diff --git a/src/CsrValidation/java/lib/pom.xml b/src/CsrValidation/java/lib/pom.xml index fac7a62..0798a12 100644 --- a/src/CsrValidation/java/lib/pom.xml +++ b/src/CsrValidation/java/lib/pom.xml @@ -8,7 +8,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.7.0 + 3.13.0 1.7 1.7 @@ -17,7 +17,7 @@ org.codehaus.mojo exec-maven-plugin - 1.3.2 + 3.3.0 None true @@ -26,56 +26,50 @@ - - - com.microsoft.azure - adal4j - 1.6.6 - org.apache.httpcomponents httpclient - 4.5.13 + 4.5.14 com.microsoft.azure msal4j - 1.11.0 + 1.16.0 org.json json - 20230227 + 20240303 org.slf4j slf4j-api - 1.7.5 + 1.7.36 org.slf4j slf4j-simple - 1.6.4 + 1.7.36 test junit junit - 4.13.1 + 4.13.2 test com.google.code.gson gson - 2.8.9 + 2.11.0 org.mockito mockito-core - 2.19.0 + 2.28.2 test diff --git a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/ADALClientWrapper.java b/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/ADALClientWrapper.java deleted file mode 100644 index 86d0616..0000000 --- a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/ADALClientWrapper.java +++ /dev/null @@ -1,147 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// All rights reserved. -// -// This code is licensed under the MIT License. -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files(the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions : -// -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -// THE SOFTWARE. - -package com.microsoft.intune.scepvalidation; - -import java.net.MalformedURLException; -import java.net.Proxy; -import java.util.Properties; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.Future; - -import javax.naming.ServiceUnavailableException; -import javax.net.ssl.SSLSocketFactory; - -import com.microsoft.aad.adal4j.AuthenticationContext; -import com.microsoft.aad.adal4j.AuthenticationResult; -import com.microsoft.aad.adal4j.ClientCredential; - -/** - * Azure Active Directory Authentication Client - */ -public class ADALClientWrapper -{ - - private String authority = "https://login.microsoftonline.com/"; - private ClientCredential credential = null; - private ExecutorService service = null; - private AuthenticationContext context = null; - - /** - * Azure Active Directory Authentication Client - * @param aadTenant - Azure Active Directory tenant - * @param credential - Credential to use for authentication - * @throws IllegalArgumentException - */ - public ADALClientWrapper(String aadTenant, ClientCredential credential, Properties props) throws IllegalArgumentException - { - if(aadTenant == null || aadTenant.isEmpty()) - { - throw new IllegalArgumentException("The argument 'aadTenant' is missing"); - } - - if(credential == null) - { - throw new IllegalArgumentException("The argument 'credential' is missing"); - } - - if(props != null) - { - this.authority = props.getProperty("AUTH_AUTHORITY",this.authority); - } - - this.credential = credential; - this.service = Executors.newFixedThreadPool(1); - - try - { - context = new AuthenticationContext(this.authority + aadTenant, false, service); - } - catch(MalformedURLException e) - { - throw new IllegalArgumentException("AUTH_AUTHORITY parameter was not formatted correctly which resulted in a MalformedURLException", e); - } - } - - /** - * Sets the SSL factory to be used on the HTTP client for authentication. - * @param factory - */ - public void SetSslSocketFactory(SSLSocketFactory factory) throws IllegalArgumentException - { - if(factory == null) - { - throw new IllegalArgumentException("The argument 'factory' is missing."); - } - - this.context.setSslSocketFactory(factory); - } - - /** - * Sets the proxy to be used by the ADAL library for any HTTP or HTTPS calls - * @param proxy - */ - public void SetProxy(Proxy proxy) - { - this.context.setProxy(proxy); - } - - /** - * Gets an access token from AAD for the specified resource using the ClientCredential passed in. - * @param resource Resource to get token for. - * @param credential Credential to use to acquire token. - * @return - * @throws ExecutionException - * @throws IllegalArgumentException - * @throws InterruptedException - * @throws ServiceUnavailableException - */ - public AuthenticationResult