From 9d07c031cf64618a42391a8422aa8841c8a93842 Mon Sep 17 00:00:00 2001 From: Manfred Riem Date: Thu, 12 Nov 2020 02:15:29 -0700 Subject: [PATCH] End to End TLS SSL - step #9 - add Azure AD authentication URL (#17074) * Added Azure AD authentication URL --- .../security/keyvault/jca/AuthClient.java | 27 +++++----- .../security/keyvault/jca/KeyVaultClient.java | 16 ++++-- .../keyvault/jca/KeyVaultKeyStore.java | 16 +++--- .../jca/KeyVaultLoadStoreParameter.java | 51 +++++++++++++------ .../keyvault/jca/ClientSSLSample.java | 1 + .../keyvault/jca/ServerSSLSample.java | 1 + .../security/keyvault/jca/AuthClientTest.java | 1 + .../keyvault/jca/KeyVaultJcaProviderTest.java | 1 + .../keyvault/jca/KeyVaultKeyStoreTest.java | 9 ++++ .../jca/KeyVaultLoadStoreParameterTest.java | 1 + .../keyvault/jca/ServerSocketTest.java | 2 + ...tCertificatesEnvironmentPostProcessor.java | 19 ++++--- 12 files changed, 97 insertions(+), 48 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java index 10bf6a841c51c..35471cd5182b1 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java @@ -1,6 +1,5 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. - package com.azure.security.keyvault.jca; import com.azure.security.keyvault.jca.model.OAuthToken; @@ -50,7 +49,7 @@ class AuthClient extends DelegateRestClient { * Stores the OAuth2 managed identity URL. */ private static final String OAUTH2_MANAGED_IDENTITY_TOKEN_URL - = "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01"; + = "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01"; /** * Stores our logger. @@ -96,23 +95,24 @@ public String getAccessToken(String resource, String identity) { * @param clientSecret the client secret. * @return the authorization token. */ - public String getAccessToken(String resource, String tenantId, - String clientId, String clientSecret) { - LOGGER.entering("AuthClient", "getAccessToken", new Object[] { - resource, tenantId, clientId, clientSecret }); + public String getAccessToken(String resource, String aadAuthenticationUrl, + String tenantId, String clientId, String clientSecret) { + + LOGGER.entering("AuthClient", "getAccessToken", new Object[]{ + resource, tenantId, clientId, clientSecret}); LOGGER.info("Getting access token using client ID / client secret"); String result = null; StringBuilder oauth2Url = new StringBuilder(); - oauth2Url.append(OAUTH2_TOKEN_BASE_URL) - .append(tenantId) - .append(OAUTH2_TOKEN_POSTFIX); + oauth2Url.append(aadAuthenticationUrl == null ? OAUTH2_TOKEN_BASE_URL : aadAuthenticationUrl) + .append(tenantId) + .append(OAUTH2_TOKEN_POSTFIX); StringBuilder requestBody = new StringBuilder(); requestBody.append(GRANT_TYPE_FRAGMENT) - .append(CLIENT_ID_FRAGMENT).append(clientId) - .append(CLIENT_SECRET_FRAGMENT).append(clientSecret) - .append(RESOURCE_FRAGMENT).append(resource); + .append(CLIENT_ID_FRAGMENT).append(clientId) + .append(CLIENT_SECRET_FRAGMENT).append(clientSecret) + .append(RESOURCE_FRAGMENT).append(resource); String body = post(oauth2Url.toString(), requestBody.toString(), "application/x-www-form-urlencoded"); if (body != null) { @@ -143,7 +143,6 @@ private String getAccessTokenOnAppService(String resource, String identity) { url.append(System.getenv("MSI_ENDPOINT")) .append("?api-version=2017-09-01") .append(RESOURCE_FRAGMENT).append(resource); - if (identity != null) { url.append("&objectid=").append(identity); } @@ -175,13 +174,11 @@ private String getAccessTokenOnOthers(String resource, String identity) { if (identity != null) { LOGGER.log(INFO, "Using managed identity with object ID: {0}", identity); } - String result = null; StringBuilder url = new StringBuilder(); url.append(OAUTH2_MANAGED_IDENTITY_TOKEN_URL) .append(RESOURCE_FRAGMENT).append(resource); - if (identity != null) { url.append("&object_id=").append(identity); } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 7ea0c267afd05..0164a1ae1ba6e 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -58,6 +58,12 @@ class KeyVaultClient extends DelegateRestClient { */ private final String keyVaultUrl; + /** + * Stores the AAD authentication URL (or null to default to Azure Public + * Cloud). + */ + private String aadAuthenticationUrl; + /** * Stores the tenant ID. */ @@ -113,12 +119,15 @@ class KeyVaultClient extends DelegateRestClient { * Constructor. * * @param keyVaultUri the Azure Key Vault URI. + * @param aadAuthenticationUrl the Azure AD authentication URL. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. */ - KeyVaultClient(final String keyVaultUri, final String tenantId, final String clientId, final String clientSecret) { + KeyVaultClient(final String keyVaultUri, final String aadAuthenticationUrl, + final String tenantId, final String clientId, final String clientSecret) { this(keyVaultUri); + this.aadAuthenticationUrl = aadAuthenticationUrl; this.tenantId = tenantId; this.clientId = clientId; this.clientSecret = clientSecret; @@ -141,7 +150,7 @@ private String getAccessToken() { } if (tenantId != null && clientId != null && clientSecret != null) { - accessToken = authClient.getAccessToken(resource, tenantId, clientId, clientSecret); + accessToken = authClient.getAccessToken(resource, aadAuthenticationUrl, tenantId, clientId, clientSecret); } else { accessToken = authClient.getAccessToken(resource, managedIdentity); } @@ -295,10 +304,9 @@ Key getKey(String alias, char[] password) { * @throws IOException when an I/O error occurs. * @throws NoSuchAlgorithmException when algorithm is unavailable. * @throws InvalidKeySpecException when the private key cannot be generated. - */ + * */ private PrivateKey createPrivateKeyFromPem(String pemString) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { - StringBuilder builder = new StringBuilder(); try (BufferedReader reader = new BufferedReader(new StringReader(pemString))) { String line = reader.readLine(); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 3b1557f0538f4..21403aadfe0d6 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -71,22 +71,25 @@ public final class KeyVaultKeyStore extends KeyStoreSpi { * *

* The constructor uses System.getProperty for - * azure.keyvault.uri, azure.keyvault.tenantId, + * azure.keyvault.uri, + * azure.keyvault.aadAuthenticationUrl, + * azure.keyvault.tenantId, * azure.keyvault.clientId, * azure.keyvault.clientSecret and - * azure.keyvault.userAssignedIdentity to initialize the - * keyvault client. + * azure.keyvault.managedIdentity to initialize the + * Key Vault client. *

*/ public KeyVaultKeyStore() { creationDate = new Date(); String keyVaultUri = System.getProperty("azure.keyvault.uri"); + String aadAuthenticationUrl = System.getProperty("azure.keyvault.aadAuthenticationUrl"); String tenantId = System.getProperty("azure.keyvault.tenantId"); String clientId = System.getProperty("azure.keyvault.clientId"); String clientSecret = System.getProperty("azure.keyvault.clientSecret"); String managedIdentity = System.getProperty("azure.keyvault.managedIdentity"); if (clientId != null) { - keyVaultClient = new KeyVaultClient(keyVaultUri, tenantId, clientId, clientSecret); + keyVaultClient = new KeyVaultClient(keyVaultUri, aadAuthenticationUrl, tenantId, clientId, clientSecret); } else { keyVaultClient = new KeyVaultClient(keyVaultUri, managedIdentity); } @@ -210,13 +213,14 @@ public void engineLoad(KeyStore.LoadStoreParameter param) { if (parameter.getClientId() != null) { keyVaultClient = new KeyVaultClient( parameter.getUri(), + parameter.getAadAuthenticationUrl(), parameter.getTenantId(), parameter.getClientId(), parameter.getClientSecret()); - } else if (parameter.getUserAssignedIdentity() != null) { + } else if (parameter.getManagedIdentity() != null) { keyVaultClient = new KeyVaultClient( parameter.getUri(), - parameter.getUserAssignedIdentity() + parameter.getManagedIdentity() ); } else { keyVaultClient = new KeyVaultClient(parameter.getUri()); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java index 2fd11c3b7a50c..7fe90e9567fa7 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java @@ -14,6 +14,11 @@ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { * Stores the URI. */ private final String uri; + + /** + * Stores the Azure AD authentication URL. + */ + private final String aadAuthenticationUrl; /** * Stores the tenant id. @@ -33,36 +38,40 @@ public class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter { /** * Stores the user-assigned identity. */ - private final String userAssignedIdentity; + private final String managedIdentity; /** * Constructor. * * @param uri the Azure Key Vault URI. + * @param aadAuthenticationUrl the Azure