From c40f0e0cf357fd1e63fdbde80983b1eb15219b7b Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Mon, 29 Mar 2021 13:42:21 +0800 Subject: [PATCH 01/11] Modify the dependency httpclient5 to httpclient4. --- .../azure-security-keyvault-jca/pom.xml | 14 ++--- .../keyvault/jca/LegacyRestClient.java | 57 +++++++++---------- 2 files changed, 32 insertions(+), 39 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-keyvault-jca/pom.xml index 8c51b3fd32b9..7c7f48e1991d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/pom.xml +++ b/sdk/keyvault/azure-security-keyvault-jca/pom.xml @@ -114,7 +114,6 @@ com.fasterxml.jackson.core:jackson-databind:[2.12.1] - org.apache.httpcomponents.client5:httpclient5:[5.0.3] org.conscrypt:conscrypt-openjdk-uber:[2.2.1] org.slf4j:slf4j-nop:[1.7.30] @@ -125,13 +124,6 @@ - - - org.apache.httpcomponents.client5 - httpclient5 - 5.0.3 - true - org.conscrypt @@ -171,6 +163,12 @@ slf4j-nop 1.7.30 + + + org.apache.httpcomponents + httpclient + 4.5 + diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java index 872b0334ad9a..ec9f46a5128a 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java @@ -2,16 +2,16 @@ // Licensed under the MIT License. package com.azure.security.keyvault.jca; -import org.apache.hc.client5.http.classic.methods.HttpGet; -import org.apache.hc.client5.http.classic.methods.HttpPost; -import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; -import org.apache.hc.client5.http.impl.classic.HttpClients; -import org.apache.hc.core5.http.ClassicHttpResponse; -import org.apache.hc.core5.http.ContentType; -import org.apache.hc.core5.http.HttpEntity; -import org.apache.hc.core5.http.io.HttpClientResponseHandler; -import org.apache.hc.core5.http.io.entity.EntityUtils; -import org.apache.hc.core5.http.io.entity.HttpEntities; +import org.apache.http.HttpEntity; +import org.apache.http.HttpResponse; +import org.apache.http.client.ResponseHandler; +import org.apache.http.client.entity.EntityBuilder; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.entity.ContentType; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.util.EntityUtils; import java.io.IOException; import java.util.Map; @@ -39,16 +39,7 @@ public String get(String url, Map headers) { httpGet.addHeader(key, value); }); } - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); - String result1 = null; - if (status >= 200 && status < 300) { - HttpEntity entity = response.getEntity(); - result1 = entity != null ? EntityUtils.toString(entity) : null; - } - return result1; - }; - result = client.execute(httpGet, responseHandler); + result = client.execute(httpGet, responseHandler()); } catch (IOException ioe) { ioe.printStackTrace(); } @@ -60,20 +51,24 @@ public String post(String url, String body, String contentType) { String result = null; try (CloseableHttpClient client = HttpClients.createDefault()) { HttpPost httpPost = new HttpPost(url); - httpPost.setEntity(HttpEntities.create(body, ContentType.create(contentType))); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); - String result1 = null; - if (status >= 200 && status < 300) { - HttpEntity entity = response.getEntity(); - result1 = entity != null ? EntityUtils.toString(entity) : null; - } - return result1; - }; - result = client.execute(httpPost, responseHandler); + httpPost.setEntity( + (HttpEntity) EntityBuilder.create().setContentType(ContentType.create(contentType)).setText(body)); + result = client.execute(httpPost, responseHandler()); } catch (IOException ioe) { ioe.printStackTrace(); } return result; } + + private ResponseHandler responseHandler() { + return (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); + String result1 = null; + if (status >= 200 && status < 300) { + HttpEntity entity = response.getEntity(); + result1 = entity != null ? EntityUtils.toString(entity) : null; + } + return result1; + }; + } } From 8d184b89d66c84bbb6e1d6f869b6577975334451 Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Mon, 29 Mar 2021 18:29:14 +0800 Subject: [PATCH 02/11] remove the dependency of sample and test. --- eng/versioning/external_dependencies.txt | 1 - .../keyvault/jca/LegacyRestClient.java | 4 +- .../keyvault/jca/ClientSSLSample.java | 41 ++++++------ .../keyvault/jca/ServerSocketTest.java | 64 +++++++++---------- 4 files changed, 50 insertions(+), 60 deletions(-) diff --git a/eng/versioning/external_dependencies.txt b/eng/versioning/external_dependencies.txt index 19018c953dd8..9f137fb0ef4c 100644 --- a/eng/versioning/external_dependencies.txt +++ b/eng/versioning/external_dependencies.txt @@ -72,7 +72,6 @@ org.apache.avro:avro-maven-plugin;1.10.1 org.apache.commons:commons-compress;1.20 org.apache.commons:commons-lang3;3.11 org.apache.httpcomponents:httpclient;4.5.13 -org.apache.httpcomponents.client5:httpclient5;5.0.3 org.apache.logging.log4j:log4j-api;2.13.3 org.apache.logging.log4j:log4j-core;2.13.3 org.apache.logging.log4j:log4j-slf4j-impl;2.13.3 diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java index ec9f46a5128a..aa8a133491e2 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java @@ -5,10 +5,10 @@ import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.ResponseHandler; -import org.apache.http.client.entity.EntityBuilder; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.ContentType; +import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; @@ -52,7 +52,7 @@ public String post(String url, String body, String contentType) { try (CloseableHttpClient client = HttpClients.createDefault()) { HttpPost httpPost = new HttpPost(url); httpPost.setEntity( - (HttpEntity) EntityBuilder.create().setContentType(ContentType.create(contentType)).setText(body)); + new StringEntity(body, ContentType.create(contentType))); result = client.execute(httpPost, responseHandler()); } catch (IOException ioe) { ioe.printStackTrace(); diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java index 8d4e5de63ad0..f8452fde4e6c 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java @@ -2,17 +2,17 @@ // Licensed under the MIT License. package com.azure.security.keyvault.jca; -import org.apache.hc.client5.http.classic.methods.HttpGet; -import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; -import org.apache.hc.client5.http.impl.classic.HttpClients; -import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; -import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; -import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; -import org.apache.hc.core5.http.ClassicHttpResponse; -import org.apache.hc.core5.http.io.HttpClientResponseHandler; -import org.apache.hc.core5.ssl.SSLContexts; +import org.apache.http.HttpResponse; +import org.apache.http.client.ResponseHandler; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.SSLContexts; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import javax.net.ssl.SSLContext; import java.io.IOException; @@ -42,23 +42,20 @@ public static void main(String[] args) throws Exception { .loadTrustMaterial(keyStore, new TrustSelfSignedStrategy()) .build(); - SSLConnectionSocketFactory factory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> true) - .build(); + SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( + sslContext, (hostname, session) -> true); - PoolingHttpClientConnectionManager manager = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(factory) - .build(); + PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager( + RegistryBuilder.create() + .register("https", sslConnectionSocketFactory) + .build()); String result = null; try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(manager).build()) { HttpGet httpGet = new HttpGet("https://localhost:8766"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); + ResponseHandler responseHandler = (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); String result1 = "Not success"; if (status == 204) { result1 = "Success"; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java index 668e61eb8137..1b0fb270f273 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/ServerSocketTest.java @@ -3,17 +3,17 @@ package com.azure.security.keyvault.jca; -import org.apache.hc.client5.http.classic.methods.HttpGet; -import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; -import org.apache.hc.client5.http.impl.classic.HttpClients; -import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; -import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; -import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; -import org.apache.hc.core5.http.ClassicHttpResponse; -import