getAccessTokenFromCredential(String resource) - throws ServiceUnavailableException, InterruptedException, ExecutionException, IllegalArgumentException - { - if(resource == null || resource.isEmpty()) - { - throw new IllegalArgumentException("The argument 'resource' is missing"); - } - - AuthenticationResult result = null; - - Future future = context.acquireToken(resource, credential, null); - result = future.get(); - - if (result == null) - { - throw new ServiceUnavailableException("Authentication result was null"); - } - - return result; - } - - @Override - public void finalize() - { - service.shutdown(); - } -} \ No newline at end of file diff --git a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneClient.java b/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneClient.java index 1d2336c..b23a922 100644 --- a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneClient.java +++ b/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneClient.java @@ -26,7 +26,6 @@ import java.io.IOException; import java.net.Authenticator; import java.net.InetSocketAddress; -import java.net.MalformedURLException; import java.net.PasswordAuthentication; import java.net.Proxy; import java.net.UnknownHostException; @@ -72,14 +71,11 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.microsoft.aad.adal4j.AuthenticationException; -import com.microsoft.aad.adal4j.AuthenticationResult; -import com.microsoft.aad.adal4j.ClientCredential; import com.microsoft.aad.msal4j.IAuthenticationResult; /** * IntuneClient - A client which can be used to make requests to Intune services. - * This object uses ADAL libraries and tokens for authentication with Intune. + * This object uses MSAL libraries and tokens for authentication with Intune. */ class IntuneClient { @@ -93,10 +89,8 @@ class IntuneClient protected String aadGraphResourceUrl = "https://graph.windows.net/"; protected String intuneTenant; - protected ClientCredential aadCredential; protected MSALClientWrapper msalAuthClient; - protected ADALClientWrapper adalAuthClient; - + protected SSLSocketFactory sslSocketFactory = null; protected HttpClientBuilder httpClientBuilder = null; @@ -116,18 +110,17 @@ class IntuneClient */ public IntuneClient(Properties configProperties) throws IllegalArgumentException { - this(configProperties, null, null, null); + this(configProperties, null, null); } /** * Constructs an IntuneClient object. This is meant to be used for unit tests for dependency injection. * @param configProperties * @param msalAuthClient - * @param adalAuthClient * @param httpClientBuilder * @throws IllegalArgumentException */ - public IntuneClient(Properties configProperties, MSALClientWrapper msalAuthClient, ADALClientWrapper adalAuthClient, HttpClientBuilder httpClientBuilder) throws IllegalArgumentException + public IntuneClient(Properties configProperties, MSALClientWrapper msalAuthClient, HttpClientBuilder httpClientBuilder) throws IllegalArgumentException { if(configProperties == null) { @@ -164,10 +157,7 @@ public IntuneClient(Properties configProperties, MSALClientWrapper msalAuthClien this.msGraphResourceUrl = configProperties.getProperty("MS_GRAPH_RESOURCE_URL", this.msGraphResourceUrl); this.msalAuthClient = msalAuthClient == null ? new MSALClientWrapper(this.intuneTenant, configProperties) : msalAuthClient; - - this.aadCredential = new ClientCredential(azureAppId, azureAppKey); - this.adalAuthClient = adalAuthClient == null ? new ADALClientWrapper(this.intuneTenant, this.aadCredential, configProperties) : adalAuthClient; - + this.httpClientBuilder = httpClientBuilder == null ? this.httpClientBuilder : httpClientBuilder; proxyHost = configProperties.getProperty("PROXY_HOST"); @@ -215,8 +205,7 @@ public void SetSslSocketFactory(SSLSocketFactory factory) throws IllegalArgument this.log.info("Setting SSL Socket Factory"); this.msalAuthClient.SetSslSocketFactory(factory); - this.adalAuthClient.SetSslSocketFactory(factory); - + this.sslSocketFactory = factory; this.httpClientBuilder = HttpClientBuilder.create(); @@ -243,8 +232,7 @@ public void SetSslSocketFactory(SSLSocketFactory factory) throws IllegalArgument * @param json The body of the request. * @param activityId