Address comments

Author: neha-bhargava

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppServiceManagedIdentitySource.java

@@ -10,8 +10,6 @@
 import java.net.URISyntaxException;
 import java.util.Collections;
 import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
 
 class AppServiceManagedIdentitySource extends AbstractManagedIdentitySource{
 
@@ -20,25 +18,22 @@ class AppServiceManagedIdentitySource extends AbstractManagedIdentitySource{
     // MSI Constants. Docs for MSI are available here https://docs.microsoft.com/azure/app-service/overview-managed-identity
     private static final String APP_SERVICE_MSI_API_VERSION = "2019-08-01";
     private static final String SECRET_HEADER_NAME = "X-IDENTITY-HEADER";
-    private static URI endpointUri;
 
-    private URI endpoint;
-    private String secret;
+    private final URI MSI_ENDPOINT;
+    private final String SECRET;
 
     @Override
     public void createManagedIdentityRequest(String resource) {
-        managedIdentityRequest.baseEndpoint = endpoint;
+        managedIdentityRequest.baseEndpoint = MSI_ENDPOINT;
         managedIdentityRequest.method = HttpMethod.GET;
 
         managedIdentityRequest.headers = new HashMap<>();
-        managedIdentityRequest.headers.put(SECRET_HEADER_NAME, secret);
+        managedIdentityRequest.headers.put(SECRET_HEADER_NAME, SECRET);
 
         managedIdentityRequest.queryParameters = new HashMap<>();
         managedIdentityRequest.queryParameters.put("api-version", Collections.singletonList(APP_SERVICE_MSI_API_VERSION));
         managedIdentityRequest.queryParameters.put("resource", Collections.singletonList(resource));
 
-        String clientId = getManagedIdentityUserAssignedClientId();
-        String resourceId = getManagedIdentityUserAssignedResourceId();
         if (!StringHelper.isNullOrBlank(getManagedIdentityUserAssignedClientId()))
         {
             LOG.info("[Managed Identity] Adding user assigned client id to the request.");
@@ -52,35 +47,34 @@ public void createManagedIdentityRequest(String resource) {
         }
     }
 
-    private AppServiceManagedIdentitySource(MsalRequest msalRequest, ServiceBundle serviceBundle, URI endpoint, String secret)
+    private AppServiceManagedIdentitySource(MsalRequest msalRequest, ServiceBundle serviceBundle, URI msiEndpoint, String secret)
     {
         super(msalRequest, serviceBundle, ManagedIdentitySourceType.AppService);
-        this.endpoint = endpoint;
-        this.secret = secret;
+        this.MSI_ENDPOINT = msiEndpoint;
+        this.SECRET = secret;
     }
 
-    protected static AbstractManagedIdentitySource create(MsalRequest msalRequest, ServiceBundle serviceBundle) {
+    static AbstractManagedIdentitySource create(MsalRequest msalRequest, ServiceBundle serviceBundle) {
 
         IEnvironmentVariables environmentVariables = getEnvironmentVariables((ManagedIdentityParameters) msalRequest.requestContext().apiParameters());
         String msiSecret = environmentVariables.getEnvironmentVariable(Constants.IDENTITY_HEADER);
         String msiEndpoint = environmentVariables.getEnvironmentVariable(Constants.IDENTITY_ENDPOINT);
 
-        return validateEnvironmentVariables(msiEndpoint, msiSecret)
-                ? new AppServiceManagedIdentitySource(msalRequest, serviceBundle, endpointUri, msiSecret)
-                : null;
+        URI validatedEndpoint = validateAndGetUri(msiEndpoint, msiSecret);
+        return validatedEndpoint == null ? null
+                : new AppServiceManagedIdentitySource(msalRequest, serviceBundle, validatedEndpoint, msiSecret);
     }
 
-    private static boolean validateEnvironmentVariables(String msiEndpoint, String secret)
+    private static URI validateAndGetUri(String msiEndpoint, String secret)
     {
-        endpointUri = null;
-
         // if BOTH the env vars endpoint and secret values are null, this MSI provider is unavailable.
         if (StringHelper.isNullOrBlank(msiEndpoint) || StringHelper.isNullOrBlank(secret))
         {
             LOG.info("[Managed Identity] App service managed identity is unavailable.");
-            return false;
+            return null;
         }
 
+        URI endpointUri;
         try
         {
             endpointUri = new URI(msiEndpoint);
@@ -93,7 +87,7 @@ private static boolean validateEnvironmentVariables(String msiEndpoint, String s
         }
 
         LOG.info("[Managed Identity] Environment variables validation passed for app service managed identity. Endpoint URI: {endpointUri}. Creating App Service managed identity.");
-        return true;
+        return endpointUri;
     }
 
 }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CloudShellManagedIdentitySource.java

