From 7044ffda69181f1783e3ac0fc8c2a385bf3c4980 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 07:13:27 -0600 Subject: [PATCH 01/12] Documentation changes --- sdk/keyvault/azure-security-keyvault-jca/README.md | 12 ++++++------ sdk/keyvault/azure-security-keyvault-jca/pom.xml | 4 ++-- .../security/keyvault/jca/KeyVaultCertificate.java | 2 +- .../security/keyvault/jca/KeyVaultClient.java | 14 +++++++------- .../security/keyvault/jca/KeyVaultJcaProvider.java | 4 ++-- .../security/keyvault/jca/KeyVaultKeyManager.java | 10 +++++----- .../keyvault/jca/KeyVaultKeyManagerFactory.java | 2 +- .../security/keyvault/jca/KeyVaultKeyStore.java | 2 +- .../keyvault/jca/KeyVaultLoadStoreParameter.java | 4 ++-- .../keyvault/jca/KeyVaultTrustManager.java | 2 +- .../keyvault/jca/KeyVaultTrustManagerFactory.java | 2 +- .../jca/KeyVaultTrustManagerFactoryProvider.java | 4 ++-- .../azure/security/keyvault/jca/package-info.java | 2 +- .../security/keyvault/jca/ServerSocketTest.java | 7 ++++--- 14 files changed, 36 insertions(+), 35 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index f6efb38fbe05..5c8ec6b84257 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -3,9 +3,9 @@ The JCA Provider for Azure Key Vault is a JCA provider for certificates in Azure Key Vault. It is built on four principles: -1. Must be extremely thin to run within a JVM -1. Must not introduce any library version conflicts with Java app code dependencies -1. Must not introduce any class loader hierarchy conflicts with Java app code dependencies +1. Must be extremely thin to run within a JVM. +1. Must not introduce any library version conflicts with Java app code dependencies. +1. Must not introduce any class loader hierarchy conflicts with Java app code dependencies. 1. Must be ready for "never trust, always verify and credential-free" Zero Trust environments. ## Testing the version under development @@ -20,7 +20,7 @@ following command line: ## Server side SSL -If you are looking to integrate the JCA provider to create a SSLServerSocket +If you are looking to integrate the JCA provider to create an SSLServerSocket see the example below. ```java @@ -45,7 +45,7 @@ see the example below. SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765); ``` -Note if you want to use Azure managed identity, you should set the value +Note if you want to use Azure Managed Identity, you should set the value of `azure.keyvault.uri`, and the rest of the parameters would be `null`. ## Client side SSL @@ -112,7 +112,7 @@ For Spring Boot applications see our [Spring Boot starter] JCA Provider for Azure Key Vault - The Java Crypto Architecture (JCA) Provider for Azure KeyVault + The Java Crypto Architecture (JCA) Provider for Azure Key Vault @@ -195,7 +195,7 @@ To run the integration tests pass in the following system properties - - azure.keyvault.uri - the KeyVault URI + - azure.keyvault.uri - the Azure Key Vault URI - azure.tenant.id - your tenant ID - azure.client.id - the (application) client ID - azure.client.secret - the (application) client secret diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java index c37e93563046..39a35d69c82d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java @@ -19,7 +19,7 @@ import java.util.Set; /** - * The KeyVault certificate. + * The Azure Key Vault certificate. */ class KeyVaultCertificate extends X509Certificate { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 0bb01049216b..d9ec569489f6 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -34,7 +34,7 @@ import static java.util.logging.Level.WARNING; /** - * The REST client specific to Azure KeyVault. + * The REST client specific to Azure Key Vault. */ class KeyVaultClient extends DelegateRestClient { @@ -49,7 +49,7 @@ class KeyVaultClient extends DelegateRestClient { private static final String API_VERSION_POSTFIX = "?api-version=7.1"; /** - * Stores the KeyVault URI. + * Stores the Azure Key Vault URI. */ private final String keyVaultUri; @@ -71,11 +71,11 @@ class KeyVaultClient extends DelegateRestClient { /** * Constructor. * - * @param keyVaultUri the KeyVault URI. + * @param keyVaultUri the Azure Key Vault URI. */ KeyVaultClient(String keyVaultUri) { super(RestClientFactory.createClient()); - LOGGER.log(INFO, "Using KeyVault: {0}", keyVaultUri); + LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri); if (!keyVaultUri.endsWith("/")) { keyVaultUri = keyVaultUri + "/"; } @@ -85,7 +85,7 @@ class KeyVaultClient extends DelegateRestClient { /** * Constructor. * - * @param keyVaultUri the KeyVault URI. + * @param keyVaultUri the Azure Key Vault URI. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. @@ -212,8 +212,8 @@ public Key getKey(String alias, char[] password) { .orElse(false); if (isExportable) { // Because the certificate is exportable the private key is - // available. So we'll use the KeyVault Secrets API to get the - // private key. + // available. So we'll use the Azure Key Vault Secrets API to get + // the private key. String certificateSecretUri = certificateBundle.getSid(); HashMap headers = new HashMap<>(); headers.put("Authorization", "Bearer " + getAccessToken()); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java index c91b441867ac..36ab7044ec82 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java @@ -10,7 +10,7 @@ import java.util.Collections; /** - * The Azure KeyVault security provider. + * The Azure Key Vault security provider. */ public class KeyVaultJcaProvider extends Provider { @@ -22,7 +22,7 @@ public class KeyVaultJcaProvider extends Provider { /** * Stores the information. */ - private static final String INFO = "Azure KeyVault JCA Provider"; + private static final String INFO = "Azure Key Vault JCA Provider"; /** * Stores the name. