Azure · zhichengliu12581 · Apr 15, 2021 · Apr 16, 2021 · Apr 19, 2021 · Apr 19, 2021
diff --git a/sdk/keyvault/azure-security-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-keyvault-jca/pom.xml
@@ -185,6 +185,12 @@
             <artifactId>slf4j-nop</artifactId>
             <version>1.7.30</version> <!-- {x-version-update;org.slf4j:slf4j-nop;external_dependency} -->
         </dependency>
+        <dependency>
+          <groupId>org.mockito</groupId>
+          <artifactId>mockito-core</artifactId>
+          <version>3.6.28</version> <!-- {x-version-update;org.mockito:mockito-core;external_dependency} -->
+          <scope>test</scope>
+        </dependency>
     </dependencies>
     <profiles>
         <profile>

diff --git a/...ecurity-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AzureCertificates.java b/...ecurity-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/AzureCertificates.java
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.jca;
+
+import java.security.Key;
+import java.security.cert.Certificate;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Store Azure Certificates
+ */
+public interface AzureCertificates {
+
+    /**
+     * Get certificate aliases.
+     * @return certificate aliases
+     */
+    List<String> getAliases();
+
+    /**
+     * Get certificates.
+     * @return certificates
+     */
+    Map<String, Certificate> getCertificates();
+
+    /**
+     * Get certificate keys.
+     * @return certificate keys
+     */
+    Map<String, Key> getCertificateKeys();
+
+    /**
+     * Delete certificate info by alias if exits
+     * @param alias certificate alias
+     */
+    void deleteEntry(String alias);
+}
diff --git a/...ity-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/ClasspathCertificates.java b/...ity-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/ClasspathCertificates.java
@@ -0,0 +1,99 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.jca;
+
+import java.security.Key;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Store certificates loaded from classpath.
+ */
+public class ClasspathCertificates implements AzureCertificates {
+
+    /**
+     * Store certificates' alias.
+     */
+    private final List<String> aliases = new ArrayList<>();
+
+    /**
+     * Stores the certificates by alias.
+     */
+    private final Map<String, Certificate> certificates = new HashMap<>();
+
+    /**
+     * Stores the certificate keys by alias.
+     */
+    private final Map<String, Key> certificateKeys = new HashMap<>();
+
+    /**
+     * Get certificate aliases.
+     * @return certificate aliases
+     */
+    @Override
+    public List<String> getAliases() {
+        return aliases;
+    }
+
+    /**
+     * Get certificates.
+     * @return certificates
+     */
+    @Override
+    public Map<String, Certificate> getCertificates() {
+        return certificates;
+    }
+
+    /**
+     * Get certificate keys.
+     * @return certificate keys
+     */
+    @Override
+    public Map<String, Key> getCertificateKeys() {
+        return certificateKeys;
+    }
+
+    /**
+     * Remove alias if exist.
+     * @param alias certificate alias
+     */
+    public void removeAlias(String alias) {
+        aliases.remove(alias);
+    }
+
+    /**
+     * Remove certificate if exist.
+     * @param alias certificate alias
+     */
+    public void removeCertificate(String alias) {
+        certificates.remove(alias);
+    }
+
+    /**
+     * Add certificate.
+     * @param alias certificate alias
+     * @param certificate certificate
+     */
+    public void setCertificateEntry(String alias, Certificate certificate) {
+        if (!aliases.contains(alias)) {
+            aliases.add(alias);
+            certificates.put(alias, certificate);
+        }
+    }
+
+    /**
+     * Delete certificate info by alias if exits
+     * @param alias certificate alias
+     */
+    @Override
+    public void deleteEntry(String alias) {
+        aliases.remove(alias);
+        certificates.remove(alias);
+        certificateKeys.remove(alias);
+    }
+
+}
diff --git a/...rity-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificates.java b/...rity-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificates.java
@@ -0,0 +1,161 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.jca;
+
+import java.security.Key;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Date;
+import java.util.Collections;
+import java.util.Objects;
+
+/**
+ * Store certificates loaded from KeyVault.
