Merge pull request #245 from AzureAD/dev

1.6 release

Author: SomkaPe

README.md

@@ -16,7 +16,7 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.5.0
+Current version - 1.6.0
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.5.0</version>
+    <version>1.6.0</version>
 </dependency>
 ```
 ### Gradle
 
 ```
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.5.0'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.6.0'
 ```
 
 ## Usage

build/credscan-exclude.json

@@ -1,25 +1,5 @@
 {
   "tool": "Credential Scanner",
   "suppressions": [
-    {
-      "file": "test-certificate.pfx",
-      "_justification": "test self signed certificate to test signing from the library. this certificate is not associated with any tenant"
-    },
-    {
-      "placeholder": "client_secret",
-      "_justification" : "credential used for testing. not associated with any tenant"
-    },
-    {
-      "placeholder": "ClientPassword",
-      "_justification" : "credential used for testing. not associated with any tenant"
-    },
-    {
-      "placeholder": "B2C_CONFIDENTIAL_CLIENT_APP_SECRET",
-      "_justification" : "Not a credential, just the identifier of the secret exposed by test lab API"
-    },
-    {
-      "placeholder": "MSIDLABB2C-MSAapp-AppSecret",
-      "_justification" : "Not a credential, just the identifier of the secret exposed by test lab API"
-    }
   ]
 }

changelog.txt

@@ -1,3 +1,9 @@
+Version 1.6.0
+=============
+- Client capabilities support
+- Enable device code flow for ADFS2019
+- Fix dependency issues with jackson 2.6.7 and json-smart 1.3.1
+
 Version 1.5.0
 =============
 - Support of server side throttling instructions

lombok.config

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.microsoft.azure</groupId>
 	<artifactId>msal4j</artifactId>
-	<version>1.5.0</version>
+	<version>1.6.0</version>
 	<packaging>jar</packaging>
 	<name>msal4j</name>
 	<description>

pom.xml

@@ -12,6 +12,8 @@
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.util.Collections;
+import java.util.Map;
+import java.util.HashMap;
 import java.util.Set;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.LinkedBlockingQueue;
@@ -27,7 +29,22 @@ public void acquireTokenWithAuthorizationCode_ManagedUser(String environment){
         cfg = new Config(environment);
 
         User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenAAD(user, null);
+    }
+
+    //TODO: Re-enable test once list of claims/capabilities and their expected behavior is known
+    //@Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
+    public void acquireTokenWithAuthorizationCode_ManagedUserWithClaimsAndCapabilities(String environment){
+        cfg = new Config(environment);
+
+        User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
+
+        Map<String, Set<String>> claimsAndCapabilities = new HashMap<>();
+
+        claimsAndCapabilities.put("claims", Collections.singleton(TestConstants.CLAIMS));
+        claimsAndCapabilities.put("clientCapabilities", TestConstants.CLIENT_CAPABILITIES_EMPTY);
+
+        assertAcquireTokenAAD(user, claimsAndCapabilities);
     }
 
     @Test
@@ -41,7 +58,7 @@ public void acquireTokenWithAuthorizationCode_ADFSv2019_Federated(String environ
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2019);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenAAD(user, null);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -50,23 +67,23 @@ public void acquireTokenWithAuthorizationCode_ADFSv4_Federated(String environmen
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_4);
 
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenAAD(user, null);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
     public void acquireTokenWithAuthorizationCode_ADFSv3_Federated(String environment){
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_3);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenAAD(user, null);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
     public void acquireTokenWithAuthorizationCode_ADFSv2_Federated(String environment){
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenAAD(user, null);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -119,7 +136,7 @@ private void assertAcquireTokenADFS2019(User user){
             throw new RuntimeException(ex.getMessage());
         }
 
-        String authCode = acquireAuthorizationCodeAutomated(user, pca);
+        String authCode = acquireAuthorizationCodeAutomated(user, pca, null);
         IAuthenticationResult result = acquireTokenAuthorizationCodeFlow(
                 pca,
                 authCode,
@@ -131,19 +148,24 @@ private void assertAcquireTokenADFS2019(User user){
         Assert.assertEquals(user.getUpn(), result.account().username());
     }
 
-    private void assertAcquireTokenAAD(User user){
+    private void assertAcquireTokenAAD(User user, Map<String, Set<String>> parameters){
 
         PublicClientApplication pca;
+        Set<String> clientCapabilities = null;
+        if (parameters != null) {
+            clientCapabilities = parameters.getOrDefault("clientCapabilities", null);
+        }
         try {
-            pca = PublicClientApplication.builder(
-                    user.getAppId()).
-                    authority(cfg.organizationsAuthority()).
-                    build();
+                pca = PublicClientApplication.builder(
+                        user.getAppId()).
+                        authority(cfg.organizationsAuthority()).
+                        clientCapabilities(clientCapabilities).
+                        build();
         } catch(MalformedURLException ex){
             throw new RuntimeException(ex.getMessage());
         }
 
-        String authCode = acquireAuthorizationCodeAutomated(user, pca);
+        String authCode = acquireAuthorizationCodeAutomated(user, pca, parameters);
         IAuthenticationResult result = acquireTokenAuthorizationCodeFlow(
                 pca,
                 authCode,
@@ -158,7 +180,7 @@ private void assertAcquireTokenAAD(User user){
     private void assertAcquireTokenB2C(User user){
 
         String appId = LabService.getSecret(TestConstants.B2C_CONFIDENTIAL_CLIENT_LAB_APP_ID);
-        String appSecret = LabService.getSecret(TestConstants.B2C_CONFIDENTIAL_CLIENT_APP_SECRET);
+        String appSecret = LabService.getSecret(TestConstants.B2C_CONFIDENTIAL_CLIENT_APP_SECRETID);
 
         ConfidentialClientApplication cca;
         try {
@@ -171,7 +193,7 @@ private void assertAcquireTokenB2C(User user){
             throw new RuntimeException(ex.getMessage());
         }
 
-        String authCode = acquireAuthorizationCodeAutomated(user, cca);
+        String authCode = acquireAuthorizationCodeAutomated(user, cca, null);
         IAuthenticationResult result = acquireTokenInteractiveB2C(cca, authCode);
 
         Assert.assertNotNull(result);
@@ -218,7 +240,8 @@ private IAuthenticationResult acquireTokenInteractiveB2C(ConfidentialClientAppli
 
     private String acquireAuthorizationCodeAutomated(
             User user,
-            AbstractClientApplicationBase app){
+            AbstractClientApplicationBase app,
+            Map<String, Set<String>> parameters){
 
         BlockingQueue<AuthorizationResult> authorizationCodeQueue = new LinkedBlockingQueue<>();
 
@@ -231,7 +254,7 @@ private String acquireAuthorizationCodeAutomated(
 
         AuthorizationResult result = null;
         try {
-            String url = buildAuthenticationCodeURL(app);
+            String url = buildAuthenticationCodeURL(app, parameters);
             seleniumDriver.navigate().to(url);
             runSeleniumAutomatedLogin(user, app);
 
@@ -256,9 +279,15 @@ private String acquireAuthorizationCodeAutomated(
         }
         return result.code();
     }
-    private String buildAuthenticationCodeURL(AbstractClientApplicationBase app) {
+
+    private String buildAuthenticationCodeURL(AbstractClientApplicationBase app, Map<String, Set<String>> parameters) {
         String scope;
 
+        String claims = null;
+        if (parameters != null) {
+            claims = String.valueOf(parameters.getOrDefault("claims", Collections.singleton("")).toArray()[0]);
+        }
+
         AuthorityType authorityType= app.authenticationAuthority.authorityType;
         if(authorityType == AuthorityType.AAD){
             scope = TestConstants.GRAPH_DEFAULT_SCOPE;
@@ -272,12 +301,13 @@ else if (authorityType == AuthorityType.ADFS){
             throw new RuntimeException("Authority type not recognized");
         }
 
-        AuthorizationRequestUrlParameters parameters =
+        AuthorizationRequestUrlParameters authParameters =
                 AuthorizationRequestUrlParameters
