return true; - }) - .build(); - - PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(sslSocketFactory) - .build(); - - String result = null; - - try ( CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { - HttpGet httpGet = new HttpGet("https://localhost:8766"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); - String result1 = "Not success"; - if (status == 204) { - result1 = "Success"; - } - return result1; - }; - result = client.execute(httpGet, responseHandler); - } catch (IOException ioe) { - ioe.printStackTrace(); - } +KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); +Security.addProvider(provider); + +KeyStore ks = KeyStore.getInstance("AzureKeyVault"); +KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); +ks.load(parameter); + +SSLContext sslContext = SSLContexts + .custom() + .loadTrustMaterial(ks, new TrustSelfSignedStrategy()) + .build(); + +SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder + .create() + .setSslContext(sslContext) + .setHostnameVerifier((hostname, session) -> { + return true; + }) + .build(); + +PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder + .create() + .setSSLSocketFactory(sslSocketFactory) + .build(); + +String result = null; + +try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { + HttpGet httpGet = new HttpGet("https://localhost:8766"); + HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { + int status = response.getCode(); + String result1 = "Not success"; + if (status == 204) { + result1 = "Success"; + } + return result1; + }; + result = client.execute(httpGet, responseHandler); +} catch (IOException ioe) { + ioe.printStackTrace(); +} ``` Note if you want to use Azure managed identity, you should set the value of `azure.keyvault.uri`, and the rest of the parameters would be `null`. +# Troubleshooting + +# Next steps + ## Spring Boot -For Spring Boot applications see our [Spring Boot starter]. +For Spring Boot applications see our [Spring Boot starter](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md). ## Reference 1. [Java Cryptography Architecture (JCA) Reference Guide](https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html) -# Azure KeyVault JCA client library for Java - -# Getting started - -# Key concepts - -# Examples +# Contributing -# Troubleshooting +## Testing the version under development -# Next steps +If you want to test the current version under development you will have to +build and install it into your local Maven repository. To do so use the +following command line: -# Contributing +``` + mvn clean install -DskipTests=true +``` diff --git a/sdk/keyvault/azure-security-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-keyvault-jca/pom.xml index fc653e43be9b9..89c2a0be13e5e 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/pom.xml +++ b/sdk/keyvault/azure-security-keyvault-jca/pom.xml @@ -16,7 +16,7 @@ azure-security-keyvault-jca 1.0.0-beta.2 JCA Provider for Azure Key Vault - The Java Crypto Architecture (JCA) Provider for Azure KeyVault + The Java Crypto Architecture (JCA) Provider for Azure Key Vault @@ -195,7 +195,7 @@ To run the integration tests pass in the following system properties - - azure.keyvault.uri - the KeyVault URI + - azure.keyvault.uri - the Azure Key Vault URI - azure.tenant.id - your tenant ID - azure.client.id - the (application) client ID - azure.client.secret - the (application) client secret diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java deleted file mode 100644 index c37e93563046c..0000000000000 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java +++ /dev/null @@ -1,250 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.security.keyvault.jca; - -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Set; - -/** - * The KeyVault certificate. - */ -class KeyVaultCertificate extends X509Certificate { - - /** - * Stores the delegate. - */ - private final X509Certificate delegate; - - /** - * Constructor. - * - * @param delegate the delegate. - */ - KeyVaultCertificate(X509Certificate delegate) { - super(); - this.delegate = delegate; - } - - /** - * @see X509Certificate#checkValidity() - */ - @Override - public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { - delegate.checkValidity(); - } - - /** - * @see X509Certificate#checkValidity(java.util.Date) - */ - @Override - public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { - delegate.checkValidity(date); - } - - /** - * @see X509Certificate#getBasicConstraints() - */ - @Override - public int getBasicConstraints() { - return