From b5610bb527737a456ad5aec0b9283ea6057be4d3 Mon Sep 17 00:00:00 2001 From: rujche Date: Wed, 19 Jun 2024 09:27:59 +0800 Subject: [PATCH 1/4] Fix bug: clientSecret not url encoded. --- .../jca/implementation/utils/AccessTokenUtil.java | 11 ++++++++++- .../security/keyvault/jca/AccessTokenUtilTest.java | 8 ++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java index 4c48dbe41ba4..947ddff5b136 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java @@ -6,6 +6,9 @@ import static java.util.logging.Level.INFO; import com.azure.security.keyvault.jca.implementation.model.AccessToken; + +import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; import java.util.HashMap; import java.util.logging.Logger; @@ -97,10 +100,16 @@ public static AccessToken getAccessToken(String resource, String aadAuthenticati .append(tenantId) .append(OAUTH2_TOKEN_POSTFIX); + String urlEncodedClientSecret; + try { + urlEncodedClientSecret = URLEncoder.encode(clientSecret, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException("Can't url encode clientSecret. ", e); + } StringBuilder requestBody = new StringBuilder(); requestBody.append(GRANT_TYPE_FRAGMENT) .append(CLIENT_ID_FRAGMENT).append(clientId) - .append(CLIENT_SECRET_FRAGMENT).append(clientSecret) + .append(CLIENT_SECRET_FRAGMENT).append(urlEncodedClientSecret) .append(RESOURCE_FRAGMENT).append(resource); String body = HttpUtil diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java index fa45b51e2924..3be4b46e3532 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/AccessTokenUtilTest.java @@ -8,8 +8,6 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.condition.EnabledIfEnvironmentVariable; -import java.net.URLEncoder; - import static org.junit.jupiter.api.Assertions.assertNotNull; /** @@ -20,11 +18,9 @@ public class AccessTokenUtilTest { /** * Test getAuthorizationToken method. - * - * @throws Exception when a serious error occurs. */ @Test - public void testGetAuthorizationToken() throws Exception { + public void testGetAuthorizationToken() { String tenantId = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_TENANT_ID"); String clientId = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_ID"); String clientSecret = PropertyConvertorUtils.getPropertyValue("AZURE_KEYVAULT_CLIENT_SECRET"); @@ -37,7 +33,7 @@ public void testGetAuthorizationToken() throws Exception { aadAuthenticationUrl, tenantId, clientId, - URLEncoder.encode(clientSecret, "UTF-8") + clientSecret ); assertNotNull(result); } From f1013fd6b27591059fecdc9b2403ac4735da0024 Mon Sep 17 00:00:00 2001 From: rujche Date: Wed, 19 Jun 2024 10:44:41 +0800 Subject: [PATCH 2/4] Url encode all parameters. --- .../jca/implementation/utils/AccessTokenUtil.java | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java index 947ddff5b136..5cc0c94a24fe 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java @@ -7,8 +7,8 @@ import com.azure.security.keyvault.jca.implementation.model.AccessToken; -import java.io.UnsupportedEncodingException; import java.net.URLEncoder; +import java.nio.charset.StandardCharsets; import java.util.HashMap; import java.util.logging.Logger; @@ -100,17 +100,11 @@ public static AccessToken getAccessToken(String resource, String aadAuthenticati .append(tenantId) .append(OAUTH2_TOKEN_POSTFIX); - String urlEncodedClientSecret; - try { - urlEncodedClientSecret = URLEncoder.encode(clientSecret, "UTF-8"); - } catch (UnsupportedEncodingException e) { - throw new RuntimeException("Can't url encode clientSecret. ", e); - } StringBuilder requestBody = new StringBuilder(); requestBody.append(GRANT_TYPE_FRAGMENT) - .append(CLIENT_ID_FRAGMENT).append(clientId) - .append(CLIENT_SECRET_FRAGMENT).append(urlEncodedClientSecret) - .append(RESOURCE_FRAGMENT).append(resource); + .append(CLIENT_ID_FRAGMENT).append(URLEncoder.encode(clientId, StandardCharsets.UTF_8)) + .append(CLIENT_SECRET_FRAGMENT).append(URLEncoder.encode(clientSecret, StandardCharsets.UTF_8)) + .append(RESOURCE_FRAGMENT).append(URLEncoder.encode(resource, StandardCharsets.UTF_8)); String body = HttpUtil .post(oauth2Url.toString(), requestBody.toString(), "application/x-www-form-urlencoded"); From 92802ca966c8f179918714ebf4035e927cc51586 Mon Sep 17 00:00:00 2001 From: rujche Date: Thu, 20 Jun 2024 08:59:50 +0800 Subject: [PATCH 3/4] Fix pipeline failure by changing StandardCharsets.UTF_8 to "UTF-8". --- .../jca/implementation/utils/AccessTokenUtil.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java index 5cc0c94a24fe..e8da27b18f36 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java @@ -7,8 +7,8 @@ import com.azure.security.keyvault.jca.implementation.model.AccessToken; +import java.io.UnsupportedEncodingException; import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; import java.util.HashMap; import java.util.logging.Logger; @@ -101,10 +101,14 @@ public static AccessToken getAccessToken(String resource, String aadAuthenticati .append(OAUTH2_TOKEN_POSTFIX); StringBuilder requestBody = new StringBuilder(); - requestBody.append(GRANT_TYPE_FRAGMENT) - .append(CLIENT_ID_FRAGMENT).append(URLEncoder.encode(clientId, StandardCharsets.UTF_8)) - .append(CLIENT_SECRET_FRAGMENT).append(URLEncoder.encode(clientSecret, StandardCharsets.UTF_8)) - .append(RESOURCE_FRAGMENT).append(URLEncoder.encode(resource, StandardCharsets.UTF_8)); + try { + requestBody.append(GRANT_TYPE_FRAGMENT) + .append(CLIENT_ID_FRAGMENT).append(URLEncoder.encode(clientId, "UTF-8")) + .append(CLIENT_SECRET_FRAGMENT).append(URLEncoder.encode(clientSecret, "UTF-8")) + .append(RESOURCE_FRAGMENT).append(URLEncoder.encode(resource, "UTF-8")); + } catch (UnsupportedEncodingException e) { + LOGGER.warning("Failed to construct requestBody"); + } String body = HttpUtil .post(oauth2Url.toString(), requestBody.toString(), "application/x-www-form-urlencoded"); From 20a794500abb14837a315976e19843f726fe9985 Mon Sep 17 00:00:00 2001 From: rujche Date: Thu, 20 Jun 2024 13:40:09 +0800 Subject: [PATCH 4/4] Delete url encode of client-id and resource. --- .../keyvault/jca/implementation/utils/AccessTokenUtil.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java index e8da27b18f36..959f2c73b7bf 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/AccessTokenUtil.java @@ -103,9 +103,9 @@ public static AccessToken getAccessToken(String resource, String aadAuthenticati StringBuilder requestBody = new StringBuilder(); try { requestBody.append(GRANT_TYPE_FRAGMENT) - .append(CLIENT_ID_FRAGMENT).append(URLEncoder.encode(clientId, "UTF-8")) + .append(CLIENT_ID_FRAGMENT).append(clientId) .append(CLIENT_SECRET_FRAGMENT).append(URLEncoder.encode(clientSecret, "UTF-8")) - .append(RESOURCE_FRAGMENT).append(URLEncoder.encode(resource, "UTF-8")); + .append(RESOURCE_FRAGMENT).append(resource); } catch (UnsupportedEncodingException e) { LOGGER.warning("Failed to construct requestBody"); }