From 7044ffda69181f1783e3ac0fc8c2a385bf3c4980 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 07:13:27 -0600 Subject: [PATCH 01/21] Documentation changes --- sdk/keyvault/azure-security-keyvault-jca/README.md | 12 ++++++------ sdk/keyvault/azure-security-keyvault-jca/pom.xml | 4 ++-- .../security/keyvault/jca/KeyVaultCertificate.java | 2 +- .../security/keyvault/jca/KeyVaultClient.java | 14 +++++++------- .../security/keyvault/jca/KeyVaultJcaProvider.java | 4 ++-- .../security/keyvault/jca/KeyVaultKeyManager.java | 10 +++++----- .../keyvault/jca/KeyVaultKeyManagerFactory.java | 2 +- .../security/keyvault/jca/KeyVaultKeyStore.java | 2 +- .../keyvault/jca/KeyVaultLoadStoreParameter.java | 4 ++-- .../keyvault/jca/KeyVaultTrustManager.java | 2 +- .../keyvault/jca/KeyVaultTrustManagerFactory.java | 2 +- .../jca/KeyVaultTrustManagerFactoryProvider.java | 4 ++-- .../azure/security/keyvault/jca/package-info.java | 2 +- .../security/keyvault/jca/ServerSocketTest.java | 7 ++++--- 14 files changed, 36 insertions(+), 35 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index f6efb38fbe05..5c8ec6b84257 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -3,9 +3,9 @@ The JCA Provider for Azure Key Vault is a JCA provider for certificates in Azure Key Vault. It is built on four principles: -1. Must be extremely thin to run within a JVM -1. Must not introduce any library version conflicts with Java app code dependencies -1. Must not introduce any class loader hierarchy conflicts with Java app code dependencies +1. Must be extremely thin to run within a JVM. +1. Must not introduce any library version conflicts with Java app code dependencies. +1. Must not introduce any class loader hierarchy conflicts with Java app code dependencies. 1. Must be ready for "never trust, always verify and credential-free" Zero Trust environments. ## Testing the version under development @@ -20,7 +20,7 @@ following command line: ## Server side SSL -If you are looking to integrate the JCA provider to create a SSLServerSocket +If you are looking to integrate the JCA provider to create an SSLServerSocket see the example below. ```java @@ -45,7 +45,7 @@ see the example below. SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765); ``` -Note if you want to use Azure managed identity, you should set the value +Note if you want to use Azure Managed Identity, you should set the value of `azure.keyvault.uri`, and the rest of the parameters would be `null`. ## Client side SSL @@ -112,7 +112,7 @@ For Spring Boot applications see our [Spring Boot starter] JCA Provider for Azure Key Vault - The Java Crypto Architecture (JCA) Provider for Azure KeyVault + The Java Crypto Architecture (JCA) Provider for Azure Key Vault @@ -195,7 +195,7 @@ To run the integration tests pass in the following system properties - - azure.keyvault.uri - the KeyVault URI + - azure.keyvault.uri - the Azure Key Vault URI - azure.tenant.id - your tenant ID - azure.client.id - the (application) client ID - azure.client.secret - the (application) client secret diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java index c37e93563046..39a35d69c82d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java @@ -19,7 +19,7 @@ import java.util.Set; /** - * The KeyVault certificate. + * The Azure Key Vault certificate. */ class KeyVaultCertificate extends X509Certificate { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 0bb01049216b..d9ec569489f6 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -34,7 +34,7 @@ import static java.util.logging.Level.WARNING; /** - * The REST client specific to Azure KeyVault. + * The REST client specific to Azure Key Vault. */ class KeyVaultClient extends DelegateRestClient { @@ -49,7 +49,7 @@ class KeyVaultClient extends DelegateRestClient { private static final String API_VERSION_POSTFIX = "?api-version=7.1"; /** - * Stores the KeyVault URI. + * Stores the Azure Key Vault URI. */ private final String keyVaultUri; @@ -71,11 +71,11 @@ class KeyVaultClient extends DelegateRestClient { /** * Constructor. * - * @param keyVaultUri the KeyVault URI. + * @param keyVaultUri the Azure Key Vault URI. */ KeyVaultClient(String keyVaultUri) { super(RestClientFactory.createClient()); - LOGGER.log(INFO, "Using KeyVault: {0}", keyVaultUri); + LOGGER.log(INFO, "Using Azure Key Vault: {0}", keyVaultUri); if (!keyVaultUri.endsWith("/")) { keyVaultUri = keyVaultUri + "/"; } @@ -85,7 +85,7 @@ class KeyVaultClient extends DelegateRestClient { /** * Constructor. * - * @param keyVaultUri the KeyVault URI. + * @param keyVaultUri the Azure Key Vault URI. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. @@ -212,8 +212,8 @@ public Key getKey(String alias, char[] password) { .orElse(false); if (isExportable) { // Because the certificate is exportable the private key is - // available. So we'll use the KeyVault Secrets API to get the - // private key. + // available. So we'll use the Azure Key Vault Secrets API to get + // the private key. String certificateSecretUri = certificateBundle.getSid(); HashMap headers = new HashMap<>(); headers.put("Authorization", "Bearer " + getAccessToken()); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java index c91b441867ac..36ab7044ec82 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java @@ -10,7 +10,7 @@ import java.util.Collections; /** - * The Azure KeyVault security provider. + * The Azure Key Vault security provider. */ public class KeyVaultJcaProvider extends Provider { @@ -22,7 +22,7 @@ public class KeyVaultJcaProvider extends Provider { /** * Stores the information. */ - private static final String INFO = "Azure KeyVault JCA Provider"; + private static final String INFO = "Azure Key Vault JCA Provider"; /** * Stores the name. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java index 247f61bcd71a..cdeeb542a62d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java @@ -22,7 +22,7 @@ import static java.util.logging.Level.WARNING; /** - * The KeyVault variant of the X509ExtendedKeyManager. + * The Azure Key Vault variant of the X509ExtendedKeyManager. */ public class KeyVaultKeyManager extends X509ExtendedKeyManager { @@ -63,8 +63,8 @@ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket so String alias = null; try { /* - * If we only have one alias and the keystore type is not 'AzureKeyVault' - * return that alias as a match. + * If we only have one alias and the keystore type is not + * 'AzureKeyVault' return that alias as a match. */ if (!keystore.getProvider().getName().equals("AzureKeyVault") && keystore.size() == 1) { @@ -87,8 +87,8 @@ public String chooseServerAlias(String keyType, Principal[] issuers, Socket sock String alias = null; try { /* - * If we only have one alias and the keystore type is not 'AzureKeyVault' - * return that alias as a match. + * If we only have one alias and the keystore type is not + * 'AzureKeyVault' return that alias as a match. */ if (!keystore.getProvider().getName().equals("AzureKeyVault") && keystore.size() == 1) { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java index 7f1bf1e43648..d9a51c48d9b7 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManagerFactory.java @@ -12,7 +12,7 @@ import java.util.logging.Logger; /** - * The KeyVault variant of the KeyManagerFactory. + * The Azure Key Vault variant of the KeyManagerFactory. */ public class KeyVaultKeyManagerFactory extends KeyManagerFactorySpi { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 46e12d87f41f..3ca71ec2d8f3 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -32,7 +32,7 @@ import static java.util.logging.Level.WARNING; /** - * The Azure KeyVault implementation of the KeyStoreSpi. + * The Azure Key Vault implementation of the KeyStoreSpi. */ public class KeyVaultKeyStore extends KeyStoreSpi { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java index 5a1e616eb168..b7900e044c62 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java @@ -6,7 +6,7 @@ import java.security.KeyStore; /** - * The Azure KeyVault LoadStoreParameter of the KeyStoreSpi. + * The Azure Key Vault LoadStoreParameter of the KeyStoreSpi. */ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { @@ -33,7 +33,7 @@ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { /** * Constructor. * - * @param uri the KeyVault URI. + * @param uri the Azure Key Vault URI. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java index 0a35624aeb87..b5be3dc3f3f0 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java @@ -17,7 +17,7 @@ import javax.net.ssl.X509ExtendedTrustManager; /** - * The KeyVault variant of the X509TrustManager. + * The Azure Key Vault variant of the X509TrustManager. */ public class KeyVaultTrustManager extends X509ExtendedTrustManager implements X509TrustManager { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java index 73d1e4abe696..1ac87af72425 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactory.java @@ -12,7 +12,7 @@ import java.util.logging.Logger; /** - * The KeyVault variant of the TrustManagerFactory. + * The Azure Key Vault variant of the TrustManagerFactory. */ public class KeyVaultTrustManagerFactory extends TrustManagerFactorySpi { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java index a70efe2ca1e6..9c2b5bb44c91 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManagerFactoryProvider.java @@ -8,7 +8,7 @@ import java.security.Provider; /** - * The Azure KeyVault TrustManagerFactory provider. + * The Azure Key Vault TrustManagerFactory provider. */ public class KeyVaultTrustManagerFactoryProvider extends Provider { @@ -20,7 +20,7 @@ public class KeyVaultTrustManagerFactoryProvider extends Provider { /** * Stores the information. */ - private static final String INFO = "Azure KeyVault TrustManagerFactory Provider"; + private static final String INFO = "Azure Key Vault TrustManagerFactory Provider"; /** * Stores the name. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java index e40cd274cf58..8fcebe98b355 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/package-info.java @@ -2,6 +2,6 @@ // Licensed under the MIT License. /** - * The Azure KeyVault JCA Provider package. + * The Azure Key Vault JCA Provider package. */ package com.azure.security.keyvault.jca; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index 4b2f4c1e9f50..fd1467aa0235 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -30,7 +30,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; /** - * The unit test validating the ServerSocket is created using a certificate from Azure KeyVault. + * The unit test validating the ServerSocket is created using a certificate + * from Azure Key Vault. * * @author Manfred Riem (manfred.riem@microsoft.com) */ @@ -53,7 +54,7 @@ public void testServerSocket() throws Exception { /* * Setup server side. * - * - Create an Azure KeyVault specific instance of a KeyStore. + * - Create an Azure Key Vault specific instance of a KeyStore. * - Set the KeyManagerFactory to use that KeyStore. * - Set the SSL context to use the KeyManagerFactory. * - Create the SSLServerSocket using th SSL context. @@ -158,7 +159,7 @@ public void testServerSocketWithSelfSignedClientTrust() throws Exception { /* * Setup server side. * - * - Create an Azure KeyVault specific instance of a KeyStore. + * - Create an Azure Key Vault specific instance of a KeyStore. * - Set the KeyManagerFactory to use that KeyStore. * - Set the SSL context to use the KeyManagerFactory. * - Create the SSLServerSocket using th SSL context. From 4c66127b13545ac477e3d26085f29f280b4ec568 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 07:24:37 -0600 Subject: [PATCH 02/21] Documentation changes --- .../src/main/resources/application.properties | 14 ++++---- .../README.md | 32 +++++++++---------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties index 932545d08d83..5f83c4b43b25 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates/src/main/resources/application.properties @@ -1,20 +1,20 @@ -# The URI to the Azure KeyVault used +# The URI to the Azure Key Vault used azure.keyvault.uri=${AZURE_KEYVAULT_URI} -# The alias corresponding to the certificate in Azure KeyVault. +# The alias corresponding to the certificate in Azure Key Vault. server.ssl.key-alias=${SERVER_SSL_KEY_ALIAS} -# The keystore type that enables the use of Azure KeyVault for your server-side +# The keystore type that enables the use of Azure Key Vault for your server-side # SSL certificate. server.ssl.key-store-type=AzureKeyVault -# The truststore type that enables the use of Azure KeyVault for trusted +# The truststore type that enables the use of Azure Key Vault for trusted # certificates, a.k.a the ones you trust when making an outbound SSL connection # server.ssl.trust-store-type=AzureKeyVault -# The Tenant ID for your Azure KeyVault (needed if you are not using managed +# The Tenant ID for your Azure Key Vault (needed if you are not using managed # identity). azure.keyvault.tenantId=${AZURE_KEYVAULT_TENTANT_ID} -# The Client ID that has been setup with access to your Azure KeyVault (needed +# The Client ID that has been setup with access to your Azure Key Vault (needed # if you are not using managed identity). azure.keyvault.clientId=${AZURE_KEYVAULT_CLIENT_ID} -# The Client Secret that will be used for accessing your Azure KeyVault (needed +# The Client Secret that will be used for accessing your Azure Key Vault (needed # if you are not using managed identity). azure.keyvault.clientSecret=${AZURE_KEYVAULT_CLIENT_SECRET} # The server port. diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index e32959f329f4..4b5afbd5c4f9 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -9,12 +9,12 @@ your application.properties (if the application is using Spring Cloud Config Server for its configuration add it to the bootstrap.yml of the application) ``` -azure.keyvault.uri= -server.ssl.key-alias= +azure.keyvault.uri= +server.ssl.key-alias= server.ssl.key-store-type=AzureKeyVault ``` -Note: make sure the managed identity has access to the Azure KeyVault to access +Note: make sure the managed identity has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -33,15 +33,15 @@ your application.properties (if the application is using Spring Cloud Config Server for its configuration add it to the bootstrap.yml of the application) ``` -azure.keyvault.uri= +azure.keyvault.uri= azure.keyvault.tenantId= -azure.keyvault.clientId= +azure.keyvault.clientId= azure.keyvault.clientSecret= -server.ssl.key-alias= +server.ssl.key-alias= server.ssl.key-store-type=AzureKeyVault ``` -Note: make sure the client ID has access to the Azure KeyVault to access +Note: make sure the client ID has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -62,9 +62,9 @@ your application.properties (if the application is using Spring Cloud Config Server for its configuration add it to the bootstrap.yml of the application) ``` -azure.keyvault.uri= +azure.keyvault.uri= ``` -Note: make sure the managed identity has access to the Azure KeyVault to access +Note: make sure the managed identity has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -108,13 +108,13 @@ your application.properties (if the application is using Spring Cloud Config Server for its configuration add it to the bootstrap.yml of the application) ``` -azure.keyvault.uri= +azure.keyvault.uri= azure.keyvault.tenantId= -azure.keyvault.clientId= +azure.keyvault.clientId= azure.keyvault.clientSecret= ``` -Note: make sure the client ID has access to the Azure KeyVault to access +Note: make sure the client ID has access to the Azure Key Vault to access keys, secrets and certificates. Add then add the following Maven dependency to your POM file. @@ -161,7 +161,7 @@ to add the following configuration: ```yaml azure: keyvault: - uri: + uri: jca: overrideTrustManagerFactory: true ``` @@ -194,7 +194,7 @@ spring: ## Creating an Azure Key Vault -To create an Azure KeyVault use the command line below: +To create an Azure Key Vault use the command line below: ```shell export KEY_VAULT=mykeyvault @@ -246,7 +246,7 @@ Notes: 1. The alias (certificate name) is constructed from