org.apache.hc.core5.http.io.HttpClientResponseHandler; -import org.apache.hc.core5.ssl.SSLContexts; +import org.apache.http.HttpResponse; +import org.apache.http.client.ResponseHandler; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; +import org.apache.http.ssl.SSLContexts; import org.junit.jupiter.api.Test; import javax.net.ssl.KeyManagerFactory; @@ -104,26 +104,23 @@ public void testServerSocket() throws Exception { .loadTrustMaterial((final X509Certificate[] chain, final String authType) -> true) .build(); - SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> true) - .build(); + SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( + sslContext, (hostname, session) -> true); - PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(sslSocketFactory) - .build(); + PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager( + RegistryBuilder.create() + .register("https", sslConnectionSocketFactory) + .build()); /* * And now execute the test. */ String result = null; - try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { + try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(manager).build()) { HttpGet httpGet = new HttpGet("https://localhost:8765"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); + ResponseHandler responseHandler = (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); String result1 = null; if (status == 204) { result1 = "Success"; @@ -210,26 +207,23 @@ public void testServerSocketWithSelfSignedClientTrust() throws Exception { .loadTrustMaterial(ks, new TrustSelfSignedStrategy()) .build(); - SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> true) - .build(); + SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( + sslContext, (hostname, session) -> true); - PoolingHttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(sslSocketFactory) - .build(); + PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager( + RegistryBuilder.create() + .register("https", sslConnectionSocketFactory) + .build()); /* * And now execute the test. */ String result = null; - try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build()) { + try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(manager).build()) { HttpGet httpGet = new HttpGet("https://localhost:8766"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); + ResponseHandler responseHandler = (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); String result1 = null; if (status == 204) { result1 = "Success"; From 608bc86d3bb85b8ed5f0ffede730aa08d0bb495f Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Tue, 30 Mar 2021 10:47:25 +0800 Subject: [PATCH 03/11] solve Conflict. --- sdk/keyvault/azure-security-keyvault-jca/pom.xml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-keyvault-jca/pom.xml index 5d0f625618c3..5d779976936d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/pom.xml +++ b/sdk/keyvault/azure-security-keyvault-jca/pom.xml @@ -57,10 +57,6 @@ org.apache.commons com.azure.keyvault.jca.org.apache.commons - - org.apache.hc - com.azure.keyvault.jca.org.apache.hc - mozilla com.azure.keyvault.jca.mozilla @@ -114,7 +110,6 @@ com.fasterxml.jackson.core:jackson-databind:[2.12.2] - org.apache.httpcomponents.client5:httpclient5:[5.0.3] org.conscrypt:conscrypt-openjdk-uber:[2.2.1] org.slf4j:slf4j-nop:[1.7.30] @@ -127,9 +122,9 @@ - org.apache.httpcomponents.client5 - httpclient5 - 5.0.3 + org.apache.httpcomponents + httpclient + 4.5.13 true From a3a5f4df3387c4e2a0eafacf9ed0129741bd61c2 Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Tue, 30 Mar 2021 16:48:33 +0800 Subject: [PATCH 04/11] fix the pipeline failure. --- sdk/keyvault/azure-security-keyvault-jca/pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk/keyvault/azure-security-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-keyvault-jca/pom.xml index 5d779976936d..3caababe36cf 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/pom.xml +++ b/sdk/keyvault/azure-security-keyvault-jca/pom.xml @@ -111,6 +111,7 @@ com.fasterxml.jackson.core:jackson-databind:[2.12.2] org.conscrypt:conscrypt-openjdk-uber:[2.2.1] + org.apache.httpcomponents:httpclient:[4.5.13] org.slf4j:slf4j-nop:[1.7.30] From bab3f70ea151753977bb699d4da89fc9756a1e6d Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Tue, 30 Mar 