Configure cloud from keyvault uri

sdk/keyvault/azure-security-keyvault-jca/README.md

@@ -38,15 +38,14 @@ az keyvault create --resource-group <your-resource-group-name> --name <your-key-
 ### Server side SSL
 If you are looking to integrate the JCA provider to create an SSLServerSocket see the example below.
 
-<!-- embedme ./src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java#L18-L37 -->
+<!-- embedme ./src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java#L18-L36 -->
 ```java
 KeyVaultJcaProvider provider = new KeyVaultJcaProvider();
 Security.addProvider(provider);
 
 KeyStore keyStore = KeyStore.getInstance("AzureKeyVault");
 KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
     System.getProperty("azure.keyvault.uri"),
-    System.getProperty("azure.keyvault.aad-authentication-url"),
     System.getProperty("azure.keyvault.tenant-id"),
     System.getProperty("azure.keyvault.client-id"),
     System.getProperty("azure.keyvault.client-secret"));
@@ -75,7 +74,6 @@ Security.addProvider(provider);
 KeyStore keyStore = KeyStore.getInstance("AzureKeyVault");
 KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
     System.getProperty("azure.keyvault.uri"),
-    System.getProperty("azure.keyvault.aad-authentication-url"),
     System.getProperty("azure.keyvault.tenant-id"),
     System.getProperty("azure.keyvault.client-id"),
     System.getProperty("azure.keyvault.client-secret"));

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/Constants.java

@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.jca;
+
+/**
+ * Constants used for Key Vault related URLs.
+ */
+public class Constants {
+
+    public static final String KEY_VAULT_BASE_URI_GLOBAL = "https://vault.azure.net";
+    public static final String KEY_VAULT_BASE_URI_CN = "https://vault.azure.cn";
+    public static final String KEY_VAULT_BASE_URI_US = "https://vault.usgovcloudapi.net";
+    public static final String KEY_VAULT_BASE_URI_DE = "https://vault.microsoftazure.de";
+
+    public static final String AAD_LOGIN_GLOBAL_URI = "https://login.microsoftonline.com/";
+    public static final String AAD_LOGIN_CN_URI = "https://login.partner.microsoftonline.cn/";
+    public static final String AAD_LOGIN_US_URI = "https://login.microsoftonline.us/";
+    public static final String AAD_LOGIN_DE_URI = "https://login.microsoftonline.de/";
+}

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java

@@ -34,6 +34,14 @@
 import java.util.Optional;
 import java.util.logging.Logger;
 
+import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_CN_URI;
+import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_DE_URI;
+import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_GLOBAL_URI;
+import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_US_URI;
+import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_CN;
+import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_DE;
+import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_GLOBAL;
+import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_US;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 
@@ -46,12 +54,18 @@ class KeyVaultClient extends DelegateRestClient {
      * Stores the logger.
      */
     private static final Logger LOGGER = Logger.getLogger(KeyVaultClient.class.getName());
+    private static final String HTTPS_PREFIX = "https://";
 
     /**
      * Stores the API version postfix.
      */
     private static final String API_VERSION_POSTFIX = "?api-version=7.1";
 
+    /**
+     * Stores the Key Vault cloud URI.
+     */
+    private String keyVaultBaseUri;
+
     /**
      * Stores the Azure Key Vault URL.
      */
@@ -96,6 +110,28 @@ class KeyVaultClient extends DelegateRestClient {
             keyVaultUri = keyVaultUri + "/";
         }
         this.keyVaultUrl = keyVaultUri;
+        String dnsSuffix = Optional.of(keyVaultUri)
+            .map(uri -> uri.split("\\.",2)[1])
+            .map(suffix -> suffix.substring(0, suffix.length()-1))
+            .get();
+        this.keyVaultBaseUri = HTTPS_PREFIX + dnsSuffix;
+        switch(keyVaultBaseUri)
+        {
+            case KEY_VAULT_BASE_URI_GLOBAL :
+                this.aadAuthenticationUrl = AAD_LOGIN_GLOBAL_URI;
+                break;
+            case KEY_VAULT_BASE_URI_CN :
+                this.aadAuthenticationUrl = AAD_LOGIN_CN_URI;
+                break;
+            case KEY_VAULT_BASE_URI_US :
+                this.aadAuthenticationUrl = AAD_LOGIN_US_URI;
+                break;
+            case KEY_VAULT_BASE_URI_DE:
+                this.aadAuthenticationUrl = AAD_LOGIN_DE_URI;
+                break;
+            default:
+                throw new IllegalArgumentException("Property of azure.keyvault.uri is illegal.");
+        }
     }
 
     /**
@@ -105,28 +141,20 @@ class KeyVaultClient extends DelegateRestClient {
      * @param managedIdentity the managed identity object ID.