Client generated ID for correlation of this activity * @return JSON response from service - * @throws AuthenticationException - * @throws ExecutionException + * @throws ExecutionException * @throws InterruptedException * @throws ServiceUnavailableException * @throws IOException @@ -252,7 +240,7 @@ public void SetSslSocketFactory(SSLSocketFactory factory) throws IllegalArgument * @throws IllegalArgumentException * @throws IntuneClientException */ - public JSONObject PostRequest(String serviceName, String urlSuffix, String apiVersion, JSONObject json, UUID activityId) throws ServiceUnavailableException, InterruptedException, ExecutionException, ClientProtocolException, IOException, AuthenticationException, IllegalArgumentException, IntuneClientException + public JSONObject PostRequest(String serviceName, String urlSuffix, String apiVersion, JSONObject json, UUID activityId) throws ServiceUnavailableException, InterruptedException, ExecutionException, ClientProtocolException, IOException, IllegalArgumentException, IntuneClientException { return this.PostRequest(serviceName, urlSuffix, apiVersion, json, activityId, null); } @@ -266,8 +254,7 @@ public JSONObject PostRequest(String serviceName, String urlSuffix, String apiVe * @param activityId Client generated ID for correlation of this activity * @param additionalHeaders key value pairs of additional header values to add to the request * @return JSON response from service - * @throws AuthenticationException - * @throws ExecutionException + * @throws ExecutionException * @throws InterruptedException * @throws ServiceUnavailableException * @throws IOException @@ -275,7 +262,7 @@ public JSONObject PostRequest(String serviceName, String urlSuffix, String apiVe * @throws IllegalArgumentException * @throws IntuneClientException */ - public JSONObject PostRequest(String serviceName, String urlSuffix, String apiVersion, JSONObject json, UUID activityId, Map additionalHeaders) throws ServiceUnavailableException, InterruptedException, ExecutionException, ClientProtocolException, IOException, AuthenticationException, IllegalArgumentException, IntuneClientException + public JSONObject PostRequest(String serviceName, String urlSuffix, String apiVersion, JSONObject json, UUID activityId, Map additionalHeaders) throws ServiceUnavailableException, InterruptedException, ExecutionException, ClientProtocolException, IOException, IllegalArgumentException, IntuneClientException { if(serviceName == null || serviceName.isEmpty()) { @@ -352,7 +339,7 @@ public JSONObject PostRequest(String serviceName, String urlSuffix, String apiVe return jsonResult; } - private synchronized String GetServiceEndpoint(String serviceName) throws ServiceUnavailableException, ClientProtocolException, AuthenticationException, InterruptedException, ExecutionException, IOException, IntuneClientException + private synchronized String GetServiceEndpoint(String serviceName) throws ServiceUnavailableException, ClientProtocolException, InterruptedException, ExecutionException, IOException, IntuneClientException { if(serviceName == null || serviceName.isEmpty()) { @@ -384,29 +371,15 @@ private synchronized String GetServiceEndpoint(String serviceName) throws Servic return null; } - private void RefreshServiceMap() throws ServiceUnavailableException, InterruptedException, ExecutionException, ClientProtocolException, IOException, AuthenticationException, IntuneClientException + private void RefreshServiceMap() throws ServiceUnavailableException, InterruptedException, ExecutionException, ClientProtocolException, IOException, IntuneClientException { String graphRequest = ""; String token = ""; - boolean msalFailed = false; Set scopes = new HashSet(); + scopes.add(this.msGraphResourceUrl + ".default"); - try - { - token = this.msalAuthClient.getAccessToken(scopes); - graphRequest = this.msGraphResourceUrl + "v" + this.msGraphVersion + "/servicePrincipals/appId="+ this.intuneAppId + "/endpoints"; - } - catch(Exception e) - { - msalFailed = true; - } - - if(msalFailed) - { - AuthenticationResult authResult = this.adalAuthClient.getAccessTokenFromCredential(this.aadGraphResourceUrl); - token = authResult.getAccessToken(); - graphRequest = this.aadGraphResourceUrl + intuneTenant + "/servicePrincipalsByAppId/" + this.intuneAppId + "/serviceEndpoints?api-version=" + this.aadGraphVersion; - } + token = this.msalAuthClient.getAccessToken(scopes); + graphRequest = this.msGraphResourceUrl + "v" + this.msGraphVersion + "/servicePrincipals/appId="+ this.intuneAppId + "/endpoints"; UUID activityId = UUID.randomUUID(); CloseableHttpClient httpclient = this.getCloseableHttpClient(); @@ -424,7 +397,7 @@ private void RefreshServiceMap() throws ServiceUnavailableException, Interrupted { JSONObject jObj = (JSONObject)obj; - String name = msalFailed ? jObj.getString("serviceName").toLowerCase() : jObj.getString("providerName").toLowerCase(); + String name = jObj.getString("providerName").toLowerCase(); if(!serviceMap.containsKey(name)) { @@ -514,7 +487,6 @@ private void setProxy() { this.log.info("Setting AuthClient ProxyHost:" + proxyHost + " ProxyPort:" + proxyPort); this.msalAuthClient.SetProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort))); - this.adalAuthClient.SetProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort))); if(this.httpClientBuilder == null) { diff --git a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneRevocationClient.java b/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneRevocationClient.java index 7c9fbee..0063860 100644 --- a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneRevocationClient.java +++ b/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneRevocationClient.java @@ -23,10 +23,12 @@ package com.microsoft.intune.scepvalidation; +import java.io.IOException; import java.util.HashMap; import java.util.List; import java.util.Properties; import java.util.UUID; +import java.util.concurrent.ExecutionException; import org.apache.http.impl.client.HttpClientBuilder; import org.json.JSONArray; @@ -39,6 +41,8 @@ import com.microsoft.intune.carequest.CARevocationRequest; import com.microsoft.intune.carequest.CARevocationResult; +import javax.naming.ServiceUnavailableException; + /** * Client to access the retrieve CA Revocation Requests from Intune */ @@ -64,19 +68,19 @@ public class IntuneRevocationClient extends IntuneClient */ public IntuneRevocationClient(Properties configProperties) throws IllegalArgumentException { - this(configProperties, null, null, null); + this(configProperties, null, null); } /** * IntuneScepService Client constructor meant for dependency injection * @param configProperties - * @param adalClient + * @param msalClient * @param httpClientBuilder * @throws IllegalArgumentException */ - public IntuneRevocationClient(Properties configProperties, MSALClientWrapper msalClient, ADALClientWrapper adalClient, HttpClientBuilder httpClientBuilder) throws IllegalArgumentException + public IntuneRevocationClient(Properties configProperties, MSALClientWrapper msalClient, HttpClientBuilder httpClientBuilder) throws IllegalArgumentException { - super(configProperties, msalClient, adalClient, httpClientBuilder); + super(configProperties, msalClient, httpClientBuilder); if(configProperties == null) { @@ -103,7 +107,7 @@ public IntuneRevocationClient(Properties configProperties, MSALClientWrapper msa * @throws IntuneClientException The service reported a failure in processing the notification examine the exception error code. * @throws IllegalArgumentException */ - public List DownloadCARevocationRequests(String transactionId, int maxCARequestsToDownload, String issuerName) throws IntuneScepServiceException, Exception + public List DownloadCARevocationRequests(String transactionId, int maxCARequestsToDownload, String issuerName) throws ServiceUnavailableException, InterruptedException, ExecutionException, IOException, IllegalArgumentException, IntuneClientException { // Validate Parameters if(transactionId == null || transactionId.isEmpty()) diff --git a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneScepServiceClient.java b/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneScepServiceClient.java index 7c1ae60..10654fb 100644 --- a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneScepServiceClient.java +++ b/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/IntuneScepServiceClient.java @@ -59,19 +59,18 @@ public class IntuneScepServiceClient extends IntuneClient */ public IntuneScepServiceClient(Properties configProperties) throws IllegalArgumentException { - this(configProperties, null, null, null); + this(configProperties, null, null); } /** * IntuneScepService Client constructor meant for dependency injection * @param configProperties - * @param adalClient * @param httpClientBuilder * @throws IllegalArgumentException */ - public IntuneScepServiceClient(Properties configProperties, MSALClientWrapper msalClient, ADALClientWrapper adalClient, HttpClientBuilder httpClientBuilder) throws IllegalArgumentException + public IntuneScepServiceClient(Properties configProperties, MSALClientWrapper msalClient, HttpClientBuilder httpClientBuilder) throws IllegalArgumentException { - super(configProperties, msalClient, adalClient, httpClientBuilder); + super(configProperties, msalClient, httpClientBuilder); if(configProperties == null) { diff --git a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/MSALClientWrapper.java b/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/MSALClientWrapper.java index be09e97..d02e410 100644 --- a/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/MSALClientWrapper.java +++ b/src/CsrValidation/java/lib/src/main/java/com/microsoft/intune/scepvalidation/MSALClientWrapper.java @@ -119,13 +119,11 @@ public void SetProxy(Proxy proxy) /** * Gets an access token from MSAL for the specified scopes. - * @param sopes Scopes to request access for. + * @param scopes Scopes to request access for. * @return - * @throws MalformedURLException - * @throws ServiceUnavailableException + * @throws ServiceUnavailableException */ - public String getAccessToken(Set scopes) throws MalformedURLException, ServiceUnavailableException { - + public String getAccessToken(Set scopes) throws ServiceUnavailableException { IAuthenticationResult result; ClientCredentialParameters params = ClientCredentialParameters.builder(scopes).build(); @@ -137,7 +135,7 @@ public String getAccessToken(Set scopes) throws MalformedURLException, S { throw new ServiceUnavailableException("Authentication result was null"); } - + return result.accessToken(); } diff --git a/src/CsrValidation/java/lib/src/test/java/Helper.java b/src/CsrValidation/java/lib/src/test/java/Helper.java index 965955b..5501871 100644 --- a/src/CsrValidation/java/lib/src/test/java/Helper.java +++ b/src/CsrValidation/java/lib/src/test/java/Helper.java @@ -44,8 +44,6 @@ import org.mockito.ArgumentMatcher; import org.mockito.ArgumentMatchers; -import com.microsoft.aad.adal4j.AuthenticationResult; -import com.microsoft.intune.scepvalidation.ADALClientWrapper; import com.microsoft.intune.scepvalidation.IntuneRevocationClient; import com.microsoft.intune.scepvalidation.IntuneScepServiceClient; import com.microsoft.intune.scepvalidation.IntuneScepServiceException; @@ -53,23 +51,11 @@ public class Helper { - public static final String GRAPH_URL = "graph.windows.net"; public static final String MSAL_URL = "graph.microsoft.com"; - public static final String GOOD_GRAPH_SERVICE_DISCOVERY_RESPONSE = "{" - + "value: [" - + "{" - + "serviceName:" + IntuneScepServiceClient.VALIDATION_SERVICE_NAME + "," - + "uri:'https://fef.dmsua01.manage-dogfood.microsoft.com/RACerts/ScepRequestValidationFEService/Gateway/StatelessScepRequestValidationService'" - + "}," - + "{" - + "serviceName:" + IntuneRevocationClient.CONNECTOR_SERVICE_NAME + "," - + "uri:'https://fef.dmsua01.manage-dogfood.microsoft.com/RACerts/StatelessPkiConnectorService/Gateway/StatelessPkiConnectorService'" - + "}" - + "]}"; public static final String NO_SERVICE_DISCOVERY_RESPONSE = "{" + "value: [" + "{" - + "serviceName:nonExistant," + + "providerName:nonExistant," + "uri:'https://fef.dmsua01.manage-dogfood.microsoft.com/RACerts/ScepRequestValidationFEService/Gateway/StatelessScepRequestValidationService'" + "}" + "]}"; @@ -90,10 +76,7 @@ public class Helper CloseableHttpClient httpClient = mock(CloseableHttpClient.class); HttpClientBuilder httpBuilder = mock(HttpClientBuilder.class); - HttpEntity graphResponseEntity = mock(HttpEntity.class); - CloseableHttpResponse