@@ -3,7 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.nimbusds.oauth2.sdk.util.URLUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -16,14 +15,11 @@ class CloudShellManagedIdentitySource extends AbstractManagedIdentitySource{
 
     private static final Logger LOG = LoggerFactory.getLogger(CloudShellManagedIdentitySource.class);
 
-    // MSI Constants. Docs for MSI are available here https://learn.microsoft.com/en-us/azure/cloud-shell/msi-authorization
-    private static URI endpointUri;
-
-    private URI endpoint;
+    private final URI MSI_ENDPOINT;
 
     @Override
     public void createManagedIdentityRequest(String resource) {
-        managedIdentityRequest.baseEndpoint = endpoint;
+        managedIdentityRequest.baseEndpoint = MSI_ENDPOINT;
         managedIdentityRequest.method = HttpMethod.POST;
 
         managedIdentityRequest.headers = new HashMap<>();
@@ -34,10 +30,10 @@ public void createManagedIdentityRequest(String resource) {
         managedIdentityRequest.bodyParameters.put("resource", Collections.singletonList(resource));
     }
 
-    private CloudShellManagedIdentitySource(MsalRequest msalRequest, ServiceBundle serviceBundle, URI endpoint)
+    private CloudShellManagedIdentitySource(MsalRequest msalRequest, ServiceBundle serviceBundle, URI msiEndpoint)
     {
         super(msalRequest, serviceBundle, ManagedIdentitySourceType.CloudShell);
-        this.endpoint = endpoint;
+        this.MSI_ENDPOINT = msiEndpoint;
 
         ManagedIdentityIdType idType =
                 ((ManagedIdentityApplication) msalRequest.application()).getManagedIdentityId().getIdType();
@@ -48,7 +44,7 @@ private CloudShellManagedIdentitySource(MsalRequest msalRequest, ServiceBundle s
         }
     }
 
-    protected static AbstractManagedIdentitySource create(MsalRequest msalRequest, ServiceBundle serviceBundle) {
+    static AbstractManagedIdentitySource create(MsalRequest msalRequest, ServiceBundle serviceBundle) {
 
         IEnvironmentVariables environmentVariables = getEnvironmentVariables((ManagedIdentityParameters) msalRequest.requestContext().apiParameters());
         String msiEndpoint = environmentVariables.getEnvironmentVariable(Constants.MSI_ENDPOINT);
@@ -61,14 +57,14 @@ protected static AbstractManagedIdentitySource create(MsalRequest msalRequest, S
             return null;
         }
 
-        return validateEnvironmentVariables(msiEndpoint)
-                ? new CloudShellManagedIdentitySource(msalRequest, serviceBundle, endpointUri)
-                : null;
+        URI validatedUri = validateAndGetUri(msiEndpoint);
+        return validatedUri == null ? null
+                : new CloudShellManagedIdentitySource(msalRequest, serviceBundle, validatedUri);
     }
 
-    private static boolean validateEnvironmentVariables(String msiEndpoint)
+    private static URI validateAndGetUri(String msiEndpoint)
     {
-        endpointUri = null;
+        URI endpointUri = null;
 
         try
         {
@@ -82,7 +78,7 @@ private static boolean validateEnvironmentVariables(String msiEndpoint)
         }
 
         LOG.info("[Managed Identity] Environment variables validation passed for cloud shell managed identity. Endpoint URI: " + endpointUri + ". Creating cloud shell managed identity.");
-        return true;
+        return endpointUri;
     }
 
 }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IMDSManagedIdentitySource.java

@@ -26,12 +26,8 @@ class IMDSManagedIdentitySource extends AbstractManagedIdentitySource{
         }
     }
 
-    private String imdsTokenPath = "/metadata/identity/oauth2/token";
-    private String imdsApiVersion = "2018-02-01";
-    private static String defaultMessage = "[Managed Identity] Service request failed.";
-
-    private static String identityUnavailableError = "[Managed Identity] Authentication unavailable. The requested identity has not been assigned to this resource.";
-    private static String gatewayError = "[Managed Identity] Authentication unavailable. The request failed due to a gateway error.";
+    private static final String IMDS_TOKEN_PATH = "/metadata/identity/oauth2/token";
+    private static final String IMDS_API_VERSION = "2018-02-01";
 
     private URI imdsEndpoint;
 
@@ -51,7 +47,7 @@ public IMDSManagedIdentitySource(MsalRequest msalRequest,
             }
 
             StringBuilder builder = new StringBuilder(environmentVariables.getEnvironmentVariable(Constants.AZURE_POD_IDENTITY_AUTHORITY_HOST));
-            builder.append("/" + imdsTokenPath);
+            builder.append("/" + IMDS_TOKEN_PATH);
             try {
                 imdsEndpoint = new URI(builder.toString());
             } catch (URISyntaxException e) {
@@ -81,7 +77,7 @@ public void createManagedIdentityRequest(String resource) {
         managedIdentityRequest.headers.put("Metadata", "true");
 
         managedIdentityRequest.queryParameters = new HashMap<>();
-        managedIdentityRequest.queryParameters.put("api-version", Collections.singletonList(imdsApiVersion));
+        managedIdentityRequest.queryParameters.put("api-version", Collections.singletonList(IMDS_API_VERSION));
         managedIdentityRequest.queryParameters.put("resource", Collections.singletonList(resource));
 
