Skip to content

Commit

Permalink
Fix token acquisition when using azure-json and add JCA provider debu…
Browse files Browse the repository at this point in the history
…g section (#42860)
  • Loading branch information
moarychan authored Nov 11, 2024
1 parent 6556422 commit 9b9b3b1
Show file tree
Hide file tree
Showing 7 changed files with 59 additions and 1 deletion.
39 changes: 39 additions & 0 deletions sdk/keyvault/azure-security-keyvault-jca/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,45 @@ Please replace `${KEY_VAULT}` with your key vault name and replace `${MANAGED_ID

## Troubleshooting

### Debug Key Vault Provider

Remote debugger can be used to troubleshoot complex issues. Let’s try this out in Java 9 and above!

Before you start debugging, make sure the code of your JCA jar is the same as your IDE source code.

1. Replace the placeholders with your own credentials and execute below command to start the `jarsigner` command:

```shell
jarsigner \
-keystore NONE \
-storetype AzureKeyVault \
-signedjar <file-name-generated-after-signing> <jar-file-name-to-be-signed> <certificate-bundle-name-in-key-vault> \
-verbose \
-storepass "" \
-providerName AzureKeyVault \
-providerClass com.azure.security.keyvault.jca.KeyVaultJcaProvider \
-J--module-path="<your-local-Maven-repository-path>/com/azure/azure-security-keyvault-jca/<current-version-num>/azure-security-keyvault-jca-<current-version-num>.jar" \
-J--add-modules="com.azure.security.keyvault.jca" \
-J-Dazure.keyvault.uri=https://<your-key-vault-name>.vault.azure.net/ \
-J-Dazure.keyvault.tenant-id=<your-tenant-id> \
-J-Dazure.keyvault.client-id=<your-client-id> \
-J-Dazure.keyvault.client-secret=<your-client-secret> \
-J-Djava.security.debug=jar \
-J-agentlib:jdwp=transport=dt_socket,address=5005,server=y,suspend=y
```

After execution, you will see the following output information:

![start jarsigner command for debug](resources/start-jarsigner-command-for-debug.png)

2. Create a Remote JVM Debug configuration in your IDE tool, such as in Intellij IDEA:

![add remote JVM Debug configuration](./resources/add-remote-jvm-debug-configuration.png)

3. Click the `Debug` button to debug in your IDE:

![debug breakpoints](resources/debug-breakpoints.png)

## Configure logging
This module uses JUL (`java.util.logging`), so to configure things like the logging level you can directly modify the JUL configuration.

Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ public static AccessToken fromJson(JsonReader jsonReader) throws IOException {
if ("access_token".equals(fieldName)) {
deserializedAccessToken.accessToken = reader.getString();
} else if ("expires_in".equals(fieldName)) {
deserializedAccessToken.expiresIn = reader.getLong();
deserializedAccessToken.expiresIn = Long.parseLong(reader.getString());
} else {
reader.skipChildren();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,5 @@
exports com.azure.security.keyvault.jca.implementation.signature to java.base;

provides java.security.Provider with com.azure.security.keyvault.jca.KeyVaultJcaProvider;
uses com.azure.security.keyvault.jca.implementation.shaded.com.azure.json.JsonProvider;
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
package com.azure.security.keyvault.jca.implementation.utils;

import com.azure.json.ReadValueCallback;
import com.azure.security.keyvault.jca.implementation.model.AccessToken;
import com.azure.security.keyvault.jca.implementation.model.CertificateBundle;
import org.junit.jupiter.api.Test;

Expand All @@ -17,6 +18,11 @@
* The JUnit tests for the {@link JsonConverterUtil} class.
*/
public class JsonConverterUtilTest {

static final String DUMMY_TOKEN_RESPONSE_BODY = "{\"token_type\":\"Bearer\",\"expires_in\":\"3599\","
+ "\"ext_expires_in\":\"3599\",\"expires_on\":\"1731052824\",\"not_before\":\"1731048924\","
+ "\"resource\":\"https://vault.azure.net\",\"access_token\":\"test_access_token_value\"}";

/**
* Test the {@link JsonConverterUtil#fromJson(ReadValueCallback, String)} method.
*/
Expand All @@ -43,4 +49,16 @@ public void testToJson() {
assertTrue(string.contains("cer"));
assertTrue(string.contains("\"value\""));
}

@Test
void testFromJsonWithTokenResponseBody() {
AccessToken accessToken = null;
try {
accessToken = JsonConverterUtil.fromJson(AccessToken::fromJson, DUMMY_TOKEN_RESPONSE_BODY);
} catch (IOException e) {
throw new RuntimeException(e);
}
assertNotNull(accessToken);
assertEquals("test_access_token_value", accessToken.getAccessToken());
}
}

0 comments on commit 9b9b3b1

Please sign in to comment.