Added support for providing a custom login URI to get access tokens from via the system property azure.login.uri

sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md

@@ -1,15 +1,15 @@
 # Release History
 
-## 2.9.0-beta.1 (Unreleased)
+## 2.9.0-beta.1 (2024-05-15)
 
 ### Features Added
-
-### Breaking Changes
-
-### Bugs Fixed
+- Added support for providing a custom login URI to get access tokens from via the system property `azure.login.uri`.
 
 ### Other Changes
 
+#### Dependency Updates
+- Upgraded `conscrypt-openjdk-uber` from `2.2.1` to version `2.5.2`.
+
 ## 2.8.1 (2023-12-04)
 
 ### Other Changes

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java

@@ -7,15 +7,16 @@
 import com.azure.security.keyvault.jca.implementation.certificates.JreCertificates;
 import com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates;
 import com.azure.security.keyvault.jca.implementation.certificates.SpecificPathCertificates;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.security.Key;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.KeyStoreSpi;
 import java.security.NoSuchAlgorithmException;
-import java.security.KeyStoreException;
 import java.security.UnrecoverableEntryException;
-import java.security.Key;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
@@ -25,8 +26,8 @@
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Objects;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
 import java.util.logging.Logger;
 import java.util.stream.Stream;
@@ -123,6 +124,7 @@ public KeyVaultKeyStore() {
         LOGGER.log(FINE, "Constructing KeyVaultKeyStore.");
         creationDate = new Date();
         String keyVaultUri = System.getProperty("azure.keyvault.uri");
+        String loginUri = System.getProperty("azure.login.uri");
         String tenantId = System.getProperty("azure.keyvault.tenant-id");
         String clientId = System.getProperty("azure.keyvault.client-id");
         String clientSecret = System.getProperty("azure.keyvault.client-secret");
@@ -140,7 +142,7 @@ public KeyVaultKeyStore() {
         customCertificates = SpecificPathCertificates.getSpecificPathCertificates(customPath);
         LOGGER.log(FINE, String.format("Loaded custom certificates: %s.", customCertificates.getAliases()));
         keyVaultCertificates = new KeyVaultCertificates(
-            refreshInterval, keyVaultUri, tenantId, clientId, clientSecret, managedIdentity);
+            refreshInterval, keyVaultUri, loginUri, tenantId, clientId, clientSecret, managedIdentity);
         LOGGER.log(FINE, String.format("Loaded Key Vault certificates: %s.", keyVaultCertificates.getAliases()));
         classpathCertificates = new ClasspathCertificates();
         LOGGER.log(FINE, String.format("Loaded classpath certificates: %s.", classpathCertificates.getAliases()));
@@ -171,11 +173,14 @@ public static KeyStore getKeyVaultKeyStoreBySystemProperty() throws CertificateE
         KeyStore keyStore = KeyStore.getInstance(KeyVaultJcaProvider.PROVIDER_NAME);
         KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
             System.getProperty("azure.keyvault.uri"),
+            System.getProperty("azure.login.uri"),
             System.getProperty("azure.keyvault.tenant-id"),
             System.getProperty("azure.keyvault.client-id"),
             System.getProperty("azure.keyvault.client-secret"),
             System.getProperty("azure.keyvault.managed-identity"));
+
         keyStore.load(parameter);
+
         return keyStore;
     }
 
@@ -363,17 +368,19 @@ public boolean engineIsKeyEntry(String alias) {
     /**
      * Loads the keystore using the given {@code KeyStore.LoadStoreParameter}.
      *
-     * @param param the {@code KeyStore.LoadStoreParameter}
-     *          that specifies how to load the keystore,
-     *          which may be {@code null}
+     * @param param the {@code KeyStore.LoadStoreParameter} that specifies how to load the keystore, which may be
+     * {@code null}.
      */
     @Override
     public void engineLoad(KeyStore.LoadStoreParameter param) {
         if (param instanceof KeyVaultLoadStoreParameter) {
             KeyVaultLoadStoreParameter parameter = (KeyVaultLoadStoreParameter) param;
-            keyVaultCertificates.updateKeyVaultClient(parameter.getUri(), parameter.getTenantId(),
-                parameter.getClientId(), parameter.getClientSecret(), parameter.getManagedIdentity());
+
+            keyVaultCertificates.updateKeyVaultClient(
+                parameter.getUri(), parameter.getLoginUri(), parameter.getTenantId(), parameter.getClientId(),
+                parameter.getClientSecret(), parameter.getManagedIdentity());
         }
+
         classpathCertificates.loadCertificatesFromClasspath();
     }
 

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultLoadStoreParameter.java

@@ -13,17 +13,22 @@
 public final class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParameter {
 
     /**
-     * Stores the URI.
+     * Stores the Key Vault URI.
      */
-    private final String uri;
+    private final String keyVaultUri;
+
+    /**
+     * Stores the Azure login URI.
+     */
+    private final String loginUri;
 
     /**
      * Stores the tenant id.
      */
     private final String tenantId;
 
     /**
-     * Stores the client ID.
+     * Stores the client id.
      */
     private final String clientId;
 
@@ -33,52 +38,67 @@ public final class KeyVaultLoadStoreParameter implements KeyStore.LoadStoreParam
     private final String clientSecret;
 