2021 16:59:57 +0800 Subject: [PATCH 05/11] fix the pipeline failure. --- sdk/keyvault/azure-security-keyvault-jca/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-keyvault-jca/pom.xml index 3caababe36cf..167e996deac5 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/pom.xml +++ b/sdk/keyvault/azure-security-keyvault-jca/pom.xml @@ -111,7 +111,7 @@ com.fasterxml.jackson.core:jackson-databind:[2.12.2] org.conscrypt:conscrypt-openjdk-uber:[2.2.1] - org.apache.httpcomponents:httpclient:[4.5.13] + org.apache.httpcomponents:httpclient:[4.5.13] org.slf4j:slf4j-nop:[1.7.30] From d438e03906e1ce7ea4bca9dd2ba9c1433657b3fd Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Wed, 31 Mar 2021 10:16:24 +0800 Subject: [PATCH 06/11] fix the pipeline failure. --- .../azure-security-keyvault-jca/README.md | 21 ++++++++----------- .../keyvault/jca/ClientSSLSample.java | 2 +- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md index 0b1f336c67d6..d47be3b1b4d5 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/README.md +++ b/sdk/keyvault/azure-security-keyvault-jca/README.md @@ -67,7 +67,7 @@ Note if you want to use Azure Managed Identity, you should set the value of `azu ### Client side SSL If you are looking to integrate the JCA provider for client side socket connections, see the Apache HTTP client example below. - + ```java KeyVaultJcaProvider provider = new KeyVaultJcaProvider(); Security.addProvider(provider); @@ -86,23 +86,20 @@ SSLContext sslContext = SSLContexts .loadTrustMaterial(keyStore, new TrustSelfSignedStrategy()) .build(); -SSLConnectionSocketFactory factory = SSLConnectionSocketFactoryBuilder - .create() - .setSslContext(sslContext) - .setHostnameVerifier((hostname, session) -> true) - .build(); +SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( + sslContext, (hostname, session) -> true); -PoolingHttpClientConnectionManager manager = PoolingHttpClientConnectionManagerBuilder - .create() - .setSSLSocketFactory(factory) - .build(); +PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager( + RegistryBuilder.create() + .register("https", sslConnectionSocketFactory) + .build()); String result = null; try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(manager).build()) { HttpGet httpGet = new HttpGet("https://localhost:8766"); - HttpClientResponseHandler responseHandler = (ClassicHttpResponse response) -> { - int status = response.getCode(); + ResponseHandler responseHandler = (HttpResponse response) -> { + int status = response.getStatusLine().getStatusCode(); String result1 = "Not success"; if (status == 204) { result1 = "Success"; diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java index f8452fde4e6c..31758abe7a8d 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/samples/java/com/azure/security/keyvault/jca/ClientSSLSample.java @@ -8,7 +8,7 @@ import org.apache.http.config.RegistryBuilder; import org.apache.http.conn.socket.ConnectionSocketFactory; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.conn.ssl.SSLContexts; +import org.apache.http.ssl.SSLContexts; import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; From 3665881b6dc466d9b3f96460c284c98c8481ec4d Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Wed, 31 Mar 2021 15:05:35 +0800 Subject: [PATCH 07/11] fix the pipeline failure. --- .../src/main/resources/revapi/revapi.json | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/eng/code-quality-reports/src/main/resources/revapi/revapi.json b/eng/code-quality-reports/src/main/resources/revapi/revapi.json index 181727b332be..583225f04a30 100644 --- a/eng/code-quality-reports/src/main/resources/revapi/revapi.json +++ b/eng/code-quality-reports/src/main/resources/revapi/revapi.json @@ -57,6 +57,47 @@ "exampleUseChainInNewApi": ".*com\\.azure\\.core\\.util\\.serializer\\.JacksonAdapter.*", "justification": "We allow this in com.azure.core.util.serializer.JacksonAdapter." }, + { + "regex": true, + "code": "java\\.missing\\.(oldClass|newClass)", + "new": "missing\\-class javax\\.servlet\\.ServletContextEvent", + "exampleUseChainInNewApi": ".*com\\.azure\\.keyvault\\.jca\\.org\\.apache\\.commons\\.logging\\.impl.*", + "justification": "We allow this in com.azure.keyvault.jca.org.apache.commons.logging.impl.ServletContextCleaner" + }, + { + "regex": true, + "code": "java\\.missing\\.