graphResponse = mock(CloseableHttpResponse.class); - StatusLine graphStatus = mock(StatusLine.class); - + CloseableHttpResponse msalResponse = mock(CloseableHttpResponse.class); HttpEntity msalResponseEntity = mock(HttpEntity.class); StatusLine msalStatus = mock(StatusLine.class); @@ -101,7 +84,6 @@ public class Helper CloseableHttpResponse intuneResponse = mock(CloseableHttpResponse.class); HttpEntity intuneResponseEntity = mock(HttpEntity.class); StatusLine intuneStatus = mock(StatusLine.class); - ADALClientWrapper adal; MSALClientWrapper msal; public Properties properties; @@ -131,27 +113,6 @@ public boolean matches(HttpUriRequest resp) { when(msalResponseEntity.getContentLength()) .thenReturn((long)GOOD_MSAL_SERVICE_DISCOVERY_RESPONSE.length()); - when(httpClient.execute( - argThat(new ArgumentMatcher() { - @Override - public boolean matches(HttpUriRequest resp) { - if(resp == null) - return false; - return resp.getURI().getHost().equals(GRAPH_URL); - }}))) - .thenReturn(graphResponse); - - when(graphResponse.getEntity()) - .thenReturn(graphResponseEntity); - when(graphResponse.getStatusLine()) - .thenReturn(graphStatus); - when(graphStatus.getStatusCode()) - .thenReturn(200); - when(graphResponseEntity.getContent()) - .thenReturn(new ByteArrayInputStream(GOOD_GRAPH_SERVICE_DISCOVERY_RESPONSE.getBytes())); - when(graphResponseEntity.getContentLength()) - .thenReturn((long)GOOD_GRAPH_SERVICE_DISCOVERY_RESPONSE.length()); - when(httpClient.execute( argThat(new ArgumentMatcher() { @Override @@ -173,7 +134,6 @@ public boolean matches(HttpUriRequest resp) { when(intuneResponseEntity.getContentLength()) .thenReturn((long)VALID_SCEP_RESPONSE.length()); - adal = getDefaultAdalMock(); msal = getDefaultMsalMock(); properties = new Properties(); @@ -183,38 +143,17 @@ public boolean matches(HttpUriRequest resp) { properties.setProperty("PROVIDER_NAME_AND_VERSION", "1234"); } - public void resetGraphRequest() throws UnsupportedOperationException, IOException - { - when(graphResponseEntity.getContent()) - .thenReturn(new ByteArrayInputStream(GOOD_GRAPH_SERVICE_DISCOVERY_RESPONSE.getBytes())); - } - public void resetMsalRequest() throws UnsupportedOperationException, IOException { when(msalResponseEntity.getContent()) .thenReturn(new ByteArrayInputStream(GOOD_MSAL_SERVICE_DISCOVERY_RESPONSE.getBytes())); } - private ADALClientWrapper getDefaultAdalMock() throws ServiceUnavailableException, IllegalArgumentException, InterruptedException, ExecutionException - { - ADALClientWrapper adalMock = mock(ADALClientWrapper.class); - when(adalMock.getAccessTokenFromCredential(anyString())) - .thenReturn(new AuthenticationResult( - "accessTokenType", - "accessToken", - "refreshToken", - 2000, - "idToken", - null, - true)); - return adalMock; - } - private MSALClientWrapper getDefaultMsalMock() throws MalformedURLException, ServiceUnavailableException { - MSALClientWrapper adalMock = mock(MSALClientWrapper.class); - when(adalMock.getAccessToken(ArgumentMatchers.anySet())) + MSALClientWrapper msalMock = mock(MSALClientWrapper.class); + when(msalMock.getAccessToken(ArgumentMatchers.anySet())) .thenReturn("accessToken"); - return adalMock; + return msalMock; } } \ No newline at end of file diff --git a/src/CsrValidation/java/lib/src/test/java/RevocationTests.java b/src/CsrValidation/java/lib/src/test/java/RevocationTests.java index 44f2771..9414cb5 100644 --- a/src/CsrValidation/java/lib/src/test/java/RevocationTests.java +++ b/src/CsrValidation/java/lib/src/test/java/RevocationTests.java @@ -68,15 +68,14 @@ public void DownloadCARevocationRequests_Success() throws IntuneScepServiceExcep when(helper.intuneResponseEntity.getContentLength()) .thenReturn((long)validJsonResponse.length()); - IntuneRevocationClient client = new IntuneRevocationClient(helper.properties, helper.msal, helper.adal, helper.httpBuilder); + IntuneRevocationClient client = new IntuneRevocationClient(helper.properties, helper.msal, helper.httpBuilder); UUID transactionId = UUID.randomUUID(); List results = client.DownloadCARevocationRequests(transactionId.toString(), 