AD authentication URL. * @param tenantId the tenant ID. * @param clientId the client ID. * @param clientSecret the client secret. */ - public KeyVaultLoadStoreParameter(String uri, String tenantId, String clientId, String clientSecret) { + public KeyVaultLoadStoreParameter(String uri, String aadAuthenticationUrl, + String tenantId, String clientId, String clientSecret) { this.uri = uri; + this.aadAuthenticationUrl = aadAuthenticationUrl; this.tenantId = tenantId; this.clientId = clientId; this.clientSecret = clientSecret; - this.userAssignedIdentity = null; + this.managedIdentity = null; } /** * Constructor. * * @param uri the Azure Key Vault URI. - * @param userAssignedIdentity the user-assigned identity. + * @param managedIdentity the managed identity. */ - public KeyVaultLoadStoreParameter(String uri, String userAssignedIdentity) { + public KeyVaultLoadStoreParameter(String uri, String managedIdentity) { this.uri = uri; + this.aadAuthenticationUrl = null; this.tenantId = null; this.clientId = null; this.clientSecret = null; - this.userAssignedIdentity = userAssignedIdentity; + this.managedIdentity = managedIdentity; } /** @@ -72,10 +81,11 @@ public KeyVaultLoadStoreParameter(String uri, String userAssignedIdentity) { */ public KeyVaultLoadStoreParameter(String uri) { this.uri = uri; + this.aadAuthenticationUrl = null; this.tenantId = null; this.clientId = null; this.clientSecret = null; - this.userAssignedIdentity = null; + this.managedIdentity = null; } /** @@ -88,6 +98,15 @@ public KeyStore.ProtectionParameter getProtectionParameter() { return null; } + /** + * Get the Azure AD authentication URL. + * + * @return the Azure AD authentication URL. + */ + public String getAadAuthenticationUrl() { + return aadAuthenticationUrl; + } + /** * Get the client id. * @@ -106,6 +125,15 @@ public String getClientSecret() { return clientSecret; } + /** + * Get the managed identity. + * + * @return the managed identity. + */ + public String getManagedIdentity() { + return managedIdentity; + } + /** * Get the tenant id. * @@ -123,13 +151,4 @@ public String getTenantId() { public String getUri() { return uri; } - - /** - * Get the user-assigned identity. - * - * @return the user-assign identity. - */ - public String getUserAssignedIdentity() { - return userAssignedIdentity; - } } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/com/azure/security/keyvault/jca/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/com/azure/security/keyvault/jca/ClientSSLSample.java index 126effd546aed..f9dca0db7e1d1 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/com/azure/security/keyvault/jca/ClientSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/com/azure/security/keyvault/jca/ClientSSLSample.java @@ -31,6 +31,7 @@ public void clientSSLSample() throws Exception { KeyStore ks = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/com/azure/security/keyvault/jca/ServerSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/com/azure/security/keyvault/jca/ServerSSLSample.java index 7ef3ccd789ecd..a60eccefc0921 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/com/azure/security/keyvault/jca/ServerSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/sample/com/azure/security/keyvault/jca/ServerSSLSample.java @@ -21,6 +21,7 @@ public void serverSSLSample() throws Exception { KeyStore ks = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java index 16cead66f7a38..0a978e9b83614 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AuthClientTest.java @@ -27,6 +27,7 @@ public void testGetAuthorizationToken() throws Exception { AuthClient authClient = new AuthClient(); String result = authClient.getAccessToken( "https://management.azure.com/", + System.getProperty("azure.keyvault.aadAuthenticationUrl"), tenantId, clientId, URLEncoder.encode(clientSecret, "UTF-8") diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java index 4fdd9ceaed877..e51640d1d10ba 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultJcaProviderTest.java @@ -36,6 +36,7 @@ public void testGetCertificate() throws Exception { KeyStore keystore = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java index 073cfb99a4b4e..ae38b425dad8e 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java @@ -51,6 +51,7 @@ public void