Merge branch 'main' of https://github.com/AzureAD/microsoft-authentication-library-for-java into main

# Conflicts:
#	README.md
#	changelog.txt
#	msal4j-brokers/pom.xml
#	msal4j-sdk/README.md
#	msal4j-sdk/bnd.bnd
#	msal4j-sdk/pom.xml
#	src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java
#	src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java
#	src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java
#	src/samples/msal-b2c-web-sample/pom.xml
#	src/samples/msal-obo-sample/pom.xml
#	src/samples/msal-web-sample/pom.xml

Author: Avery-Dunn

.github/workflows/codeql.yml

@@ -21,15 +21,15 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v1
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below).
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -43,4 +43,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v1

msal4j-sdk/.gitignore renamed to .gitignore

@@ -20,7 +20,7 @@
 *.rar
 
 # Intellij
-../.idea/
+.idea/
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*

msal4j-sdk/changelog.txt renamed to changelog.txt

@@ -206,12 +206,12 @@ private void assertAcquireTokenInstanceAware(User user) {
         Assert.assertEquals(result.account().environment(), cachedResult.environment());
     }
 
-    //@Test
+    @Test
     public void acquireTokensInHomeAndGuestClouds_ArlingtonAccount() throws MalformedURLException, ExecutionException, InterruptedException {
         acquireTokensInHomeAndGuestClouds(AzureEnvironment.AZURE_US_GOVERNMENT);
     }
 
-    //@Test
+    @Test
     public void acquireTokensInHomeAndGuestClouds_MooncakeAccount() throws MalformedURLException, ExecutionException, InterruptedException {
         acquireTokensInHomeAndGuestClouds(AzureEnvironment.AZURE_CHINA);
     }

msal4j-sdk/contributing.md renamed to contributing.md

@@ -6,9 +6,6 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
 
-/** Disclaimer - This  class is meant to be used by the Azure SDK team only.
- *  Any other teams are discouraged from using this class to prevent any side effects.
- */
 class AcquireTokenByAppProviderSupplier extends AuthenticationResultSupplier {
 
     private static final int TWO_HOURS = 2*3600;
@@ -68,16 +65,9 @@ AuthenticationResult execute() throws Exception {
 
     public AuthenticationResult fetchTokenUsingAppTokenProvider(AppTokenProviderParameters appTokenProviderParameters) throws ExecutionException, InterruptedException {
 
-        TokenProviderResult tokenProviderResult;
+        CompletableFuture<TokenProviderResult> completableFuture = this.clientCredentialRequest.appTokenProvider.apply(appTokenProviderParameters);
 
-        try{
-
-            CompletableFuture<TokenProviderResult> completableFuture = this.clientCredentialRequest.appTokenProvider.apply(appTokenProviderParameters);
-            tokenProviderResult = completableFuture.get();
-
-        } catch (Exception ex){
-            throw new MsalAzureSDKException(ex);
-        }
+        TokenProviderResult tokenProviderResult = completableFuture.get();
 
         validateAndUpdateTokenProviderResult(tokenProviderResult);
 
@@ -88,5 +78,6 @@ public AuthenticationResult fetchTokenUsingAppTokenProvider(AppTokenProviderPara
                 .expiresOn(tokenProviderResult.getExpiresInSeconds())
                 .refreshOn(tokenProviderResult.getRefreshInSeconds())
                 .build();
+
     }
 }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java

@@ -115,9 +115,4 @@ public class AuthenticationErrorCode {
      * A JWT parsing failure, indicating the JWT provided to MSAL is of invalid format.
      */
     public final static String INVALID_JWT = "invalid_jwt";
-    /**
-     * Indicates that a Broker implementation is missing from the device, such as when an app developer
-     * does not include one of our broker packages as a dependency in their project, or otherwise cannot
-     * be accessed by MSAL Java*/
-    public final static String MISSING_BROKER = "missing_broker";
 }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalAzureSDKException.java

@@ -4,14 +4,16 @@
 package com.microsoft.aad.msal4j;
 
 
+import java.nio.charset.StandardCharsets;
 import java.net.MalformedURLException;
+import java.util.Base64;
+
+import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Base64;
 import java.util.concurrent.CompletionException;
 import java.util.function.Supplier;
 