10, null); verify(helper.msal, times(2)).getAccessToken(ArgumentMatchers.anySet()); - verify(helper.adal, times(0)).getAccessTokenFromCredential(anyString()); - + verify(helper.httpClient, times(1)).execute( argThat(new ArgumentMatcher() { @Override @@ -122,15 +121,14 @@ public void UploadRevocationResults_Success() throws IntuneScepServiceException, when(helper.intuneResponseEntity.getContentLength()) .thenReturn((long)response.length()); - IntuneRevocationClient client = new IntuneRevocationClient(helper.properties, helper.msal, helper.adal, helper.httpBuilder); + IntuneRevocationClient client = new IntuneRevocationClient(helper.properties, helper.msal, helper.httpBuilder); UUID transactionId = UUID.randomUUID(); client.UploadRevocationResults(transactionId.toString(), list); verify(helper.msal, times(2)).getAccessToken(ArgumentMatchers.anySet()); - verify(helper.adal, times(0)).getAccessTokenFromCredential(anyString()); - + verify(helper.httpClient, times(1)).execute( argThat(new ArgumentMatcher() { @Override diff --git a/src/CsrValidation/java/lib/src/test/java/Test.java b/src/CsrValidation/java/lib/src/test/java/Test.java index 47c6642..aaad485 100644 --- a/src/CsrValidation/java/lib/src/test/java/Test.java +++ b/src/CsrValidation/java/lib/src/test/java/Test.java @@ -42,20 +42,19 @@ public class Test { @org.junit.Test - public void TestValidationSuccess() throws IntuneScepServiceException, Exception + public void TestValidationSuccess() throws IntuneScepServiceException, Exception { Helper helper = new Helper(); - - IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.adal, helper.httpBuilder); - + + IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.httpBuilder); + UUID transactionId = UUID.randomUUID(); String csr = "test"; client.ValidateRequest(transactionId.toString(), csr); - - verify(helper.adal, times(0)).getAccessTokenFromCredential(anyString()); + verify(helper.msal, times(2)).getAccessToken(ArgumentMatchers.anySet()); - + verify(helper.httpClient, times(1)).execute( argThat(new ArgumentMatcher() { @Override @@ -72,28 +71,27 @@ public boolean matches(HttpUriRequest resp) { } @org.junit.Test - public void TestErrorThrows() throws IntuneScepServiceException, Exception + public void TestErrorThrows() throws IntuneScepServiceException, Exception { Helper helper = new Helper(); - + when(helper.intuneResponseEntity.getContent()) .thenReturn(new ByteArrayInputStream(Helper.ERROR_SCEP_RESPONSE.getBytes())); when(helper.intuneResponseEntity.getContentLength()) .thenReturn((long)Helper.ERROR_SCEP_RESPONSE.length()); - - IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.adal, helper.httpBuilder); - + + IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.httpBuilder); + UUID transactionId = UUID.randomUUID(); String csr = "test"; - try + try { client.ValidateRequest(transactionId.toString(), csr); } catch(IntuneScepServiceException e) { - verify(helper.adal, times(0)).getAccessTokenFromCredential(anyString()); verify(helper.msal, times(2)).getAccessToken(ArgumentMatchers.anySet()); - + verify(helper.httpClient, times(1)).execute( argThat(new ArgumentMatcher() { @Override @@ -107,35 +105,34 @@ public boolean matches(HttpUriRequest resp) { public boolean matches(HttpUriRequest resp) { return resp.getURI().getHost().equals(Helper.SERVICE_URL); }})); - + assertTrue(e.getParsedErrorCode() == IntuneScepServiceException.ErrorCode.ChallengeDecodingError); return; } - + assertNotNull(null); } - + @org.junit.Test - public void TestServiceRoleMismatchThrows() throws IntuneScepServiceException, Exception + public void TestServiceRoleMismatchThrows() throws IntuneScepServiceException, Exception { Helper helper = new Helper(); - + when(helper.intuneStatus.getStatusCode()) .thenReturn(401); - - IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.adal, helper.httpBuilder); - + + IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.httpBuilder); + UUID transactionId = UUID.randomUUID(); String csr = "test"; - try + try { client.ValidateRequest(transactionId.toString(), csr); } catch(IntuneClientHttpErrorException e) { - verify(helper.adal, times(0)).getAccessTokenFromCredential(anyString()); verify(helper.msal, times(2)).getAccessToken(ArgumentMatchers.anySet()); - + verify(helper.httpClient, times(1)).execute( argThat(new