diff --git a/eng/code-quality-reports/src/main/resources/revapi/revapi.json b/eng/code-quality-reports/src/main/resources/revapi/revapi.json index 181727b332be..583225f04a30 100644 --- a/eng/code-quality-reports/src/main/resources/revapi/revapi.json +++ b/eng/code-quality-reports/src/main/resources/revapi/revapi.json @@ -57,6 +57,47 @@ "exampleUseChainInNewApi": ".*com\\.azure\\.core\\.util\\.serializer\\.JacksonAdapter.*", "justification": "We allow this in com.azure.core.util.serializer.JacksonAdapter." }, + { + "regex": true, + "code": "java\\.missing\\.(oldClass|newClass)", + "new": "missing\\-class javax\\.servlet\\.ServletContextEvent", + "exampleUseChainInNewApi": ".*com\\.azure\\.keyvault\\.jca\\.org\\.apache\\.commons\\.logging\\.impl.*", + "justification": "We allow this in com.azure.keyvault.jca.org.apache.commons.logging.impl.ServletContextCleaner" + }, + { + "regex": true, + "code": "java\\.missing\\.(oldClass|newClass)", + "new": "missing\\-class org\\.apache\\.avalon\\.framework\\.logger\\.Logger", + "exampleUseChainInNewApi": ".*com\\.azure\\.keyvault\\.jca\\.org\\.apache\\.commons\\.logging\\.impl\\.AvalonLogger.*", + "justification": "We allow this in com.azure.keyvault.jca.org.apache.commons.logging.impl.AvalonLogger" + }, + { + "regex": true, + "code": "java\\.missing\\.(oldClass|newClass)", + "new": "missing\\-class org\\.apache\\.log\\.Logger", + "exampleUseChainInNewApi": ".*com\\.azure\\.keyvault\\.jca\\.org\\.apache\\.commons\\.logging\\.impl\\.LogKitLogger.*", + "justification": "We allow this in com.azure.keyvault.jca.org.apache.commons.logging.impl.LogKitLogger" + }, + { + "regex": true, + "code": "java\\.missing\\.(oldClass|newClass)", + "new": "missing\\-class org\\.apache\\.log4j\\.Logger", + "exampleUseChainInNewApi": ".*com\\.azure\\.keyvault\\.jca\\.org\\.apache\\.commons\\.logging\\.impl\\.Log4JLogger.*", + "justification": "We allow this in com.azure.keyvault.jca.org.apache.commons.logging.impl.Log4JLogger" + }, + { + "regex": true, + "code": "java.class.nonPublicPartOfAPI", + "new": "class org.apache.http.impl.client.HttpRequestTaskCallable", + "justification": "We allow this in org.apache.http.impl.client.HttpRequestFutureTask" + }, + { + "regex": true, + "code": "java.class.nonPublicPartOfAPI", + "new": "(class|interface) org\\.apache\\.http\\.impl\\.conn\\.CPoolEntry", + "exampleUseChainInNewApi": ".*org\\.apache\\.http\\.HttpClientConnection.*", + "justification": "We allow this in org.apache.http.HttpClientConnection>" + }, { "regex": true, "code": "java.class.nonPublicPartOfAPI", diff --git a/eng/versioning/external_dependencies.txt b/eng/versioning/external_dependencies.txt index cc6660ac9799..9831718eec5e 100644 --- a/eng/versioning/external_dependencies.txt +++ b/eng/versioning/external_dependencies.txt @@ -72,7 +72,6 @@ org.apache.avro:avro-maven-plugin;1.10.1 org.apache.commons:commons-compress;1.20 org.apache.commons:commons-lang3;3.11 org.apache.httpcomponents:httpclient;4.5.13 -org.apache.httpcomponents.client5:httpclient5;5.0.3 org.apache.logging.log4j:log4j-api;2.13.3 org.apache.logging.log4j:log4j-core;2.13.3 org.apache.logging.log4j:log4j-slf4j-impl;2.13.3 diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 0b1f336c67d6..d47be3b1b4d5 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -67,7 +67,7 @@ Note if you want to use Azure Managed Identity, you should set the value of `azu ### Client side SSL If you are looking to integrate the JCA provider for client side socket connections, see the Apache HTTP client example below. - + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); @@ -86,23 +86,20 @@ SSLContext sslContext = SSLContexts .loadTrustMaterial(keyStore, new TrustSelfSignedStrategy()) .build(); -SSLConnectionSocketFactory factory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> true) - .build(); +SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( + sslContext, (hostname, session) -> true); -PoolingHttpClientConnectionManager manager = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(factory) - .build(); +PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager( + RegistryBuilder.create() + .register("https", sslConnectionSocketFactory) + .build()); String result = null; try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(manager).build()) { HttpGet httpGet = new HttpGet("https://localhost:8766"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); + ResponseHandler responseHandler = (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); String result1 = "Not success"; if (status == 204) { result1 = "Success"; diff --git a/sdk/keyvault/azure-security-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-keyvault-jca/pom.xml