     /**
-     * Stores the user-assigned identity.
+     * Stores the user-assigned Managed Identity.
      */
     private final String managedIdentity;
 
     /**
      * Constructor.
      *
-     * @param uri the Azure Key Vault URI.
+     * @param keyVaultUri The Azure Key Vault URI.
      */
-    public KeyVaultLoadStoreParameter(String uri) {
-        this(uri, null, null, null, null);
+    public KeyVaultLoadStoreParameter(String keyVaultUri) {
+        this(keyVaultUri, null, null, null, null, null);
     }
 
     /**
      * Constructor.
      *
-     * @param uri the Azure Key Vault URI.
-     * @param managedIdentity the managed identity.
+     * @param keyVaultUri the Azure Key Vault URI.
+     * @param managedIdentity The Managed Identity.
      */
-    public KeyVaultLoadStoreParameter(String uri, String managedIdentity) {
-        this(uri, null, null, null, managedIdentity);
+    public KeyVaultLoadStoreParameter(String keyVaultUri, String managedIdentity) {
+        this(keyVaultUri, null, null, null, null, managedIdentity);
     }
 
     /**
      * Constructor.
      *
-     * @param uri the Azure Key Vault URI.
-     * @param tenantId the tenant ID.
-     * @param clientId the client ID.
-     * @param clientSecret the client secret.
+     * @param keyVaultUri the Azure Key Vault URI.
+     * @param tenantId The tenant id.
+     * @param clientId The client id.
+     * @param clientSecret The client secret.
      */
-    public KeyVaultLoadStoreParameter(String uri, String tenantId, String clientId, String clientSecret) {
-        this(uri, tenantId, clientId, clientSecret, null);
+    public KeyVaultLoadStoreParameter(String keyVaultUri, String tenantId, String clientId, String clientSecret) {
+        this(keyVaultUri, null, tenantId, clientId, clientSecret, null);
     }
 
     /**
      * Constructor.
      *
-     * @param uri the Azure Key Vault URI.
-     * @param tenantId the tenant ID.
-     * @param clientId the client ID.
-     * @param clientSecret the client secret.
-     * @param managedIdentity the managedIdentity.
-     */
-    public KeyVaultLoadStoreParameter(String uri, String tenantId, String clientId, String clientSecret, String managedIdentity) {
-        this.uri = uri;
+     * @param keyVaultUri the Azure Key Vault URI.
+     * @param tenantId The tenant id.
+     * @param clientId The client id.
+     * @param clientSecret The client secret.
+     * @param managedIdentity The Managed Identity.
+     */
+    public KeyVaultLoadStoreParameter(String keyVaultUri, String tenantId, String clientId, String clientSecret, String managedIdentity) {
+        this(keyVaultUri, null, tenantId, clientId, clientSecret, managedIdentity);
+    }
+
+    /**
+     * Constructor.
+     *
+     * @param keyVaultUri the Azure Key Vault URI.
+     * @param loginUri The Azure login URI.
+     * @param tenantId The tenant id.
+     * @param clientId The client id.
+     * @param clientSecret The client secret.
+     * @param managedIdentity The Managed Identity.
+     */
+    public KeyVaultLoadStoreParameter(String keyVaultUri, String loginUri, String tenantId, String clientId, String clientSecret, String managedIdentity) {
+        this.keyVaultUri = keyVaultUri;
+        this.loginUri = loginUri;
         this.tenantId = tenantId;
         this.clientId = clientId;
         this.clientSecret = clientSecret;
@@ -88,7 +108,7 @@ public KeyVaultLoadStoreParameter(String uri, String tenantId, String clientId,
     /**
      * Get the protection parameter.
      *
-     * @return null
+     * @return {@code null}.
      */
     @Override
     public KeyStore.ProtectionParameter getProtectionParameter() {
@@ -98,7 +118,7 @@ public KeyStore.ProtectionParameter getProtectionParameter() {
     /**
      * Get the client id.
      *
-     * @return the client id.
+     * @return The client id.
      */
     public String getClientId() {
         return clientId;
@@ -107,7 +127,7 @@ public String getClientId() {
     /**
      * Get the client secret.
      *
-     * @return the client secret.
+     * @return The client secret.
      */
     public String getClientSecret() {
         return clientSecret;
@@ -116,7 +136,7 @@ public String getClientSecret() {
     /**
      * Get the managed identity.
      *
-     * @return the managed identity.
+     * @return The Managed Identity.
      */
     public String getManagedIdentity() {
         return managedIdentity;
@@ -125,18 +145,27 @@ public String getManagedIdentity() {
     /**
      * Get the tenant id.
      *
-     * @return the tenant id.
+     * @return The tenant id.
      */
     public String getTenantId() {
         return tenantId;
     }
 
     /**
-     * Get the uri.
+     * Get the Azure Key Vault URI.
      *
-     * @return the URI.
+     * @return The Azure Key Vault URI.
      */
     public String getUri() {
-        return uri;
+        return keyVaultUri;
+    }
+
+    /**
+     * Get the Azure login URI.
+     *
+     * @return The Azure login URI.
+     */
+    public String getLoginUri() {
+        return loginUri;
     }
 }