Skip to content

Commit

Permalink
update (#2468)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lilgreenbird
lilgreenbird committed Jul 3, 2024
1 parent 3db47e5 commit 285f4f6
Showing 1 changed file with 48 additions and 6 deletions.
54 changes: 48 additions & 6 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerMSAL4JUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Level;
Expand Down Expand Up @@ -89,11 +90,21 @@ static SqlAuthenticationToken getSqlFedAuthToken(SqlFedAuthInfo fedAuthInfo, Str

try {
String hashedSecret = getHashedSecret(new String[] {fedAuthInfo.stsurl, user, password});
PersistentTokenCacheAccessAspect persistentTokenCacheAccessAspect = TOKEN_CACHE_MAP.getEntry(hashedSecret);
PersistentTokenCacheAccessAspect persistentTokenCacheAccessAspect = TOKEN_CACHE_MAP.getEntry(user,
hashedSecret);

// check if account password was changed
if (null == persistentTokenCacheAccessAspect) {
persistentTokenCacheAccessAspect = new PersistentTokenCacheAccessAspect();
TOKEN_CACHE_MAP.addEntry(hashedSecret, persistentTokenCacheAccessAspect);

if (logger.isLoggable(Level.FINEST)) {
logger.finest(LOGCONTEXT + ": cache token for user: " + user);
}
} else {
if (logger.isLoggable(Level.FINEST)) {
logger.finest(LOGCONTEXT + ": retrieved cached token for user: " + user);
}
}

final PublicClientApplication pca = PublicClientApplication
Expand Down Expand Up @@ -145,11 +156,21 @@ static SqlAuthenticationToken getSqlFedAuthTokenPrincipal(SqlFedAuthInfo fedAuth
try {
String hashedSecret = getHashedSecret(
new String[] {fedAuthInfo.stsurl, aadPrincipalID, aadPrincipalSecret});
PersistentTokenCacheAccessAspect persistentTokenCacheAccessAspect = TOKEN_CACHE_MAP.getEntry(hashedSecret);
PersistentTokenCacheAccessAspect persistentTokenCacheAccessAspect = TOKEN_CACHE_MAP.getEntry(aadPrincipalID,
hashedSecret);

// check if principal secret was changed
if (null == persistentTokenCacheAccessAspect) {
persistentTokenCacheAccessAspect = new PersistentTokenCacheAccessAspect();
TOKEN_CACHE_MAP.addEntry(hashedSecret, persistentTokenCacheAccessAspect);

if (logger.isLoggable(Level.FINEST)) {
logger.finest(LOGCONTEXT + ": cache token for principal id: " + aadPrincipalID);
}
} else {
if (logger.isLoggable(Level.FINEST)) {
logger.finest(LOGCONTEXT + ": retrieved cached token for principal id: " + aadPrincipalID);
}
}

IClientCredential credential = ClientCredentialFactory.createFromSecret(aadPrincipalSecret);
Expand Down Expand Up @@ -202,11 +223,21 @@ static SqlAuthenticationToken getSqlFedAuthTokenPrincipalCertificate(SqlFedAuthI
try {
String hashedSecret = getHashedSecret(new String[] {fedAuthInfo.stsurl, aadPrincipalID, certFile,
certPassword, certKey, certKeyPassword});
PersistentTokenCacheAccessAspect persistentTokenCacheAccessAspect = TOKEN_CACHE_MAP.getEntry(hashedSecret);
PersistentTokenCacheAccessAspect persistentTokenCacheAccessAspect = TOKEN_CACHE_MAP.getEntry(aadPrincipalID,
hashedSecret);

// check if cert was changed
if (null == persistentTokenCacheAccessAspect) {
persistentTokenCacheAccessAspect = new PersistentTokenCacheAccessAspect();
TOKEN_CACHE_MAP.addEntry(hashedSecret, persistentTokenCacheAccessAspect);

if (logger.isLoggable(Level.FINEST)) {
logger.finest(LOGCONTEXT + ": cache token for principal id: " + aadPrincipalID);
}
} else {
if (logger.isLoggable(Level.FINEST)) {
logger.finest(LOGCONTEXT + ": retrieved cached token for principal id: " + aadPrincipalID);
}
}

ConfidentialClientApplication clientApplication = null;
Expand Down Expand Up @@ -493,18 +524,25 @@ private static String getHashedSecret(String[] secrets) throws SQLServerExceptio
private static class TokenCacheMap {
private ConcurrentHashMap<String, PersistentTokenCacheAccessAspect> tokenCacheMap = new ConcurrentHashMap<>();

PersistentTokenCacheAccessAspect getEntry(String key) {
PersistentTokenCacheAccessAspect getEntry(String value, String key) {
PersistentTokenCacheAccessAspect persistentTokenCacheAccessAspect = tokenCacheMap.get(key);

if (null != persistentTokenCacheAccessAspect) {
if (System.currentTimeMillis() > persistentTokenCacheAccessAspect.getExpiryTime()) {
long currentTime = System.currentTimeMillis();

if (currentTime > persistentTokenCacheAccessAspect.getExpiryTime()) {
tokenCacheMap.remove(key);

persistentTokenCacheAccessAspect = new PersistentTokenCacheAccessAspect();
persistentTokenCacheAccessAspect
.setExpiryTime(System.currentTimeMillis() + PersistentTokenCacheAccessAspect.TIME_TO_LIVE);
.setExpiryTime(currentTime + PersistentTokenCacheAccessAspect.TIME_TO_LIVE);

tokenCacheMap.put(key, persistentTokenCacheAccessAspect);

if (logger.isLoggable(Level.FINEST)) {
logger.finest(LOGCONTEXT + ": entry expired for: " + value + " new entry will expire in: "
+ TimeUnit.MILLISECONDS.toSeconds(PersistentTokenCacheAccessAspect.TIME_TO_LIVE) + "s");
}
}
}

Expand All @@ -514,6 +552,10 @@ PersistentTokenCacheAccessAspect getEntry(String key) {
void addEntry(String key, PersistentTokenCacheAccessAspect value) {
value.setExpiryTime(System.currentTimeMillis() + PersistentTokenCacheAccessAspect.TIME_TO_LIVE);
tokenCacheMap.put(key, value);
if (logger.isLoggable(Level.FINEST)) {
logger.finest(LOGCONTEXT + ": add entry for: " + value + ", will expire in: "
+ TimeUnit.MILLISECONDS.toSeconds(PersistentTokenCacheAccessAspect.TIME_TO_LIVE) + "s");
}
}
}
}

0 comments on commit 285f4f6

Please sign in to comment.