index 5d0f625618c3..3eed18576ef7 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/pom.xml +++ b/sdk/keyvault/azure-security-keyvault-jca/pom.xml @@ -57,10 +57,6 @@ org.apache.commons com.azure.keyvault.jca.org.apache.commons - - org.apache.hc - com.azure.keyvault.jca.org.apache.hc - mozilla com.azure.keyvault.jca.mozilla @@ -114,8 +110,8 @@ com.fasterxml.jackson.core:jackson-databind:[2.12.2] - org.apache.httpcomponents.client5:httpclient5:[5.0.3] org.conscrypt:conscrypt-openjdk-uber:[2.2.1] + org.apache.httpcomponents:httpclient:[4.5.13] org.slf4j:slf4j-nop:[1.7.30] @@ -127,10 +123,9 @@ - org.apache.httpcomponents.client5 - httpclient5 - 5.0.3 - true + org.apache.httpcomponents + httpclient + 4.5.13 diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 0164a1ae1ba6..b0f0a7d03161 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -8,12 +8,11 @@ import com.azure.security.keyvault.jca.model.CertificatePolicy; import com.azure.security.keyvault.jca.model.KeyProperties; import com.azure.security.keyvault.jca.model.SecretBundle; -import java.io.BufferedReader; +import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringReader; -import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import java.security.Key; import java.security.KeyFactory; @@ -154,8 +153,8 @@ private String getAccessToken() { } else { accessToken = authClient.getAccessToken(resource, managedIdentity); } - } catch (UnsupportedEncodingException uee) { - LOGGER.log(WARNING, "Unsupported encoding", uee); + } catch (Throwable throwable) { + LOGGER.log(WARNING, "Unsupported encoding or missing Httpclient", throwable); } LOGGER.exiting("KeyVaultClient", "getAccessToken", accessToken); return accessToken; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java index 872b0334ad9a..0eb34b82eda0 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java @@ -2,16 +2,16 @@ // Licensed under the MIT License. package com.azure.security.keyvault.jca; -import org.apache.hc.client5.http.classic.methods.HttpGet; -import org.apache.hc.client5.http.classic.methods.HttpPost; -import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; -import org.apache.hc.client5.http.impl.classic.HttpClients; -import org.apache.hc.core5.http.ClassicHttpResponse; -import org.apache.hc.core5.http.ContentType; -import org.apache.hc.core5.http.HttpEntity; -import org.apache.hc.core5.http.io.HttpClientResponseHandler; -import org.apache.hc.core5.http.io.entity.EntityUtils; -import org.apache.hc.core5.http.io.entity.HttpEntities; +import org.apache.http.HttpEntity; +import org.apache.http.HttpResponse; +import org.apache.http.client.ResponseHandler; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.entity.ContentType; +import org.apache.http.entity.StringEntity; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.util.EntityUtils; import java.io.IOException; import java.util.Map; @@ -39,16 +39,7 @@ public String get(String url, Map headers) { httpGet.addHeader(key, value); }); } - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); - String result1 = null; - if (status >= 200 && status < 300) { - HttpEntity entity = response.getEntity(); - result1 = entity != null ? EntityUtils.toString(entity) : null; - } - return result1; - }; - result = client.execute(httpGet, responseHandler); + result = client.execute(httpGet, createResponseHandler()); } catch (IOException ioe) { ioe.printStackTrace(); } @@ -60,20 +51,24 @@ public String post(String url, String body, String contentType) { String result = null; try (CloseableHttpClient client = HttpClients.createDefault()) { HttpPost httpPost = new HttpPost(url); - httpPost.setEntity(HttpEntities.create(body, ContentType.create(contentType))); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); - String result1 = null; - if (status >= 200 && status < 300) { - HttpEntity entity = response.getEntity(); - result1 = entity != null ? EntityUtils.toString(entity) : null; - } - return result1; - }; - result = client.execute(httpPost, responseHandler); + httpPost.setEntity( + new StringEntity(body, ContentType.create(contentType))); + result = client.execute(httpPost, createResponseHandler()); } catch (IOException ioe) { ioe.printStackTrace(); } return result; } + + private ResponseHandler createResponseHandler() { + return (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); + String result = null; + if (status >= 200 && status < 300) { + HttpEntity entity = response.getEntity(); + result = entity != null ? EntityUtils.toString(entity) : null; + } + return result; + }; + } } diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java index 