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java index 247f61bcd71a..cdeeb542a62d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java @@ -22,7 +22,7 @@ import static java.util.logging.Level.WARNING; /** - * The KeyVault variant of the X509ExtendedKeyManager. + * The Azure Key Vault variant of the X509ExtendedKeyManager. */ public class KeyVaultKeyManager extends X509ExtendedKeyManager { @@ -63,8 +63,8 @@ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket so String alias = null; try { /* - * If we only have one alias and the keystore type is not 'AzureKeyVault' - * return that alias as a match. + * If we only have one alias and the keystore type is not + * 'AzureKeyVault' return that alias as a match. */ if (!keystore.getProvider().getName().equals("AzureKeyVault") && keystore.size() == 1) { @@ -87,8 +87,8 @@ public String chooseServerAlias(String keyType, Principal[] issuers, Socket sock String alias = null; try { /* - * If we only have one alias and the keystore type is not 'AzureKeyVault' - * return that alias as a match. + * If we only have one alias and the keystore type is not + * 'AzureKeyVault' return that alias as a match. */ if (!keystore.getProvider().getName().equals("AzureKeyVault") && keystore.size() == 1) { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java index 7f1bf1e43648..d9a51c48d9b7 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java @@ -12,7 +12,7 @@ import java.util.logging.Logger; /** - * The KeyVault variant of the KeyManagerFactory. + * The Azure Key Vault variant of the KeyManagerFactory. */ public class KeyVaultKeyManagerFactory extends KeyManagerFactorySpi { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 46e12d87f41f..3ca71ec2d8f3 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -32,7 +32,7 @@ import static java.util.logging.Level.WARNING; /** - * The Azure KeyVault implementation of the KeyStoreSpi. + * The Azure Key Vault implementation of the KeyStoreSpi. */ public class KeyVaultKeyStore extends KeyStoreSpi { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java index 5a1e616eb168..b7900e044c62 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java @@ -6,7 +6,7 @@ import java.security.KeyStore; /** - * The Azure KeyVault LoadStoreParameter of the KeyStoreSpi. + * The Azure Key Vault LoadStoreParameter of the KeyStoreSpi. */ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { @@ -33,7 +33,7 @@ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { /** * Constructor. * - * @param uri the KeyVault URI. + * @param uri the Azure Key Vault URI. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java index 0a35624aeb87..b5be3dc3f3f0 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java @@ -17,7 +17,7 @@ import javax.net.ssl.X509ExtendedTrustManager; /** - * The KeyVault variant of the X509TrustManager. + * The Azure Key Vault variant of the X509TrustManager. */ public class KeyVaultTrustManager extends X509ExtendedTrustManager implements X509TrustManager { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java index 73d1e4abe696..1ac87af72425 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java @@ -12,7 +12,7 @@ import java.util.logging.Logger; /** - * The KeyVault variant of the TrustManagerFactory. + * The Azure Key Vault variant of the TrustManagerFactory. */ public class KeyVaultTrustManagerFactory extends TrustManagerFactorySpi { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java index a70efe2ca1e6..9c2b5bb44c91 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java @@ -8,7 +8,7 @@ import java.security.Provider; /** - * The Azure KeyVault TrustManagerFactory provider. + * The Azure Key Vault TrustManagerFactory provider. */ public class KeyVaultTrustManagerFactoryProvider extends Provider { @@ -20,7 +20,7 @@ public class KeyVaultTrustManagerFactoryProvider extends Provider { /** * Stores the information. */ - private static final String INFO = "Azure KeyVault TrustManagerFactory Provider"; + private static final String INFO = "Azure Key Vault TrustManagerFactory Provider"; /** * Stores the name. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java index e40cd274cf58..8fcebe98b355 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java @@ -2,6 +2,6 @@ // Licensed under the MIT License. /** - * The Azure KeyVault JCA Provider package. + * The Azure Key Vault JCA Provider package. */ package com.azure.security.keyvault.jca; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index 4b2f4c1e9f50..fd1467aa0235 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -30,7 +30,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; /** - * The unit test validating the ServerSocket is created using a certificate from Azure KeyVault. + * The unit test validating the ServerSocket is created using a certificate + * from Azure Key Vault. * * @author Manfred Riem (manfred.riem@microsoft.com) */ @@ -53,7 +54,7 @@ public void testServerSocket() throws Exception { /* * Setup server side. * - * - Create an Azure KeyVault specific instance of a KeyStore. + * - Create an Azure Key Vault specific instance of a KeyStore. * - Set the KeyManagerFactory to use that KeyStore. * - Set the SSL context to use the KeyManagerFactory. * - Create the SSLServerSocket using th SSL context. @@ -158,7 +159,7 @@ public void testServerSocketWithSelfSignedClientTrust() throws Exception { /* * Setup server side. * - * - Create an Azure KeyVault specific instance of a KeyStore. + * - Create an Azure Key Vault specific instance of a KeyStore. * - Set the KeyManagerFactory to use that KeyStore. * - Set the SSL context to use the KeyManagerFactory. * - Create the SSLServerSocket using th SSL context. From 4c66127b13545ac477e3d26085f29f280b4ec568 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 07:24:37 -0600 Subject: [PATCH 02/12] Documentation changes --- .../src/main/resources/application.properties | 14 ++++---- .../README.md | 32 +++++++++---------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties index 932545d08d83..5f83c4b43b25 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties @@ -1,20 +1,20 @@ -# The URI to the Azure KeyVault used +# The URI to the Azure Key Vault used azure.keyvault.uri=${AZURE_KEYVAULT_URI} -# The alias corresponding to the certificate in Azure KeyVault. +# The alias corresponding to the certificate in Azure Key Vault. server.ssl.key-alias=${SERVER_SSL_KEY_ALIAS} -# The keystore type that enables the use of Azure KeyVault for your server-side +# The keystore type that enables the use of Azure Key Vault for your server-side # SSL certificate. server.ssl.key-store-type=AzureKeyVault -# The truststore type that enables the use of Azure KeyVault for trusted +# The truststore type that enables the use of Azure Key Vault for trusted # certificates, a.k.a the ones you trust when making an outbound SSL connection # server.ssl.trust-store-type=AzureKeyVault -# The Tenant ID for your Azure KeyVault (needed if you are not using managed +# The Tenant ID for your Azure Key Vault (needed if you are not using managed # identity). azure.keyvault.tenantId=${AZURE_KEYVAULT_TENTANT_ID} -# The