the filename of the certificate (minus the extension). So if your filename is `mycert.x509` the certificate will be added with the alias of `mycert`. -2. Certificates coming from Azure KeyVault take precedence over +2. Certificates coming from Azure Key Vault take precedence over side-loaded certificates. ## Testing the current version under development @@ -263,7 +263,7 @@ To build and install the starter use the following command line: ``` -# Azure KeyVault Certificates client library for Java +# Azure Key Vault Certificates client library for Java # Getting started From f86b2635e61ab536f6443f1b0fa7b29e6277af41 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 09:25:39 -0600 Subject: [PATCH 03/21] Documentation changes --- .../azure-spring-boot-starter-keyvault-certificates/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index 4b5afbd5c4f9..532a0b70f2cd 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -180,8 +180,8 @@ azure: ``` If you are developing you can completely disable the certificate and hostname -validation altogether by using the configuration below. Note this is NOT -recommended for production! +validation altogether by using the configuration below. **Note this is NOT +recommended for production!** ```yaml spring: From 94a4942447d5823ff7d405c1b09cdf1f68a76012 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 09:38:17 -0600 Subject: [PATCH 04/21] Documentation changes --- .../azure-spring-boot-starter-keyvault-certificates/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index 532a0b70f2cd..5cb293f0e51a 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -76,7 +76,7 @@ Add then add the following Maven dependency to your POM file. ``` -If you are using RestTemplate use code similar to the example below. +If you are using `RestTemplate` use code similar to the example below. ```java @Bean @@ -126,7 +126,7 @@ Add then add the following Maven dependency to your POM file. ``` -Then if you are using RestTemplate use the code below as a starting +Then if you are using `RestTemplate` use the code below as a starting point: ```java From 6b3d22f969ff3d05b14eb926f4cb9ddb30007193 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 09:50:20 -0600 Subject: [PATCH 05/21] Documentation changes --- .../security/keyvault/jca/AuthClientTest.java | 2 -- .../keyvault/jca/DelegateRestClientTest.java | 2 -- .../keyvault/jca/JacksonJsonConverterTest.java | 2 -- .../keyvault/jca/KeyVaultCertificateTest.java | 2 -- .../keyvault/jca/KeyVaultJcaProviderTest.java | 2 -- .../keyvault/jca/KeyVaultKeyStoreTest.java | 2 -- .../jca/KeyVaultLoadStoreParameterTest.java | 2 -- .../keyvault/jca/LegacyRestClientTest.java | 2 -- .../keyvault/jca/RestClientFactoryTest.java | 2 -- .../security/keyvault/jca/ServerSocketTest.java | 2 -- .../README.md | 16 ++++++++-------- 11 files changed, 8 insertions(+), 28 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java index c77edab01251..8c37367078c6 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java @@ -11,8 +11,6 @@ /** * The JUnit test for the AuthClient. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class AuthClientTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java index 94d534680dfe..fdcf6a250846 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/DelegateRestClientTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the DelegateRestClient class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class DelegateRestClientTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java index 5ad5273d2f7d..2a4ea9e39708 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/JacksonJsonConverterTest.java @@ -12,8 +12,6 @@ /** * The JUnit tests for the JsonbJsonConverter class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class JacksonJsonConverterTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java index ee521e308f08..0b8c2189f426 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java @@ -33,8 +33,6 @@ /** * The JUnit tests for the KeyVaultCertificate class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultCertificateTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java index 7940baa2c917..4fdd9ceaed87 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java @@ -13,8 +13,6 @@ /** * The JUnit tests for the KeyVaultProvider class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultJcaProviderTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java index 1d016bf85f0a..073cfb99a4b4 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java @@ -19,8 +19,6 @@ /** * The JUnit tests for the KeyVaultKeyStore class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultKeyStoreTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java index 727dca026e32..68912a740c48 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the KeyVaultLoadStoreParameter class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class KeyVaultLoadStoreParameterTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java index 730a6867f19e..643930bbe643 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/LegacyRestClientTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the LegacyRestClient class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class LegacyRestClientTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java index c99550db7609..c22b88ebad91 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/RestClientFactoryTest.java @@ -9,8 +9,6 @@ /** * The JUnit tests for the RestClientFactory class. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class RestClientFactoryTest { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index fd1467aa0235..13690522dfb7 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -32,8 +32,6 @@ /** * The unit test validating the ServerSocket is created using a certificate * from Azure Key Vault. - * - * @author Manfred Riem (manfred.riem@microsoft.com) */ public class ServerSocketTest { diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index 5cb293f0e51a..1f39fd17908e 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -5,8 +5,8 @@ ### Using a managed identity To use the starter for server side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` azure.keyvault.uri= @@ -29,8 +29,8 @@ Add then add the following Maven dependency to your POM file. ### Using a client ID and client secret To use the starter for server side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` azure.keyvault.uri= @@ -58,8 +58,8 @@ Add then add the following Maven dependency to your POM file. ### Using a managed identity To use the starter for client side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` azure.keyvault.uri= @@ -104,8 +104,8 @@ If you are using `RestTemplate` use code similar to the example below. ### Using a client ID and client secret To use the starter for client side SSL, you will need to add the following to -your application.properties (if the application is using Spring Cloud Config -Server for its configuration add it to the bootstrap.yml of the application) +your `application.properties` (if the application is using Spring Cloud Config +Server for its configuration add it to the `bootstrap.yml` of the application) ``` azure.keyvault.uri= From b2b7b4950762169d1928086c6bb65ba736831ee1 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 11:46:14 -0600 Subject: [PATCH 06/21] Add link to Spring Boot starter --- sdk/keyvault/azure-security-keyvault-jca/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 5c8ec6b84257..38961f7dc480 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -106,7 +106,7 @@ of `azure.keyvault.uri`, and the rest of the parameters would be `null`. ## Spring Boot -For Spring Boot applications see our [Spring Boot starter]. +For Spring Boot applications see our [Spring Boot starter](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md). ## Reference From ae560f54d77dcb4018ac0abd239324c67910bc51 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 22 Oct 2020 14:21:08 -0600 Subject: [PATCH 07/21] Reordered JCA README --- .../azure-security-keyvault-jca/README.md | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 38961f7dc480..35a4bd71f6f0 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -1,4 +1,8 @@ -# JCA Provider for Azure Key Vault +# Azure Key Vault JCA client library for Java + +# Getting started + +# Key concepts The JCA Provider for Azure Key Vault is a JCA provider for certificates in Azure Key Vault. It is built on four principles: @@ -8,15 +12,7 @@ Azure Key Vault. It is built on four principles: 1. Must not introduce any class loader hierarchy conflicts with Java app code dependencies. 