diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java index 7fab5629bce9..e3684ed39b69 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AuthClient.java @@ -116,7 +116,7 @@ public String getAccessToken(String resource, String tenantId, if (body != null) { JsonConverter converter = JsonConverterFactory.createJsonConverter(); OAuthToken token = (OAuthToken) converter.fromJson(body, OAuthToken.class); - result = token.getAccess_token(); + result = token.getAccessToken(); } LOGGER.log(FINER, "Access token: {0}", result); return result; @@ -146,7 +146,7 @@ private String getAccessTokenOnAppService(String resource) { if (body != null) { JsonConverter converter = JsonConverterFactory.createJsonConverter(); OAuthToken token = (OAuthToken) converter.fromJson(body, OAuthToken.class); - result = token.getAccess_token(); + result = token.getAccessToken(); } LOGGER.exiting("AuthClient", "getAccessTokenOnAppService", result); return result; @@ -174,7 +174,7 @@ private String getAccessTokenOnOthers(String resource) { if (body != null) { JsonConverter converter = JsonConverterFactory.createJsonConverter(); OAuthToken token = (OAuthToken) converter.fromJson(body, OAuthToken.class); - result = token.getAccess_token(); + result = token.getAccessToken(); } LOGGER.exiting("AuthClient", "getAccessTokenOnOthers", result); return result; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index d9ec569489f6..d11a7ae0386a 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -49,9 +49,9 @@ class KeyVaultClient extends DelegateRestClient { private static final String API_VERSION_POSTFIX = "?api-version=7.1"; /** - * Stores the Azure Key Vault URI. + * Stores the Azure Key Vault URL. */ - private final String keyVaultUri; + private final String keyVaultUrl; /** * Stores the tenant ID. @@ -79,7 +79,7 @@ class KeyVaultClient extends DelegateRestClient { if (!keyVaultUri.endsWith("/")) { keyVaultUri = keyVaultUri + "/"; } - this.keyVaultUri = keyVaultUri; + this.keyVaultUrl = keyVaultUri; } /** @@ -125,11 +125,11 @@ private String getAccessToken() { * * @return the list of aliases. */ - public List getAliases() { + List getAliases() { ArrayList result = new ArrayList<>(); HashMap headers = new HashMap<>(); headers.put("Authorization", "Bearer " + getAccessToken()); - String url = String.format("%scertificates%s", keyVaultUri, API_VERSION_POSTFIX); + String url = String.format("%scertificates%s", keyVaultUrl, API_VERSION_POSTFIX); String response = get(url, headers); CertificateListResult certificateListResult = null; if (response != null) { @@ -156,7 +156,7 @@ private CertificateBundle getCertificateBundle(String alias) { CertificateBundle result = null; HashMap headers = new HashMap<>(); headers.put("Authorization", "Bearer " + getAccessToken()); - String url = String.format("%scertificates/%s%s", keyVaultUri, alias, API_VERSION_POSTFIX); + String url = String.format("%scertificates/%s%s", keyVaultUrl, alias, API_VERSION_POSTFIX); String response = get(url, headers); if (response != null) { JsonConverter converter = JsonConverterFactory.createJsonConverter(); @@ -171,7 +171,7 @@ private CertificateBundle getCertificateBundle(String alias) { * @param alias the alias. * @return the certificate, or null if not found. */ - public Certificate getCertificate(String alias) { + Certificate getCertificate(String alias) { LOGGER.entering("KeyVaultClient", "getCertificate", alias); LOGGER.log(INFO, "Getting certificate for alias: {0}", alias); X509Certificate certificate = null; @@ -182,7 +182,7 @@ public Certificate getCertificate(String alias) { try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); certificate = (X509Certificate) cf.generateCertificate( - new ByteArrayInputStream(Base64.getDecoder().decode(certificateBundle.getCer())) + new ByteArrayInputStream(Base64.getDecoder().decode(certificateString)) ); } catch (CertificateException ce) { LOGGER.log(WARNING, "Certificate error", ce); @@ -200,14 +200,14 @@ public Certificate getCertificate(String alias) { * @param password the password. * @return the key. */ - public Key getKey(String alias, char[] password) { + Key getKey(String alias, char[] password) { LOGGER.entering("KeyVaultClient", "getKey", new Object[] { alias, password }); LOGGER.log(INFO, "Getting key for alias: {0}", alias); Key key = null; CertificateBundle certificateBundle = getCertificateBundle(alias); boolean isExportable = Optional.ofNullable(certificateBundle) .map(CertificateBundle::getPolicy) - .map(CertificatePolicy::getKey_props) + .map(CertificatePolicy::getKeyProperties) .map(KeyProperties::isExportable) .orElse(false); if (isExportable) { diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java index cdeeb542a62d..1cf099d84b0f 