delegate.getBasicConstraints(); - } - - /** - * @see X509Certificate#getCriticalExtensionOIDs() - */ - @Override - public Set getCriticalExtensionOIDs() { - return delegate.getCriticalExtensionOIDs(); - } - - /** - * @see X509Certificate#getEncoded() - */ - @Override - public byte[] getEncoded() throws CertificateEncodingException { - return delegate.getEncoded(); - } - - /** - * @see X509Certificate#getExtensionValue(java.lang.String) - */ - @Override - public byte[] getExtensionValue(String oid) { - return delegate.getExtensionValue(oid); - } - - /** - * @see X509Certificate#getIssuerDN() - */ - @Override - public Principal getIssuerDN() { - return delegate.getIssuerDN(); - } - - /** - * @see X509Certificate#getIssuerUniqueID() - */ - @Override - public boolean[] getIssuerUniqueID() { - return delegate.getIssuerUniqueID(); - } - - /** - * @see X509Certificate#getKeyUsage() - */ - @Override - public boolean[] getKeyUsage() { - return delegate.getKeyUsage(); - } - - /** - * @see X509Certificate#getNonCriticalExtensionOIDs() - */ - @Override - public Set getNonCriticalExtensionOIDs() { - return delegate.getNonCriticalExtensionOIDs(); - } - - /** - * @see X509Certificate#getNotAfter() - */ - @Override - public Date getNotAfter() { - return delegate.getNotAfter(); - } - - /** - * @see X509Certificate#getNotBefore() - */ - @Override - public Date getNotBefore() { - return delegate.getNotBefore(); - } - - /** - * @see X509Certificate#getPublicKey() - */ - @Override - public PublicKey getPublicKey() { - return delegate.getPublicKey(); - } - - /** - * @see X509Certificate#getSerialNumber() - */ - @Override - public BigInteger getSerialNumber() { - return delegate.getSerialNumber(); - } - - /** - * @see X509Certificate#getSigAlgName() - */ - @Override - public String getSigAlgName() { - return delegate.getSigAlgName(); - } - - /** - * @see X509Certificate#getSigAlgOID() - */ - @Override - public String getSigAlgOID() { - return delegate.getSigAlgOID(); - } - - /** - * @see X509Certificate#getSigAlgParams() - */ - @Override - public byte[] getSigAlgParams() { - return delegate.getSigAlgParams(); - } - - /** - * @see X509Certificate#getSignature() - */ - @Override - public byte[] getSignature() { - return delegate.getSignature(); - } - - /** - * @see X509Certificate#getSubjectDN() - */ - @Override - public Principal getSubjectDN() { - return delegate.getSubjectDN(); - } - - /** - * @see X509Certificate#getSubjectUniqueID() - */ - @Override - public boolean[] getSubjectUniqueID() { - return delegate.getSubjectUniqueID(); - } - - /** - * @see X509Certificate#getTBSCertificate() - */ - @Override - public byte[] getTBSCertificate() throws CertificateEncodingException { - return delegate.getTBSCertificate(); - } - - /** - * @see X509Certificate#getVersion() - */ - @Override - public int getVersion() { - return delegate.getVersion(); - } - - /** - * @see X509Certificate#hasUnsupportedCriticalExtension() - */ - @Override - public boolean hasUnsupportedCriticalExtension() { - return delegate.hasUnsupportedCriticalExtension(); - } - - /** - * @see X509Certificate#toString() - */ - @Override - public String toString() { - return delegate.toString(); - } - - /** - * @see X509Certificate#verify(java.security.PublicKey) - */ - @Override - public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { - delegate.verify(key); - } - - /** - * @see X509Certificate#verify(java.security.PublicKey, java.security.Provider) - */ - @Override - public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { - delegate.verify(key, sigProvider); - } -} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 0bb01049216bf..d9ec569489f6e 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -34,7 +34,7 @@ import static java.util.logging.Level.WARNING; /** - * The REST client specific to Azure KeyVault. + * The REST client specific to Azure Key Vault. */ class KeyVaultClient extends DelegateRestClient { @@ -49,7 +49,7 @@ class KeyVaultClient extends DelegateRestClient { private static final String API_VERSION_POSTFIX = "?api-version=7.1"; /** - * Stores the KeyVault URI. + * Stores the Azure Key Vault URI. */ private final String keyVaultUri; @@ -71,11 +71,11 @@ class KeyVaultClient extends DelegateRestClient { /** * Constructor. * - * @param keyVaultUri the KeyVault URI. + * @param keyVaultUri the Azure Key Vault URI. */ KeyVaultClient(String keyVaultUri) { super(RestClientFactory.createClient()); - LOGGER.log(INFO, "Using KeyVault: {0}", keyVaultUri); + LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri); if (!keyVaultUri.endsWith("/")) { keyVaultUri = keyVaultUri + "/"; } @@ -85,7 +85,7 @@ class KeyVaultClient extends DelegateRestClient { /** * Constructor. * - * @param keyVaultUri the KeyVault URI. + * @param keyVaultUri the Azure Key Vault URI. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. @@ -212,8 +212,8 @@ public Key getKey(String alias, char[] password) { .orElse(false); if (isExportable) { // Because the certificate is exportable the private key is - // available. So we'll use the KeyVault Secrets API to get the - // private key. + // available. So we'll use the Azure Key Vault Secrets API to get + // the private key. String certificateSecretUri = certificateBundle.getSid(); HashMap headers = new HashMap<>(); headers.put("Authorization", "Bearer " + getAccessToken()); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java index c91b441867acb..36ab7044ec828 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java @@ -10,7 +10,7 @@ import java.util.Collections; /** - * The Azure KeyVault security provider. + * The Azure Key Vault security provider. */ public class KeyVaultJcaProvider extends Provider { @@ -22,7 +22,7 @@ public class KeyVaultJcaProvider extends Provider { /** * Stores the information. */ - private static final String INFO = "Azure KeyVault JCA Provider"; + private static final String INFO = "Azure Key Vault JCA Provider"; /** * Stores the name. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java index 247f61bcd71a1..cdeeb542a62d1 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java @@ -22,7 +22,7 @@ import static java.util.logging.Level.WARNING; /** - * The KeyVault variant of the X509ExtendedKeyManager. + * The Azure Key Vault variant of the X509ExtendedKeyManager. */ public class KeyVaultKeyManager extends X509ExtendedKeyManager { @@ -63,8 +63,8 @@ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket so String alias = null; try { /* - * If we only have one alias and the keystore type is not 'AzureKeyVault' - * return that alias as a match. + * If we only have one alias and the keystore type is not + * 'AzureKeyVault' return that alias as a match. */ if (!keystore.getProvider().getName().equals("AzureKeyVault") && keystore.size() == 1) { @@ -87,8 +87,8 @@ public String chooseServerAlias(String keyType, Principal[] issuers, Socket sock String alias = null; try { /* - * If we only have one alias and the keystore type is not 'AzureKeyVault' - * return that alias as a match. + * If we only have one alias and the keystore type is not + * 'AzureKeyVault' return that alias as a match. */ if (!keystore.getProvider().getName().equals("AzureKeyVault") && keystore.size() == 1) { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java index 7f1bf1e436483..d9a51c48d9b7d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java @@ -12,7 +12,7 @@ import java.util.logging.Logger; /** - * The KeyVault variant of the KeyManagerFactory. + * The Azure Key Vault variant of the KeyManagerFactory. */ public class KeyVaultKeyManagerFactory extends KeyManagerFactorySpi { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 46e12d87f41f1..3ca71ec2d8f3f 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -32,7 +32,7 @@ import static java.util.logging.Level.WARNING; /** - * The Azure KeyVault implementation of the KeyStoreSpi. + * The Azure Key Vault implementation of the KeyStoreSpi. */ public class KeyVaultKeyStore extends KeyStoreSpi { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java index 5a1e616eb1682..b7900e044c620 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java @@ -6,7 +6,7 @@ import java.security.KeyStore; /** - * The Azure KeyVault LoadStoreParameter of the KeyStoreSpi. + * The Azure Key Vault LoadStoreParameter of the KeyStoreSpi. */ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { @@ -33,7 +33,7 @@ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { /** * Constructor. * - * @param uri the KeyVault URI. + * @param uri the Azure Key Vault URI. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java index 0a35624aeb875..b5be3dc3f3f0d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java @@ -17,7 +17,7 @@ import javax.net.ssl.X509ExtendedTrustManager; /** - * The KeyVault variant of the X509TrustManager. + * The Azure Key Vault variant of the X509TrustManager. */ public class KeyVaultTrustManager extends X509ExtendedTrustManager implements X509TrustManager { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java index 73d1e4abe696c..1ac87af724255 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java @@ -12,7 +12,7 @@ import java.util.logging.Logger; /** - * The KeyVault variant of the TrustManagerFactory. + * The Azure Key Vault variant of the TrustManagerFactory. */ public class KeyVaultTrustManagerFactory extends TrustManagerFactorySpi { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java index a70efe2ca1e60..9c2b5bb44c913 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java @@ -8,7 +8,7 @@ import java.security.Provider; /** - * The Azure KeyVault TrustManagerFactory provider. + * The Azure Key Vault TrustManagerFactory provider. */ public class KeyVaultTrustManagerFactoryProvider extends Provider { @@ -20,7 +20,7 @@ public class KeyVaultTrustManagerFactoryProvider extends Provider { /** * Stores the information. */ - private static final String INFO = "Azure KeyVault TrustManagerFactory Provider"; + private static final String INFO = "Azure Key Vault TrustManagerFactory Provider"; /** * Stores the name. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java index e40cd274cf580..8fcebe98b3558 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java @@ -2,6 +2,6 @@ // Licensed under the MIT License. /** - * The Azure KeyVault JCA Provider package. + * The Azure Key Vault JCA Provider package. */ package com.azure.security.keyvault.jca; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java new file mode 100644 index 0000000000000..5d9ad11792ea0 --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java @@ -0,0 +1,76 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. +package sample; + +import com.azure.security.keyvault.jca.KeyVaultJcaProvider; +import com.azure.security.keyvault.jca.KeyVaultLoadStoreParameter; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; +import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.io.HttpClientResponseHandler; +import org.apache.hc.core5.ssl.SSLContexts; + +import javax.net.ssl.SSLContext; +import java.io.IOException; +import java.security.KeyStore; +import java.security.Security; + +/** + * The ClientSSL sample. + */ +public class ClientSSLSample { + + public void clientSSLSample() throws Exception { + KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); + Security.addProvider(provider); + + KeyStore ks = KeyStore.getInstance("AzureKeyVault"); + KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); + ks.load(parameter); + + SSLContext sslContext = SSLContexts + .custom() + .loadTrustMaterial(ks, new TrustSelfSignedStrategy()) + .build(); + + SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder + .create() + .setSslContext(sslContext) + .setHostnameVerifier((hostname, session) -> { + return true; + }) + .build(); + + PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder + .create() + .setSSLSocketFactory(sslSocketFactory) + .build(); + + String result = null; + + try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { + HttpGet httpGet = new HttpGet("https://localhost:8766"); + HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { + int status = response.getCode(); + String result1 = "Not success"; + if (status == 204) { + result1 = "Success"; + } + return result1; + }; + result = client.execute(httpGet, responseHandler); + } catch (IOException ioe) { + ioe.printStackTrace(); + } + } +} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java new file mode 100644 index 0000000000000..e5e0a7ea40a67 --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java @@ -0,0 +1,41 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. +package sample; + +import com.azure.security.keyvault.jca.KeyVaultJcaProvider; +import com.azure.security.keyvault.jca.KeyVaultLoadStoreParameter; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import java.security.KeyStore; +import java.security.Security; + +/** + * The ServerSSL sample. + */ +public class ServerSSLSample { + + public void serverSSLSample() throws Exception { + KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); + Security.addProvider(provider); + + KeyStore ks = KeyStore.getInstance("AzureKeyVault"); + KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); + ks.load(parameter); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(ks, "".toCharArray()); + + SSLContext context = SSLContext.getInstance("TLS"); + context.init(kmf.getKeyManagers(), null, null); + + SSLServerSocketFactory factory = context.getServerSocketFactory(); + SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765); + } +} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java index c77edab012510..8c37367078c6c 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java @@ -11,8 +11,6 @@ /** * The JUnit test for the AuthClient. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class AuthClientTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java index 94d534680dfe8..fdcf6a2508462 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the DelegateRestClient class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class DelegateRestClientTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java index 5ad5273d2f7dc..2a4ea9e397088 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java @@ -12,8 +12,6 @@ /** * The JUnit tests for the JsonbJsonConverter class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class JacksonJsonConverterTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java deleted file mode 100644 index ee521e308f080..0000000000000 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java +++ /dev/null @@ -1,369 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.security.keyvault.jca; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.io.ByteArrayInputStream; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.ProviderException; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.Base64; -import java.util.Calendar; -import java.util.Date; -import java.util.Set; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; - -/** - * The JUnit tests for the KeyVaultCertificate class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) - */ -public class KeyVaultCertificateTest { - - /** - * Stores the CER test certificate (which is valid til 2120). - */ - private static final String TEST_CERTIFICATE - = "MIIDeDCCAmCgAwIBAgIQGghBu97rQJKNnUHPWU7xjDANBgkqhkiG9w0BAQsFADAk" - + "MSIwIAYDVQQDExlodW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMCAXDTIwMDkwMjE3" - + "NDUyNFoYDzIxMjAwOTAyMTc1NTI0WjAkMSIwIAYDVQQDExlodW5kcmVkLXllYXJz" - + "LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU14" - + "btkN5wmcO2WKXqm1NUKXzi79EtqiFFkrLgPAwj5NNwMw2Akm3GpdEpwkJ8/q3l7d" - + "frDEVOO9gwZbz7xppyqutjxjllw8CCgjFdfK02btz56CGgh3X25ZZtzPbuMZJM0j" - + "o4mVEdaFNJ0eUeMppS0DcbbuTWCF7Jf1gvr8GVqx+E0IJUFkE+D4kdTbnJSaeK0A" - + "KEt94z88MPX18h8ud14uRVmUCYVZrZeswdE2tO1BpazrXELHuXCtrjGxsDDjDzeP" - + "98aFI9kblkqoJS4TsmloLEjwZLm80cyJDEmpXXMtR7C0FFXFI1BAtIa4mxSgBLsT" - + "L4GVPEGNANR8COYkHQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRME" - + "AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAkBgNVHREEHTAbghlo" - + "dW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOGTt4H3ho30O4e+" - + "hebwJjm2VMvIMB0GA1UdDgQWBBThk7eB94aN9DuHvoXm8CY5tlTLyDANBgkqhkiG" - + "9w0BAQsFAAOCAQEAGp8mCioVCmM+kZv6r+K2j2uog1k4HBwN1NfRoSsibDB8+QXF" - + "bmNf3M0imiuR/KJgODyuROwaa/AalxNFMOP8XTL2YmP7XsddBs9ONHHQXKjY/Ojl" - + "PsIPR7vZjwYPfEB+XEKl2fOIxDQQ921POBV7M6DdTC49T5X+FsLR1AIIfinVetT9" - + "QmNuvzulBX0T0rea/qpcPK4HTj7ToyImOaf8sXRv2s2ODLUrKWu5hhTNH2l6RIkQ" - + "U/aIAdQRfDaSE9jhtcVu5d5kCgBs7nz5AzeCisDPo5zIt4Mxej3iVaAJ79oEbHOE" - + "p192KLXLV/pscA4Wgb+PJ8AAEa5B6xq8p9JO+Q=="; - - /** - * Stores the X.509 certificate. - */ - private X509Certificate x509Certificate; - - /** - * Setup before each test. - * - */ - @BeforeEach - public void setUp() { - try { - byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - x509Certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateBytes)); - } catch (CertificateException e) { - throw new ProviderException(e); - } - } - - /** - * Test checkValidity method. - */ - @Test - public void testCheckValidity() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - certificate.checkValidity(); - } catch (CertificateExpiredException | CertificateNotYetValidException cnyve) { - fail(); - } - } - - /** - * Test checkValidity method. - */ - @Test - public void testCheckValidity2() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - certificate.checkValidity(new Date(100, Calendar.FEBRUARY, 1)); - fail(); - } catch (CertificateExpiredException ex) { - fail(); - } catch (CertificateNotYetValidException exception) { - // expecting this as the TEST_CERTIFICATE is not valid against given date. - } - } - - /** - * Test checkValidity method. - */ - @Test - public void testCheckValidity3() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - certificate.checkValidity(new Date(200, Calendar.FEBRUARY, 1)); - } catch (CertificateExpiredException | CertificateNotYetValidException exception) { - fail(); - } - } - - /** - * Test getBasicConstraints method. - */ - @Test - public void testGetBasicConstraints() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals(-1, certificate.getBasicConstraints()); - } - - /** - * Test getCriticalExtensionOIDs method. - */ - @Test - public void testGetCriticalExtensionOIDs() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Set criticalExtensions = certificate.getCriticalExtensionOIDs(); - assertFalse(criticalExtensions.isEmpty()); - assertTrue(criticalExtensions.contains("2.5.29.15")); - } - - /** - * Test getEncoded method. - */ - @Test - public void testGetEncoded() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getEncoded()); - } catch (CertificateEncodingException cee) { - fail(); - } - } - - /** - * Test getExtensionValue method. - */ - @Test - public void testGetExtensionValue() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getExtensionValue("2.5.29.15")); - } - - /** - * Test getIssuerDN method. - */ - @Test - public void testGetIssuerDN() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("CN=hundred-years.example.com", certificate.getIssuerDN().getName()); - } - - /** - * Test getIssuerUniqueID method. - */ - @Test - public void testGetIssuerUniqueID() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNull(certificate.getIssuerUniqueID()); - } - - /** - * Test getKeyUsage method. - */ - @Test - public void testGetKeyUsage() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getKeyUsage()); - } - - /** - * Test getNonCriticalExtensionOIDs method. - */ - @Test - public void testGetNonCriticalExtensionOIDs() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Set nonCriticalExtensions = certificate.getNonCriticalExtensionOIDs(); - assertFalse(nonCriticalExtensions.isEmpty()); - } - - /** - * Test getNotAfter method. - */ - @Test - public void testGetNotAfter() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Date notAfter = certificate.getNotAfter(); - assertTrue(new Date().before(notAfter)); - } - - /** - * Test getNotBefore method. - */ - @Test - public void testGetNotBefore() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Date notBefore = certificate.getNotBefore(); - assertTrue(new Date().after(notBefore)); - } - - /** - * Test getPublicKey method. - */ - @Test - public void testGetPublicKey() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getPublicKey()); - } - - /** - * Test getSerialNumber method. - */ - @Test - public void testGetSerialNumber() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getSerialNumber()); - } - - /** - * Test getSigAlgName method. - */ - @Test - public void testGetSigAlgName() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("SHA256withRSA", certificate.getSigAlgName()); - } - - /** - * Test getSigAlgOID method. - */ - @Test - public void testGetSigAlgOID() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("1.2.840.113549.1.1.11", certificate.getSigAlgOID()); - } - - /** - * Test getSigAlgParams method. - */ - @Test - public void testGetSigAlgParams() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNull(certificate.getSigAlgParams()); - } - - /** - * Test getSignature method. - */ - @Test - public void testGetSignature() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getSignature()); - } - - /** - * Test getSubjectDN method. - */ - @Test - public void testGetSubjectDN() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("CN=hundred-years.example.com", certificate.getSubjectDN().getName()); - } - - /** - * Test getSubjectUniqueID method. - */ - @Test - public void testGetSubjectUniqueID() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNull(certificate.getSubjectUniqueID()); - } - - /** - * Test getTBSCertificate method. - */ - @Test - public void testGetTBSCertificate() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getTBSCertificate()); - } catch (CertificateEncodingException cee) { - fail(); - } - } - - /** - * Test getVersion method. - */ - @Test - public void testGetVersion() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals(3, certificate.getVersion()); - } - - /** - * Test hasUnsupportedCriticalExtension method. - */ - @Test - public void testHasUnsupportedCriticalExtension() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertFalse(certificate.hasUnsupportedCriticalExtension()); - } - - /** - * Test toString method. - */ - @Test - public void testToString() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.toString()); - } - - /** - * Test verify method. - */ - @Test - public void testVerify() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - PublicKey publicKey = certificate.getPublicKey(); - certificate.verify(publicKey); - } catch (CertificateException | NoSuchAlgorithmException - | InvalidKeyException | NoSuchProviderException - | SignatureException