Merge pull request #122 from AzureAD/dev

0.7.0-preview release

Author: sangonzal

README.md

@@ -11,7 +11,7 @@ The MSAL library for Java gives your app the ability to begin using the Microsof
 
 
 ## Versions
-Current version - 0.6.0-preview
+Current version - 0.7.0-preview
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
@@ -23,13 +23,13 @@ The library is currently in preview. During the preview we reserve the right to
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>0.6.0-preview</version>
+    <version>0.7.0-preview</version>
 </dependency>
 ```
 ### Gradle
 
 ```
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '0.6.0-preview'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '0.7.0-preview'
 ```
 
 ## Contribution

changelog.txt

@@ -1,3 +1,10 @@
+Version 0.7.0-preview
+=============
+- Added support for ClientAssertions in ClientCredentialFactory
+- Renamed AsymmetricKeyCredential to ClientCertificate
+- Made Account, IClientApplicationBase, TelemetryConsumer ClientSecret, ClientCertificate, ClientAssertion package-private
+- Added IClientSecret, IClientCertificate, IClientAssertion
+
 Version 0.6.0-preview
 =============
 - Updated TokenCache to be thread safe

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.microsoft.azure</groupId>
 	<artifactId>msal4j</artifactId>
-	<version>0.6.0-preview</version>
+	<version>0.7.0-preview</version>
 	<packaging>jar</packaging>
 	<name>msal4j</name>
 	<description>

src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java

@@ -3,6 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
+import labapi.AppIdentityProvider;
 import labapi.FederationProvider;
 import labapi.LabResponse;
 import labapi.LabUserProvider;
@@ -13,6 +14,10 @@
 
 import java.util.Collections;
 import java.util.Set;
+import java.util.concurrent.ExecutionException;
+
+import static com.microsoft.aad.msal4j.TestConstants.GRAPH_DEFAULT_SCOPE;
+import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE;
 
 public class AcquireTokenSilentIT {
     private LabUserProvider labUserProvider;
@@ -51,7 +56,7 @@ public void acquireTokenSilent_LabAuthority_TokenNotRefreshed() throws Exception
         String password = labUserProvider.getUserPassword(labResponse.getUser());
         String labAuthority = TestConstants.MICROSOFT_AUTHORITY_HOST + labResponse.getUser().getTenantId();
 
-        PublicClientApplication pca = new PublicClientApplication.Builder(
+        PublicClientApplication pca = PublicClientApplication.builder(
                 labResponse.getAppId()).
                 authority(labAuthority).
                 build();
@@ -85,7 +90,7 @@ public void acquireTokenSilent_ForceRefresh() throws Exception {
                 false);
         String password = labUserProvider.getUserPassword(labResponse.getUser());
 
-        PublicClientApplication pca = new PublicClientApplication.Builder(
+        PublicClientApplication pca = PublicClientApplication.builder(
                 labResponse.getAppId()).
                 authority(TestConstants.ORGANIZATIONS_AUTHORITY).
                 build();
@@ -151,50 +156,85 @@ public void acquireTokenSilent_MultipleAccountsInCache_UseCorrectAccount() throw
         Assert.assertEquals(result.account().username(), labResponse.getUser().getUpn());
     }
 
-    private IPublicClientApplication getPublicClientApplicationWithTokensInCache()
-            throws Exception {
+    @Test
+    public void acquireTokenSilent_usingCommonAuthority_returnCachedAt() throws Exception {
+        acquireTokenSilent_returnCachedTokens(TestConstants.ORGANIZATIONS_AUTHORITY);
+    }
+
+    @Test
+    public void acquireTokenSilent_usingTenantSpecificAuthority_returnCachedAt() throws Exception {
         LabResponse labResponse = labUserProvider.getDefaultUser(
                 NationalCloud.AZURE_CLOUD,
                 false);
-        String password = labUserProvider.getUserPassword(labResponse.getUser());
+        String tenantSpecificAuthority = TestConstants.MICROSOFT_AUTHORITY_HOST + labResponse.getUser().getTenantId();
+        acquireTokenSilent_returnCachedTokens(tenantSpecificAuthority);
+    }
 
-        PublicClientApplication pca = new PublicClientApplication.Builder(
-                labResponse.getAppId()).
