Skip to content

Commit 484f837

Browse files
committed
Remove AssertionResponse and other code related to future mTLS support
1 parent 43b4514 commit 484f837

5 files changed

Lines changed: 3 additions & 379 deletions

File tree

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AssertionResponse.java

Lines changed: 0 additions & 63 deletions
This file was deleted.

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java

Lines changed: 2 additions & 77 deletions
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,9 @@
1010
final class ClientAssertion implements IClientAssertion {
1111

1212
static final String ASSERTION_TYPE_JWT_BEARER = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
13-
static final String ASSERTION_TYPE_JWT_POP = "urn:ietf:params:oauth:client-assertion-type:jwt-pop";
1413
private final String assertion;
1514
private final Callable<String> assertionProvider;
1615
private final Function<AssertionRequestOptions, String> contextAwareAssertionProvider;
17-
private final Function<AssertionRequestOptions, AssertionResponse> contextAwareResponseProvider;
1816

1917
/**
2018
* Constructor that accepts a static assertion string
@@ -30,7 +28,6 @@ final class ClientAssertion implements IClientAssertion {
3028
this.assertion = assertion;
3129
this.assertionProvider = null;
3230
this.contextAwareAssertionProvider = null;
33-
this.contextAwareResponseProvider = null;
3431
}
3532

3633
/**
@@ -47,7 +44,6 @@ final class ClientAssertion implements IClientAssertion {
4744
this.assertion = null;
4845
this.assertionProvider = assertionProvider;
4946
this.contextAwareAssertionProvider = null;
50-
this.contextAwareResponseProvider = null;
5147
}
5248

5349
/**
@@ -66,27 +62,6 @@ final class ClientAssertion implements IClientAssertion {
6662
this.assertion = null;
6763
this.assertionProvider = null;
6864
this.contextAwareAssertionProvider = contextAwareAssertionProvider;
69-
this.contextAwareResponseProvider = null;
70-
}
71-
72-
/**
73-
* Constructor that accepts a context-aware function returning an {@link AssertionResponse}.
74-
* This allows the callback to supply both the assertion JWT and an optional token-binding
75-
* certificate for mTLS PoP scenarios.
76-
*
77-
* @param contextAwareResponseProvider A function that receives context and returns an AssertionResponse
78-
* @throws NullPointerException if contextAwareResponseProvider is null
79-
*/
80-
ClientAssertion(final Function<AssertionRequestOptions, AssertionResponse> contextAwareResponseProvider,
81-
boolean responseProvider) {
82-
if (contextAwareResponseProvider == null) {
83-
throw new NullPointerException("contextAwareResponseProvider");
84-
}
85-
86-
this.assertion = null;
87-
this.assertionProvider = null;
88-
this.contextAwareAssertionProvider = null;
89-
this.contextAwareResponseProvider = contextAwareResponseProvider;
9065
}
9166

9267
/**
@@ -99,11 +74,6 @@ final class ClientAssertion implements IClientAssertion {
9974
* @throws MsalClientException if the assertion provider returns null/empty or throws an exception
10075
*/
10176
public String assertion() {
102-
if (contextAwareResponseProvider != null) {
103-
AssertionResponse response = assertionResponse(new AssertionRequestOptions(null, null, null));
104-
return response.assertion();
105-
}
106-
10777
if (contextAwareAssertionProvider != null) {
10878
return assertion(new AssertionRequestOptions(null, null, null));
10979
}
@@ -125,11 +95,6 @@ public String assertion() {
12595
* @throws MsalClientException if the assertion provider returns null/empty or throws an exception
12696
*/
12797
String assertion(AssertionRequestOptions options) {
128-
if (contextAwareResponseProvider != null) {
129-
AssertionResponse response = assertionResponse(options);
130-
return response.assertion();
131-
}
132-
13398
if (contextAwareAssertionProvider != null) {
13499
try {
135100
String generatedAssertion = contextAwareAssertionProvider.apply(options);
@@ -153,40 +118,10 @@ String assertion(AssertionRequestOptions options) {
153118
}
154119

155120
/**
156-
* Gets the full AssertionResponse from the context-aware response provider.
157-
* Returns null if this ClientAssertion does not use a response provider.
158-
*
159-
* @param options context information for the assertion request
160-
* @return An AssertionResponse, or null if not using a response provider
161-
* @throws MsalClientException if the provider returns null or throws an exception
162-
*/
163-
AssertionResponse assertionResponse(AssertionRequestOptions options) {
164-
if (contextAwareResponseProvider == null) {
165-
return null;
166-
}
167-
168-
try {
169-
AssertionResponse response = contextAwareResponseProvider.apply(options);
170-
171-
if (response == null || StringHelper.isBlank(response.assertion())) {
172-
throw new MsalClientException(
173-
"Assertion provider returned null or empty assertion",
174-
AuthenticationErrorCode.INVALID_JWT);
175-
}
176-
177-
return response;
178-
} catch (MsalClientException ex) {
179-
throw ex;
180-
} catch (Exception ex) {
181-
throw new MsalClientException(ex);
182-
}
183-
}
184-
185-
/**
186-
* Returns true if this assertion uses a context-aware provider (either string or response).
121+
* Returns true if this assertion uses a context-aware provider.
187122
*/
188123
boolean isContextAware() {
189-
return contextAwareAssertionProvider != null || contextAwareResponseProvider != null;
124+
return contextAwareAssertionProvider != null;
190125
}
191126