e) { - fail(); - } - } - - /** - * Test verify method. - */ - @Test - public void testVerify2() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - PublicKey publicKey = certificate.getPublicKey(); - certificate.verify(publicKey, "SunRsaSign"); - } catch (CertificateException | NoSuchAlgorithmException - | InvalidKeyException | NoSuchProviderException - | SignatureException e) { - fail(); - } - } -} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java index 7940baa2c9170..4fdd9ceaed877 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java @@ -13,8 +13,6 @@ /** * The JUnit tests for the KeyVaultProvider class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultJcaProviderTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java index 1d016bf85f0ae..073cfb99a4b4e 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java @@ -19,8 +19,6 @@ /** * The JUnit tests for the KeyVaultKeyStore class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultKeyStoreTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java index 727dca026e328..68912a740c483 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the KeyVaultLoadStoreParameter class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultLoadStoreParameterTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java index 730a6867f19eb..643930bbe6432 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the LegacyRestClient class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class LegacyRestClientTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java index c99550db7609e..c22b88ebad919 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the RestClientFactory class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class RestClientFactoryTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index 4b2f4c1e9f50e..13690522dfb7e 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -30,9 +30,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; /** - * The unit test validating the ServerSocket is created using a certificate from Azure KeyVault. - * - * @author Manfred Riem (manfred.riem@microsoft.com) + * The unit test validating the ServerSocket is created using a certificate + * from Azure Key Vault. */ public class ServerSocketTest { @@ -53,7 +52,7 @@ public void testServerSocket() throws Exception { /* * Setup server side. * - * - Create an Azure KeyVault specific instance of a KeyStore. + * - Create an Azure Key Vault specific instance of a KeyStore. * - Set the KeyManagerFactory to use that KeyStore. * - Set the SSL context to use the KeyManagerFactory. * - Create the SSLServerSocket using th SSL context. @@ -158,7 +157,7 @@ public void testServerSocketWithSelfSignedClientTrust() throws Exception { /* * Setup server side. * - * - Create an Azure KeyVault specific instance of a KeyStore. + * - Create an Azure Key Vault specific instance of a KeyStore. * - Set the KeyManagerFactory to use that KeyStore. * - Set the SSL context to use the KeyManagerFactory. * - Create the SSLServerSocket using th SSL context. diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties index 932545d08d837..5f83c4b43b258 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties @@ -1,20 +1,20 @@ -# The URI to the Azure KeyVault used +# The URI to the Azure Key Vault used azure.keyvault.uri=${AZURE_KEYVAULT_URI} -# The alias corresponding to the certificate in Azure KeyVault. +# The alias corresponding to the certificate in Azure Key Vault. server.ssl.key-alias=${SERVER_SSL_KEY_ALIAS} -# The keystore type that enables the use of Azure KeyVault for your server-side +# The keystore type that enables the use of Azure Key Vault for your server-side # SSL certificate. server.ssl.key-store-type=AzureKeyVault -# The truststore type that enables the use of Azure KeyVault for trusted +# The truststore type that enables the use of Azure Key Vault for trusted # certificates, a.k.a the ones you trust when making an outbound SSL connection # server.ssl.trust-store-type=AzureKeyVault -# The Tenant ID for your Azure KeyVault (needed if you are not using managed +# The Tenant ID for your Azure Key Vault (needed if you are not using managed # identity). azure.keyvault.tenantId=${AZURE_KEYVAULT_TENTANT_ID} -# The Client ID that has been setup with access to your Azure KeyVault (needed +# The Client ID that has been setup with access to your Azure Key Vault (needed # if you are not using managed identity). azure.keyvault.clientId=${AZURE_KEYVAULT_CLIENT_ID} -# The Client Secret that will be used for accessing your Azure KeyVault (needed +# The Client Secret