@@ -112,8 +114,8 @@ private void logResult(AuthenticationResult result, HttpHeaders headers) {
                         .refreshToken());
                 if (clientApplication.logPii()) {
                     clientApplication.log.debug(LogHelper.createMessage(String.format(
-                                    "Access Token with hash '%s' and Refresh Token with hash '%s' returned",
-                                    accessTokenHash, refreshTokenHash),
+                            "Access Token with hash '%s' and Refresh Token with hash '%s' returned",
+                            accessTokenHash, refreshTokenHash),
                             headers.getHeaderCorrelationIdValue()));
                 } else {
                     clientApplication.log.debug(
@@ -124,7 +126,7 @@ private void logResult(AuthenticationResult result, HttpHeaders headers) {
             } else {
                 if (clientApplication.logPii()) {
                     clientApplication.log.debug(LogHelper.createMessage(String.format(
-                                    "Access Token with hash '%s' returned", accessTokenHash),
+                            "Access Token with hash '%s' returned", accessTokenHash),
                             headers.getHeaderCorrelationIdValue()));
                 } else {
                     clientApplication.log.debug(LogHelper.createMessage(
@@ -147,9 +149,6 @@ private void logException(Exception ex) {
                 clientApplication.log.debug(logMessage, ex);
                 return;
             }
-        } else if (ex instanceof MsalAzureSDKException) {
-            clientApplication.log.debug(ex.getMessage(), ex);
-            return;
         }
 
         clientApplication.log.error(logMessage, ex);
@@ -164,7 +163,11 @@ private ApiEvent initializeApiEvent(MsalRequest msalRequest) {
         apiEvent.setRequestId(msalRequest.requestContext().telemetryRequestId());
         apiEvent.setWasSuccessful(false);
 
-        apiEvent.setIsConfidentialClient(clientApplication instanceof ConfidentialClientApplication);
+        if (clientApplication instanceof ConfidentialClientApplication) {
+            apiEvent.setIsConfidentialClient(true);
+        } else {
+            apiEvent.setIsConfidentialClient(false);
+        }
 
         try {
             Authority authenticationAuthority = clientApplication.authenticationAuthority;

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificatePkcs12Test.java

@@ -3,9 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import lombok.Getter;
-import lombok.experimental.Accessors;
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
@@ -22,11 +19,10 @@
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Base64;
-import java.util.Enumeration;
-import java.util.List;
+import java.util.*;
+
+import lombok.Getter;
+import lombok.experimental.Accessors;
 
 final class ClientCertificate implements IClientCertificate {
 
@@ -101,7 +97,14 @@ static ClientCertificate create(InputStream pkcs12Certificate, String password)
         final KeyStore keystore = KeyStore.getInstance("PKCS12");
         keystore.load(pkcs12Certificate, password.toCharArray());
 
-        String alias = getPrivateKeyAlias(keystore);
+        final Enumeration<String> aliases = keystore.aliases();
+        if (!aliases.hasMoreElements()) {
+            throw new IllegalArgumentException("certificate not loaded from input stream");
+        }
+        String alias = aliases.nextElement();
+        if (aliases.hasMoreElements()) {
+            throw new IllegalArgumentException("more than one certificate alias found in input stream");
+        }
 
         ArrayList<X509Certificate> publicKeyCertificateChain = new ArrayList<>();
         PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, password.toCharArray());
@@ -120,26 +123,6 @@ static ClientCertificate create(InputStream pkcs12Certificate, String password)
         return new ClientCertificate(privateKey, publicKeyCertificateChain);
     }
 
-    static String getPrivateKeyAlias(KeyStore keystore) throws KeyStoreException {
-        String alias = null;
-        final Enumeration<String> aliases = keystore.aliases();
-        while (aliases.hasMoreElements()) {
-            String currentAlias = aliases.nextElement();
-            if (keystore.entryInstanceOf(currentAlias, KeyStore.PrivateKeyEntry.class)) {
-                if (alias != null) {
-                    throw new IllegalArgumentException("more than one certificate alias found in input stream");
-                }
-                alias = currentAlias;
-            }
-        }
-
-        if (alias == null) {
-            throw new IllegalArgumentException("certificate not loaded from input stream");
-        }
-
-        return alias;
-    }
-
     static ClientCertificate create(final PrivateKey key, final X509Certificate publicKeyCertificate) {
         return new ClientCertificate(key, Arrays.asList(publicKeyCertificate));
     }

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java renamed to src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java

@@ -3,6 +3,8 @@
 
 package com.microsoft.aad.msal4j;
 
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.oauth2.sdk.ParseException;
 import com.nimbusds.oauth2.sdk.http.HTTPResponse;
 import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
@@ -24,6 +26,9 @@
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Paths;
+import java.sql.Time;
+import java.time.Duration;
+import java.time.Instant;
 import java.util.*;
 
 import static com.microsoft.aad.msal4j.Constants.POINT_DELIMITER;