1. Must be ready for "never trust, always verify and credential-free" Zero Trust environments. -## Testing the version under development - -If you want to test the current version under development you will have to -build and install it into your local Maven repository. To do so use the -following command line: - -``` - mvn clean install -DskipTests=true -``` +# Examples ## Server side SSL @@ -104,6 +100,10 @@ connections, see the Apache HTTP client example below. Note if you want to use Azure managed identity, you should set the value of `azure.keyvault.uri`, and the rest of the parameters would be `null`. +# Troubleshooting + +# Next steps + ## Spring Boot For Spring Boot applications see our [Spring Boot starter](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md). @@ -112,16 +112,14 @@ For Spring Boot applications see our [Spring Boot starter](https://github.com/Az 1. [Java Cryptography Architecture (JCA) Reference Guide](https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html) -# Azure Key Vault JCA client library for Java - -# Getting started - -# Key concepts - -# Examples +# Contributing -# Troubleshooting +## Testing the version under development -# Next steps +If you want to test the current version under development you will have to +build and install it into your local Maven repository. To do so use the +following command line: -# Contributing +``` + mvn clean install -DskipTests=true +``` From f1be2a506260fc80cf65f6709fff201e6b0b6860 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 06:55:27 -0600 Subject: [PATCH 08/21] Add URL to JCA provider --- .../azure-spring-boot-starter-keyvault-certificates/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index 1f39fd17908e..24f5341cc998 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -253,7 +253,7 @@ side-loaded certificates. If you want to test the current version under development you will have to -1. Build and install the [Microsoft Azure JCA Provider] for KeyVault +1. Build and install the [Azure Key Vault JCA client library for Java](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/keyvault/azure-security-keyvault-jca/README.md) 1. Build and install this starter. To build and install the starter use the following command line: From 4e6c8eb17d1166f08547700a68afea624b81b0cd Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 07:13:17 -0600 Subject: [PATCH 09/21] Removing unused KeyVaultCertificate class --- .../keyvault/jca/KeyVaultCertificate.java | 250 ------------ .../keyvault/jca/KeyVaultCertificateTest.java | 367 ------------------ 2 files changed, 617 deletions(-) delete mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java delete mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java deleted file mode 100644 index 39a35d69c82d..000000000000 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificate.java +++ /dev/null @@ -1,250 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.security.keyvault.jca; - -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Set; - -/** - * The Azure Key Vault certificate. - */ -class KeyVaultCertificate extends X509Certificate { - - /** - * Stores the delegate. - */ - private final X509Certificate delegate; - - /** - * Constructor. - * - * @param delegate the delegate. - */ - KeyVaultCertificate(X509Certificate delegate) { - super(); - this.delegate = delegate; - } - - /** - * @see X509Certificate#checkValidity() - */ - @Override - public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { - delegate.checkValidity(); - } - - /** - * @see X509Certificate#checkValidity(java.util.Date) - */ - @Override - public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { - delegate.checkValidity(date); - } - - /** - * @see X509Certificate#getBasicConstraints() - */ - @Override - public int getBasicConstraints() { - return delegate.getBasicConstraints(); - } - - /** - * @see X509Certificate#getCriticalExtensionOIDs() - */ - @Override - public Set getCriticalExtensionOIDs() { - return delegate.getCriticalExtensionOIDs(); - } - - /** - * @see X509Certificate#getEncoded() - */ - @Override - public byte[] getEncoded() throws CertificateEncodingException { - return delegate.getEncoded(); - } - - /** - * @see X509Certificate#getExtensionValue(java.lang.String) - */ - @Override - public byte[] getExtensionValue(String oid) { - return delegate.getExtensionValue(oid); - } - - /** - * @see X509Certificate#getIssuerDN() - */ - @Override - public Principal getIssuerDN() { - return delegate.getIssuerDN(); - } - - /** - * @see X509Certificate#getIssuerUniqueID() - */ - @Override - public boolean[] getIssuerUniqueID() { - return delegate.getIssuerUniqueID(); - } - - /** - * @see X509Certificate#getKeyUsage() - */ - @Override - public boolean[] getKeyUsage() { - return delegate.getKeyUsage(); - } - - /** - * @see X509Certificate#getNonCriticalExtensionOIDs() - */ - @Override - public Set getNonCriticalExtensionOIDs() { - return delegate.getNonCriticalExtensionOIDs(); - } - - /** - * @see X509Certificate#getNotAfter() - */ - @Override - public Date getNotAfter() { - return delegate.getNotAfter(); - } - - /** - * @see X509Certificate#getNotBefore() - */ - @Override - public Date getNotBefore() { - return delegate.getNotBefore(); - } - - /** - * @see X509Certificate#getPublicKey() - */ - @Override - public PublicKey getPublicKey() { - return delegate.getPublicKey(); - } - - /** - * @see X509Certificate#getSerialNumber() - */ - @Override - public BigInteger getSerialNumber() { - return delegate.getSerialNumber(); - } - - /** - * @see X509Certificate#getSigAlgName() - */ - @Override - public String getSigAlgName() { - return delegate.getSigAlgName(); - } - - /** - * @see X509Certificate#getSigAlgOID() - */ - @Override - public String getSigAlgOID() { - return delegate.getSigAlgOID(); - } - - /** - * @see X509Certificate#getSigAlgParams() - */ - @Override - public byte[] getSigAlgParams() { - return delegate.getSigAlgParams(); - } - - /** - * @see X509Certificate#getSignature() - */ - @Override - public byte[] getSignature() { - return delegate.getSignature(); - } - - /** - * @see X509Certificate#getSubjectDN() - */ - @Override - public Principal getSubjectDN() { - return delegate.getSubjectDN(); - } - - /** - * @see X509Certificate#getSubjectUniqueID() - */ - @Override - public boolean[] getSubjectUniqueID() { - return delegate.getSubjectUniqueID(); - } - - /** - * @see X509Certificate#getTBSCertificate() - */ - @Override - public byte[] getTBSCertificate() throws CertificateEncodingException { - return delegate.getTBSCertificate(); - } - - /** - * @see X509Certificate#getVersion() - */ - @Override - public int getVersion() { - return delegate.getVersion(); - } - - /** - * @see X509Certificate#hasUnsupportedCriticalExtension() - */ - @Override - public boolean hasUnsupportedCriticalExtension() { - return delegate.hasUnsupportedCriticalExtension(); - } - - /** - * @see X509Certificate#toString() - */ - @Override - public String toString() { - return delegate.toString(); - } - - /** - * @see X509Certificate#verify(java.security.PublicKey) - */ - @Override - public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { - delegate.verify(key); - } - - /** - * @see X509Certificate#verify(java.security.PublicKey, java.security.Provider) - */ - @Override - public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { - delegate.verify(key, sigProvider); - } -} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java deleted