Fix token acquisition when using azure-json and add JCA provider debu…

…g section (Azure#42860)
mssfang · Nov 14, 2024 · e93306f · e93306f
1 parent 9bd56b8
commit e93306f
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 1 deletion.
diff --git a/sdk/keyvault/azure-security-keyvault-jca/README.md b/sdk/keyvault/azure-security-keyvault-jca/README.md
@@ -192,6 +192,45 @@ Please replace `${KEY_VAULT}` with your key vault name and replace `${MANAGED_ID
 
 ## Troubleshooting
 
+### Debug Key Vault Provider
+
+Remote debugger can be used to troubleshoot complex issues. Let’s try this out in Java 9 and above!
+
+Before you start debugging, make sure the code of your JCA jar is the same as your IDE source code. 
+
+1. Replace the placeholders with your own credentials and execute below command to start the `jarsigner` command:
+
+   ```shell
+   jarsigner \
+       -keystore NONE \
+       -storetype AzureKeyVault \
+       -signedjar <file-name-generated-after-signing> <jar-file-name-to-be-signed> <certificate-bundle-name-in-key-vault> \
+       -verbose  \
+       -storepass "" \
+       -providerName AzureKeyVault \
+       -providerClass com.azure.security.keyvault.jca.KeyVaultJcaProvider \
+       -J--module-path="<your-local-Maven-repository-path>/com/azure/azure-security-keyvault-jca/<current-version-num>/azure-security-keyvault-jca-<current-version-num>.jar" \
+       -J--add-modules="com.azure.security.keyvault.jca" \
+       -J-Dazure.keyvault.uri=https://<your-key-vault-name>.vault.azure.net/ \
+       -J-Dazure.keyvault.tenant-id=<your-tenant-id> \
+       -J-Dazure.keyvault.client-id=<your-client-id> \
+       -J-Dazure.keyvault.client-secret=<your-client-secret> \
+       -J-Djava.security.debug=jar \
+       -J-agentlib:jdwp=transport=dt_socket,address=5005,server=y,suspend=y
+   ```
+
+   After execution, you will see the following output information:
+
+   ![start jarsigner command for debug](resources/start-jarsigner-command-for-debug.png)
+
+2. Create a Remote JVM Debug configuration in your IDE tool, such as in Intellij IDEA:
+
+   ![add remote JVM Debug configuration](./resources/add-remote-jvm-debug-configuration.png)
+
+3. Click the `Debug` button to debug in your IDE:
+
+   ![debug breakpoints](resources/debug-breakpoints.png)
+
 ## Configure logging
 This module uses JUL (`java.util.logging`), so to configure things like the logging level you can directly modify the JUL configuration.
 

diff --git a/...lt/azure-security-keyvault-jca/resources/add-remote-jvm-debug-configuration.png b/...lt/azure-security-keyvault-jca/resources/add-remote-jvm-debug-configuration.png
diff --git a/sdk/keyvault/azure-security-keyvault-jca/resources/debug-breakpoints.png b/sdk/keyvault/azure-security-keyvault-jca/resources/debug-breakpoints.png
diff --git a/...ult/azure-security-keyvault-jca/resources/start-jarsigner-command-for-debug.png b/...ult/azure-security-keyvault-jca/resources/start-jarsigner-command-for-debug.png
diff --git a/...t-jca/src/main/java/com/azure/security/keyvault/jca/implementation/model/AccessToken.java b/...t-jca/src/main/java/com/azure/security/keyvault/jca/implementation/model/AccessToken.java
@@ -108,7 +108,7 @@ public static AccessToken fromJson(JsonReader jsonReader) throws IOException {
                 if ("access_token".equals(fieldName)) {
                     deserializedAccessToken.accessToken = reader.getString();
                 } else if ("expires_in".equals(fieldName)) {
-                    deserializedAccessToken.expiresIn = reader.getLong();
+                    deserializedAccessToken.expiresIn = Long.parseLong(reader.getString());
                 } else {
                     reader.skipChildren();
                 }

diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/resources/module-info.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/resources/module-info.java
@@ -24,4 +24,5 @@
     exports com.azure.security.keyvault.jca.implementation.signature to java.base;
 
     provides java.security.Provider with com.azure.security.keyvault.jca.KeyVaultJcaProvider;
+    uses com.azure.security.keyvault.jca.implementation.shaded.com.azure.json.JsonProvider;
 }
diff --git a/...test/java/com/azure/security/keyvault/jca/implementation/utils/JsonConverterUtilTest.java b/...test/java/com/azure/security/keyvault/jca/implementation/utils/JsonConverterUtilTest.java
@@ -4,6 +4,7 @@
 package com.azure.security.keyvault.jca.implementation.utils;
 
 import com.azure.json.ReadValueCallback;
+import com.azure.security.keyvault.jca.implementation.model.AccessToken;
 import com.azure.security.keyvault.jca.implementation.model.CertificateBundle;
 import org.junit.jupiter.api.Test;
 
@@ -17,6 +18,11 @@
  * The JUnit tests for the {@link JsonConverterUtil} class.
  */
 public class JsonConverterUtilTest {
+
+    static final String DUMMY_TOKEN_RESPONSE_BODY = "{\"token_type\":\"Bearer\",\"expires_in\":\"3599\","
+        + "\"ext_expires_in\":\"3599\",\"expires_on\":\"1731052824\",\"not_before\":\"1731048924\","
+        + "\"resource\":\"https://vault.azure.net\",\"access_token\":\"test_access_token_value\"}";
+
     /**
      * Test the {@link JsonConverterUtil#fromJson(ReadValueCallback, String)} method.
      */
@@ -43,4 +49,16 @@ public void testToJson() {
         assertTrue(string.contains("cer"));
         assertTrue(string.contains("\"value\""));
     }
+
+    @Test
+    void testFromJsonWithTokenResponseBody() {
+        AccessToken accessToken = null;
+        try {
+            accessToken = JsonConverterUtil.fromJson(AccessToken::fromJson, DUMMY_TOKEN_RESPONSE_BODY);
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+        assertNotNull(accessToken);
+        assertEquals("test_access_token_value", accessToken.getAccessToken());
+    }
 }