                         .builder(TestConstants.LOCALHOST + httpListener.port(),
                                 Collections.singleton(scope))
+                        .claimsChallenge(claims)
                         .build();
 
-        return app.getAuthorizationRequestUrl(parameters).toString();
+        return app.getAuthorizationRequestUrl(authParameters).toString();
     }
 }

src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java

@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+import labapi.KeyVaultSecretsProvider;
+import org.apache.commons.lang3.SystemUtils;
+
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+public class CertificateHelper {
+    static KeyStore createKeyStore() throws KeyStoreException, NoSuchProviderException {
+        String os = SystemUtils.OS_NAME;
+        if(os.contains("Mac")){
+            return KeyStore.getInstance("KeychainStore");
+        }
+        else{
+            return KeyStore.getInstance("Windows-MY", "SunMSCAPI");
+        }
+    }
+
+    static IClientCertificate getClientCertificate() throws
+            KeyStoreException, IOException, NoSuchAlgorithmException,
+            CertificateException, UnrecoverableKeyException, NoSuchProviderException {
+
+        KeyStore keystore = createKeyStore();
+
+        keystore.load(null, null);
+
+        PrivateKey key = (PrivateKey) keystore.getKey(KeyVaultSecretsProvider.CERTIFICATE_ALIAS, null);
+        X509Certificate publicCertificate = (X509Certificate) keystore.getCertificate(
+                KeyVaultSecretsProvider.CERTIFICATE_ALIAS);
+
+        return ClientCredentialFactory.createFromCertificate(key, publicCertificate);
+    }
+}

src/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java

@@ -5,31 +5,33 @@
 
 import labapi.AppCredentialProvider;
 import labapi.AzureEnvironment;
-import labapi.KeyVaultSecretsProvider;
 import org.testng.Assert;
+import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
 
 import java.io.IOException;
-import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
 import java.util.Collections;
 
 import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE;
 
 @Test
 public class ClientCredentialsIT {
+    private IClientCertificate certificate;
+
+    @BeforeClass
+    void init() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, IOException {
+        certificate = CertificateHelper.getClientCertificate();
+    }
 
     @Test
     public void acquireTokenClientCredentials_ClientCertificate() throws Exception{
         String clientId = "55e7e5af-ca53-482d-9aa3-5cb1cc8eecb5";
-        IClientCredential credential = getCertificateFromKeyStore();
-        assertAcquireTokenCommon(clientId, credential);
+        assertAcquireTokenCommon(clientId, certificate);
     }
 
     @Test
@@ -45,11 +47,10 @@ public void acquireTokenClientCredentials_ClientSecret() throws Exception{
     @Test
     public void acquireTokenClientCredentials_ClientAssertion() throws Exception{
         String clientId = "55e7e5af-ca53-482d-9aa3-5cb1cc8eecb5";
-        IClientCredential certificateFromKeyStore = getCertificateFromKeyStore();
 
         ClientAssertion clientAssertion = JwtHelper.buildJwt(
                 clientId,
-                (ClientCertificate) certificateFromKeyStore,
+                (ClientCertificate) certificate,
                 "https://login.microsoftonline.com/common/oauth2/v2.0/token");
 
         IClientCredential credential = ClientCredentialFactory.createFromClientAssertion(
@@ -72,17 +73,4 @@ private void assertAcquireTokenCommon(String clientId, IClientCredential credent
         Assert.assertNotNull(result);
         Assert.assertNotNull(result.accessToken());
     }
-
-    private IClientCredential getCertificateFromKeyStore() throws
-            NoSuchProviderException, KeyStoreException, IOException, NoSuchAlgorithmException,
-            CertificateException, UnrecoverableKeyException {
-        KeyStore keystore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
-        keystore.load(null, null);
-
-        PrivateKey key = (PrivateKey)keystore.getKey(KeyVaultSecretsProvider.CERTIFICATE_ALIAS, null);
-        X509Certificate publicCertificate = (X509Certificate)keystore.getCertificate(
-                KeyVaultSecretsProvider.CERTIFICATE_ALIAS);
-
-        return ClientCredentialFactory.createFromCertificate(key, publicCertificate);
-    }
 }