testEngineGetCertificate() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); @@ -63,6 +64,7 @@ public void testEngineGetCertificateAlias() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); @@ -75,6 +77,7 @@ public void testEngineGetCertificateChain() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); @@ -87,6 +90,7 @@ public void testEngineIsCertificateEntry() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); @@ -99,6 +103,7 @@ public void testEngineSetCertificateEntry() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); @@ -123,6 +128,7 @@ public void testEngineGetKey() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); @@ -135,6 +141,7 @@ public void testEngineIsKeyEntry() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); @@ -159,6 +166,7 @@ public void testEngineAliases() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); @@ -171,6 +179,7 @@ public void testEngineContainsAlias() { KeyVaultKeyStore keystore = new KeyVaultKeyStore(); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java index 68912a740c483..2dcc2879669f2 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameterTest.java @@ -19,6 +19,7 @@ public class KeyVaultLoadStoreParameterTest { public void testGetProtectionParameter() { KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + System.getProperty("azure.keyvault.aadAuthenticationUrl"), null, null, null diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index 13690522dfb7e..31baf12d02237 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -60,6 +60,7 @@ public void testServerSocket() throws Exception { KeyStore ks = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + null, System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); @@ -165,6 +166,7 @@ public void testServerSocketWithSelfSignedClientTrust() throws Exception { KeyStore ks = KeyStore.getInstance("AzureKeyVault"); KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter( System.getProperty("azure.keyvault.uri"), + null, System.getProperty("azure.tenant.id"), System.getProperty("azure.client.id"), System.getProperty("azure.client.secret")); diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java index 6418222858da6..2be13a1133bd5 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java @@ -26,7 +26,7 @@ public class KeyVaultCertificatesEnvironmentPostProcessor implements Environment @Override public void postProcessEnvironment(ConfigurableEnvironment environment, - SpringApplication application) { + SpringApplication application) { Properties systemProperties = System.getProperties(); @@ -38,6 +38,11 @@ public void postProcessEnvironment(ConfigurableEnvironment environment, if (tenantId != null) { systemProperties.put("azure.keyvault.tenantId", tenantId); } + + String aadAuthenticationUrl = environment.getProperty("azure.keyvault.aadAuthenticationUrl"); + if (aadAuthenticationUrl != null) { + systemProperties.put("azure.keyvault.aadAuthenticationUrl", aadAuthenticationUrl); + } String clientId = environment.getProperty("azure.keyvault.clientId"); if (clientId != null) { @@ -67,8 +72,8 @@ public void postProcessEnvironment(ConfigurableEnvironment environment, } catch (ClassNotFoundException ex) { } - PropertiesPropertySource propertySource = - new PropertiesPropertySource("KeyStorePropertySource", properties); + PropertiesPropertySource propertySource + = new PropertiesPropertySource("KeyStorePropertySource", properties); sources.addFirst(propertySource); } @@ -85,8 +90,8 @@ public void postProcessEnvironment(ConfigurableEnvironment environment, } catch (ClassNotFoundException ex) { } - PropertiesPropertySource propertySource = - new PropertiesPropertySource("TrustStorePropertySource", properties); + PropertiesPropertySource propertySource + = new PropertiesPropertySource("TrustStorePropertySource", properties); sources.addFirst(propertySource); } @@ -95,8 +100,8 @@ public void postProcessEnvironment(ConfigurableEnvironment environment, String enabled = environment.getProperty("azure.keyvault.jca.overrideTrustManagerFactory"); if (Boolean.parseBoolean(enabled)) { - KeyVaultTrustManagerFactoryProvider factoryProvider = - new KeyVaultTrustManagerFactoryProvider(); + KeyVaultTrustManagerFactoryProvider factoryProvider + = new KeyVaultTrustManagerFactoryProvider(); Security.insertProviderAt(factoryProvider, 1); }