Merge pull request #709 from AzureAD/nebharg/MsiInitial

neha-bhargava · web-flow · commit 76578e2e159c · 2023-09-11T16:07:38.000-07:00
Missed to add these changes to the merged PR
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractManagedIdentitySource.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractManagedIdentitySource.java
@@ -27,15 +27,17 @@ abstract class AbstractManagedIdentitySource {
     private static final String MANAGED_IDENTITY_NO_RESPONSE_RECEIVED = "[Managed Identity] Authentication unavailable. No response received from the managed identity endpoint.";
 
     protected final ManagedIdentityRequest managedIdentityRequest;
-    private ServiceBundle serviceBundle;
+    protected final ServiceBundle serviceBundle;
     private ManagedIdentitySourceType managedIdentitySourceType;
 
     @Getter
     @Setter
     private boolean isUserAssignedManagedIdentity;
+
     @Getter
     @Setter
     private String managedIdentityUserAssignedClientId;
+
     @Getter
     @Setter
     private String managedIdentityUserAssignedResourceId;
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByManagedIdentitySupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByManagedIdentitySupplier.java
@@ -94,7 +94,7 @@ private AuthenticationResult createFromManagedIdentityResponse(ManagedIdentityRe
 
         return AuthenticationResult.builder()
                 .accessToken(managedIdentityResponse.getAccessToken())
-                .scopes(managedIdentityParameters.getResource())
+                .scopes(managedIdentityParameters.resource())
                 .expiresOn(expiresOn)
                 .extExpiresOn(0)
                 .refreshOn(refreshOn)
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppServiceManagedIdentitySource.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppServiceManagedIdentitySource.java
@@ -8,7 +8,9 @@
 
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 class AppServiceManagedIdentitySource extends AbstractManagedIdentitySource{
@@ -28,27 +30,26 @@ public void createManagedIdentityRequest(String resource) {
         managedIdentityRequest.baseEndpoint = endpoint;
         managedIdentityRequest.method = HttpMethod.GET;
 
-        Map<String, String> headers = new HashMap<>();
-        headers.put(SECRET_HEADER_NAME, secret);
-        managedIdentityRequest.headers = headers;
+        managedIdentityRequest.headers = new HashMap<>();
+        managedIdentityRequest.headers.put(SECRET_HEADER_NAME, secret);
 
-        Map<String, String> queryParameters = new HashMap<>();
-        queryParameters.put("api-version", APP_SERVICE_MSI_API_VERSION );
-        queryParameters.put("resource", resource);
+        managedIdentityRequest.queryParameters = new HashMap<>();
+        managedIdentityRequest.queryParameters.put("api-version", Collections.singletonList(APP_SERVICE_MSI_API_VERSION));
+        managedIdentityRequest.queryParameters.put("resource", Collections.singletonList(resource));
 
+        String clientId = getManagedIdentityUserAssignedClientId();
+        String resourceId = getManagedIdentityUserAssignedResourceId();
         if (!StringHelper.isNullOrBlank(getManagedIdentityUserAssignedClientId()))
         {
             LOG.info("[Managed Identity] Adding user assigned client id to the request.");
-            queryParameters.put(Constants.MANAGED_IDENTITY_CLIENT_ID, getManagedIdentityUserAssignedClientId());
+            managedIdentityRequest.queryParameters.put(Constants.MANAGED_IDENTITY_CLIENT_ID, Collections.singletonList(getManagedIdentityUserAssignedClientId()));
         }
 
         if (!StringHelper.isNullOrBlank(getManagedIdentityUserAssignedResourceId()))
         {
             LOG.info("[Managed Identity] Adding user assigned resource id to the request.");
-            queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID, getManagedIdentityUserAssignedResourceId());
+            managedIdentityRequest.queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID, Collections.singletonList(getManagedIdentityUserAssignedResourceId()));
         }
-
-        managedIdentityRequest.queryParameters = queryParameters;
     }
 
     private AppServiceManagedIdentitySource(MsalRequest msalRequest, ServiceBundle serviceBundle, URI endpoint, String secret)
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IMDSManagedIdentitySource.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IMDSManagedIdentitySource.java
@@ -9,6 +9,7 @@
 import java.net.HttpURLConnection;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -77,29 +78,26 @@ public void createManagedIdentityRequest(String resource) {
         managedIdentityRequest.baseEndpoint = imdsEndpoint;
         managedIdentityRequest.method = HttpMethod.GET;
 