+ */
+public class KeyVaultCertificates implements AzureCertificates {
+
+    /**
+     * Stores the list of aliases.
+     */
+    private List<String> aliases = new ArrayList<>();
+
+    /**
+     * Stores the certificates by alias.
+     */
+    private final Map<String, Certificate> certificates = new HashMap<>();
+
+    /**
+     * Stores the certificate keys by alias.
+     */
+    private final Map<String, Key> certificateKeys = new HashMap<>();
+
+    /**
+     * Stores the last time refresh certificates and alias
+     */
+    private Date lastRefreshTime;
+
+    /**
+     * Stores the last force refresh time.
+     */
+    private static volatile Date lastForceRefreshTime = new Date();
+
+    private KeyVaultClient keyVaultClient;
+
+    private final long refreshInterval;
+
+    void setKeyVaultClient(KeyVaultClient keyVaultClient) {
+        this.keyVaultClient = keyVaultClient;
+    }
+
+    KeyVaultCertificates(long refreshInterval, KeyVaultClient keyVaultClient) {
+        this.refreshInterval = refreshInterval;
+        this.keyVaultClient = keyVaultClient;
+    }
+
+    boolean certificatesNeedRefresh() {
+        if (lastRefreshTime == null || lastForceRefreshTime.after(lastRefreshTime)) {
+            return true;
+        }
+        if (refreshInterval > 0) {
+            return lastRefreshTime.getTime() + refreshInterval < new Date().getTime();
+        }
+        return false;
+    }
+
+    /**
+     * Get certificate aliases.
+     * @return certificate aliases
+     */
+    @Override
+    public List<String> getAliases() {
+        refreshCertificatesIfNeeded();
+        return aliases;
+    }
+
+    /**
+     * Get certificates.
+     * @return certificates
+     */
+    @Override
+    public Map<String, Certificate> getCertificates() {
+        refreshCertificatesIfNeeded();
+        return certificates;
+    }
+
+    /**
+     * Get certificates.
+     * @return certificate keys
+     */
+    @Override
+    public Map<String, Key> getCertificateKeys() {
+        refreshCertificatesIfNeeded();
+        return certificateKeys;
+    }
+
+    private void refreshCertificatesIfNeeded() {
+        if (certificatesNeedRefresh()) {
+            refreshCertificates();
+        }
+    }
+
+    private void refreshCertificates() {
+        aliases = keyVaultClient.getAliases();
+        certificateKeys.clear();
+        certificates.clear();
+        Optional.ofNullable(aliases)
+            .orElse(Collections.emptyList())
+            .forEach(alias -> {
+                Key key = keyVaultClient.getKey(alias, null);
+                if (!Objects.isNull(key)) {
+                    certificateKeys.put(alias, key);
+                }
+                Certificate certificate = keyVaultClient.getCertificate(alias);
+                if (!Objects.isNull(certificate)) {
+                    certificates.put(alias, certificate);
+                }
+            });
+        lastRefreshTime = new Date();
+    }
+
+    /**
+     * Get latest alias by certificate which in portal
+     * @param certificate certificate got
+     * @return certificate' alias if exist.
+     */
+    String refreshAndGetAliasByCertificate(Certificate certificate) {
+        updateLastForceRefreshTime();
+        return getCertificates().entrySet()
+                                .stream()
+                                .filter(entry -> certificate.equals(entry.getValue()))
+                                .findFirst()
+                                .map(Map.Entry::getKey)
+                                .orElse(null);
+
+    }
+
+    /**
+     * Delete certificate info by alias if exits
+     * @param alias deleted certificate
+     */
+    @Override
+    public void deleteEntry(String alias) {
+        if (aliases != null) {
+            aliases.remove(alias);
+        }
+        certificates.remove(alias);
+        certificateKeys.remove(alias);
+    }
+
+    /**
+     * Overall refresh certificates' info
+     */
+    public static void updateLastForceRefreshTime() {
+        lastForceRefreshTime = new Date();
+    }
+
+}