Fix after manual testing

Author: neha-bhargava

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AzureArcManagedIdentitySource.java

@@ -6,9 +6,15 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.FileReader;
+import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.Collections;
 import java.util.HashMap;
 
@@ -82,31 +88,36 @@ public void createManagedIdentityRequest(String resource)
     @Override
     public ManagedIdentityResponse handleResponse(
             ManagedIdentityParameters parameters,
-            IHttpResponse response)
-    {
+            IHttpResponse response) {
+
         LOG.info("[Managed Identity] Response received. Status code: {response.StatusCode}");
 
-        if (response.statusCode() == HttpURLConnection.HTTP_UNAUTHORIZED)
-        {
-            if(!response.headers().containsKey("WWW-Authenticate")){
+        if (response.statusCode() == HttpURLConnection.HTTP_UNAUTHORIZED) {
+            if(!response.headers().containsKey("Www-Authenticate")) {
                 LOG.error("[Managed Identity] WWW-Authenticate header is expected but not found.");
                 throw new MsalManagedIdentityException(MsalError.MANAGED_IDENTITY_REQUEST_FAILED,
                         MsalErrorMessage.MANAGED_IDENTITY_NO_CHALLENGE_ERROR,
                         ManagedIdentitySourceType.AZURE_ARC);
             }
 
-            String challenge = response.headers().get("WWW-Authenticate").get(0);
+            String challenge = response.headers().get("Www-Authenticate").get(0);
             String[] splitChallenge = challenge.split("=");
 
-            if (splitChallenge.length != 2)
-            {
+            if (splitChallenge.length != 2) {
                 LOG.error("[Managed Identity] The WWW-Authenticate header for Azure arc managed identity is not an expected format.");
                 throw new MsalManagedIdentityException(MsalError.MANAGED_IDENTITY_REQUEST_FAILED,
                         MsalErrorMessage.MANAGED_IDENTITY_INVALID_CHALLENGE,
                         ManagedIdentitySourceType.AZURE_ARC);
             }
 
-            String authHeaderValue = "Basic " + splitChallenge[1];
+            Path path = Paths.get(splitChallenge[1]);
+
+            String authHeaderValue = null;
+            try {
+                authHeaderValue = "Basic " + new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
+            } catch (IOException e) {
+                throw new MsalManagedIdentityException(MsalError.MANAGED_IDENTITY_FILE_READ_ERROR, e.getMessage(), ManagedIdentitySourceType.AZURE_ARC);
+            }
 
             createManagedIdentityRequest(parameters.resource);
 

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalError.java

@@ -32,4 +32,6 @@ public class MsalError {
      * Managed Identity endpoint is not reachable.
      */
     public static final String MANAGED_IDENTITY_UNREACHABLE_NETWORK = "managed_identity_unreachable_network";
+
+    public static final String MANAGED_IDENTITY_FILE_READ_ERROR = "managed_identity_file_read_error";
 }

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java

@@ -15,6 +15,9 @@
 import org.mockito.junit.jupiter.MockitoExtension;
 
 import java.net.SocketException;
+import java.net.URISyntaxException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Collections;
@@ -508,4 +511,38 @@ void azureArcManagedIdentity_InvalidAuthHeader() throws Exception {
         fail("MsalManagedIdentityException is expected but not thrown.");
         verify(httpClientMock, times(1)).send(any());
     }
+
+    @Test
+    void azureArcManagedIdentityAuthheaderTest() throws Exception {
+        Path path = Paths.get(this.getClass().getResource("/msi-azure-arc-secret.txt").toURI());
+        IEnvironmentVariables environmentVariables = new EnvironmentVariablesHelper(ManagedIdentitySourceType.AZURE_ARC, azureArcEndpoint);
+        DefaultHttpClient httpClientMock = mock(DefaultHttpClient.class);
+
+        // Mock 401 response that returns www-authenticate header
+        HttpResponse response = new HttpResponse();
+        response.statusCode(HttpStatus.SC_UNAUTHORIZED);
+        response.headers().put("Www-Authenticate", Collections.singletonList("Basic realm=" + path));
+
+        when(httpClientMock.send(eq(expectedRequest(ManagedIdentitySourceType.AZURE_ARC, resource)))).thenReturn(response);
+
+        // Mock the response when Authorization header is sent in request
+        HttpRequest expectedRequest = expectedRequest(ManagedIdentitySourceType.AZURE_ARC, resource);
+        expectedRequest.headers().put("Authorization", "Basic secret");
+        when(httpClientMock.send(eq(expectedRequest))).thenReturn(expectedResponse(200, getSuccessfulResponse(resource)));
+
+        miApp = ManagedIdentityApplication
+                .builder(ManagedIdentityId.systemAssigned())
+                .httpClient(httpClientMock)
+                .build();
+
+        // Clear caching to avoid cross test pollution.
+        miApp.tokenCache().accessTokens.clear();
+
+        IAuthenticationResult result = miApp.acquireTokenForManagedIdentity(
+                ManagedIdentityParameters.builder(resource)
+                        .environmentVariables(environmentVariables)
+                        .build()).get();
+
+        assertNotNull(result.accessToken());
+    }
 }

msal4j-sdk/src/test/resources/msi-azure-arc-secret.txt

@@ -0,0 +1 @@
+secret