         String clientId = getManagedIdentityUserAssignedClientId();
@@ -108,10 +104,10 @@ public ManagedIdentityResponse handleResponse(
         String baseMessage;
 
         if(response.statusCode()== HttpURLConnection.HTTP_BAD_REQUEST){
-            baseMessage = identityUnavailableError;
+            baseMessage = MsalErrorMessage.IDENTITY_UNAVAILABLE_ERROR;
         }else if(response.statusCode()== HttpURLConnection.HTTP_BAD_GATEWAY ||
                 response.statusCode()== HttpURLConnection.HTTP_GATEWAY_TIMEOUT){
-            baseMessage = gatewayError;
+            baseMessage = MsalErrorMessage.GATEWAY_ERROR;
         }else{
             baseMessage = null;
         }
@@ -125,7 +121,7 @@ public ManagedIdentityResponse handleResponse(
             message = message + " " + errorContentMessage;
 
             LOG.error(String.format("Error message: %s Http status code: %s"), message, response.statusCode());
-            throw new MsalManagedIdentityException("managed_identity_request_failed", message,
+            throw new MsalManagedIdentityException(MsalError.MANAGED_IDENTITY_REQUEST_FAILED, message,
                     ManagedIdentitySourceType.Imds);
         }
 
@@ -137,7 +133,7 @@ private static String createRequestFailedMessage(IHttpResponse response, String
     {
         StringBuilder messageBuilder = new StringBuilder();
 
-        messageBuilder.append(StringHelper.isNullOrBlank(message) ? defaultMessage : message);
+        messageBuilder.append(StringHelper.isNullOrBlank(message) ? MsalErrorMessage.DEFAULT_MESSAGE : message);
         messageBuilder.append("Status: ");
         messageBuilder.append(response.statusCode());
 

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalErrorMessage.java

@@ -18,4 +18,9 @@ class MsalErrorMessage {
     public static final String MANAGED_IDENTITY_USER_ASSIGNED_NOT_SUPPORTED = "[Managed Identity] User assigned identity is not supported by the %s Managed Identity. To authenticate with the system assigned identity use ManagedIdentityApplication.builder(ManagedIdentityId.systemAssigned()).build().";
 
     public static final String SCOPES_REQUIRED = "At least one scope needs to be requested for this authentication flow. ";
+
+    public static final String DEFAULT_MESSAGE = "[Managed Identity] Service request failed.";
+
+    public static final String IDENTITY_UNAVAILABLE_ERROR = "[Managed Identity] Authentication unavailable. The requested identity has not been assigned to this resource.";
+    public static final String GATEWAY_ERROR = "[Managed Identity] Authentication unavailable. The request failed due to a gateway error.";
 }

msal4j-sdk/src/samples/msi-sample-jar/pom.xml

@@ -26,7 +26,7 @@
                         <manifest>
                             <addClasspath>true</addClasspath>
                             <classpathPrefix>lib/</classpathPrefix>
-                            <mainClass>com.microsoft.msi.App</mainClass>
+                            <mainClass>com.microsoft.msi.MsiTestApp</mainClass>
                         </manifest>
                     </archive>
                 </configuration>
@@ -38,7 +38,7 @@
                         <manifest>
                             <addClasspath>true</addClasspath>
                             <classpathPrefix>lib/</classpathPrefix>
-                            <mainClass>com.microsoft.msi.App</mainClass>
+                            <mainClass>com.microsoft.msi.MsiTestApp</mainClass>
                         </manifest>
                     </archive>
                     <descriptorRefs>

msal4j-sdk/src/samples/msi-sample-jar/src/main/java/com/microsoft/msi/App.java renamed to msal4j-sdk/src/samples/msi-sample-jar/src/main/java/com/microsoft/msi/MsiTestApp.java

@@ -16,15 +16,14 @@
  * To create a jar run mvn install -Dmaven.test.skip=true for msal4j pom and then msi-sample-jar pom.
  * Copy the jar with dependencies and run on a VM or cloud shell using java -jar msi-sample-jar-1.0.1-jar-with-dependencies.jar
  */
-public class App 
+public class MsiTestApp
 {
     public static void main( String[] args ) throws IOException {
-        String response;
         String resource = "https://management.azure.com";
         int option = 1;
         BufferedReader reader = new BufferedReader(
                 new InputStreamReader(System.in));
-        final Logger logger = LoggerFactory.getLogger(App.class);
+        final Logger logger = LoggerFactory.getLogger(MsiTestApp.class);
 
         while (option != 0) {
             System.out.println("Enter one of the following options to create a managed identity application:");