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyManager.java @@ -127,6 +127,8 @@ public X509Certificate[] getCertificateChain(String alias) { chain.add((X509Certificate) certificate); } } + } else { + LOGGER.log(WARNING, "No certificate chain found for alias: {0}", alias); } } catch (KeyStoreException kse) { LOGGER.log(WARNING, "Unable to get certificate chain for alias: " + alias, kse); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 3ca71ec2d8f3..634a6e1924fe 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -1,6 +1,5 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. - package com.azure.security.keyvault.jca; import java.io.BufferedReader; @@ -64,7 +63,7 @@ public class KeyVaultKeyStore extends KeyStoreSpi { /** * Stores the key vault client. */ - private KeyVaultClient keyVault; + private KeyVaultClient keyVaultClient; /** * Constructor. @@ -83,13 +82,13 @@ public KeyVaultKeyStore() { String tenantId = System.getProperty("azure.keyvault.tenantId"); String clientId = System.getProperty("azure.keyvault.clientId"); String clientSecret = System.getProperty("azure.keyvault.clientSecret"); - keyVault = new KeyVaultClient(keyVaultUri, tenantId, clientId, clientSecret); + keyVaultClient = new KeyVaultClient(keyVaultUri, tenantId, clientId, clientSecret); } @Override public Enumeration engineAliases() { if (aliases == null) { - aliases = keyVault.getAliases(); + aliases = keyVaultClient.getAliases(); } return Collections.enumeration(aliases); } @@ -114,7 +113,7 @@ public Certificate engineGetCertificate(String alias) { if (certificates.containsKey(alias)) { certificate = certificates.get(alias); } else { - certificate = keyVault.getCertificate(alias); + certificate = keyVaultClient.getCertificate(alias); if (certificate != null) { certificates.put(alias, certificate); if (!aliases.contains(alias)) { @@ -130,7 +129,7 @@ public String engineGetCertificateAlias(Certificate cert) { String alias = null; if (cert != null) { if (aliases == null) { - aliases = keyVault.getAliases(); + aliases = keyVaultClient.getAliases(); } for (String candidateAlias : aliases) { Certificate certificate = engineGetCertificate(candidateAlias); @@ -170,7 +169,7 @@ public Key engineGetKey(String alias, char[] password) { if (certificateKeys.containsKey(alias)) { key = certificateKeys.get(alias); } else { - key = keyVault.getKey(alias, password); + key = keyVaultClient.getKey(alias, password); if (key != null) { certificateKeys.put(alias, key); if (!aliases.contains(alias)) { @@ -184,7 +183,7 @@ public Key engineGetKey(String alias, char[] password) { @Override public boolean engineIsCertificateEntry(String alias) { if (aliases == null) { - aliases = keyVault.getAliases(); + aliases = keyVaultClient.getAliases(); } return aliases.contains(alias); } @@ -198,11 +197,11 @@ public boolean engineIsKeyEntry(String alias) { public void engineLoad(KeyStore.LoadStoreParameter param) { if (param instanceof KeyVaultLoadStoreParameter) { KeyVaultLoadStoreParameter parameter = (KeyVaultLoadStoreParameter) param; - keyVault = new KeyVaultClient( - parameter.getUri(), - parameter.getTenantId(), - parameter.getClientId(), - parameter.getClientSecret()); + keyVaultClient = new KeyVaultClient( + parameter.getUri(), + parameter.getTenantId(), + parameter.getClientId(), + parameter.getClientSecret()); } sideLoad(); } @@ -215,7 +214,7 @@ public void engineLoad(InputStream stream, char[] password) { @Override public void engineSetCertificateEntry(String alias, Certificate certificate) { if (aliases == null) { - aliases = keyVault.getAliases(); + aliases = keyVaultClient.getAliases(); } if (!aliases.contains(alias)) { aliases.add(alias); @@ -258,12 +257,14 @@ public void engineStore(KeyStore.LoadStoreParameter param) { */ private String[] getFilenames(String path) throws IOException { List filenames = new ArrayList<>(); - InputStream in = getClass().getResourceAsStream(path); - if (in != null) { - BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String resource; - while ((resource = br.readLine()) != null) { - filenames.add(resource); + try (InputStream in = getClass().getResourceAsStream(path)) { + if (in != null) { + try (BufferedReader br = new BufferedReader(new InputStreamReader(in))) { + String resource; + while ((resource = br.readLine()) != null) { + filenames.add(resource); + } + } } } return filenames.toArray(new String[0]); @@ -277,16 +278,19 @@ private String[] getFilenames(String path) throws IOException { * @throws IOException when an I/O error occurs. */ private byte[] readAllBytes(InputStream inputStream) throws IOException { - ByteArrayOutputStream byteOutput = new ByteArrayOutputStream(); - byte[] buffer = new byte[1024]; - while (true) { - int r = inputStream.read(buffer); - if (r == -1) { - break; + byte[] bytes; + try (ByteArrayOutputStream byteOutput = new ByteArrayOutputStream()) { + byte[] buffer = new byte[1024]; + while (true) { + int r = inputStream.read(buffer); + if (r == -1) { + break; + } + byteOutput.write(buffer, 0, r); } - byteOutput.write(buffer, 0, r); + bytes = byteOutput.toByteArray(); } - return byteOutput.toByteArray(); + return bytes; } /** @@ -307,12 +311,12 @@ private void sideLoad() { try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) cf.generateCertificate( - new ByteArrayInputStream(bytes)); + new ByteArrayInputStream(bytes)); engineSetCertificateEntry(alias, certificate); LOGGER.log(INFO, "Side loaded certificate: {0} from: {1}", - new Object[] { alias, filename }); + new Object[]{alias, filename}); } catch (CertificateException e) { - LOGGER.log(WARNING, "Unable to side-load certificate", e); + LOGGER.log(WARNING, "Unable to side-load certificate from: " + filename, e); } } } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java index b5be3dc3f3f0..69db2137ee90 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultTrustManager.java @@ -19,7 +19,7 @@ /** * The Azure Key Vault variant of the X509TrustManager. */ -public class KeyVaultTrustManager extends X509ExtendedTrustManager implements X509TrustManager { +public class KeyVaultTrustManager extends X509ExtendedTrustManager { /** * Stores the default trust manager. diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/CertificatePolicy.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/CertificatePolicy.java index e678c296b6bb..871d73500038 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/CertificatePolicy.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/CertificatePolicy.java @@ -3,6 +3,7 @@ package com.azure.security.keyvault.jca.rest; +import com.fasterxml.jackson.annotation.JsonProperty; import java.io.Serializable; /** @@ -13,6 +14,7 @@ public class CertificatePolicy implements Serializable { /** * Stores the key properties. */ + @JsonProperty("key_props") private KeyProperties keyProperties; /** @@ -20,7 +22,7 @@ public class CertificatePolicy implements Serializable { * * @return the key properties. */ - public KeyProperties getKey_props() { + public KeyProperties getKeyProperties() { return keyProperties; } @@ -29,7 +31,7 @@ public KeyProperties getKey_props() { * * @param keyProperties the key properties. */ - public void setKey_props(KeyProperties keyProperties) { + public void setKeyProperties(KeyProperties keyProperties) { this.keyProperties = keyProperties; } } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/OAuthToken.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/OAuthToken.java index e394baaa5591..55206bc4070a 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/OAuthToken.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/rest/OAuthToken.java @@ -2,6 +2,7 @@ // Licensed under the MIT License. package com.azure.security.keyvault.jca.rest; +import com.fasterxml.jackson.annotation.JsonProperty; import java.io.Serializable; /** @@ -12,15 +13,16 @@ public class OAuthToken implements Serializable { /** * Stores the access token. */ - private String access_token; + @JsonProperty("access_token") + private String accessToken; /** * Get the access token. * * @return the access token. */ - public String getAccess_token() { - return access_token; + public String getAccessToken() { + return accessToken; } /** @@ -28,7 +30,7 @@ public String getAccess_token() { * * @param accessToken the access token. */ - public void setAccess_token(String accessToken) { - this.access_token = accessToken; + public void setAccessToken(String accessToken) { + this.accessToken = accessToken; } } diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java index 6d76e12b4619..b1e9a2504ac7 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java @@ -7,7 +7,6 @@ import java.security.Security; import java.util.Properties; -import java.util.logging.Logger; import javax.net.ssl.HttpsURLConnection; import org.springframework.boot.SpringApplication; @@ -22,11 +21,6 @@ @Order(LOWEST_PRECEDENCE) public class KeyVaultCertificatesEnvironmentPostProcessor implements EnvironmentPostProcessor { - /** - * Stores the logger. - */ - private static final Logger LOGGER = Logger.getLogger(KeyVaultCertificatesEnvironmentPostProcessor.class.getName()); - @Override public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) { @@ -100,9 +94,7 @@ public void postProcessEnvironment(ConfigurableEnvironment environment, enabled = environment.getProperty("azure.keyvault.jca.disableHostnameVerification"); if (Boolean.parseBoolean(enabled)) { - HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> { - return true; - }); + HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); } } }