      */
     KeyVaultClient(String keyVaultUri, String managedIdentity) {
-        super(RestClientFactory.createClient());
-        LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri);
-        if (!keyVaultUri.endsWith("/")) {
-            keyVaultUri = keyVaultUri + "/";
-        }
-        this.keyVaultUrl = keyVaultUri;
+        this(keyVaultUri);
         this.managedIdentity = managedIdentity;
     }
 
     /**
      * Constructor.
      *
      * @param keyVaultUri the Azure Key Vault URI.
-     * @param aadAuthenticationUrl the Azure AD authentication URL.
      * @param tenantId the tenant ID.
      * @param clientId the client ID.
      * @param clientSecret the client secret.
      */
-    KeyVaultClient(final String keyVaultUri, final String aadAuthenticationUrl,
-            final String tenantId, final String clientId, final String clientSecret) {
+    KeyVaultClient(final String keyVaultUri, final String tenantId, final String clientId, final String clientSecret) {
         this(keyVaultUri);
-        this.aadAuthenticationUrl = aadAuthenticationUrl;
         this.tenantId = tenantId;
         this.clientId = clientId;
         this.clientSecret = clientSecret;
@@ -143,7 +171,7 @@ private String getAccessToken() {
         try {
             AuthClient authClient = new AuthClient();
 
-            String resource = URLEncoder.encode("https://vault.azure.net", "UTF-8");
+            String resource = URLEncoder.encode(keyVaultBaseUri, "UTF-8");
             if (managedIdentity != null) {
                 managedIdentity = URLEncoder.encode(managedIdentity, "UTF-8");
             }
@@ -326,4 +354,12 @@ private PrivateKey createPrivateKeyFromPem(String pemString)
         KeyFactory factory = KeyFactory.getInstance("RSA");
         return factory.generatePrivate(spec);
     }
+
+    String getKeyVaultBaseUri() {
+        return keyVaultBaseUri;
+    }
+
+    String getAadAuthenticationUrl() {
+        return aadAuthenticationUrl;
+    }
 }

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java

@@ -93,13 +93,12 @@ public final class KeyVaultKeyStore extends KeyStoreSpi {
     public KeyVaultKeyStore() {
         creationDate = new Date();
         String keyVaultUri = System.getProperty("azure.keyvault.uri");
-        String aadAuthenticationUrl = System.getProperty("azure.keyvault.aad-authentication-url");
         String tenantId = System.getProperty("azure.keyvault.tenant-id");
         String clientId = System.getProperty("azure.keyvault.client-id");
         String clientSecret = System.getProperty("azure.keyvault.client-secret");
         String managedIdentity = System.getProperty("azure.keyvault.managed-identity");
         if (clientId != null) {
-            keyVaultClient = new KeyVaultClient(keyVaultUri, aadAuthenticationUrl, tenantId, clientId, clientSecret);
+            keyVaultClient = new KeyVaultClient(keyVaultUri, tenantId, clientId, clientSecret);
         } else {
             keyVaultClient = new KeyVaultClient(keyVaultUri, managedIdentity);
         }
@@ -223,7 +222,6 @@ public void engineLoad(KeyStore.LoadStoreParameter param) {
             if (parameter.getClientId() != null) {
                 keyVaultClient = new KeyVaultClient(
                         parameter.getUri(),
-                        parameter.getAadAuthenticationUrl(),
                         parameter.getTenantId(),
                         parameter.getClientId(),
                         parameter.getClientSecret());

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java

@@ -10,18 +10,11 @@
  */
 public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter {
 
-    private static final String DEFAULT_AAD_AUTHENTICATION_URL = "https://login.microsoftonline.com/";
-
     /**
      * Stores the URI.
      */
     private final String uri;
 
-    /**
-     * Stores the Azure AD authentication URL.
-     */
-    private final String aadAuthenticationUrl;
-
     /**
      * Stores the tenant id.
      */
@@ -59,7 +52,6 @@ public KeyVaultLoadStoreParameter(String uri) {
      */
     public KeyVaultLoadStoreParameter(String uri, String managedIdentity) {
         this.uri = uri;
-        this.aadAuthenticationUrl = null;
         this.tenantId = null;
         this.clientId = null;
         this.clientSecret = null;
@@ -75,23 +67,7 @@ public KeyVaultLoadStoreParameter(String uri, String managedIdentity) {
      * @param clientSecret the client secret.