192127
private String invokeCallable() {
@@ -216,11 +151,6 @@ public boolean equals(Object o) {
216151

217152
ClientAssertion other = (ClientAssertion) o;
218153

219-
// For context-aware response providers, we consider them equal if they're the same object
220-
if (this.contextAwareResponseProvider != null && other.contextAwareResponseProvider != null) {
221-
return this.contextAwareResponseProvider == other.contextAwareResponseProvider;
222-
}
223-
224154
// For context-aware providers, we consider them equal if they're the same object
225155
if (this.contextAwareAssertionProvider != null && other.contextAwareAssertionProvider != null) {
226156
return this.contextAwareAssertionProvider == other.contextAwareAssertionProvider;
@@ -237,11 +167,6 @@ public boolean equals(Object o) {
237167

238168
@Override
239169
public int hashCode() {
240-
// For context-aware response providers, use the provider's identity hash code
241-
if (contextAwareResponseProvider != null) {
242-
return System.identityHashCode(contextAwareResponseProvider);
243-
}
244-
245170
// For context-aware providers, use the provider's identity hash code
246171
if (contextAwareAssertionProvider != null) {
247172
return System.identityHashCode(contextAwareAssertionProvider);

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java

Lines changed: 0 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -125,29 +125,4 @@ public static IClientAssertion createFromCallback(Function<AssertionRequestOptio
125125

126126
return new ClientAssertion(assertionProvider);
127127
}
128-
129-
/**
130-
* Static method to create a {@link ClientAssertion} instance from a provided Function that
131-
* receives {@link AssertionRequestOptions} context and returns an {@link AssertionResponse}.
132-
* This overload allows the callback to supply both the assertion JWT and an optional
133-
* token-binding certificate for mTLS PoP scenarios.
134-
*
135-
* <p>When the returned {@link AssertionResponse} includes a
136-
* {@link AssertionResponse#tokenBindingCertificate()}, MSAL uses
137-
* {@code client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-pop}
138-
* instead of the default {@code jwt-bearer}.</p>
139-
*
140-
* @param assertionProvider Function that receives {@link AssertionRequestOptions} and produces
141-
* an {@link AssertionResponse} containing the assertion and optional certificate
142-
* @return {@link ClientAssertion} that will invoke the function each time assertion() is called
143-
* @throws NullPointerException if assertionProvider is null
144-
*/
145-
public static IClientAssertion createFromAssertionResponseCallback(
146-
Function<AssertionRequestOptions, AssertionResponse> assertionProvider) {
147-
if (assertionProvider == null) {
148-
throw new NullPointerException("assertionProvider");
149-
}
150-
151-
return new ClientAssertion(assertionProvider, true);
152-
}
153128
}

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java

Lines changed: 1 addition & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -156,13 +156,7 @@ private void addCredentialToRequest(Map<String, String> queryParameters,
156156
tokenEndpoint,
157157
fmiPath);
158158

159-
// Try to get the full AssertionResponse first
160-
AssertionResponse response = clientAssertion.assertionResponse(options);
161-
if (response != null) {
162-
addAssertionResponseParams(queryParameters, response);
163-
} else {
164-
addJWTBearerAssertionParams(queryParameters, clientAssertion.assertion(options));
165-
}
159+
addJWTBearerAssertionParams(queryParameters, clientAssertion.assertion(options));
166160
} else {
167161
addJWTBearerAssertionParams(queryParameters, clientAssertion.assertion());
168162
}
@@ -188,23 +182,6 @@ private void addJWTBearerAssertionParams(Map<String, String> queryParameters, St
188182
queryParameters.put("client_assertion_type", ClientAssertion.ASSERTION_TYPE_JWT_BEARER);
189183
}
190184

191-
/**
192-
* Adds assertion parameters from an AssertionResponse, using jwt-pop assertion type
193-
* when a token-binding certificate is present, or jwt-bearer otherwise.
194-
*
195-
* @param queryParameters The map of query parameters to add to
196-
* @param response The AssertionResponse containing the assertion and optional certificate
197-
*/
198-
private void addAssertionResponseParams(Map<String, String> queryParameters, AssertionResponse response) {
199-
queryParameters.put("client_assertion", response.assertion());
200-
201-
if (response.tokenBindingCertificate() != null) {
202-
queryParameters.put("client_assertion_type", ClientAssertion.ASSERTION_TYPE_JWT_POP);
203-
} else {
204-
queryParameters.put("client_assertion_type", ClientAssertion.ASSERTION_TYPE_JWT_BEARER);
205-
}
206-
}
207-
208185
private AuthenticationResult createAuthenticationResultFromOauthHttpResponse(HttpResponse oauthHttpResponse) {
209186
AuthenticationResult result;
210187

0 commit comments

Comments
 (0)