Client ID that has been setup with access to your Azure KeyVault (needed +# The Client ID that has been setup with access to your Azure Key Vault (needed # if you are not using managed identity). azure.keyvault.clientId=${AZURE_KEYVAULT_CLIENT_ID} -# The Client Secret that will be used for accessing your Azure KeyVault (needed +# The Client Secret that will be used for accessing your Azure Key Vault (needed # if you are not using managed identity). azure.keyvault.clientSecret=${AZURE_KEYVAULT_CLIENT_SECRET} # The server port. diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index e32959f329f4..4b5afbd5c4f9 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -9,12 +9,12 @@ your application.properties (if the application is using Spring Cloud Config Server for its configuration add it to the bootstrap.yml of the application) ``` -azure.keyvault.uri= -server.ssl.key-alias= +azure.keyvault.uri= +server.ssl.key-alias= server.ssl.key-store-type=AzureKeyVault ``` -Note: make sure the managed identity has access to the Azure KeyVault to access +Note: make sure the managed identity has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -33,15 +33,15 @@ your application.properties (if the application is using Spring Cloud Config Server for its configuration add it to the bootstrap.yml of the application) ``` -azure.keyvault.uri= +azure.keyvault.uri= azure.keyvault.tenantId= -azure.keyvault.clientId= +azure.keyvault.clientId= azure.keyvault.clientSecret= -server.ssl.key-alias= +server.ssl.key-alias= server.ssl.key-store-type=AzureKeyVault ``` -Note: make sure the client ID has access to the Azure KeyVault to access +Note: make sure the client ID has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -62,9 +62,9 @@ your application.properties (if the application is using Spring Cloud Config Server for its configuration add it to the bootstrap.yml of the application) ``` -azure.keyvault.uri= +azure.keyvault.uri= ``` -Note: make sure the managed identity has access to the Azure KeyVault to access +Note: make sure the managed identity has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -108,13 +108,13 @@ your application.properties (if the application is using Spring Cloud Config Server for its configuration add it to the bootstrap.yml of the application) ``` -azure.keyvault.uri= +azure.keyvault.uri= azure.keyvault.tenantId= -azure.keyvault.clientId= +azure.keyvault.clientId= azure.keyvault.clientSecret= ``` -Note: make sure the client ID has access to the Azure KeyVault to access +Note: make sure the client ID has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -161,7 +161,7 @@ to add the following configuration: ```yaml azure: keyvault: - uri: + uri: jca: overrideTrustManagerFactory: true ``` @@ -194,7 +194,7 @@ spring: ## Creating an Azure Key Vault -To create an Azure KeyVault use the command line below: +To create an Azure Key Vault use the command line below: ```shell export KEY_VAULT=mykeyvault @@ -246,7 +246,7 @@ Notes: 1. The alias (certificate name) is constructed from the filename of the certificate (minus the extension). So if your filename is `mycert.x509` the certificate will be added with the alias of `mycert`. -2. Certificates coming from Azure KeyVault take precedence over +2. Certificates coming from Azure Key Vault take precedence over side-loaded certificates. ## Testing the current version under development @@ -263,7 +263,7 @@ To build and install the starter use the following command line: ``` -# Azure KeyVault Certificates client library for Java +# Azure Key Vault Certificates client library for Java # Getting started From f86b2635e61ab536f6443f1b0fa7b29e6277af41 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 09:25:39 -0600 Subject: [PATCH 03/12] Documentation changes --- .../azure-spring-boot-starter-keyvault-certificates/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index 4b5afbd5c4f9..532a0b70f2cd 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -180,8 +180,8 @@ azure: ``` If you are developing you can completely disable the certificate and hostname -validation altogether by using the configuration below. Note this is NOT -recommended for production! +validation altogether by using the configuration below. **Note this is NOT +recommended for production!** ```yaml spring: From 94a4942447d5823ff7d405c1b09cdf1f68a76012 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 09:38:17 -0600 Subject: [PATCH 04/12] Documentation changes --- .../azure-spring-boot-starter-keyvault-certificates/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index 532a0b70f2cd..5cb293f0e51a 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -76,7 +76,7 @@ Add then add the following Maven dependency to your POM file. ``` -If you are using RestTemplate use code similar to the example below. +If you are using `RestTemplate` use code similar to the example below. ```java @Bean @@ -126,7 +126,7 @@ Add then add the following Maven dependency to your POM file. ``` -Then if you are using RestTemplate use the code below as a starting +Then if you are using `RestTemplate` use the code below as a starting point: ```java From 6b3d22f969ff3d05b14eb926f4cb9ddb30007193 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 09:50:20 -0600 Subject: [PATCH 05/12] Documentation changes --- .../security/keyvault/jca/AuthClientTest.java | 2 -- .../keyvault/jca/DelegateRestClientTest.java | 2 -- .../keyvault/jca/JacksonJsonConverterTest.java | 2 -- .../keyvault/jca/KeyVaultCertificateTest.java | 2 -- .../keyvault/jca/KeyVaultJcaProviderTest.java | 2 -- .../keyvault/jca/KeyVaultKeyStoreTest.java | 2 -- .../jca/KeyVaultLoadStoreParameterTest.java | 2 -- .../keyvault/jca/LegacyRestClientTest.java | 2 -- .../keyvault/jca/RestClientFactoryTest.java | 2 -- .../security/keyvault/jca/ServerSocketTest.java | 2 -- .../README.md | 16 ++++++++-------- 11 files changed, 8 insertions(+), 28 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java index c77edab01251..8c37367078c6 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java @@ -11,8 +11,6 @@ /** * The JUnit test for the AuthClient. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class AuthClientTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java index 94d534680dfe..fdcf6a250846 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the DelegateRestClient class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class DelegateRestClientTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java index 5ad5273d2f7d..2a4ea9e39708 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java @@ -12,8 +12,6 @@ /** * The JUnit tests for the JsonbJsonConverter class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class JacksonJsonConverterTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java index ee521e308f08..0b8c2189f426 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java @@ -33,8 +33,6 @@ /** * The JUnit tests for the KeyVaultCertificate class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultCertificateTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java index 7940baa2c917..4fdd9ceaed87 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java @@ -13,8 +13,6 @@ /** * The JUnit tests for the KeyVaultProvider class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultJcaProviderTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java index 1d016bf85f0a..073cfb99a4b4 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java @@ -19,8 +19,6 @@ /** * The JUnit tests for the KeyVaultKeyStore class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultKeyStoreTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java index 727dca026e32..68912a740c48 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the KeyVaultLoadStoreParameter class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultLoadStoreParameterTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java index 730a6867f19e..643930bbe643 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the LegacyRestClient class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class LegacyRestClientTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java index c99550db7609..c22b88ebad91 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the RestClientFactory class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class RestClientFactoryTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index fd1467aa0235..13690522dfb7 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -32,8 +32,6 @@ /** * The unit test validating the ServerSocket is created using a certificate * from Azure Key Vault. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class ServerSocketTest { diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index 5cb293f0e51a..1f39fd17908e 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -5,8 +5,8 @@ ### Using a managed identity To use the starter for server side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` azure.keyvault.uri= @@ -29,8 +29,8 @@ Add then add the following Maven dependency to your POM file. ### Using a client ID and client secret To use the starter for server side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` azure.keyvault.uri= @@ -58,8 +58,8 @@ Add then add the following Maven dependency to your POM file. ### Using a managed identity To use the starter for client side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` azure.keyvault.uri= @@ -104,8 +104,8 @@ If you are using `RestTemplate` use code similar to the example below. ### Using a client ID and client secret To use the starter for client side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` azure.keyvault.uri= From b2b7b4950762169d1928086c6bb65ba736831ee1 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 11:46:14 -0600 Subject: [PATCH 06/12] Add link to Spring Boot starter --- sdk/keyvault/azure-security-keyvault-jca/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 5c8ec6b84257..38961f7dc480 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -106,7 +106,7 @@ of `azure.keyvault.uri`, and the rest of the parameters would be `null`. ## Spring Boot -For Spring Boot applications see our [Spring Boot starter]. +For Spring Boot applications see our [Spring Boot starter](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md). ## Reference From ae560f54d77dcb4018ac0abd239324c67910bc51 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 14:21:08 -0600 Subject: [PATCH 07/12] Reordered JCA README --- .../azure-security-keyvault-jca/README.md | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 38961f7dc480..35a4bd71f6f0 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -1,4 +1,8 @@ -# JCA Provider for Azure Key Vault +# Azure Key Vault JCA client library for Java + +# Getting started + +# Key concepts The JCA Provider for Azure Key Vault is a JCA provider for certificates in Azure Key Vault. It is built on four principles: @@ -8,15 +12,7 @@ Azure Key Vault. It is built on four principles: 1. Must not introduce any class loader hierarchy conflicts with Java app code dependencies. 1. Must be ready for "never trust, always verify and credential-free" Zero Trust environments. -## Testing the version under development - -If you want to test the current version under development you will have to -build and install it into your local Maven repository. To do so use the -following command line: - -``` - mvn clean install -DskipTests=true -``` +# Examples ## Server side SSL @@ -104,6 +100,10 @@ connections, see the Apache HTTP client example below. Note if you want to use Azure managed identity, you should set the value of `azure.keyvault.uri`, and the rest of the parameters would be `null`. +# Troubleshooting + +# Next steps + ## Spring Boot For Spring Boot applications see our [Spring Boot starter](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md). @@ -112,16 +112,14 @@ For Spring Boot applications see our [Spring Boot starter](https://github.com/Az 1. [Java Cryptography Architecture (JCA) Reference Guide](https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html) -# Azure Key Vault JCA client library for Java - -# Getting started - -# Key concepts - -# Examples +# Contributing -# Troubleshooting +## Testing the version under development -# Next steps +If you want to test the current version under development you will have to +build and install it into your local Maven repository. To do so use the +following command line: -# Contributing +``` + mvn clean install -DskipTests=true +``` From f1be2a506260fc80cf65f6709fff201e6b0b6860 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 06:55:27 -0600 Subject: [PATCH 08/12] Add URL to JCA provider --- .../azure-spring-boot-starter-keyvault-certificates/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index 1f39fd17908e..24f5341cc998 