      */
     public KeyVaultLoadStoreParameter(String uri, String tenantId, String clientId, String clientSecret) {
-        this(uri, DEFAULT_AAD_AUTHENTICATION_URL, tenantId, clientId, clientSecret);
-    }
-
-
-    /**
-     * Constructor.
-     *
-     * @param uri the Azure Key Vault URI.
-     * @param aadAuthenticationUrl the Azure AD authentication URL.
-     * @param tenantId the tenant ID.
-     * @param clientId the client ID.
-     * @param clientSecret the client secret.
-     */
-    public KeyVaultLoadStoreParameter(String uri, String aadAuthenticationUrl,
-            String tenantId, String clientId, String clientSecret) {
         this.uri = uri;
-        this.aadAuthenticationUrl = aadAuthenticationUrl;
         this.tenantId = tenantId;
         this.clientId = clientId;
         this.clientSecret = clientSecret;
@@ -109,15 +85,6 @@ public KeyStore.ProtectionParameter getProtectionParameter() {
         return null;
     }
 
-    /**
-     * Get the Azure AD authentication URL.
-     *
-     * @return the Azure AD authentication URL.
-     */
-    public String getAadAuthenticationUrl() {
-        return aadAuthenticationUrl;
-    }
-
     /**
      * Get the client id.
      *

sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java

@@ -31,7 +31,6 @@ public static void main(String[] args) throws Exception {
         KeyStore keyStore = KeyStore.getInstance("AzureKeyVault");
         KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
             System.getProperty("azure.keyvault.uri"),
-            System.getProperty("azure.keyvault.aad-authentication-url"),
             System.getProperty("azure.keyvault.tenant-id"),
             System.getProperty("azure.keyvault.client-id"),
             System.getProperty("azure.keyvault.client-secret"));

sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ServerSSLSample.java

@@ -21,7 +21,6 @@ public static void main(String[] args) throws Exception {
         KeyStore keyStore = KeyStore.getInstance("AzureKeyVault");
         KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
             System.getProperty("azure.keyvault.uri"),
-            System.getProperty("azure.keyvault.aad-authentication-url"),
             System.getProperty("azure.keyvault.tenant-id"),
             System.getProperty("azure.keyvault.client-id"),
             System.getProperty("azure.keyvault.client-secret"));

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultClientTest.java

@@ -0,0 +1,56 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.jca;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_CN_URI;
+import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_DE_URI;
+import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_GLOBAL_URI;
+import static com.azure.security.keyvault.jca.Constants.AAD_LOGIN_US_URI;
+import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_CN;
+import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_DE;
+import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_GLOBAL;
+import static com.azure.security.keyvault.jca.Constants.KEY_VAULT_BASE_URI_US;
+public class KeyVaultClientTest {
+
+    private static final String KEY_VAULT_TEST_URI_GLOBAL = "https://fake.vault.azure.net/";
+    private static final String KEY_VAULT_TEST_URI_CN = "https://fake.vault.azure.cn/";
+    private static final String KEY_VAULT_TEST_URI_US = "https://fake.vault.usgovcloudapi.net/";
+    private static final String KEY_VAULT_TEST_URI_DE = "https://fake.vault.microsoftazure.de/";
+
+    private KeyVaultClient kvClient;
+
+    /**
+     * Test initialization of keyVaultBaseUri and aadAuthenticationUrl.
+     *
+     */
+    @Test
+    public void testInitializationOfGlobalURI() {
+        kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_GLOBAL);
+        Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_GLOBAL);
+        Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_GLOBAL_URI);
+    }
+
+    @Test
+    public void testInitializationOfCNURI() {
+        kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_CN);
+        Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_CN);
+        Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_CN_URI);
+    }
+
+    @Test
+    public void testInitializationOfUSURI() {
+        kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_US);
+        Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_US);
+        Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_US_URI);
+    }
+
+    @Test
+    public void testInitializationOfDEURI() {
+        kvClient = new KeyVaultClient(KEY_VAULT_TEST_URI_DE);
+        Assertions.assertEquals(kvClient.getKeyVaultBaseUri(), KEY_VAULT_BASE_URI_DE);
+        Assertions.assertEquals(kvClient.getAadAuthenticationUrl(), AAD_LOGIN_DE_URI);
+    }
+}

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java

@@ -36,7 +36,6 @@ public void testGetCertificate() throws Exception {
         KeyStore keystore = KeyStore.getInstance("AzureKeyVault");
         KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
             System.getProperty("azure.keyvault.uri"),
-            System.getProperty("azure.keyvault.aad-authentication-url"),
             System.getProperty("azure.keyvault.tenant-id"),
             System.getProperty("azure.keyvault.client-id"),
             System.getProperty("azure.keyvault.client-secret"));