-                authority(TestConstants.ORGANIZATIONS_AUTHORITY).
-                build();
+    @Test
+    public void acquireTokenSilent_ConfidentialClient_acquireTokenSilent() throws Exception{
 
-        pca.acquireToken(UserNamePasswordParameters.
-                builder(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE),
-                        labResponse.getUser().getUpn(),
-                        password.toCharArray())
+        IConfidentialClientApplication cca = getConfidentialClientApplications();
+
+        IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters
+                .builder(Collections.singleton(KEYVAULT_DEFAULT_SCOPE))
                 .build())
                 .get();
-        return pca;
+
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
+
+        String cachedAt = result.accessToken();
+
+        result = cca.acquireTokenSilently(SilentParameters
+                .builder(Collections.singleton(KEYVAULT_DEFAULT_SCOPE))
+                .build())
+                .get();
+
+        Assert.assertNotNull(result);
+        Assert.assertEquals(result.accessToken(), cachedAt);
     }
 
-    @Test
-    private void acquireTokenSilent_usingCommonAuthority_returnCachedAt() throws Exception {
-        acquireTokenSilent_returnCachedTokens(TestConstants.ORGANIZATIONS_AUTHORITY);
+    @Test(expectedExceptions = ExecutionException.class)
+    public void acquireTokenSilent_ConfidentialClient_acquireTokenSilentDifferentScopeThrowsException()
+            throws Exception {
+
+        IConfidentialClientApplication cca = getConfidentialClientApplications();
+
+        IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters
+                .builder(Collections.singleton(KEYVAULT_DEFAULT_SCOPE))
+                .build())
+                .get();
+
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
+
+        //Acquiring token for different scope, expect exception to be thrown
+        cca.acquireTokenSilently(SilentParameters
+                .builder(Collections.singleton(GRAPH_DEFAULT_SCOPE))
+                .build())
+                .get();
     }
 
-    @Test
-    private void acquireTokenSilent_usingTenantSpecificAuthority_returnCachedAt() throws Exception {
-        LabResponse labResponse = labUserProvider.getDefaultUser(
-                NationalCloud.AZURE_CLOUD,
-                false);
-        String tenantSpecificAuthority = TestConstants.MICROSOFT_AUTHORITY_HOST + labResponse.getUser().getTenantId();
+    private IConfidentialClientApplication getConfidentialClientApplications() throws Exception{
+        AppIdentityProvider appProvider = new AppIdentityProvider();
+        final String clientId = appProvider.getDefaultLabId();
+        final String password = appProvider.getDefaultLabPassword();
+        IClientCredential credential = ClientCredentialFactory.createFromSecret(password);
 
-        acquireTokenSilent_returnCachedTokens(tenantSpecificAuthority);
+        return ConfidentialClientApplication.builder(
+                clientId, credential).
+                authority(TestConstants.MICROSOFT_AUTHORITY).
+                build();
     }
 
-    void acquireTokenSilent_returnCachedTokens(String authority) throws Exception {
+    private void acquireTokenSilent_returnCachedTokens(String authority) throws Exception {
 
         LabResponse labResponse = labUserProvider.getDefaultUser(
                 NationalCloud.AZURE_CLOUD,
                 false);
         String password = labUserProvider.getUserPassword(labResponse.getUser());
 
-        PublicClientApplication pca = new PublicClientApplication.Builder(
+        PublicClientApplication pca = PublicClientApplication.builder(
                 labResponse.getAppId()).
                 authority(authority).
                 build();
@@ -217,4 +257,25 @@ void acquireTokenSilent_returnCachedTokens(String authority) throws Exception {
         Assert.assertNotNull(silentAuthResult);
         Assert.assertEquals(interactiveAuthResult.accessToken(), silentAuthResult.accessToken());
     }
+
+    private IPublicClientApplication getPublicClientApplicationWithTokensInCache()
+            throws Exception {
+        LabResponse labResponse = labUserProvider.getDefaultUser(
+                NationalCloud.AZURE_CLOUD,
+                false);
+        String password = labUserProvider.getUserPassword(labResponse.getUser());
+
+        PublicClientApplication pca = PublicClientApplication.builder(
+                labResponse.getAppId()).