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -253,7 +253,7 @@ side-loaded certificates. If you want to test the current version under development you will have to -1. Build and install the [Microsoft Azure JCA Provider] for KeyVault +1. Build and install the [Azure Key Vault JCA client library for Java](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/keyvault/azure-security-keyvault-jca/README.md) 1. Build and install this starter. To build and install the starter use the following command line: From 4e6c8eb17d1166f08547700a68afea624b81b0cd Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 07:13:17 -0600 Subject: [PATCH 09/12] Removing unused KeyVaultCertificate class --- .../keyvault/jca/KeyVaultCertificate.java | 250 ------------ .../keyvault/jca/KeyVaultCertificateTest.java | 367 ------------------ 2 files changed, 617 deletions(-) delete mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java delete mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java deleted file mode 100644 index 39a35d69c82d..000000000000 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java +++ /dev/null @@ -1,250 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.security.keyvault.jca; - -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Set; - -/** - * The Azure Key Vault certificate. - */ -class KeyVaultCertificate extends X509Certificate { - - /** - * Stores the delegate. - */ - private final X509Certificate delegate; - - /** - * Constructor. - * - * @param delegate the delegate. - */ - KeyVaultCertificate(X509Certificate delegate) { - super(); - this.delegate = delegate; - } - - /** - * @see X509Certificate#checkValidity() - */ - @Override - public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { - delegate.checkValidity(); - } - - /** - * @see X509Certificate#checkValidity(java.util.Date) - */ - @Override - public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { - delegate.checkValidity(date); - } - - /** - * @see X509Certificate#getBasicConstraints() - */ - @Override - public int getBasicConstraints() { - return delegate.getBasicConstraints(); - } - - /** - * @see X509Certificate#getCriticalExtensionOIDs() - */ - @Override - public Set getCriticalExtensionOIDs() { - return delegate.getCriticalExtensionOIDs(); - } - - /** - * @see X509Certificate#getEncoded() - */ - @Override - public byte[] getEncoded() throws CertificateEncodingException { - return delegate.getEncoded(); - } - - /** - * @see X509Certificate#getExtensionValue(java.lang.String) - */ - @Override - public byte[] getExtensionValue(String oid) { - return delegate.getExtensionValue(oid); - } - - /** - * @see X509Certificate#getIssuerDN() - */ - @Override - public Principal getIssuerDN() { - return delegate.getIssuerDN(); - } - - /** - * @see X509Certificate#getIssuerUniqueID() - */ - @Override - public boolean[] getIssuerUniqueID() { - return delegate.getIssuerUniqueID(); - } - - /** - * @see X509Certificate#getKeyUsage() - */ - @Override - public boolean[] getKeyUsage() { - return delegate.getKeyUsage(); - } - - /** - * @see X509Certificate#getNonCriticalExtensionOIDs() - */ - @Override - public Set getNonCriticalExtensionOIDs() { - return delegate.getNonCriticalExtensionOIDs(); - } - - /** - * @see X509Certificate#getNotAfter() - */ - @Override - public Date getNotAfter() { - return delegate.getNotAfter(); - } - - /** - * @see X509Certificate#getNotBefore() - */ - @Override - public Date getNotBefore() { - return delegate.getNotBefore(); - } - - /** - * @see X509Certificate#getPublicKey() - */ - @Override - public PublicKey getPublicKey() { - return delegate.getPublicKey(); - } - - /** - * @see X509Certificate#getSerialNumber() - */ - @Override - public BigInteger getSerialNumber() { - return delegate.getSerialNumber(); - } - - /** - * @see X509Certificate#getSigAlgName() - */ - @Override - public String getSigAlgName() { - return delegate.getSigAlgName(); - } - - /** - * @see X509Certificate#getSigAlgOID() - */ - @Override - public String getSigAlgOID() { - return delegate.getSigAlgOID(); - } - - /** - * @see X509Certificate#getSigAlgParams() - */ - @Override - public byte[] getSigAlgParams() { - return delegate.getSigAlgParams(); - } - - /** - * @see X509Certificate#getSignature() - */ - @Override - public byte[] getSignature() { - return delegate.getSignature(); - } - - /** - * @see X509Certificate#getSubjectDN() - */ - @Override - public Principal getSubjectDN() { - return delegate.getSubjectDN(); - } - - /** - * @see X509Certificate#getSubjectUniqueID() - */ - @Override - public boolean[] getSubjectUniqueID() { - return delegate.getSubjectUniqueID(); - } - - /** - * @see X509Certificate#getTBSCertificate() - */ - @Override - public byte[] getTBSCertificate() throws CertificateEncodingException { - return delegate.getTBSCertificate(); - } - - /** - * @see X509Certificate#getVersion() - */ - @Override - public int getVersion() { - return delegate.getVersion(); - } - - /** - * @see X509Certificate#hasUnsupportedCriticalExtension() - */ - @Override - public boolean hasUnsupportedCriticalExtension() { - return delegate.hasUnsupportedCriticalExtension(); - } - - /** - * @see X509Certificate#toString() - */ - @Override - public String toString() { - return delegate.toString(); - } - - /** - * @see X509Certificate#verify(java.security.PublicKey) - */ - @Override - public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { - delegate.verify(key); - } - - /** - * @see X509Certificate#verify(java.security.PublicKey, java.security.Provider) - */ - @Override - public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { - delegate.verify(key, sigProvider); - } -} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java deleted file mode 100644 index 0b8c2189f426..000000000000 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java +++ /dev/null @@ -1,367 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.security.keyvault.jca; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.io.ByteArrayInputStream; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.ProviderException; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.Base64; -import java.util.Calendar; -import java.util.Date; -import java.util.Set; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; - -/** - * The JUnit tests for the KeyVaultCertificate class. - */ -public class KeyVaultCertificateTest { - - /** - * Stores the CER test certificate (which is valid