file mode 100644 index 0b8c2189f426..000000000000 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificateTest.java +++ /dev/null @@ -1,367 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.security.keyvault.jca; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.io.ByteArrayInputStream; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.ProviderException; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.Base64; -import java.util.Calendar; -import java.util.Date; -import java.util.Set; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; - -/** - * The JUnit tests for the KeyVaultCertificate class. - */ -public class KeyVaultCertificateTest { - - /** - * Stores the CER test certificate (which is valid til 2120). - */ - private static final String TEST_CERTIFICATE - = "MIIDeDCCAmCgAwIBAgIQGghBu97rQJKNnUHPWU7xjDANBgkqhkiG9w0BAQsFADAk" - + "MSIwIAYDVQQDExlodW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMCAXDTIwMDkwMjE3" - + "NDUyNFoYDzIxMjAwOTAyMTc1NTI0WjAkMSIwIAYDVQQDExlodW5kcmVkLXllYXJz" - + "LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU14" - + "btkN5wmcO2WKXqm1NUKXzi79EtqiFFkrLgPAwj5NNwMw2Akm3GpdEpwkJ8/q3l7d" - + "frDEVOO9gwZbz7xppyqutjxjllw8CCgjFdfK02btz56CGgh3X25ZZtzPbuMZJM0j" - + "o4mVEdaFNJ0eUeMppS0DcbbuTWCF7Jf1gvr8GVqx+E0IJUFkE+D4kdTbnJSaeK0A" - + "KEt94z88MPX18h8ud14uRVmUCYVZrZeswdE2tO1BpazrXELHuXCtrjGxsDDjDzeP" - + "98aFI9kblkqoJS4TsmloLEjwZLm80cyJDEmpXXMtR7C0FFXFI1BAtIa4mxSgBLsT" - + "L4GVPEGNANR8COYkHQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRME" - + "AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAkBgNVHREEHTAbghlo" - + "dW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOGTt4H3ho30O4e+" - + "hebwJjm2VMvIMB0GA1UdDgQWBBThk7eB94aN9DuHvoXm8CY5tlTLyDANBgkqhkiG" - + "9w0BAQsFAAOCAQEAGp8mCioVCmM+kZv6r+K2j2uog1k4HBwN1NfRoSsibDB8+QXF" - + "bmNf3M0imiuR/KJgODyuROwaa/AalxNFMOP8XTL2YmP7XsddBs9ONHHQXKjY/Ojl" - + "PsIPR7vZjwYPfEB+XEKl2fOIxDQQ921POBV7M6DdTC49T5X+FsLR1AIIfinVetT9" - + "QmNuvzulBX0T0rea/qpcPK4HTj7ToyImOaf8sXRv2s2ODLUrKWu5hhTNH2l6RIkQ" - + "U/aIAdQRfDaSE9jhtcVu5d5kCgBs7nz5AzeCisDPo5zIt4Mxej3iVaAJ79oEbHOE" - + "p192KLXLV/pscA4Wgb+PJ8AAEa5B6xq8p9JO+Q=="; - - /** - * Stores the X.509 certificate. - */ - private X509Certificate x509Certificate; - - /** - * Setup before each test. - * - */ - @BeforeEach - public void setUp() { - try { - byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - x509Certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateBytes)); - } catch (CertificateException e) { - throw new ProviderException(e); - } - } - - /** - * Test checkValidity method. - */ - @Test - public void testCheckValidity() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - certificate.checkValidity(); - } catch (CertificateExpiredException | CertificateNotYetValidException cnyve) { - fail(); - } - } - - /** - * Test checkValidity method. - */ - @Test - public void testCheckValidity2() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - certificate.checkValidity(new Date(100, Calendar.FEBRUARY, 1)); - fail(); - } catch (CertificateExpiredException ex) { - fail(); - } catch (CertificateNotYetValidException exception) { - // expecting this as the TEST_CERTIFICATE is not valid against given date. - } - } - - /** - * Test checkValidity method. - */ - @Test - public void testCheckValidity3() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - certificate.checkValidity(new Date(200, Calendar.FEBRUARY, 1)); - } catch (CertificateExpiredException | CertificateNotYetValidException exception) { - fail(); - } - } - - /** - * Test getBasicConstraints method. - */ - @Test - public void testGetBasicConstraints() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals(-1, certificate.getBasicConstraints()); - } - - /** - * Test getCriticalExtensionOIDs method. - */ - @Test - public void testGetCriticalExtensionOIDs() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Set criticalExtensions = certificate.getCriticalExtensionOIDs(); - assertFalse(criticalExtensions.isEmpty()); - assertTrue(criticalExtensions.contains("2.5.29.15")); - } - - /** - * Test getEncoded method. - */ - @Test - public void testGetEncoded() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getEncoded()); - } catch (CertificateEncodingException cee) { - fail(); - } - } - - /** - * Test getExtensionValue method. - */ - @Test - public void testGetExtensionValue() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getExtensionValue("2.5.29.15")); - } - - /** - * Test getIssuerDN method. - */ - @Test - public void testGetIssuerDN() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("CN=hundred-years.example.com", certificate.getIssuerDN().getName()); - } - - /** - * Test getIssuerUniqueID method. - */ - @Test - public void testGetIssuerUniqueID() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNull(certificate.getIssuerUniqueID()); - } - - /** - * Test getKeyUsage method. - */ - @Test - public void testGetKeyUsage() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getKeyUsage()); - } - - /** - * Test getNonCriticalExtensionOIDs method. - */ - @Test - public void testGetNonCriticalExtensionOIDs() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Set nonCriticalExtensions = certificate.getNonCriticalExtensionOIDs(); - assertFalse(nonCriticalExtensions.isEmpty()); - } - - /** - * Test getNotAfter method. - */ - @Test - public void testGetNotAfter() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Date notAfter = certificate.getNotAfter(); - assertTrue(new Date().before(notAfter)); - } - - /** - * Test getNotBefore method. - */ - @Test - public void testGetNotBefore() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - Date notBefore = certificate.getNotBefore(); - assertTrue(new Date().after(notBefore)); - } - - /** - * Test getPublicKey method. - */ - @Test - public void testGetPublicKey() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getPublicKey()); - } - - /** - * Test getSerialNumber method. - */ - @Test - public void testGetSerialNumber() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getSerialNumber()); - } - - /** - * Test getSigAlgName method. - */ - @Test - public void testGetSigAlgName() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("SHA256withRSA", certificate.getSigAlgName()); - } - - /** - * Test getSigAlgOID method. - */ - @Test - public void testGetSigAlgOID() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("1.2.840.113549.1.1.11", certificate.getSigAlgOID()); - } - - /** - * Test getSigAlgParams method. - */ - @Test - public void testGetSigAlgParams() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNull(certificate.getSigAlgParams()); - } - - /** - * Test getSignature method. - */ - @Test - public void testGetSignature() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getSignature()); - } - - /** - * Test getSubjectDN method. - */ - @Test - public void testGetSubjectDN() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals("CN=hundred-years.example.com", certificate.getSubjectDN().getName()); - } - - /** - * Test getSubjectUniqueID method. - */ - @Test - public void testGetSubjectUniqueID() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNull(certificate.getSubjectUniqueID()); - } - - /** - * Test getTBSCertificate method. - */ - @Test - public void testGetTBSCertificate() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.getTBSCertificate()); - } catch (CertificateEncodingException cee) { - fail(); - } - } - - /** - * Test getVersion method. - */ - @Test - public void testGetVersion() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertEquals(3, certificate.getVersion()); - } - - /** - * Test hasUnsupportedCriticalExtension method. - */ - @Test - public void testHasUnsupportedCriticalExtension() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertFalse(certificate.hasUnsupportedCriticalExtension()); - } - - /** - * Test toString method. - */ - @Test - public void testToString() { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - assertNotNull(certificate.toString()); - } - - /** - * Test