+                authority(TestConstants.ORGANIZATIONS_AUTHORITY).
+                build();
+
+        pca.acquireToken(
+                UserNamePasswordParameters.builder(
+                        Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE),
+                        labResponse.getUser().getUpn(),
+                        password.toCharArray())
+                        .build()).get();
+        return pca;
+    }
 }

src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java

@@ -247,7 +247,7 @@ private IAuthenticationResult acquireTokenInteractiveB2C(LabResponse labResponse
                                                             String authCode) {
         IAuthenticationResult result;
         try{
-            IClientCredential credential = ClientCredentialFactory.create("");
+            IClientCredential credential = ClientCredentialFactory.createFromSecret("");
             ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
                     labResponse.getAppId(),
                     credential)

src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java

@@ -18,13 +18,13 @@
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 
-import static com.microsoft.aad.msal4j.TestConstants.GRAPH_DEFAULT_SCOPE;
 import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE;
 
 @Test
 public class ClientCredentialsIT {
+
     @Test
-    public void acquireTokenClientCredentials_AsymmetricKeyCredential() throws Exception{
+    public void acquireTokenClientCredentials_ClientCertificate() throws Exception{
         String clientId = "55e7e5af-ca53-482d-9aa3-5cb1cc8eecb5";
         IClientCredential credential = getCertificateFromKeyStore();
         assertAcquireTokenCommon(clientId, credential);
@@ -35,13 +35,30 @@ public void acquireTokenClientCredentials_ClientSecret() throws Exception{
         AppIdentityProvider appProvider = new AppIdentityProvider();
         final String clientId = appProvider.getDefaultLabId();
         final String password = appProvider.getDefaultLabPassword();
-        IClientCredential credential = ClientCredentialFactory.create(password);
+        IClientCredential credential = ClientCredentialFactory.createFromSecret(password);
+
+        assertAcquireTokenCommon(clientId, credential);
+    }
+
+    @Test
+    public void acquireTokenClientCredentials_ClientAssertion() throws Exception{
+        String clientId = "55e7e5af-ca53-482d-9aa3-5cb1cc8eecb5";
+        IClientCredential certificateFromKeyStore = getCertificateFromKeyStore();
+
+        ClientAssertion clientAssertion = JwtHelper.buildJwt(
+                clientId,
+                (ClientCertificate) certificateFromKeyStore,
+                "https://login.microsoftonline.com/common/oauth2/v2.0/token");
+
+
+        IClientCredential credential = ClientCredentialFactory.createFromClientAssertion(
+                clientAssertion.assertion());
 
         assertAcquireTokenCommon(clientId, credential);
     }
 
     private void assertAcquireTokenCommon(String clientId, IClientCredential credential) throws Exception{
-        ConfidentialClientApplication cca = new ConfidentialClientApplication.Builder(
+        ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
                 clientId, credential).
                 authority(TestConstants.MICROSOFT_AUTHORITY).
                 build();
@@ -53,26 +70,8 @@ private void assertAcquireTokenCommon(String clientId, IClientCredential credent
 
         Assert.assertNotNull(result);
         Assert.assertNotNull(result.accessToken());
-
-        String cachedAt = result.accessToken();
-
-        result = cca.acquireTokenSilently(SilentParameters
-                .builder(Collections.singleton(GRAPH_DEFAULT_SCOPE))
-                .build())
-                .get();
-
-        Assert.assertNull(result);
-
-        result = cca.acquireTokenSilently(SilentParameters
-                .builder(Collections.singleton(KEYVAULT_DEFAULT_SCOPE))
-                .build())
-                .get();
-
-        Assert.assertNotNull(result);
-        Assert.assertEquals(result.accessToken(), cachedAt);
     }
 
-
     private IClientCredential getCertificateFromKeyStore() throws
             NoSuchProviderException, KeyStoreException, IOException, NoSuchAlgorithmException,
             CertificateException, UnrecoverableKeyException {
@@ -84,6 +83,6 @@ private IClientCredential getCertificateFromKeyStore() throws
         X509Certificate publicCertificate = (X509Certificate)keystore.getCertificate(
                 certificateAlias);
 
-        return ClientCredentialFactory.create(key, publicCertificate);
+        return ClientCredentialFactory.createFromCertificate(key, publicCertificate);
     }
 }

src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java

@@ -42,7 +42,7 @@ public void DeviceCodeFlowTest() throws Exception {
                 false);
         labUserProvider.getUserPassword(labResponse.getUser());
 
-        PublicClientApplication pca = new PublicClientApplication.Builder(
+        PublicClientApplication pca = PublicClientApplication.builder(
                 labResponse.getAppId()).