til 2120). - */ - private static final String TEST_CERTIFICATE - = "MIIDeDCCAmCgAwIBAgIQGghBu97rQJKNnUHPWU7xjDANBgkqhkiG9w0BAQsFADAk" - + "MSIwIAYDVQQDExlodW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMCAXDTIwMDkwMjE3" - + "NDUyNFoYDzIxMjAwOTAyMTc1NTI0WjAkMSIwIAYDVQQDExlodW5kcmVkLXllYXJz" - + "LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU14" - + "btkN5wmcO2WKXqm1NUKXzi79EtqiFFkrLgPAwj5NNwMw2Akm3GpdEpwkJ8/q3l7d" - + "frDEVOO9gwZbz7xppyqutjxjllw8CCgjFdfK02btz56CGgh3X25ZZtzPbuMZJM0j" - + "o4mVEdaFNJ0eUeMppS0DcbbuTWCF7Jf1gvr8GVqx+E0IJUFkE+D4kdTbnJSaeK0A" - + "KEt94z88MPX18h8ud14uRVmUCYVZrZeswdE2tO1BpazrXELHuXCtrjGxsDDjDzeP" - + "98aFI9kblkqoJS4TsmloLEjwZLm80cyJDEmpXXMtR7C0FFXFI1BAtIa4mxSgBLsT" - + "L4GVPEGNANR8COYkHQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRME" - + "AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAkBgNVHREEHTAbghlo" - + "dW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOGTt4H3ho30O4e+" - + "hebwJjm2VMvIMB0GA1UdDgQWBBThk7eB94aN9DuHvoXm8CY5tlTLyDANBgkqhkiG" - + "9w0BAQsFAAOCAQEAGp8mCioVCmM+kZv6r+K2j2uog1k4HBwN1NfRoSsibDB8+QXF" - + "bmNf3M0imiuR/KJgODyuROwaa/AalxNFMOP8XTL2YmP7XsddBs9ONHHQXKjY/Ojl" - + "PsIPR7vZjwYPfEB+XEKl2fOIxDQQ921POBV7M6DdTC49T5X+FsLR1AIIfinVetT9" - + "QmNuvzulBX0T0rea/qpcPK4HTj7ToyImOaf8sXRv2s2ODLUrKWu5hhTNH2l6RIkQ" - + "U/aIAdQRfDaSE9jhtcVu5d5kCgBs7nz5AzeCisDPo5zIt4Mxej3iVaAJ79oEbHOE" - + "p192KLXLV/pscA4Wgb+PJ8AAEa5B6xq8p9JO+Q=="; - - /** - * Stores the X.509 certificate. - */ - private X509Certificate x509Certificate; - - /** - * Setup before each test. - * - */ - @BeforeEach - public void setUp() { - try { - byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - x509Certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateBytes)); - } catch (CertificateException e) { - throw new ProviderException(e); - } - } - - /** - * Test checkValidity method. - */ - @Test - public void testCheckValidity() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - certificate.checkValidity(); - } catch (CertificateExpiredException | CertificateNotYetValidException cnyve) { - fail(); - } - } - - /** - * Test checkValidity method. - */ - @Test - public void testCheckValidity2() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - certificate.checkValidity(new Date(100, Calendar.FEBRUARY, 1)); - fail(); - } catch (CertificateExpiredException ex) { - fail(); - } catch (CertificateNotYetValidException exception) { - // expecting this as the TEST_CERTIFICATE is not valid against given date. - } - } - - /** - * Test checkValidity method. - */ - @Test - public void testCheckValidity3() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - certificate.checkValidity(new Date(200, Calendar.FEBRUARY, 1)); - } catch (CertificateExpiredException | CertificateNotYetValidException exception) { - fail(); - } - } - - /** - * Test getBasicConstraints method. - */ - @Test - public void testGetBasicConstraints() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals(-1, certificate.getBasicConstraints()); - } - - /** - * Test getCriticalExtensionOIDs method. - */ - @Test - public void testGetCriticalExtensionOIDs() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Set criticalExtensions = certificate.getCriticalExtensionOIDs(); - assertFalse(criticalExtensions.isEmpty()); - assertTrue(criticalExtensions.contains("2.5.29.15")); - } - - /** - * Test getEncoded method. - */ - @Test - public void testGetEncoded() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getEncoded()); - } catch (CertificateEncodingException cee) { - fail(); - } - } - - /** - * Test getExtensionValue method. - */ - @Test - public void testGetExtensionValue() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getExtensionValue("2.5.29.15")); - } - - /** - * Test getIssuerDN method. - */ - @Test - public void testGetIssuerDN() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("CN=hundred-years.example.com", certificate.getIssuerDN().getName()); - } - - /** - * Test getIssuerUniqueID method. - */ - @Test - public void testGetIssuerUniqueID() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNull(certificate.getIssuerUniqueID()); - } - - /** - * Test getKeyUsage method. - */ - @Test - public void testGetKeyUsage() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getKeyUsage()); - } - - /** - * Test getNonCriticalExtensionOIDs method. - */ - @Test - public void testGetNonCriticalExtensionOIDs() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Set nonCriticalExtensions = certificate.getNonCriticalExtensionOIDs(); - assertFalse(nonCriticalExtensions.isEmpty()); - } - - /** - * Test getNotAfter method. - */ - @Test - public void testGetNotAfter() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Date notAfter = certificate.getNotAfter(); - assertTrue(new Date().before(notAfter)); - } - - /** - * Test getNotBefore method. - */ - @Test - public void testGetNotBefore() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Date notBefore = certificate.getNotBefore(); - assertTrue(new Date().after(notBefore)); - } - - /** - * Test getPublicKey method. - */ - @Test - public void testGetPublicKey() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getPublicKey()); - } - - /** - * Test getSerialNumber method. - */ - @Test - public void testGetSerialNumber() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getSerialNumber()); - } - - /** - * Test getSigAlgName method. - */ - @Test - public void testGetSigAlgName() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("SHA256withRSA", certificate.getSigAlgName()); - } - - /** - * Test getSigAlgOID method. - */ - @Test - public void testGetSigAlgOID() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("1.2.840.113549.1.1.11", certificate.getSigAlgOID()); - } - - /** - * Test getSigAlgParams method. - */ - @Test - public void testGetSigAlgParams() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNull(certificate.getSigAlgParams()); - } - - /** - * Test getSignature method. - */ - @Test - public void testGetSignature() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getSignature()); - } - - /** - * Test getSubjectDN method. - */ - @Test - public void testGetSubjectDN() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("CN=hundred-years.example.com", certificate.getSubjectDN().getName()); - } - - /** - * Test getSubjectUniqueID method. - */ - @Test - public void