Working proof-of-concept

Author: Avery-Dunn

msal4j-sdk/pom.xml

@@ -129,6 +129,16 @@
             <version>2.14.0</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-security-keyvault-certificates</artifactId>
+            <version>4.5.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-identity</artifactId>
+            <version>1.10.0</version>
+        </dependency>
     </dependencies>
 
     <!-- force https -->

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java

@@ -3,10 +3,8 @@
 
 package com.microsoft.aad.msal4j;
 
-import labapi.AppCredentialProvider;
-import labapi.AzureEnvironment;
-import labapi.LabUserProvider;
-import labapi.User;
+import com.microsoft.aad.msal4j.labapi2.KeyVaultSecretsProvider;
+import com.microsoft.aad.msal4j.labapi2.LabServiceApi;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
 import org.junit.jupiter.api.BeforeAll;
@@ -21,21 +19,21 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
 import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
 import java.util.concurrent.Callable;
 
 import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE;
 
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
 class ClientCredentialsIT {
     private IClientCertificate certificate;
-    private LabUserProvider labUserProvider;
+    private KeyVaultSecretsProvider keyVaultSecretsProvider;
+    private LabServiceApi labServiceApi;
 
     @BeforeAll
     void init() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, IOException {
         certificate = CertificateHelper.getClientCertificate();
-        labUserProvider = LabUserProvider.getInstance();
+        keyVaultSecretsProvider = new KeyVaultSecretsProvider();
+        labServiceApi = new LabServiceApi();
     }
 
     @Test
@@ -46,8 +44,7 @@ void acquireTokenClientCredentials_ClientCertificate() throws Exception {
 
     @Test
     void acquireTokenClientCredentials_ClientSecret() throws Exception {
-        AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.AZURE);
-        final String clientId = appProvider.getLabVaultAppId();
+        final String clientId = keyVaultSecretsProvider.getSecretByName("LabVaultAppID").getValue();
         IClientCredential credential = CertificateHelper.getClientCertificate();
 
         assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
@@ -64,28 +61,21 @@ void acquireTokenClientCredentials_ClientAssertion() throws Exception {
         assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
     }
 
-    @Test
-    void acquireTokenClientCredentials_ClientSecret_Ciam() throws Exception {
-
-        User user = labUserProvider.getCiamCudUser();
-        String clientId = user.getAppId();
-
-        AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.CIAM);
-        IClientCredential credential = ClientCredentialFactory.createFromSecret(appProvider.getOboAppPassword());
-
-        ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
-                        clientId, credential).
-                authority("https://" + user.getLabName() + ".ciamlogin.com/").
-                build();
-
-        IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters
-                        .builder(Collections.singleton(TestConstants.DEFAULT_SCOPE))
-                        .build())
-                .get();
-
-        assertNotNull(result);
-        assertNotNull(result.accessToken());
-    }
+//    @Test
+//    void acquireTokenClientCredentials_ClientSecret_Ciam() throws Exception {
+//        User user = LabUserHelper.getCiamUserge(labServiceApi);
+//        String clientId = user.getAppId();
+//
+//        String ciamPassword = keyVaultSecretsProvider.getSecretByName("CiamAppPassword").getValu
+//
+//        IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters
+//                        .builder(Collections.singleton(TestConstants.DEFAULT_SCOPE))
+//                        .build())
+//                .get();
+//
+//        assertNotNull(result);
+//        assertNotNull(result.accessToken());
+//    }
 
     @Test
     void acquireTokenClientCredentials_Certificate_CiamCud() throws Exception {
@@ -132,8 +122,7 @@ void acquireTokenClientCredentials_Callback() throws Exception {
 
     @Test
     void acquireTokenClientCredentials_DefaultCacheLookup() throws Exception {
-        AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.AZURE);
-        final String clientId = appProvider.getLabVaultAppId();
+        final String clientId = keyVaultSecretsProvider.getSecretByName("LabVaultAppID").getValue();
 
         ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
                 clientId, CertificateHelper.getClientCertificate()).

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java

@@ -3,38 +3,28 @@
 
 package com.microsoft.aad.msal4j;
 
-import labapi.*;
+import com.microsoft.aad.msal4j.labapi2.*;
+import com.microsoft.aad.msal4j.labapi2.Config;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
 import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
-import org.junit.jupiter.api.BeforeAll;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
 
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
 class UsernamePasswordIT {
-    private LabUserProvider labUserProvider;
-
     private Config cfg;
 
-    @BeforeAll
-    void setUp() {
-        labUserProvider = LabUserProvider.getInstance();
-    }
-
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
     void acquireTokenWithUsernamePassword_Managed(String environment) throws Exception {
         cfg = new Config(environment);
 
-        User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
-
-        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
+        LabResponse labResponse = LabUserHelper.getDefaultUserAsync(environment).join();
+        assertAcquireTokenCommon(labResponse.getUser(), cfg.organizationsAuthority(), cfg.graphDefaultScope(), labResponse.getApp().getAppId());
     }
 
     @ParameterizedTest
@@ -43,89 +33,73 @@ void acquireTokenWithUsernamePassword_Managed(String environment) throws Excepti
     void acquireTokenWithUsernamePassword_ADFSv2019_Federated(String environment) throws Exception {
         cfg = new Config(environment);
 
-        UserQueryParameters query = new UserQueryParameters();
-        query.parameters.put(UserQueryParameters.AZURE_ENVIRONMENT, cfg.azureEnvironment);
-        query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.ADFS_2019);
-        query.parameters.put(UserQueryParameters.USER_TYPE, UserType.FEDERATED);
+        LabResponse labResponse = LabUserHelper.getDefaultAdfsUserAsync(environment).join();
+        LabUser user = labResponse.getUser();
 
-        User user = labUserProvider.getLabUser(query);
-
-        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), labResponse.getApp().getAppId());
     }
 
     @Test
     @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void acquireTokenWithUsernamePassword_ADFSv2019_OnPrem() throws Exception {
-        UserQueryParameters query = new UserQueryParameters();
-        query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.ADFS_2019);
-        query.parameters.put(UserQueryParameters.USER_TYPE, UserType.ON_PREM);
-
-        User user = labUserProvider.getLabUser(query);
+        LabResponse labResponse = LabUserHelper.getDefaultAdfsUserAsync().join();
+        LabUser user = labResponse.getUser();
 
         assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE, TestConstants.ADFS_APP_ID);
     }
 
-    @ParameterizedTest
-    @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
-    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
-    void acquireTokenWithUsernamePassword_ADFSv4(String environment) throws Exception {
-        cfg = new Config(environment);
-
-        UserQueryParameters query = new UserQueryParameters();
-        query.parameters.put(UserQueryParameters.AZURE_ENVIRONMENT, cfg.azureEnvironment);
-        query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.ADFS_4);
-        query.parameters.put(UserQueryParameters.USER_TYPE, UserType.FEDERATED);
-
-        User user = labUserProvider.getLabUser(query);
-
-        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
-    }
-
-    @Test
-    void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exception {
-        User user = labUserProvider.getDefaultUser();
-
-        assertAcquireTokenCommon(
-                user,
-                TestConstants.COMMON_AUTHORITY_WITH_PORT,
-                TestConstants.GRAPH_DEFAULT_SCOPE,
-                user.getAppId());
-    }
-
-    @Test
-    void acquireTokenWithUsernamePassword_Ciam() throws Exception {
-        Map<String, String> extraQueryParameters = new HashMap<>();
-
-        User user = labUserProvider.getCiamCudUser();
-        PublicClientApplication pca = PublicClientApplication.builder(user.getAppId())
-                .authority("https://" + user.getLabName() + ".ciamlogin.com/")
-                .build();
-
-        IAuthenticationResult result = pca.acquireToken(UserNamePasswordParameters.
-                        builder(Collections.singleton(TestConstants.USER_READ_SCOPE),
-                                user.getUpn(),
-                                user.getPassword().toCharArray())
-                        .extraQueryParameters(extraQueryParameters)
-                        .build())
-                .get();
-
-        IntegrationTestHelper.assertAccessAndIdTokensNotNull(result);
-    }
-
-    private void assertAcquireTokenCommon(User user, String authority, String scope, String appId)
+//    @Test
+//    void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exception {
+//        LabResponse labResponse = LabUserHelper.getDefaultUserAsync().join();
+//        LabUser user = labResponse.getUser();
+//
+//        assertAcquireTokenCommon(
+//                user,
+//                TestConstants.COMMON_AUTHORITY_WITH_PORT,
+//                TestConstants.GRAPH_DEFAULT_SCOPE,
+//                labResponse.getApp().getAppId());
+//    }
+
+//    @Test
+//    void acquireTokenWithUsernamePassword_Ciam() throws Exception {
+//        Map<String, String> extraQueryParameters = new HashMap<>();
+//
+//        UserQuery query = new UserQuery();
+//        query.setUserType(LabServiceParameters.UserType.CLOUD);
+//        query.setAzureEnvironment(LabServiceParameters.AzureEnvironment.AZURE_CIAM);
+//
+//        LabResponse labResponse = LabUserHelper.getLabUserDataAsync(query).join();
+//
+//        LabUser user = labResponse.getUser();        PublicClientApplication pca = PublicClientApplication.builder(user.getAppId())
+//                .authority("https://" + user.getLabName() + ".ciamlogin.com/")
+//                .build();
+//
+//        IAuthenticationResult result = pca.acquireToken(UserNamePasswordParameters.
+//                        builder(Collections.singleton(TestConstants.USER_READ_SCOPE),
+//                                user.getUpn(),
+//                                user.getPassword().toCharArray())
+//                        .extraQueryParameters(extraQueryParameters)
+//                        .build())
+//                .get();
+//
+//        IntegrationTestHelper.assertAccessAndIdTokensNotNull(result);
+//    }
+
+    private void assertAcquireTokenCommon(LabUser user, String authority, String scope, String appId)
             throws Exception {
 
         PublicClientApplication pca = PublicClientApplication.builder(
                 appId).
                 authority(authority).
                 build();
 
+        System.out.println("Scope: " + scope);
+        System.out.println("UPN: " + user.getUpn());
         IAuthenticationResult result = pca.acquireToken(UserNamePasswordParameters.
                 builder(Collections.singleton(scope),
                         user.getUpn(),
                         user.getPassword().toCharArray())
                 .build())
-
                 .get();
 
         IntegrationTestHelper.assertAccessAndIdTokensNotNull(result);
@@ -134,13 +108,11 @@ private void assertAcquireTokenCommon(User user, String authority, String scope,
 
     @Test
     void acquireTokenWithUsernamePassword_B2C_CustomAuthority() throws Exception {
-        UserQueryParameters query = new UserQueryParameters();
-        query.parameters.put(UserQueryParameters.USER_TYPE, UserType.B2C);
-        query.parameters.put(UserQueryParameters.B2C_PROVIDER, B2CProvider.LOCAL);
-        User user = labUserProvider.getLabUser(query);
+        LabResponse labResponse = LabUserHelper.getB2CLocalAccountAsync().join();
+        LabUser user = labResponse.getUser();
 
         PublicClientApplication pca = PublicClientApplication.builder(
-                user.getAppId()).
+                labResponse.getApp().getAppId()).
                 b2cAuthority(TestConstants.B2C_AUTHORITY_ROPC).
                 build();
 
@@ -166,13 +138,11 @@ void acquireTokenWithUsernamePassword_B2C_CustomAuthority() throws Exception {
 
     @Test
     void acquireTokenWithUsernamePassword_B2C_LoginMicrosoftOnline() throws Exception {
-        UserQueryParameters query = new UserQueryParameters();
-        query.parameters.put(UserQueryParameters.USER_TYPE, UserType.B2C);
-        query.parameters.put(UserQueryParameters.B2C_PROVIDER, B2CProvider.LOCAL);
-        User user = labUserProvider.getLabUser(query);
+        LabResponse labResponse = LabUserHelper.getB2CLocalAccountAsync().join();
+        LabUser user = labResponse.getUser();
 
         PublicClientApplication pca = PublicClientApplication.builder(
-                user.getAppId()).
+                labResponse.getApp().getAppId()).
                 b2cAuthority(TestConstants.B2C_MICROSOFTLOGIN_ROPC).
                 build();
 

msal4j-sdk/src/integrationtest/java/com/microsoft/aad/msal4j/labapi2/AppCredentialProvider.java

@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j.labapi2;
+
+public class AppCredentialProvider {
+
+    private String clientId;
+
+    public AppCredentialProvider(String azureEnvironment) {
+
+        switch (azureEnvironment) {
+            case AzureEnvironment.AZURE:
+                clientId = "c0485386-1e9a-4663-bc96-7ab30656de7f";
+
+                break;
+            case AzureEnvironment.AZURE_US_GOVERNMENT:
+                clientId = LabApiConstants.ARLINGTON_APP_ID;
+                break;
+            default:
+                throw new UnsupportedOperationException("Azure Environment - " + azureEnvironment + " unsupported");
+        }
+    }
+
+    public String getAppId() {
+        return clientId;
+    }
+}

msal4j-sdk/src/integrationtest/java/com/microsoft/aad/msal4j/labapi2/AzureEnvironment.java

@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j.labapi2;
+
+public class AzureEnvironment {
+
+    public static final String AZURE = "azurecloud";
+    public static final String AZURE_US_GOVERNMENT = "azureusgovernment";
+}