verify method. - */ - @Test - public void testVerify() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - PublicKey publicKey = certificate.getPublicKey(); - certificate.verify(publicKey); - } catch (CertificateException | NoSuchAlgorithmException - | InvalidKeyException | NoSuchProviderException - | SignatureException e) { - fail(); - } - } - - /** - * Test verify method. - */ - @Test - public void testVerify2() { - try { - KeyVaultCertificate certificate = new KeyVaultCertificate(x509Certificate); - PublicKey publicKey = certificate.getPublicKey(); - certificate.verify(publicKey, "SunRsaSign"); - } catch (CertificateException | NoSuchAlgorithmException - | InvalidKeyException | NoSuchProviderException - | SignatureException e) { - fail(); - } - } -} From 351d2d2b795793c791d60385cfd5e77b75d4358f Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 08:19:47 -0600 Subject: [PATCH 10/21] Add sample java code --- .../azure-security-keyvault-jca/README.md | 4 + .../samples/java/sample/ClientSSLSample.java | 75 +++++++++++++++++++ .../samples/java/sample/ServerSSLSample.java | 40 ++++++++++ 3 files changed, 119 insertions(+) create mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java create mode 100644 sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 35a4bd71f6f0..65bd6d7a3965 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -19,6 +19,8 @@ Azure Key Vault. It is built on four principles: If you are looking to integrate the JCA provider to create an SSLServerSocket see the example below. + + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); @@ -49,6 +51,8 @@ of `azure.keyvault.uri`, and the rest of the parameters would be `null`. If you are looking to integrate the JCA provider for client side socket connections, see the Apache HTTP client example below. + + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java new file mode 100644 index 000000000000..609902774b03 --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ClientSSLSample.java @@ -0,0 +1,75 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. +package sample; + +import com.azure.security.keyvault.jca.KeyVaultJcaProvider; +import com.azure.security.keyvault.jca.KeyVaultLoadStoreParameter; +import java.io.IOException; +import java.security.KeyStore; +import java.security.Security; +import javax.net.ssl.SSLContext; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; +import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.io.HttpClientResponseHandler; +import org.apache.hc.core5.ssl.SSLContexts; + +/** + * The ClientSSL sample. + */ +public class ClientSSLSample { + + public void clientSSLSample() throws Exception { + KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); + Security.addProvider(provider); + + KeyStore ks = KeyStore.getInstance("AzureKeyVault"); + KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); + ks.load(parameter); + + SSLContext sslContext = SSLContexts + .custom() + .loadTrustMaterial(ks, new TrustSelfSignedStrategy()) + .build(); + + SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder + .create() + .setSslContext(sslContext) + .setHostnameVerifier((hostname, session) -> { + return true; + }) + .build(); + + PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder + .create() + .setSSLSocketFactory(sslSocketFactory) + .build(); + + String result = null; + + try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { + HttpGet httpGet = new HttpGet("https://localhost:8766"); + HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { + int status = response.getCode(); + String result1 = "Not success"; + if (status == 204) { + result1 = "Success"; + } + return result1; + }; + result = client.execute(httpGet, responseHandler); + } catch (IOException ioe) { + ioe.printStackTrace(); + } + } +} diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java new file mode 100644 index 000000000000..e25a9a4ec9fe --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/ServerSSLSample.java @@ -0,0 +1,40 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. +package sample; + +import com.azure.security.keyvault.jca.KeyVaultJcaProvider; +import com.azure.security.keyvault.jca.KeyVaultLoadStoreParameter; +import java.security.KeyStore; +import java.security.Security; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; + +/** + * The ServerSSL sample. + */ +public class ServerSSLSample { + + public void serverSSLSample() throws Exception { + KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); + Security.addProvider(provider); + + KeyStore ks = KeyStore.getInstance("AzureKeyVault"); + KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( + System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.tenant.id"), + System.getProperty("azure.client.id"), + System.getProperty("azure.client.secret")); + ks.load(parameter); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(ks, "".toCharArray()); + + SSLContext context = SSLContext.getInstance("TLS"); + context.init(kmf.getKeyManagers(), null, null); + + SSLServerSocketFactory factory = context.getServerSocketFactory(); + SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(8765); + } +} From f8a6b4f43aa6ef8a32cb8fd3f6a51a03a77781fe Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 08:38:57 -0600 Subject: [PATCH 11/21] Change from Key Vault URI to URL --- .../azure/security/keyvault/jca/KeyVaultClient.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index d9ec569489f6..2d0242fa2b17 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -49,9 +49,9 @@ class KeyVaultClient extends DelegateRestClient { private static final String API_VERSION_POSTFIX = "?api-version=7.1"; /** - * Stores the Azure Key Vault URI. + * Stores the Azure Key Vault URL. */ - private final String keyVaultUri; + private final String keyVaultUrl; /** * Stores the tenant ID. @@ -79,7 +79,7 @@ class KeyVaultClient extends DelegateRestClient { if (!keyVaultUri.endsWith("/")) { keyVaultUri = keyVaultUri + "/"; } - this.keyVaultUri = keyVaultUri; + this.keyVaultUrl = keyVaultUri; } /** @@ -129,7 +129,7 @@ public List getAliases() { ArrayList result = new ArrayList<>(); HashMap headers = new HashMap<>(); headers.put("Authorization", "Bearer " + getAccessToken()); - String url = String.format("%scertificates%s", keyVaultUri, API_VERSION_POSTFIX); + String url = String.format("%scertificates%s", keyVaultUrl, API_VERSION_POSTFIX); String response = get(url, headers); CertificateListResult certificateListResult = null; if (response != null) { @@ -156,7 +156,7 @@ private CertificateBundle getCertificateBundle(String alias) { CertificateBundle result = null; HashMap headers = new HashMap<>(); headers.put("Authorization", "Bearer " + getAccessToken()); - String url = String.format("%scertificates/%s%s", keyVaultUri, alias, API_VERSION_POSTFIX); + String url = String.format("%scertificates/%s%s", keyVaultUrl, alias, API_VERSION_POSTFIX); String response = get(url, headers); if (response != null) { JsonConverter converter = JsonConverterFactory.createJsonConverter(); From cefaeff437f0d9b0a74b414dee9dc58d066909d4 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 08:51:52 -0600 Subject: [PATCH 12/21] Replaced certificateBundle.getCer() with certificateString --- .../java/com/azure/security/keyvault/jca/KeyVaultClient.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 2d0242fa2b17..5669f56bcdc7 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -182,7 +182,7 @@ public Certificate getCertificate(String alias) { try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); certificate = (X509Certificate) cf.generateCertificate( - new ByteArrayInputStream(Base64.getDecoder().decode(certificateBundle.getCer())) + new ByteArrayInputStream(Base64.getDecoder().decode(certificateString)) ); } catch (CertificateException ce) { LOGGER.log(WARNING, "Certificate error", ce); From d1de7a91cac2e1f2c467253f286c3a80811fd009 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 09:02:47 -0600 Subject: [PATCH 13/21] Added logging if no certificate chain was found for a given alias --- .../com/azure/security/keyvault/jca/KeyVaultKeyManager.