8d4e5de63ad0..31758abe7a8d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java @@ -2,17 +2,17 @@ // Licensed under the MIT License. package com.azure.security.keyvault.jca; -import org.apache.hc.client5.http.classic.methods.HttpGet; -import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; -import org.apache.hc.client5.http.impl.classic.HttpClients; -import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; -import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; -import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; -import org.apache.hc.core5.http.ClassicHttpResponse; -import org.apache.hc.core5.http.io.HttpClientResponseHandler; -import org.apache.hc.core5.ssl.SSLContexts; +import org.apache.http.HttpResponse; +import org.apache.http.client.ResponseHandler; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.ssl.SSLContexts; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import javax.net.ssl.SSLContext; import java.io.IOException; @@ -42,23 +42,20 @@ public static void main(String[] args) throws Exception { .loadTrustMaterial(keyStore, new TrustSelfSignedStrategy()) .build(); - SSLConnectionSocketFactory factory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> true) - .build(); + SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( + sslContext, (hostname, session) -> true); - PoolingHttpClientConnectionManager manager = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(factory) - .build(); + PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager( + RegistryBuilder.create() + .register("https", sslConnectionSocketFactory) + .build()); String result = null; try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(manager).build()) { HttpGet httpGet = new HttpGet("https://localhost:8766"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); + ResponseHandler responseHandler = (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); String result1 = "Not success"; if (status == 204) { result1 = "Success"; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index 668e61eb8137..1b0fb270f273 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -3,17 +3,17 @@ package com.azure.security.keyvault.jca; -import org.apache.hc.client5.http.classic.methods.HttpGet; -import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; -import org.apache.hc.client5.http.impl.classic.HttpClients; -import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; -import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; -import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; -import org.apache.hc.core5.http.ClassicHttpResponse; -import org.apache.hc.core5.http.io.HttpClientResponseHandler; -import org.apache.hc.core5.ssl.SSLContexts; +import org.apache.http.HttpResponse; +import org.apache.http.client.ResponseHandler; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; +import org.apache.http.ssl.SSLContexts; import org.junit.jupiter.api.Test; import javax.net.ssl.KeyManagerFactory; @@ -104,26 +104,23 @@ public void testServerSocket() throws Exception { .loadTrustMaterial((final X509Certificate[] chain, final String authType) -> true) .build(); - SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> true) - .build(); + SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( + sslContext, (hostname, session) -> true); - PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(sslSocketFactory) - .build(); + PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager( + RegistryBuilder.create() + .register("https", sslConnectionSocketFactory) + .build()); /* * And now execute the test. */ String result = null; - try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { + try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(manager).build()) { HttpGet httpGet = new HttpGet("https://localhost:8765"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); + ResponseHandler responseHandler = (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); String result1 = null; if (status == 204) { result1 = "Success"; @@ -210,26 +207,23 @@ public void testServerSocketWithSelfSignedClientTrust() throws Exception { .loadTrustMaterial(ks, new TrustSelfSignedStrategy()) .build(); - SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> true) - .build(); + SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( + sslContext, (hostname, session) -> true); - PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(sslSocketFactory) - .build(); + PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager( + RegistryBuilder.create() + .register("https", sslConnectionSocketFactory) + .build()); /* * And now execute the test. */ String result = null; - try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { + try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(manager).build()) { HttpGet httpGet = new HttpGet("https://localhost:8766"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); + ResponseHandler responseHandler = (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); String result1 = null; if (status == 204) { result1 = "Success"; diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md index 51c7a8574afe..1a49237f9e26 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md @@ -22,9 +22,31 @@ azure: ``` ### How to run + +#### Run with TLS 1. Start azure-spring-boot-sample-keyvault-certificates-server-side's SampleApplication 1. Start azure-spring-boot-sample-keyvault-certificates-client-side's SampleApplication -1. Access http://localhost:8080/ +1. Access http://localhost:8080/tls + +Then you will get +```text +Response from "https://localhost:8443/": Hello World +``` + +#### Run with MTLS +1. In the sample `ApplicationConfiguration.class`, change the `self-signed` to your certificate alias. + + ```java + private static class ClientPrivateKeyStrategy implements PrivateKeyStrategy { + @Override + public String chooseAlias(Map map, Socket socket) { + return "self-signed"; // It should be your certificate alias used in client-side + } + } + ``` +1. Start azure-spring-boot-sample-keyvault-certificates-server-side's SampleApplication +1. Start azure-spring-boot-sample-keyvault-certificates-client-side's SampleApplication with [MTLS] configuration. +1. When the [MTLS] server starts, `tls endpoint`(http://localhost:8080/tls) will not be able to access the resource. Access http://localhost:8080/mtls Then you will get ```text @@ -42,3 +64,4 @@ Response from "https://localhost:8443/": Hello World [azure_spring_boot_starter_key_vault_certificates]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md [steps_to_store_certificate]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md#creating-an-azure-key-vault [azure-spring-boot-sample-keyvault-certificates-server-side]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side +[MTLS]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md#run-with-MTLS diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md index f359525a2533..d75ff01adbbd 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md @@ -24,9 +24,16 @@ azure: tenant-id: # The Tenant ID for your Azure Key Vault (needed if you are not using managed identity). client-id: # The Client ID that has been setup with access to your Azure Key Vault (needed if you are not using managed identity). client-secret: # The Client Secret that will be used for accessing your Azure Key Vault (needed if you are not using managed identity). +server: + port: 8443 + ssl: + key-alias: # The alias corresponding to the certificate in Azure Key Vault. + key-store-type: # The keystore type that enables the use of Azure Key Vault for your server-side SSL certificate. ``` ### How to run + +#### Run with TLS 1. Start SampleApplication 1. Access https://localhost:8443/ @@ -35,6 +42,33 @@ Then you will get Hello World ``` +#### Run with MTLS + +1. Add properties in application.yml: +```yaml +azure: + keyvault: + uri: # The URI to the Azure Key Vault used + tenant-id: # The Tenant ID for your Azure Key Vault (needed if you are not using managed identity). + client-id: # The Client ID that has been setup with access to your Azure Key Vault (needed if you are not using managed identity). + client-secret: # The Client Secret that will be used for accessing your Azure Key Vault (needed if you are not using managed identity). +server: + port: 8443 + ssl: + key-alias: # The alias corresponding to the certificate in Azure Key Vault. + key-store-type: # The keystore type that enables the use of Azure Key Vault for your server-side SSL certificate. + client-auth: # Used for MTLS + trust-store-type: # Used for MTLS +``` +1. Start SampleApplication +1. MTLS for mutual authentication. So your client needs have a trusted CA certificate.([azure-spring-boot-sample-keyvault-certificates-client-side]is a trusted client sample.) +1. Your client access https://localhost:8443/ + +Then the client or server will get +```text +Hello World +``` + ## Examples ## Troubleshooting ## Next steps diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/pom.xml b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/pom.xml index 91bff9c6cf6c..ae782f321b71 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/pom.xml +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/pom.xml @@ -45,6 +45,10 @@ --> + + org.apache.httpcomponents + httpclient + org.springframework.boot spring-boot-starter-web