-        Map<String, String> headers = new HashMap<>();
-        headers.put("Metadata", "true");
-        managedIdentityRequest.headers = headers;
+        managedIdentityRequest.headers = new HashMap<>();
+        managedIdentityRequest.headers.put("Metadata", "true");
 
-        Map<String, String> queryParameters = new HashMap<>();
-        queryParameters.put("api-version",imdsApiVersion);
-        queryParameters.put("resource", resource);
+        managedIdentityRequest.queryParameters = new HashMap<>();
+        managedIdentityRequest.queryParameters.put("api-version", Collections.singletonList(imdsApiVersion));
+        managedIdentityRequest.queryParameters.put("resource", Collections.singletonList(resource));
 
         String clientId = getManagedIdentityUserAssignedClientId();
         String resourceId = getManagedIdentityUserAssignedResourceId();
         if (!StringHelper.isNullOrBlank(clientId))
         {
             LOG.info("[Managed Identity] Adding user assigned client id to the request.");
-            queryParameters.put(Constants.MANAGED_IDENTITY_CLIENT_ID, clientId);
+            managedIdentityRequest.queryParameters.put(Constants.MANAGED_IDENTITY_CLIENT_ID, Collections.singletonList(clientId));
         }
 
         if (!StringHelper.isNullOrBlank(resourceId))
         {
             LOG.info("[Managed Identity] Adding user assigned resource id to the request.");
-            queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID, resourceId);
+            managedIdentityRequest.queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID, Collections.singletonList(resourceId));
         }
-
-        managedIdentityRequest.queryParameters = queryParameters;
     }
 
     @Override
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityApplication.java
@@ -17,8 +17,6 @@
  */
 public class ManagedIdentityApplication extends AbstractClientApplicationBase implements IManagedIdentityApplication {
 
-    private String resource;
-
     @Getter
     private final ManagedIdentityId managedIdentityId;
 
@@ -31,7 +29,7 @@ private ManagedIdentityApplication(Builder builder) {
     /**
      * Creates instance of Builder of ManagedIdentityApplication
      *
-     * @param managedIdentityId ManagedIdentityId to specify if it System Assigned or User Assigned
+     * @param managedIdentityId ManagedIdentityId to specify if System Assigned or User Assigned
      *                          and provide id if it is user assigned.
      * @return instance of Builder of ManagedIdentityApplication
      */
@@ -68,6 +66,7 @@ private Builder(ManagedIdentityId managedIdentityId) {
             super(managedIdentityId.getIdType() == ManagedIdentityIdType.SystemAssigned ?
                     "system_assigned_managed_identity" : managedIdentityId.getUserAssignedId());
 
+
             this.managedIdentityId = managedIdentityId;
             this.isInstanceDiscoveryEnabled = false;
         }
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityParameters.java
@@ -28,22 +28,6 @@ public class ManagedIdentityParameters implements IAcquireTokenParameters {
 
     IEnvironmentVariables environmentVariables;
 
-    public String getResource() {
-        return resource;
-    }
-
-    public void setResource(String resource) {
-        this.resource = resource;
-    }
-
-    public boolean isForceRefresh() {
-        return forceRefresh;
-    }
-
-    public void setForceRefresh(boolean forceRefresh) {
-        this.forceRefresh = forceRefresh;
-    }
-
     @Override
     public Set<String> scopes() {
         return null;
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityRequest.java
@@ -3,11 +3,15 @@
 
 package com.microsoft.aad.msal4j;
 
+import com.nimbusds.oauth2.sdk.util.URIUtils;
+import com.nimbusds.oauth2.sdk.util.URLUtils;
+
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 class ManagedIdentityRequest extends MsalRequest {
@@ -20,9 +24,9 @@ class ManagedIdentityRequest extends MsalRequest {
 
     Map<String, String> bodyParameters;
 
-    Map<String, String> queryParameters;
+    Map<String, List<String>> queryParameters;
 
-    public ManagedIdentityRequest(ManagedIdentityApplication managedIdentityApplication, RequestContext requestContext){
+    public ManagedIdentityRequest(ManagedIdentityApplication managedIdentityApplication, RequestContext requestContext) {
         super(managedIdentityApplication, requestContext);
     }
 
@@ -35,22 +39,13 @@ public URL computeURI() throws URISyntaxException {
         }
     }
 