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java index cdeeb542a62d..1cf099d84b0f 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java @@ -127,6 +127,8 @@ public X509Certificate[] getCertificateChain(String alias) { chain.add((X509Certificate) certificate); } } + } else { + LOGGER.log(WARNING, "No certificate chain found for alias: {0}", alias); } } catch (KeyStoreException kse) { LOGGER.log(WARNING, "Unable to get certificate chain for alias: " + alias, kse); From 304a3ae7cf4994090b4c840530414b143bcf3e86 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 09:18:00 -0600 Subject: [PATCH 14/21] Renamed keyVault to keyVaultClient --- .../keyvault/jca/KeyVaultKeyStore.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 3ca71ec2d8f3..fa91131fc16b 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -64,7 +64,7 @@ public class KeyVaultKeyStore extends KeyStoreSpi { /** * Stores the key vault client. */ - private KeyVaultClient keyVault; + private KeyVaultClient keyVaultClient; /** * Constructor. @@ -83,13 +83,13 @@ public KeyVaultKeyStore() { String tenantId = System.getProperty("azure.keyvault.tenantId"); String clientId = System.getProperty("azure.keyvault.clientId"); String clientSecret = System.getProperty("azure.keyvault.clientSecret"); - keyVault = new KeyVaultClient(keyVaultUri, tenantId, clientId, clientSecret); + keyVaultClient = new KeyVaultClient(keyVaultUri, tenantId, clientId, clientSecret); } @Override public Enumeration engineAliases() { if (aliases == null) { - aliases = keyVault.getAliases(); + aliases = keyVaultClient.getAliases(); } return Collections.enumeration(aliases); } @@ -114,7 +114,7 @@ public Certificate engineGetCertificate(String alias) { if (certificates.containsKey(alias)) { certificate = certificates.get(alias); } else { - certificate = keyVault.getCertificate(alias); + certificate = keyVaultClient.getCertificate(alias); if (certificate != null) { certificates.put(alias, certificate); if (!aliases.contains(alias)) { @@ -130,7 +130,7 @@ public String engineGetCertificateAlias(Certificate cert) { String alias = null; if (cert != null) { if (aliases == null) { - aliases = keyVault.getAliases(); + aliases = keyVaultClient.getAliases(); } for (String candidateAlias : aliases) { Certificate certificate = engineGetCertificate(candidateAlias); @@ -170,7 +170,7 @@ public Key engineGetKey(String alias, char[] password) { if (certificateKeys.containsKey(alias)) { key = certificateKeys.get(alias); } else { - key = keyVault.getKey(alias, password); + key = keyVaultClient.getKey(alias, password); if (key != null) { certificateKeys.put(alias, key); if (!aliases.contains(alias)) { @@ -184,7 +184,7 @@ public Key engineGetKey(String alias, char[] password) { @Override public boolean engineIsCertificateEntry(String alias) { if (aliases == null) { - aliases = keyVault.getAliases(); + aliases = keyVaultClient.getAliases(); } return aliases.contains(alias); } @@ -198,7 +198,7 @@ public boolean engineIsKeyEntry(String alias) { public void engineLoad(KeyStore.LoadStoreParameter param) { if (param instanceof KeyVaultLoadStoreParameter) { KeyVaultLoadStoreParameter parameter = (KeyVaultLoadStoreParameter) param; - keyVault = new KeyVaultClient( + keyVaultClient = new KeyVaultClient( parameter.getUri(), parameter.getTenantId(), parameter.getClientId(), @@ -215,7 +215,7 @@ public void engineLoad(InputStream stream, char[] password) { @Override public void engineSetCertificateEntry(String alias, Certificate certificate) { if (aliases == null) { - aliases = keyVault.getAliases(); + aliases = keyVaultClient.getAliases(); } if (!aliases.contains(alias)) { aliases.add(alias); From 77ab25394ce9e6e8a605e54ab6bc08943cafa193 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 11:45:54 -0600 Subject: [PATCH 15/21] Use try-with-resources --- .../security/keyvault/jca/KeyVaultKeyStore.java | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index fa91131fc16b..1c3c1a5793ec 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -258,12 +258,14 @@ public void engineStore(KeyStore.LoadStoreParameter param) { */ private String[] getFilenames(String path) throws IOException { List filenames = new ArrayList<>(); - InputStream in = getClass().getResourceAsStream(path); - if (in != null) { - BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String resource; - while ((resource = br.readLine()) != null) { - filenames.add(resource); + try (InputStream in = getClass().getResourceAsStream(path)) { + if (in != null) { + try (BufferedReader br = new BufferedReader(new InputStreamReader(in))) { + String resource; + while ((resource = br.readLine()) != null) { + filenames.add(resource); + } + } } } return filenames.toArray(new String[0]); From f09a4e19d8e10adc5bc3f1a90c8c790f8c060058 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 13:31:55 -0600 Subject: [PATCH 16/21] Use try-with-resources --- .../keyvault/jca/KeyVaultKeyStore.java | 34 ++++++++++--------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 1c3c1a5793ec..081808007301 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -1,6 +1,5 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. - package com.azure.security.keyvault.jca; import java.io.BufferedReader; @@ -199,10 +198,10 @@ public void engineLoad(KeyStore.LoadStoreParameter param) { if (param instanceof KeyVaultLoadStoreParameter) { KeyVaultLoadStoreParameter parameter = (KeyVaultLoadStoreParameter) param; keyVaultClient = new KeyVaultClient( - parameter.getUri(), - parameter.getTenantId(), - parameter.getClientId(), - parameter.getClientSecret()); + parameter.getUri(), + parameter.getTenantId(), + parameter.getClientId(), + parameter.getClientSecret()); } sideLoad(); } @@ -279,16 +278,19 @@ private String[] getFilenames(String path) throws IOException { * @throws IOException when an I/O error occurs. */ private byte[] readAllBytes(InputStream inputStream) throws IOException { - ByteArrayOutputStream byteOutput = new ByteArrayOutputStream(); - byte[] buffer = new byte[1024]; - while (true) { - int r = inputStream.read(buffer); - if (r == -1) { - break; + byte[] bytes = new byte[0]; + try (ByteArrayOutputStream byteOutput = new ByteArrayOutputStream()) { + byte[] buffer = new byte[1024]; + while (true) { + int r = inputStream.read(buffer); + if (r == -1) { + break; + } + byteOutput.write(buffer, 0, r); } - byteOutput.write(buffer, 0, r); + bytes = byteOutput.toByteArray(); } - return byteOutput.toByteArray(); + return bytes; } /** @@ -309,12 +311,12 @@ private void sideLoad() { try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) cf.generateCertificate( - new ByteArrayInputStream(bytes)); + new ByteArrayInputStream(bytes)); engineSetCertificateEntry(alias, certificate); LOGGER.log(INFO, "Side loaded certificate: {0} from: {1}", - new Object[] { alias, filename }); + new Object[]{alias, filename}); } catch (CertificateException e) { - LOGGER.log(WARNING, "Unable to side-load certificate", e); + LOGGER.log(WARNING, "Unable to side-load certificate from: " + filename, e); } } } From 27f0d8194311df7ce3f07293a21fbe5557fb4d0e Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 14:08:56 -0600 Subject: [PATCH 17/21] Remove unncessary implements --- .../java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java | 2 +- .../com/azure/security/keyvault/jca/KeyVaultTrustManager.