Skip to content

Commit 8312b07

Browse files
Copilotrujche
andcommitted
Add tests for bearer token authentication and fix checkstyle issues
Co-authored-by: rujche <171773178+rujche@users.noreply.github.com>
1 parent c094cd3 commit 8312b07

2 files changed

Lines changed: 69 additions & 2 deletions

File tree

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/KeyVaultClient.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ public class KeyVaultClient {
9292
/**
9393
* Stores the provided access token.
9494
*/
95-
private String providedAccessToken;
95+
private final String providedAccessToken;
9696

9797
/**
9898
* Stores the token.
@@ -138,7 +138,8 @@ public KeyVaultClient(String keyVaultUri, String tenantId, String clientId, Stri
138138
*/
139139
public KeyVaultClient(String keyVaultUri, String tenantId, String clientId, String clientSecret,
140140
String managedIdentity, boolean disableChallengeResourceVerification) {
141-
this(keyVaultUri, tenantId, clientId, clientSecret, managedIdentity, null, disableChallengeResourceVerification);
141+
this(keyVaultUri, tenantId, clientId, clientSecret, managedIdentity, null,
142+
disableChallengeResourceVerification);
142143
}
143144

144145
/**

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/implementation/KeyVaultClientTest.java

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -205,4 +205,70 @@ public void testCacheTokenExpired() {
205205
tokenUtilMockedStatic.verify(() -> AccessTokenUtil.getAccessToken(anyString(), anyString()), times(2));
206206
}
207207
}
208+
209+
@Test
210+
public void testAccessTokenAuthentication() {
211+
try (MockedStatic<HttpUtil> httpUtilMockedStatic = Mockito.mockStatic(HttpUtil.class)) {
212+
httpUtilMockedStatic.when(() -> HttpUtil.validateUri(anyString(), anyString())).thenCallRealMethod();
213+
httpUtilMockedStatic.when(() -> HttpUtil.addTrailingSlashIfRequired(anyString())).thenCallRealMethod();
214+
215+
CertificateItem fakeCertificateItem = new CertificateItem();
216+
fakeCertificateItem.setId("certificates/fakeCertificateItem");
217+
218+
CertificateListResult certificateListResult = new CertificateListResult();
219+
certificateListResult.setValue(Arrays.asList(fakeCertificateItem));
220+
221+
String certificateListResultString = JsonConverterUtil.toJson(certificateListResult);
222+
httpUtilMockedStatic.when(() -> HttpUtil.get(anyString(), anyMap()))
223+
.thenReturn(certificateListResultString);
224+
225+
// Create client with access token
226+
String testAccessToken = "test-bearer-token-12345";
227+
KeyVaultClient keyVaultClient
228+
= new KeyVaultClient(KEY_VAULT_TEST_URI_GLOBAL, null, null, null, null, testAccessToken, false);
229+
230+
List<String> result = keyVaultClient.getAliases();
231+
232+
// Verify that the access token was used
233+
assertEquals(1, result.size());
234+
assertTrue(result.contains("fakeCertificateItem"));
235+
}
236+
}
237+
238+
@Test
239+
public void testAuthenticationPriority() {
240+
try (MockedStatic<HttpUtil> httpUtilMockedStatic = Mockito.mockStatic(HttpUtil.class);
241+
MockedStatic<AccessTokenUtil> tokenUtilMockedStatic = Mockito.mockStatic(AccessTokenUtil.class)) {
242+
243+
httpUtilMockedStatic.when(() -> HttpUtil.validateUri(anyString(), anyString())).thenCallRealMethod();
244+
httpUtilMockedStatic.when(() -> HttpUtil.addTrailingSlashIfRequired(anyString())).thenCallRealMethod();
245+
246+
AccessToken accessToken = new AccessToken("fake-token", 3600);
247+
tokenUtilMockedStatic.when(() -> AccessTokenUtil.getAccessToken(anyString(), anyString()))
248+
.thenReturn(accessToken);
249+
250+
CertificateItem fakeCertificateItem = new CertificateItem();
251+
fakeCertificateItem.setId("certificates/fakeCertificateItem");
252+
253+
CertificateListResult certificateListResult = new CertificateListResult();
254+
certificateListResult.setValue(Arrays.asList(fakeCertificateItem));
255+
256+
String certificateListResultString = JsonConverterUtil.toJson(certificateListResult);
257+
httpUtilMockedStatic.when(() -> HttpUtil.get(anyString(), anyMap()))
258+
.thenReturn(certificateListResultString);
259+
260+
// Test 1: Managed Identity should take priority over access token
261+
KeyVaultClient client1
262+
= new KeyVaultClient(KEY_VAULT_TEST_URI_GLOBAL, null, null, null, "managed-id", "bearer-token", false);
263+
client1.getAliases();
264+
tokenUtilMockedStatic.verify(() -> AccessTokenUtil.getAccessToken(anyString(), eq("managed-id")), times(1));
265+
266+
// Test 2: Access token should be used when managed identity is not set
267+
KeyVaultClient client2
268+
= new KeyVaultClient(KEY_VAULT_TEST_URI_GLOBAL, null, null, null, null, "bearer-token", false);
269+
List<String> result = client2.getAliases();
270+
assertEquals(1, result.size());
271+
assertTrue(result.contains("fakeCertificateItem"));
272+
}
273+
}
208274
}

0 commit comments

Comments
 (0)