diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java index 22ef46483dd19..b1b7b6bb41ec9 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java @@ -25,9 +25,11 @@ import java.util.Enumeration; import java.util.HashMap; import java.util.List; +import java.util.Objects; import java.util.Map; import java.util.Optional; import java.util.logging.Logger; +import java.util.stream.Stream; import static java.util.logging.Level.FINE; import static java.util.logging.Level.WARNING; @@ -122,10 +124,7 @@ public KeyVaultKeyStore() { String clientId = System.getProperty("azure.keyvault.client-id"); String clientSecret = System.getProperty("azure.keyvault.client-secret"); String managedIdentity = System.getProperty("azure.keyvault.managed-identity"); - long refreshInterval = Optional.of("azure.keyvault.jca.certificates-refresh-interval") - .map(System::getProperty) - .map(Long::valueOf) - .orElse(0L); + long refreshInterval = getRefreshInterval(); refreshCertificatesWhenHaveUnTrustCertificate = Optional.of("azure.keyvault.jca.refresh-certificates-when-have-un-trust-certificate") .map(System::getProperty) @@ -141,6 +140,15 @@ public KeyVaultKeyStore() { jreCertificates, wellKnowCertificates, customCertificates, keyVaultCertificates, classpathCertificates); } + Long getRefreshInterval() { + return Stream.of("azure.keyvault.jca.certificates-refresh-interval-in-ms", "azure.keyvault.jca.certificates-refresh-interval") + .map(System::getProperty) + .filter(Objects::nonNull) + .map(Long::valueOf) + .findFirst() + .orElse(0L); + } + /** * get key vault key store by system property * diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java index 405862b7f9a1e..58b716edc4b0e 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java @@ -84,7 +84,7 @@ private X509Certificate getTestCertificate() { @Test public void testCertificatesRefreshInterval() throws Exception { - System.setProperty("azure.keyvault.jca.certificates-refresh-interval", "1000"); + System.setProperty("azure.keyvault.jca.certificates-refresh-interval-in-ms", "1000"); KeyStore keyStore = PropertyConvertorUtils.getKeyVaultKeyStore(); assertNotNull(keyStore.getCertificate(certificateName)); keyStore.deleteEntry(certificateName); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java index dbdb9a62d1d1f..ab52bd4b49f58 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java @@ -7,21 +7,16 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.condition.EnabledIfEnvironmentVariable; -import java.io.ByteArrayInputStream; import java.security.KeyStore; -import java.security.ProviderException; import java.security.Security; import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.Base64; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assertions.assertTrue; + /** * The JUnit tests for the KeyVaultKeyStore class. @@ -29,35 +24,10 @@ @EnabledIfEnvironmentVariable(named = "AZURE_KEYVAULT_CERTIFICATE_NAME", matches = "myalias") public class KeyVaultKeyStoreTest { - - /** - * Stores the CER test certificate (which is valid til 2120). - */ - private static final String TEST_CERTIFICATE - = "MIIDeDCCAmCgAwIBAgIQGghBu97rQJKNnUHPWU7xjDANBgkqhkiG9w0BAQsFADAk" - + "MSIwIAYDVQQDExlodW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMCAXDTIwMDkwMjE3" - + "NDUyNFoYDzIxMjAwOTAyMTc1NTI0WjAkMSIwIAYDVQQDExlodW5kcmVkLXllYXJz" - + "LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU14" - + "btkN5wmcO2WKXqm1NUKXzi79EtqiFFkrLgPAwj5NNwMw2Akm3GpdEpwkJ8/q3l7d" - + "frDEVOO9gwZbz7xppyqutjxjllw8CCgjFdfK02btz56CGgh3X25ZZtzPbuMZJM0j" - + "o4mVEdaFNJ0eUeMppS0DcbbuTWCF7Jf1gvr8GVqx+E0IJUFkE+D4kdTbnJSaeK0A" - + "KEt94z88MPX18h8ud14uRVmUCYVZrZeswdE2tO1BpazrXELHuXCtrjGxsDDjDzeP" - + "98aFI9kblkqoJS4TsmloLEjwZLm80cyJDEmpXXMtR7C0FFXFI1BAtIa4mxSgBLsT" - + "L4GVPEGNANR8COYkHQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRME" - + "AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAkBgNVHREEHTAbghlo" - + "dW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOGTt4H3ho30O4e+" - + "hebwJjm2VMvIMB0GA1UdDgQWBBThk7eB94aN9DuHvoXm8CY5tlTLyDANBgkqhkiG" - + "9w0BAQsFAAOCAQEAGp8mCioVCmM+kZv6r+K2j2uog1k4HBwN1NfRoSsibDB8+QXF" - + "bmNf3M0imiuR/KJgODyuROwaa/AalxNFMOP8XTL2YmP7XsddBs9ONHHQXKjY/Ojl" - + "PsIPR7vZjwYPfEB+XEKl2fOIxDQQ921POBV7M6DdTC49T5X+FsLR1AIIfinVetT9" - + "QmNuvzulBX0T0rea/qpcPK4HTj7ToyImOaf8sXRv2s2ODLUrKWu5hhTNH2l6RIkQ" - + "U/aIAdQRfDaSE9jhtcVu5d5kCgBs7nz5AzeCisDPo5zIt4Mxej3iVaAJ79oEbHOE" - + "p192KLXLV/pscA4Wgb+PJ8AAEa5B6xq8p9JO+Q=="; + private static String certificateName; private static KeyVaultKeyStore keystore; - private static String certificateName; - @BeforeAll public static void setEnvironmentProperty() { PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca(); @@ -76,44 +46,12 @@ public void testEngineGetCertificate() { assertNotNull(keystore.engineGetCertificate(certificateName)); } - @Test - public void testEngineGetCertificateAlias() { - X509Certificate certificate; - - try { - byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateBytes)); - } catch (CertificateException e) { - throw new ProviderException(e); - } - keystore.engineSetCertificateEntry("setcert", certificate); - assertNotNull(keystore.engineGetCertificateAlias(certificate)); - } @Test public void testEngineGetCertificateChain() { assertNotNull(keystore.engineGetCertificateChain(certificateName)); } - @Test - public void testEngineSetCertificateEntry() { - - X509Certificate certificate; - - try { - byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE); - CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); - certificate = - (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateBytes)); - } catch (CertificateException e) { - throw new ProviderException(e); - } - - keystore.engineSetCertificateEntry("setcert", certificate); - assertNotNull(keystore.engineGetCertificate("setcert")); - } - @Test public void testEngineGetKey() { assertNotNull(keystore.engineGetKey(certificateName, null)); @@ -152,12 +90,6 @@ public void testEngineSize() { assertTrue(keystore.engineSize() >= 0); } - @Test - public void testEngineStore() { - KeyVaultKeyStore keystore = new KeyVaultKeyStore(); - keystore.engineStore(null, null); - } - @Test public void testRefreshEngineGetCertificate() throws Exception { System.setProperty("azure.keyvault.jca.refresh-certificates-when-have-un-trust-certificate", "true"); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreUnitTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreUnitTest.java new file mode 100644 index 0000000000000..7ed7d256d6fd4 --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreUnitTest.java @@ -0,0 +1,95 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.security.keyvault.jca; + +import org.junit.jupiter.api.Test; + +import java.io.ByteArrayInputStream; +import java.security.ProviderException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Base64; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; + +public class KeyVaultKeyStoreUnitTest { + + /** + * Stores the CER test certificate (which is valid til 2120). + */ + private static final String TEST_CERTIFICATE + = "MIIDeDCCAmCgAwIBAgIQGghBu97rQJKNnUHPWU7xjDANBgkqhkiG9w0BAQsFADAk" + + "MSIwIAYDVQQDExlodW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMCAXDTIwMDkwMjE3" + + "NDUyNFoYDzIxMjAwOTAyMTc1NTI0WjAkMSIwIAYDVQQDExlodW5kcmVkLXllYXJz" + + "LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU14" + + "btkN5wmcO2WKXqm1NUKXzi79EtqiFFkrLgPAwj5NNwMw2Akm3GpdEpwkJ8/q3l7d" + + "frDEVOO9gwZbz7xppyqutjxjllw8CCgjFdfK02btz56CGgh3X25ZZtzPbuMZJM0j" + + "o4mVEdaFNJ0eUeMppS0DcbbuTWCF7Jf1gvr8GVqx+E0IJUFkE+D4kdTbnJSaeK0A" + + "KEt94z88MPX18h8ud14uRVmUCYVZrZeswdE2tO1BpazrXELHuXCtrjGxsDDjDzeP" + + "98aFI9kblkqoJS4TsmloLEjwZLm80cyJDEmpXXMtR7C0FFXFI1BAtIa4mxSgBLsT" + + "L4GVPEGNANR8COYkHQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRME" + + "AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAkBgNVHREEHTAbghlo" + + "dW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOGTt4H3ho30O4e+" + + "hebwJjm2VMvIMB0GA1UdDgQWBBThk7eB94aN9DuHvoXm8CY5tlTLyDANBgkqhkiG" + + "9w0BAQsFAAOCAQEAGp8mCioVCmM+kZv6r+K2j2uog1k4HBwN1NfRoSsibDB8+QXF" + + "bmNf3M0imiuR/KJgODyuROwaa/AalxNFMOP8XTL2YmP7XsddBs9ONHHQXKjY/Ojl" + + "PsIPR7vZjwYPfEB+XEKl2fOIxDQQ921POBV7M6DdTC49T5X+FsLR1AIIfinVetT9" + + "QmNuvzulBX0T0rea/qpcPK4HTj7ToyImOaf8sXRv2s2ODLUrKWu5hhTNH2l6RIkQ" + + "U/aIAdQRfDaSE9jhtcVu5d5kCgBs7nz5AzeCisDPo5zIt4Mxej3iVaAJ79oEbHOE" + + "p192KLXLV/pscA4Wgb+PJ8AAEa5B6xq8p9JO+Q=="; + + @Test + public void testEngineStore() { + KeyVaultKeyStore keystore = new KeyVaultKeyStore(); + keystore.engineStore(null, null); + } + + @Test + public void testGetRefreshInterval() { + System.clearProperty("azure.keyvault.jca.certificates-refresh-interval"); + System.clearProperty("azure.keyvault.jca.certificates-refresh-interval-in-ms"); + KeyVaultKeyStore keystore = new KeyVaultKeyStore(); + assertEquals(keystore.getRefreshInterval(), 0); + System.setProperty("azure.keyvault.jca.certificates-refresh-interval", "2000"); + keystore = new KeyVaultKeyStore(); + assertEquals(keystore.getRefreshInterval(), 2000); + System.setProperty("azure.keyvault.jca.certificates-refresh-interval-in-ms", "1000"); + assertEquals(keystore.getRefreshInterval(), 1000); + } + + @Test + public void testEngineGetCertificateAlias() { + KeyVaultKeyStore keystore = new KeyVaultKeyStore(); + X509Certificate certificate; + try { + byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateBytes)); + } catch (CertificateException e) { + throw new ProviderException(e); + } + keystore.engineSetCertificateEntry("setcert", certificate); + assertNotNull(keystore.engineGetCertificateAlias(certificate)); + } + + @Test + public void testEngineSetCertificateEntry() { + KeyVaultKeyStore keystore = new KeyVaultKeyStore(); + X509Certificate certificate; + try { + byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE); + CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + certificate = + (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateBytes)); + } catch (CertificateException e) { + throw new ProviderException(e); + } + + keystore.engineSetCertificateEntry("setcert", certificate); + assertNotNull(keystore.engineGetCertificate("setcert")); + } + +} diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md index b6868f85ca826..a312beb8dd3e6 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md @@ -5,6 +5,7 @@ ### Features Added ### Breaking Changes +Rename `azure.keyvault.jca.certificates-refresh-interval` to `azure.keyvault.jca.certificates-refresh-interval-in-ms`. ### Bugs Fixed diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md index 89f6d71eb5364..bdc23ec2a8d65 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md @@ -316,7 +316,7 @@ KeyVaultKeyStore can fetch certificates from KeyVault periodically if the follow azure: keyvault: jca: - certificates-refresh-interval: 1800000 + certificates-refresh-interval-in-ms: 1800000 ``` Its value is 0(ms) by default, and certificate will not automatically refresh when its value <= 0. diff --git a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java index 9a88aa450f66e..a9e084112a1bb 100644 --- a/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java +++ b/sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java @@ -33,6 +33,7 @@ public void postProcessEnvironment(ConfigurableEnvironment environment, SpringAp putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.client-secret"); putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.managed-identity"); putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.jca.certificates-refresh-interval"); + putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.jca.certificates-refresh-interval-in-ms"); putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.jca.refresh-certificates-when-have-un-trust-certificate"); putEnvironmentPropertyToSystemProperty(environment, "azure.cert-path.well-known"); putEnvironmentPropertyToSystemProperty(environment, "azure.cert-path.custom");