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 081808007301..634a6e1924fe 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -278,7 +278,7 @@ private String[] getFilenames(String path) throws IOException { * @throws IOException when an I/O error occurs. */ private byte[] readAllBytes(InputStream inputStream) throws IOException { - byte[] bytes = new byte[0]; + byte[] bytes; try (ByteArrayOutputStream byteOutput = new ByteArrayOutputStream()) { byte[] buffer = new byte[1024]; while (true) { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java index b5be3dc3f3f0..69db2137ee90 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java @@ -19,7 +19,7 @@ /** * The Azure Key Vault variant of the X509TrustManager. */ -public class KeyVaultTrustManager extends X509ExtendedTrustManager implements X509TrustManager { +public class KeyVaultTrustManager extends X509ExtendedTrustManager { /** * Stores the default trust manager. From cd1b31bf124a0b669f1ead5e98fd4194d582f215 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 14:37:31 -0600 Subject: [PATCH 18/21] Rename from getKey_props to getKeyProperties --- .../com/azure/security/keyvault/jca/KeyVaultClient.java | 2 +- .../azure/security/keyvault/jca/rest/CertificatePolicy.java | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 5669f56bcdc7..e99950185122 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -207,7 +207,7 @@ public Key getKey(String alias, char[] password) { CertificateBundle certificateBundle = getCertificateBundle(alias); boolean isExportable = Optional.ofNullable(certificateBundle) .map(CertificateBundle::getPolicy) - .map(CertificatePolicy::getKey_props) + .map(CertificatePolicy::getKeyProperties) .map(KeyProperties::isExportable) .orElse(false); if (isExportable) { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/CertificatePolicy.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/CertificatePolicy.java index e678c296b6bb..871d73500038 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/CertificatePolicy.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/CertificatePolicy.java @@ -3,6 +3,7 @@ package com.azure.security.keyvault.jca.rest; +import com.fasterxml.jackson.annotation.JsonProperty; import java.io.Serializable; /** @@ -13,6 +14,7 @@ public class CertificatePolicy implements Serializable { /** * Stores the key properties. */ + @JsonProperty("key_props") private KeyProperties keyProperties; /** @@ -20,7 +22,7 @@ public class CertificatePolicy implements Serializable { * * @return the key properties. */ - public KeyProperties getKey_props() { + public KeyProperties getKeyProperties() { return keyProperties; } @@ -29,7 +31,7 @@ public KeyProperties getKey_props() { * * @param keyProperties the key properties. */ - public void setKey_props(KeyProperties keyProperties) { + public void setKeyProperties(KeyProperties keyProperties) { this.keyProperties = keyProperties; } } From 1bdd55b6845bb472ee0a72a7ae57f281b1000802 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 14:52:52 -0600 Subject: [PATCH 19/21] Minor cleanup --- .../starter/KeyVaultCertificatesEnvironmentPostProcessor.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java index 6d76e12b4619..cfb0a5e40143 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java @@ -100,9 +100,7 @@ public void postProcessEnvironment(ConfigurableEnvironment environment, enabled = environment.getProperty("azure.keyvault.jca.disableHostnameVerification"); if (Boolean.parseBoolean(enabled)) { - HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> { - return true; - }); + HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); } } } From e9d83429a6a2e61ad57dbe2ba5f11cb2e435f43d Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 15:28:06 -0600 Subject: [PATCH 20/21] Removed unused logger --- .../com/azure/security/keyvault/jca/KeyVaultClient.java | 6 +++--- .../KeyVaultCertificatesEnvironmentPostProcessor.java | 6 ------ 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index e99950185122..d11a7ae0386a 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -125,7 +125,7 @@ private String getAccessToken() { * * @return the list of aliases. */ - public List getAliases() { + List getAliases() { ArrayList result = new ArrayList<>(); HashMap headers = new HashMap<>(); headers.put("Authorization", "Bearer " + getAccessToken()); @@ -171,7 +171,7 @@ private CertificateBundle getCertificateBundle(String alias) { * @param alias the alias. * @return the certificate, or null if not found. */ - public Certificate getCertificate(String alias) { + Certificate getCertificate(String alias) { LOGGER.entering("KeyVaultClient", "getCertificate", alias); LOGGER.log(INFO, "Getting certificate for alias: {0}", alias); X509Certificate certificate = null; @@ -200,7 +200,7 @@ public Certificate getCertificate(String alias) { * @param password the password. * @return the key. */ - public Key getKey(String alias, char[] password) { + Key getKey(String alias, char[] password) { LOGGER.entering("KeyVaultClient", "getKey", new Object[] { alias, password }); LOGGER.log(INFO, "Getting key for alias: {0}", alias); Key key = null; diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java index cfb0a5e40143..b1e9a2504ac7 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java @@ -7,7 +7,6 @@ import java.security.Security; import java.util.Properties; -import java.util.logging.Logger; import javax.net.ssl.HttpsURLConnection; import org.springframework.boot.SpringApplication; @@ -22,11 +21,6 @@ @Order(LOWEST_PRECEDENCE) public class KeyVaultCertificatesEnvironmentPostProcessor implements EnvironmentPostProcessor { - /** - * Stores the logger. - */ - private static final Logger LOGGER = Logger.getLogger(KeyVaultCertificatesEnvironmentPostProcessor.class.getName()); - @Override public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) { From db58e25c81abbaf16e02d14b4e6032664c2f236e Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Fri, 23 Oct 2020 15:51:50 -0600 Subject: [PATCH 21/21] Changed from access_token to accessToken --- .../com/azure/security/keyvault/jca/AuthClient.java | 6 +++--- .../azure/security/keyvault/jca/rest/OAuthToken.java | 12 +++++++----- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java index 7fab5629bce9..e3684ed39b69 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java @@ -116,7 +116,7 @@ public String getAccessToken(String resource, String tenantId, if (body != null) { JsonConverter converter = JsonConverterFactory.createJsonConverter(); OAuthToken token = (OAuthToken) converter.fromJson(body, OAuthToken.class); - result = token.getAccess_token(); + result = token.getAccessToken(); } LOGGER.log(FINER, "Access token: {0}", result); return result; @@ -146,7 +146,7 @@ private String getAccessTokenOnAppService(String resource) { if (body != null) { JsonConverter converter = JsonConverterFactory.createJsonConverter(); OAuthToken token = (OAuthToken) converter.fromJson(body, OAuthToken.class); - result = token.getAccess_token(); + result = token.getAccessToken(); } LOGGER.exiting("AuthClient", "getAccessTokenOnAppService", result); return result; @@ -174,7 +174,7 @@ private String getAccessTokenOnOthers(String resource) { if (body != null) { JsonConverter converter = JsonConverterFactory.createJsonConverter(); OAuthToken token = (OAuthToken) converter.fromJson(body, OAuthToken.class); - result = token.getAccess_token(); + result = token.getAccessToken(); } LOGGER.exiting("AuthClient", "getAccessTokenOnOthers", result); return result; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/OAuthToken.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/OAuthToken.java index e394baaa5591..55206bc4070a 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/OAuthToken.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/OAuthToken.java @@ -2,6 +2,7 @@ // Licensed under the MIT License. package com.azure.security.keyvault.jca.rest; +import com.fasterxml.jackson.annotation.JsonProperty; import java.io.Serializable; /** @@ -12,15 +13,16 @@ public class OAuthToken implements Serializable { /** * Stores the access token. */ - private String access_token; + @JsonProperty("access_token") + private String accessToken; /** * Get the access token. * * @return the access token. */ - public String getAccess_token() { - return access_token; + public String getAccessToken() { + return accessToken; } /** @@ -28,7 +30,7 @@ public String getAccess_token() { * * @param accessToken the access token. */ - public void setAccess_token(String accessToken) { - this.access_token = accessToken; + public void setAccessToken(String accessToken) { + this.accessToken = accessToken; } }