testGetSubjectUniqueID() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNull(certificate.getSubjectUniqueID()); - } - - /** - * Test getTBSCertificate method. - */ - @Test - public void testGetTBSCertificate() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getTBSCertificate()); - } catch (CertificateEncodingException cee) { - fail(); - } - } - - /** - * Test getVersion method. - */ - @Test - public void testGetVersion() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals(3, certificate.getVersion()); - } - - /** - * Test hasUnsupportedCriticalExtension method. - */ - @Test - public void testHasUnsupportedCriticalExtension() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertFalse(certificate.hasUnsupportedCriticalExtension()); - } - - /** - * Test toString method. - */ - @Test - public void testToString() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.toString()); - } - - /** - * Test verify method. - */ - @Test - public void testVerify() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - PublicKey publicKey = certificate.getPublicKey(); - certificate.verify(publicKey); - } catch (CertificateException | NoSuchAlgorithmException - | InvalidKeyException | NoSuchProviderException - | SignatureException e) { - fail(); - } - } - - /** - * Test verify method. - */ - @Test - public void testVerify2() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - PublicKey publicKey = certificate.getPublicKey(); - certificate.verify(publicKey, "SunRsaSign"); - } catch (CertificateException | NoSuchAlgorithmException - | InvalidKeyException | NoSuchProviderException - | SignatureException e) { - fail(); - } - } -} From 351d2d2b795793c791d60385cfd5e77b75d4358f Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 08:19:47 -0600 Subject: [PATCH 10/12] Add sample java code --- .../azure-security-keyvault-jca/README.md | 4 + .../samples/java/sample/ClientSSLSample.java | 75 +++++++++++++++++++ .../samples/java/sample/ServerSSLSample.java | 40 ++++++++++ 3 files changed, 119 insertions(+) create mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java create mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 35a4bd71f6f0..65bd6d7a3965 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -19,6 +19,8 @@ Azure Key Vault. It is built on four principles: If you are looking to integrate the JCA provider to create an SSLServerSocket see the example below. + + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); @@ -49,6 +51,8 @@ of `azure.keyvault.uri`, and the rest of the parameters would be `null`. If you are looking to integrate the JCA provider for client side socket connections, see the Apache HTTP client example below. + + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java new file mode 100644 index 000000000000..609902774b03 --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java @@ -0,0 +1,75 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. +package sample; + +import com.azure.security.keyvault.jca.KeyVaultJcaProvider; +import com.azure.security.keyvault.jca.KeyVaultLoadStoreParameter; +import java.io.IOException; +import java.security.KeyStore; +import java.security.Security; +import javax.net.ssl.SSLContext; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; +import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.io.HttpClientResponseHandler; +import org.apache.hc.core5.ssl.SSLContexts; + +/** + * The ClientSSL sample. + */ +public class ClientSSLSample { + + public void clientSSLSample() throws Exception { + KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); + Security.addProvider(provider); + + KeyStore ks = KeyStore.getInstance("AzureKeyVault"); + KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); + ks.load(parameter); + + SSLContext sslContext = SSLContexts + .custom() + .loadTrustMaterial(ks, new TrustSelfSignedStrategy()) + .build(); + + SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder + .create() + .setSslContext(sslContext) + .setHostnameVerifier((hostname, session) -> { + return true; + }) + .build(); + + PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder + .create() + .setSSLSocketFactory(sslSocketFactory) + .build(); + + String result = null; + + try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { + HttpGet httpGet = new HttpGet("https://localhost:8766"); + HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { + int status = response.getCode(); + String result1 = "Not success"; + if (status == 204) { + result1 = "Success"; + } + return result1; + }; + result = client.execute(httpGet, responseHandler); + } catch (IOException ioe) { + ioe.printStackTrace(); + } + } +} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java new file mode 100644 index 000000000000..e25a9a4ec9fe --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java @@ -0,0 +1,40 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. +package sample; + +import com.azure.security.keyvault.jca.KeyVaultJcaProvider; +import com.azure.security.keyvault.jca.KeyVaultLoadStoreParameter; +import java.security.KeyStore; +import java.security.Security; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; + +/** + * The ServerSSL sample. + */ +public class ServerSSLSample { + + public void serverSSLSample() throws Exception { + KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); + Security.addProvider(provider); + + KeyStore ks = KeyStore.getInstance("AzureKeyVault"); + KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); + ks.load(parameter); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(ks, "".toCharArray()); + + SSLContext context = SSLContext.getInstance("TLS"); + context.init(kmf.getKeyManagers(), null, null); + + SSLServerSocketFactory factory = context.getServerSocketFactory(); + SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765); + } +} From c2189ebbace1775b80a1cd925a9da1ad74db799c Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Mon, 26 Oct 2020 10:33:38 +0800 Subject: [PATCH 11/12] Fix error reported by verify-readme-codesnippet in pipeline. --- .../azure-security-keyvault-jca/README.md | 120 +++++++++--------- .../samples/java/sample/ClientSSLSample.java | 9 +- .../samples/java/sample/ServerSSLSample.java | 13 +- 3 files changed, 72 insertions(+), 70 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 65bd6d7a3965..79100b3002ff 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -22,25 +22,25 @@ see the example below. ```java - KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); - Security.addProvider(provider); +KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); +Security.addProvider(provider); - KeyStore ks = KeyStore.getInstance("AzureKeyVault"); - KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( - System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.tenant.id"), - System.getProperty("azure.client.id"), - System.getProperty("azure.client.secret")); - ks.load(parameter); +KeyStore ks = KeyStore.getInstance("AzureKeyVault"); +KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); +ks.load(parameter); - KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - kmf.init(ks, "".toCharArray()); +KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); +kmf.init(ks, "".toCharArray()); - SSLContext context = SSLContext.getInstance("TLS"); - context.init(kmf.getKeyManagers(), null, null); +SSLContext context = SSLContext.getInstance("TLS"); +context.init(kmf.getKeyManagers(), null, null); - SSLServerSocketFactory factory = (SSLServerSocketFactory) context.getServerSocketFactory(); - SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765); +SSLServerSocketFactory factory = context.getServerSocketFactory(); +SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765); ``` Note if you want to use Azure Managed Identity, you should set the value @@ -54,51 +54,51 @@ connections, see the Apache HTTP client example below. ```java - KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); - Security.addProvider(provider); - - KeyStore ks = KeyStore.getInstance("AzureKeyVault"); - KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( - System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.tenant.id"), - System.getProperty("azure.client.id"), - System.getProperty("azure.client.secret")); - ks.load(parameter); - - SSLContext sslContext = SSLContexts - .custom() - .loadTrustMaterial(ks, new TrustSelfSignedStrategy()) - .build(); - - SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> { - return true; - }) - .build(); - - PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(sslSocketFactory) - .build(); - - String result = null; - - try ( CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { - HttpGet httpGet = new HttpGet("https://localhost:8766"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); - String result1 = "Not success"; - if (status == 204) { - result1 = "Success"; - } - return result1; - }; - result = client.execute(httpGet, responseHandler); - } catch (IOException ioe) { - ioe.printStackTrace(); - } +KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); +Security.addProvider(provider); + +KeyStore ks = KeyStore.getInstance("AzureKeyVault"); +KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); +ks.load(parameter); + +SSLContext sslContext = SSLContexts + .custom() + .loadTrustMaterial(ks, new TrustSelfSignedStrategy()) + .build(); + +SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder + .create() + .setSslContext(sslContext) + .setHostnameVerifier((hostname, session) -> { + return true; + }) + .build(); + +PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder + .create() + .setSSLSocketFactory(sslSocketFactory) + .build(); + +String result = null; + +try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { + HttpGet httpGet = new HttpGet("https://localhost:8766"); + HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { + int status = response.getCode(); + String result1 = "Not success"; + if (status == 204) { + result1 = "Success"; + } + return result1; + }; + result = client.execute(httpGet, responseHandler); +} catch (IOException ioe) { + ioe.printStackTrace(); +} ``` Note if you want to use Azure managed identity, you should set the value diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java index 609902774b03..5d9ad11792ea 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java @@ -4,10 +4,6 @@ import com.azure.security.keyvault.jca.KeyVaultJcaProvider; import com.azure.security.keyvault.jca.KeyVaultLoadStoreParameter; -import java.io.IOException; -import java.security.KeyStore; -import java.security.Security; -import javax.net.ssl.SSLContext; import org.apache.hc.client5.http.classic.methods.HttpGet; import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; import org.apache.hc.client5.http.impl.classic.HttpClients; @@ -20,6 +16,11 @@ import org.apache.hc.core5.http.io.HttpClientResponseHandler; import org.apache.hc.core5.ssl.SSLContexts; +import javax.net.ssl.SSLContext; +import java.io.IOException; +import java.security.KeyStore; +import java.security.Security; + /** * The ClientSSL sample. */ diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java index e25a9a4ec9fe..e5e0a7ea40a6 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java @@ -4,12 +4,13 @@ import com.azure.security.keyvault.jca.KeyVaultJcaProvider; import com.azure.security.keyvault.jca.KeyVaultLoadStoreParameter; -import java.security.KeyStore; -import java.security.Security; + import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; +import java.security.KeyStore; +import java.security.Security; /** * The ServerSSL sample. @@ -22,10 +23,10 @@ public void serverSSLSample() throws Exception { KeyStore ks = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( - System.getProperty("azure.keyvault.uri"), - System.getProperty("azure.tenant.id"), - System.getProperty("azure.client.id"), - System.getProperty("azure.client.secret")); + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); ks.load(parameter); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); From d762e212792e877c5c35debecd0b1af1b4d7b939 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Mon, 26 Oct 2020 11:07:59 +0800 Subject: [PATCH 12/12] Fix line number error. --- sdk/keyvault/azure-security-keyvault-jca/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 79100b3002ff..d53ac82c551d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -19,7 +19,7 @@ Azure Key Vault. It is built on four principles: If you are looking to integrate the JCA provider to create an SSLServerSocket see the example below. - + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); @@ -51,7 +51,7 @@ of `azure.keyvault.uri`, and the rest of the parameters would be `null`. If you are looking to integrate the JCA provider for client side socket connections, see the Apache HTTP client example below. - + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider();