@@ -205,4 +205,70 @@ public void testCacheTokenExpired() {
205205 tokenUtilMockedStatic .verify (() -> AccessTokenUtil .getAccessToken (anyString (), anyString ()), times (2 ));
206206 }
207207 }
208+
209+ @ Test
210+ public void testAccessTokenAuthentication () {
211+ try (MockedStatic <HttpUtil > httpUtilMockedStatic = Mockito .mockStatic (HttpUtil .class )) {
212+ httpUtilMockedStatic .when (() -> HttpUtil .validateUri (anyString (), anyString ())).thenCallRealMethod ();
213+ httpUtilMockedStatic .when (() -> HttpUtil .addTrailingSlashIfRequired (anyString ())).thenCallRealMethod ();
214+
215+ CertificateItem fakeCertificateItem = new CertificateItem ();
216+ fakeCertificateItem .setId ("certificates/fakeCertificateItem" );
217+
218+ CertificateListResult certificateListResult = new CertificateListResult ();
219+ certificateListResult .setValue (Arrays .asList (fakeCertificateItem ));
220+
221+ String certificateListResultString = JsonConverterUtil .toJson (certificateListResult );
222+ httpUtilMockedStatic .when (() -> HttpUtil .get (anyString (), anyMap ()))
223+ .thenReturn (certificateListResultString );
224+
225+ // Create client with access token
226+ String testAccessToken = "test-bearer-token-12345" ;
227+ KeyVaultClient keyVaultClient
228+ = new KeyVaultClient (KEY_VAULT_TEST_URI_GLOBAL , null , null , null , null , testAccessToken , false );
229+
230+ List <String > result = keyVaultClient .getAliases ();
231+
232+ // Verify that the access token was used
233+ assertEquals (1 , result .size ());
234+ assertTrue (result .contains ("fakeCertificateItem" ));
235+ }
236+ }
237+
238+ @ Test
239+ public void testAuthenticationPriority () {
240+ try (MockedStatic <HttpUtil > httpUtilMockedStatic = Mockito .mockStatic (HttpUtil .class );
241+ MockedStatic <AccessTokenUtil > tokenUtilMockedStatic = Mockito .mockStatic (AccessTokenUtil .class )) {
242+
243+ httpUtilMockedStatic .when (() -> HttpUtil .validateUri (anyString (), anyString ())).thenCallRealMethod ();
244+ httpUtilMockedStatic .when (() -> HttpUtil .addTrailingSlashIfRequired (anyString ())).thenCallRealMethod ();
245+
246+ AccessToken accessToken = new AccessToken ("fake-token" , 3600 );
247+ tokenUtilMockedStatic .when (() -> AccessTokenUtil .getAccessToken (anyString (), anyString ()))
248+ .thenReturn (accessToken );
249+
250+ CertificateItem fakeCertificateItem = new CertificateItem ();
251+ fakeCertificateItem .setId ("certificates/fakeCertificateItem" );
252+
253+ CertificateListResult certificateListResult = new CertificateListResult ();
254+ certificateListResult .setValue (Arrays .asList (fakeCertificateItem ));
255+
256+ String certificateListResultString = JsonConverterUtil .toJson (certificateListResult );
257+ httpUtilMockedStatic .when (() -> HttpUtil .get (anyString (), anyMap ()))
258+ .thenReturn (certificateListResultString );
259+
260+ // Test 1: Managed Identity should take priority over access token
261+ KeyVaultClient client1
262+ = new KeyVaultClient (KEY_VAULT_TEST_URI_GLOBAL , null , null , null , "managed-id" , "bearer-token" , false );
263+ client1 .getAliases ();
264+ tokenUtilMockedStatic .verify (() -> AccessTokenUtil .getAccessToken (anyString (), eq ("managed-id" )), times (1 ));
265+
266+ // Test 2: Access token should be used when managed identity is not set
267+ KeyVaultClient client2
268+ = new KeyVaultClient (KEY_VAULT_TEST_URI_GLOBAL , null , null , null , null , "bearer-token" , false );
269+ List <String > result = client2 .getAliases ();
270+ assertEquals (1 , result .size ());
271+ assertTrue (result .contains ("fakeCertificateItem" ));
272+ }
273+ }
208274}
0 commit comments