(oldClass|newClass)", + "new": "missing\\-class org\\.apache\\.avalon\\.framework\\.logger\\.Logger", + "exampleUseChainInNewApi": ".*com\\.azure\\.keyvault\\.jca\\.org\\.apache\\.commons\\.logging\\.impl\\.AvalonLogger.*", + "justification": "We allow this in com.azure.keyvault.jca.org.apache.commons.logging.impl.AvalonLogger" + }, + { + "regex": true, + "code": "java\\.missing\\.(oldClass|newClass)", + "new": "missing\\-class org\\.apache\\.log\\.Logger", + "exampleUseChainInNewApi": ".*com\\.azure\\.keyvault\\.jca\\.org\\.apache\\.commons\\.logging\\.impl\\.LogKitLogger.*", + "justification": "We allow this in com.azure.keyvault.jca.org.apache.commons.logging.impl.LogKitLogger" + }, + { + "regex": true, + "code": "java\\.missing\\.(oldClass|newClass)", + "new": "missing\\-class org\\.apache\\.log4j\\.Logger", + "exampleUseChainInNewApi": ".*com\\.azure\\.keyvault\\.jca\\.org\\.apache\\.commons\\.logging\\.impl\\.Log4JLogger.*", + "justification": "We allow this in com.azure.keyvault.jca.org.apache.commons.logging.impl.Log4JLogger" + }, + { + "regex": true, + "code": "java.class.nonPublicPartOfAPI", + "new": "class org.apache.http.impl.client.HttpRequestTaskCallable", + "justification": "We allow this in org.apache.http.impl.client.HttpRequestFutureTask" + }, + { + "regex": true, + "code": "java.class.nonPublicPartOfAPI", + "new": "(class|interface) org\\.apache\\.http\\.impl\\.conn\\.CPoolEntry", + "exampleUseChainInNewApi": ".*org\\.apache\\.http\\.HttpClientConnection.*", + "justification": "We allow this in org.apache.http.HttpClientConnection>" + }, { "regex": true, "code": "java.class.nonPublicPartOfAPI", From f5e3d65cd4939afcb278ceab953803a03f207cf2 Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Thu, 1 Apr 2021 13:46:02 +0800 Subject: [PATCH 08/11] Modify method name. --- .../security/keyvault/jca/LegacyRestClient.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java index aa8a133491e2..0eb34b82eda0 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/LegacyRestClient.java @@ -39,7 +39,7 @@ public String get(String url, Map headers) { httpGet.addHeader(key, value); }); } - result = client.execute(httpGet, responseHandler()); + result = client.execute(httpGet, createResponseHandler()); } catch (IOException ioe) { ioe.printStackTrace(); } @@ -53,22 +53,22 @@ public String post(String url, String body, String contentType) { HttpPost httpPost = new HttpPost(url); httpPost.setEntity( new StringEntity(body, ContentType.create(contentType))); - result = client.execute(httpPost, responseHandler()); + result = client.execute(httpPost, createResponseHandler()); } catch (IOException ioe) { ioe.printStackTrace(); } return result; } - private ResponseHandler responseHandler() { + private ResponseHandler createResponseHandler() { return (HttpResponse response) -> { int status = response.getStatusLine().getStatusCode(); - String result1 = null; + String result = null; if (status >= 200 && status < 300) { HttpEntity entity = response.getEntity(); - result1 = entity != null ? EntityUtils.toString(entity) : null; + result = entity != null ? EntityUtils.toString(entity) : null; } - return result1; + return result; }; } } From c1ba7ac85a89a5805b670a8f92337d37171ee0af Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Fri, 2 Apr 2021 10:38:02 +0800 Subject: [PATCH 09/11] add httpclient dependency for Server-side sample. --- sdk/keyvault/azure-security-keyvault-jca/pom.xml | 2 +- .../com/azure/security/keyvault/jca/KeyVaultClient.java | 7 +++---- .../pom.xml | 4 ++++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-keyvault-jca/pom.xml index 167e996deac5..1d085c7b4e4b 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/pom.xml +++ b/sdk/keyvault/azure-security-keyvault-jca/pom.xml @@ -126,7 +126,7 @@ org.apache.httpcomponents httpclient 4.5.13 - true + compile diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java index 0164a1ae1ba6..b0f0a7d03161 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java +++ b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java @@ -8,12 +8,11 @@ import com.azure.security.keyvault.jca.model.CertificatePolicy; import com.azure.security.keyvault.jca.model.KeyProperties; import