                 authority(TestConstants.ORGANIZATIONS_AUTHORITY).
                 build();

src/integrationtest/java/com.microsoft.aad.msal4j/NationalCloudIT.java

@@ -41,7 +41,7 @@ private void assertAcquireTokenCommon(NationalCloud cloud) throws Exception{
                 false);
         String password = labUserProvider.getUserPassword(labResponse.getUser());
 
-        PublicClientApplication pca = new PublicClientApplication.Builder(
+        PublicClientApplication pca = PublicClientApplication.builder(
                 labResponse.getAppId()).
                 authority(TestConstants.ORGANIZATIONS_AUTHORITY).
                 build();

src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java

@@ -50,7 +50,7 @@ public void acquireTokenWithOBO_Managed() throws Exception {
         final String password = appProvider.getOboPassword();
 
         ConfidentialClientApplication cca =
-                ConfidentialClientApplication.builder(clientId, ClientCredentialFactory.create(password)).
+                ConfidentialClientApplication.builder(clientId, ClientCredentialFactory.createFromSecret(password)).
                         authority(msidlab4Authority).
                         build();
 

src/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java

@@ -26,7 +26,7 @@ public void setUp() throws Exception {
                 NationalCloud.AZURE_CLOUD,
                 false);
         String password = labUserProvider.getUserPassword(labResponse.getUser());
-        pca = new PublicClientApplication.Builder(
+        pca = PublicClientApplication.builder(
                 labResponse.getAppId()).
                 authority(TestConstants.ORGANIZATIONS_AUTHORITY).
                 build();

src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java

@@ -30,7 +30,7 @@ public void singleAccountInCache_RemoveAccountTest() throws Exception {
                 false);
         String password = labUserProvider.getUserPassword(labResponse.getUser());
 
-        PublicClientApplication pca = new PublicClientApplication.Builder(
+        PublicClientApplication pca = PublicClientApplication.builder(
                 labResponse.getAppId()).
                 authority(TestConstants.ORGANIZATIONS_AUTHORITY).
                 build();
@@ -62,7 +62,7 @@ public void twoAccountsInCache_RemoveAccountTest() throws Exception{
                 false);
         String password = labUserProvider.getUserPassword(labResponse1.getUser());
 
-        PublicClientApplication pca = new PublicClientApplication.Builder(
+        PublicClientApplication pca = PublicClientApplication.builder(
                 labResponse1.getAppId()).
                 authority(TestConstants.ORGANIZATIONS_AUTHORITY).
                 build();
@@ -125,7 +125,7 @@ public void twoAccountsInCache_SameUserDifferentTenants_RemoveAccountTest() thro
         ITokenCacheAccessAspect persistenceAspect = new TokenPersistence(dataToInitCache);
 
         // acquire tokens for home tenant, and serialize cache
-        PublicClientApplication pca = new PublicClientApplication.Builder(
+        PublicClientApplication pca = PublicClientApplication.builder(
                 labResponse.getAppId()).
                 authority(TestConstants.ORGANIZATIONS_AUTHORITY)
                 .setTokenCacheAccessAspect(persistenceAspect)
@@ -141,7 +141,7 @@ public void twoAccountsInCache_SameUserDifferentTenants_RemoveAccountTest() thro
         String guestTenantAuthority = TestConstants.MICROSOFT_AUTHORITY_HOST + labResponse.getUser().getTenantId();
 
         // initialize pca with tenant where user is guest, deserialize cache, and acquire second token
-        PublicClientApplication pca2 = new PublicClientApplication.Builder(
+        PublicClientApplication pca2 = PublicClientApplication.builder(
                 labResponse.getAppId()).
                 authority(guestTenantAuthority).
                 setTokenCacheAccessAspect(persistenceAspect).