-    private String appendQueryParametersToBaseEndpoint(){
-        StringBuilder stringBuilder = new StringBuilder(baseEndpoint.toString());
-        if(!queryParameters.isEmpty()){
-            stringBuilder.append("?");
-        }
-        boolean isFirstValue = true;
-        for(String key: queryParameters.keySet()){
-            if(!isFirstValue){
-                stringBuilder.append("&");
-            }
-            String toAppend = key + "=" + queryParameters.get(key);
-            stringBuilder.append(toAppend);
-
-            isFirstValue = false;
+    private String appendQueryParametersToBaseEndpoint() {
+        if (queryParameters.isEmpty()) {
+            return baseEndpoint.toString();
         }
 
-        return stringBuilder.toString();
+        String queryString = URLUtils.serializeParameters(queryParameters);
+
+        return baseEndpoint.toString() + "?" + queryString;
     }
 }
diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java
@@ -3,6 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
+import com.nimbusds.oauth2.sdk.util.URLUtils;
 import org.junit.jupiter.api.TestInstance;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -13,11 +14,12 @@
 import java.net.URISyntaxException;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import static org.junit.jupiter.api.Assertions.*;
-import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.*;
 
 @ExtendWith(MockitoExtension.class)
@@ -49,61 +51,50 @@ private HttpRequest expectedRequest(ManagedIdentitySourceType source, String res
     }
 
     private HttpRequest expectedRequest(ManagedIdentitySourceType source, String resource,
-            ManagedIdentityId id)
-            throws URISyntaxException {
-        HttpRequest request;
+            ManagedIdentityId id) {
         String endpoint = null;
         Map<String, String> headers = new HashMap<>();
-        Map<String, String> queryParameters = new HashMap<>();
+        Map<String, List<String>> queryParameters = new HashMap<>();
 
         switch (source) {
             case AppService: {
                 endpoint = appServiceEndpoint;
                 queryParameters = new HashMap<>();
-                queryParameters.put("api-version", "2019-08-01");
-                queryParameters.put("resource", resource);
+                queryParameters.put("api-version", Collections.singletonList("2019-08-01"));
+                queryParameters.put("resource", Collections.singletonList(resource));
                 headers = new HashMap<>();
                 headers.put("X-IDENTITY-HEADER", "secret");
                 break;
             }
             case Imds: {
                 endpoint = IMDS_ENDPOINT;
-                queryParameters.put("api-version", "2018-02-01");
-                queryParameters.put("resource", resource);
+                queryParameters.put("api-version", Collections.singletonList("2018-02-01"));
+                queryParameters.put("resource", Collections.singletonList(resource));
                 headers.put("Metadata", "true");
                 break;
             }
         }
 
         switch (id.getIdType()) {
             case ClientId:
-                queryParameters.put("client_id", id.getUserAssignedId());
+                queryParameters.put("client_id", Collections.singletonList(id.getUserAssignedId()));
                 break;
             case ResourceId:
-                queryParameters.put("mi_res_id", id.getUserAssignedId());
+                queryParameters.put("mi_res_id", Collections.singletonList(id.getUserAssignedId()));
                 break;
         }
 
         return new HttpRequest(HttpMethod.GET, computeUri(endpoint, queryParameters), headers);
     }
 
-    private String computeUri(String endpoint, Map<String, String> queryParameters) {
-        StringBuilder stringBuilder = new StringBuilder(endpoint);
-        if(!queryParameters.isEmpty()){
-            stringBuilder.append("?");
+    private String computeUri(String endpoint, Map<String, List<String>> queryParameters) {
+        if (queryParameters.isEmpty()) {
+            return endpoint.toString();
         }
-        boolean isFirstValue = true;
-        for(String key: queryParameters.keySet()){
-            if(!isFirstValue){
-                stringBuilder.append("&");
-            }
-            String toAppend = key + "=" + queryParameters.get(key);
-            stringBuilder.append(toAppend);
 
-            isFirstValue = false;
-        }
+        String queryString = URLUtils.serializeParameters(queryParameters);
 
-        return stringBuilder.toString();
+        return endpoint.toString() + "?" + queryString;
     }
 
     private HttpResponse expectedResponse(int statusCode, String response) {
@@ -196,6 +187,7 @@ void managedIdentityTest_DifferentScopes_RequestsNewToken(ManagedIdentitySourceT
                         .build()).get();
 
         assertNotNull(result.accessToken());
+        // TODO: Assert token source to check the token source is IDP and not Cache.
     }
 
     @ParameterizedTest