that will be used for accessing your Azure Key Vault (needed # if you are not using managed identity). azure.keyvault.clientSecret=${AZURE_KEYVAULT_CLIENT_SECRET} # The server port. diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index e32959f329f41..24f5341cc9983 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -5,16 +5,16 @@ ### Using a managed identity To use the starter for server side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` -azure.keyvault.uri= -server.ssl.key-alias= +azure.keyvault.uri= +server.ssl.key-alias= server.ssl.key-store-type=AzureKeyVault ``` -Note: make sure the managed identity has access to the Azure KeyVault to access +Note: make sure the managed identity has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -29,19 +29,19 @@ Add then add the following Maven dependency to your POM file. ### Using a client ID and client secret To use the starter for server side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` -azure.keyvault.uri= +azure.keyvault.uri= azure.keyvault.tenantId= -azure.keyvault.clientId= +azure.keyvault.clientId= azure.keyvault.clientSecret= -server.ssl.key-alias= +server.ssl.key-alias= server.ssl.key-store-type=AzureKeyVault ``` -Note: make sure the client ID has access to the Azure KeyVault to access +Note: make sure the client ID has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -58,13 +58,13 @@ Add then add the following Maven dependency to your POM file. ### Using a managed identity To use the starter for client side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` -azure.keyvault.uri= +azure.keyvault.uri= ``` -Note: make sure the managed identity has access to the Azure KeyVault to access +Note: make sure the managed identity has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -76,7 +76,7 @@ Add then add the following Maven dependency to your POM file. ``` -If you are using RestTemplate use code similar to the example below. +If you are using `RestTemplate` use code similar to the example below. ```java @Bean @@ -104,17 +104,17 @@ If you are using RestTemplate use code similar to the example below. ### Using a client ID and client secret To use the starter for client side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` -azure.keyvault.uri= +azure.keyvault.uri= azure.keyvault.tenantId= -azure.keyvault.clientId= +azure.keyvault.clientId= azure.keyvault.clientSecret= ``` -Note: make sure the client ID has access to the Azure KeyVault to access +Note: make sure the client ID has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -126,7 +126,7 @@ Add then add the following Maven dependency to your POM file. ``` -Then if you are using RestTemplate use the code below as a starting +Then if you are using `RestTemplate` use the code below as a starting point: ```java @@ -161,7 +161,7 @@ to add the following configuration: ```yaml azure: keyvault: - uri: + uri: jca: overrideTrustManagerFactory: true ``` @@ -180,8 +180,8 @@ azure: ``` If you are developing you can completely disable the certificate and hostname -validation altogether by using the configuration below. Note this is NOT -recommended for production! +validation altogether by using the configuration below. **Note this is NOT +recommended for production!** ```yaml spring: @@ -194,7 +194,7 @@ spring: ## Creating an Azure Key Vault -To create an Azure KeyVault use the command line below: +To create an Azure Key Vault use the command line below: ```shell export KEY_VAULT=mykeyvault @@ -246,14 +246,14 @@ Notes: 1. The alias (certificate name) is constructed from the filename of the certificate (minus the extension). So if your filename is `mycert.x509` the certificate will be added with the alias of `mycert`. -2. Certificates coming from Azure KeyVault take precedence over +2. Certificates coming from Azure Key Vault take precedence over side-loaded certificates. ## Testing the current version under development If you want to test the current version under development you will have to -1. Build and install the [Microsoft Azure JCA Provider] for KeyVault +1. Build and install the [Azure Key Vault JCA client library for Java](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/keyvault/azure-security-keyvault-jca/README.md) 1. Build and install this starter. To build and install the starter use the following command line: @@ -263,7 +263,7 @@ To build and install the starter use the following command line: ``` -# Azure KeyVault Certificates client library for Java +# Azure Key Vault Certificates client library for Java # Getting started