com.azure.security.keyvault.jca.model.SecretBundle; -import java.io.BufferedReader; +import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringReader; -import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import java.security.Key; import java.security.KeyFactory; @@ -154,8 +153,8 @@ private String getAccessToken() { } else { accessToken = authClient.getAccessToken(resource, managedIdentity); } - } catch (UnsupportedEncodingException uee) { - LOGGER.log(WARNING, "Unsupported encoding", uee); + } catch (Throwable throwable) { + LOGGER.log(WARNING, "Unsupported encoding or missing Httpclient", throwable); } LOGGER.exiting("KeyVaultClient", "getAccessToken", accessToken); return accessToken; diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/pom.xml b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/pom.xml index 91bff9c6cf6c..ae782f321b71 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/pom.xml +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/pom.xml @@ -45,6 +45,10 @@ --> + + org.apache.httpcomponents + httpclient + org.springframework.boot spring-boot-starter-web From b8d1bd763f0cd44757a1c423a3f1599faf0b35a6 Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Fri, 2 Apr 2021 16:48:38 +0800 Subject: [PATCH 10/11] Modify README.md for azure-spring-boot-sample-keyvault-certificates-client-side and azure-spring-boot-sample-keyvault-certificates-server-side. --- .../azure-security-keyvault-jca/pom.xml | 1 - .../README.md | 27 +++++++++++++-- .../README.md | 34 +++++++++++++++++++ 3 files changed, 59 insertions(+), 3 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-jca/pom.xml b/sdk/keyvault/azure-security-keyvault-jca/pom.xml index 1d085c7b4e4b..3eed18576ef7 100644 --- a/sdk/keyvault/azure-security-keyvault-jca/pom.xml +++ b/sdk/keyvault/azure-security-keyvault-jca/pom.xml @@ -126,7 +126,6 @@ org.apache.httpcomponents httpclient 4.5.13 - compile diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md index 51c7a8574afe..1a9c652aa251 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md @@ -22,9 +22,31 @@ azure: ``` ### How to run + +#### Run with TLS +1. Start azure-spring-boot-sample-keyvault-certificates-server-side's SampleApplication +1. Start azure-spring-boot-sample-keyvault-certificates-client-side's SampleApplication with [run-with-MTLS] configuration. +1. Access http://localhost:8080/tls + +Then you will get +```text +Response from "https://localhost:8443/": Hello World +``` + +#### Run with MTLS +1. In the sample `ApplicationConfiguration.class`, change the `self-signed` to your certificate alias. + + ```java + private static class ClientPrivateKeyStrategy implements PrivateKeyStrategy { + @Override + public String chooseAlias(Map map, Socket socket) { + return "self-signed"; // It should be your certificate alias used in client-side + } + } + ``` 1. Start azure-spring-boot-sample-keyvault-certificates-server-side's SampleApplication -1. Start azure-spring-boot-sample-keyvault-certificates-client-side's SampleApplication -1. Access http://localhost:8080/ +1. Start azure-spring-boot-sample-keyvault-certificates-client-side's SampleApplication +1. Access http://localhost:8080/mtls Then you will get ```text @@ -42,3 +64,4 @@ Response from "https://localhost:8443/": Hello World [azure_spring_boot_starter_key_vault_certificates]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md [steps_to_store_certificate]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md#creating-an-azure-key-vault [azure-spring-boot-sample-keyvault-certificates-server-side]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side +[run-with-MTLS]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md#run-with-MTLS diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md index f359525a2533..8e85daef37cc 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md @@ -24,9 +24,16 @@ azure: tenant-id: # The Tenant ID for your Azure Key Vault (needed if you are not using managed identity). client-id: # The Client ID that has been setup with access to your Azure Key Vault (needed if you are not using managed identity). client-secret: # The Client Secret that will be used for accessing your Azure Key Vault (needed if you are not using managed identity). +server: + port: 8443 + ssl: + key-alias: # The alias corresponding to the certificate in Azure Key Vault. + key-store-type: # The keystore type that enables the use of Azure Key Vault for your server-side SSL certificate. ``` ### How to run + +#### Run with TLS 1. Start SampleApplication 1. Access https://localhost:8443/ @@ -35,6 +42,33 @@ Then you will get Hello World ``` +#### Run with MTLS + +1. Add properties in application.yml: +```yaml +azure: + keyvault: + uri: # The URI to the Azure Key Vault used + tenant-id: # The Tenant ID for your Azure Key Vault (needed if you are not using managed identity). + client-id: # The Client ID that has been setup with access to your Azure Key Vault (needed if you are not using managed identity). + client-secret: # The Client Secret that will be used for accessing your Azure Key Vault (needed if you are not using managed identity). +server: + port: 8443 + ssl: + key-alias: # The alias corresponding to the certificate in Azure Key Vault. + key-store-type: # The keystore type that enables the use of Azure Key Vault for your server-side SSL certificate. + client-auth: # Used for MTLS + trust-store-type: # Used for MTLS +``` +1. Start SampleApplication +1. MTLS for mutual authentication. So you need a server or client have trusted CA certificate.([azure-spring-boot-sample-keyvault-certificates-client-side]is a trusted client sample.) +1. Your client or Server access https://localhost:8443/. + +Then the client or server will get +```text +Hello World +``` + ## Examples ## Troubleshooting ## Next steps From db60d51592f0719f90d10a34a53727150de758b3 Mon Sep 17 00:00:00 2001 From: v-gaoh Date: Wed, 7 Apr 2021 15:46:13 +0800 Subject: [PATCH 11/11] improve README.md for keyvault sample. --- .../README.md | 8 ++++---- .../README.md | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md index 1a9c652aa251..1a49237f9e26 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md @@ -25,7 +25,7 @@ azure: #### Run with TLS 1. Start azure-spring-boot-sample-keyvault-certificates-server-side's SampleApplication -1. Start azure-spring-boot-sample-keyvault-certificates-client-side's SampleApplication with [run-with-MTLS] configuration. +1. Start azure-spring-boot-sample-keyvault-certificates-client-side's SampleApplication 1. Access http://localhost:8080/tls Then you will get @@ -45,8 +45,8 @@ Response from "https://localhost:8443/": Hello World } ``` 1. Start azure-spring-boot-sample-keyvault-certificates-server-side's SampleApplication -1. Start azure-spring-boot-sample-keyvault-certificates-client-side's SampleApplication -1. Access http://localhost:8080/mtls +1. Start azure-spring-boot-sample-keyvault-certificates-client-side's SampleApplication with [MTLS] configuration. +1. When the [MTLS] server starts, `tls endpoint`(http://localhost:8080/tls) will not be able to access the resource. Access http://localhost:8080/mtls Then you will get ```text @@ -64,4 +64,4 @@ Response from "https://localhost:8443/": Hello World [azure_spring_boot_starter_key_vault_certificates]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md [steps_to_store_certificate]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md#creating-an-azure-key-vault [azure-spring-boot-sample-keyvault-certificates-server-side]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side -[run-with-MTLS]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md#run-with-MTLS +[MTLS]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-client-side/README.md#run-with-MTLS diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md index 8e85daef37cc..d75ff01adbbd 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-certificates-server-side/README.md @@ -61,8 +61,8 @@ server: trust-store-type: # Used for MTLS ``` 1. Start SampleApplication -1. MTLS for mutual authentication. So you need a server or client have trusted CA certificate.([azure-spring-boot-sample-keyvault-certificates-client-side]is a trusted client sample.) -1. Your client or Server access https://localhost:8443/. +1. MTLS for mutual authentication. So your client needs have a trusted CA certificate.([azure-spring-boot-sample-keyvault-certificates-client-side]is a trusted client sample.) +1. Your client access https://localhost:8443/ Then the client or server will get ```text