ArgumentMatcher() { @Override @@ -151,33 +148,30 @@ public boolean matches(HttpUriRequest resp) { }})); return; } - + assertNotNull(null); } - + @org.junit.Test - public void TestFailedToGetTokenThrows() throws IntuneScepServiceException, Exception + public void TestFailedToGetTokenThrows() throws IntuneScepServiceException, Exception { Helper helper = new Helper(); - - when(helper.adal.getAccessTokenFromCredential(anyString())) - .thenThrow(new ServiceUnavailableException()); + when(helper.msal.getAccessToken(ArgumentMatchers.anySet())) .thenThrow(new ServiceUnavailableException()); - - IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.adal, helper.httpBuilder); - + + IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.httpBuilder); + UUID transactionId = UUID.randomUUID(); String csr = "test"; - try + try { client.ValidateRequest(transactionId.toString(), csr); } catch(ServiceUnavailableException e) { verify(helper.msal, times(1)).getAccessToken(ArgumentMatchers.anySet()); - verify(helper.adal, times(1)).getAccessTokenFromCredential(anyString()); - + verify(helper.httpClient, times(0)).execute( argThat(new ArgumentMatcher() { @Override @@ -193,24 +187,21 @@ public boolean matches(HttpUriRequest resp) { }})); return; } - + assertNotNull(null); } - + @org.junit.Test public void TestServiceEndpointNotFound() throws IntuneScepServiceException, Exception { Helper helper = new Helper(); - - when(helper.msal.getAccessToken(ArgumentMatchers.anySet())) - .thenThrow(new ServiceUnavailableException()); - - when(helper.graphResponseEntity.getContent()) + + when(helper.msalResponseEntity.getContent()) .thenReturn(new ByteArrayInputStream(Helper.NO_SERVICE_DISCOVERY_RESPONSE.getBytes())); - when(helper.graphResponseEntity.getContentLength()) + when(helper.msalResponseEntity.getContentLength()) .thenReturn((long)Helper.NO_SERVICE_DISCOVERY_RESPONSE.length()); - IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.adal, helper.httpBuilder); + IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.httpBuilder); UUID transactionId = UUID.randomUUID(); String csr = "test"; @@ -221,14 +212,6 @@ public void TestServiceEndpointNotFound() throws IntuneScepServiceException, Exc catch(IntuneServiceNotFoundException e) { verify(helper.msal, times(1)).getAccessToken(ArgumentMatchers.anySet()); - verify(helper.adal, times(1)).getAccessTokenFromCredential(anyString()); - - verify(helper.httpClient, times(1)).execute( - argThat(new ArgumentMatcher() { - @Override - public boolean matches(HttpUriRequest resp) { - return resp.getURI().getHost().equals(Helper.GRAPH_URL); - }})); verify(helper.httpClient, times(0)).execute( argThat(new ArgumentMatcher() { @@ -243,7 +226,7 @@ public boolean matches(HttpUriRequest resp) { } @org.junit.Test - public void TestServiceMapClearMockito() throws IntuneScepServiceException, Exception + public void TestServiceMapClearMockito() throws IntuneScepServiceException, Exception { Helper helper = new Helper(); @@ -256,13 +239,13 @@ public boolean matches(HttpUriRequest resp) { return resp.getURI().getHost().equals(Helper.SERVICE_URL); }}))) .thenThrow(new UnknownHostException()); - - IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.adal, helper.httpBuilder); - + + IntuneScepServiceClient client = new IntuneScepServiceClient(helper.properties, helper.msal, helper.httpBuilder); + UUID transactionId = UUID.randomUUID(); String csr = "test"; boolean caught = false; - try + try { // Run test where SERVICE URL throws UnknownHostException to cause refresh service map client.ValidateRequest(transactionId.toString(), csr); @@ -271,12 +254,11 @@ public boolean matches(HttpUriRequest resp) { { caught = true; } - + assertTrue(caught); - + verify(helper.msal, times(2)).getAccessToken(ArgumentMatchers.anySet()); - verify(helper.adal, times(0)).getAccessTokenFromCredential(anyString()); - + verify(helper.httpClient, times(1)).execute( argThat(new ArgumentMatcher() { @Override @@ -290,10 +272,10 @@ public boolean matches(HttpUriRequest resp) { public boolean matches(HttpUriRequest resp) { return resp.getURI().getHost().equals(Helper.SERVICE_URL); }})); - + // do this so the result doesn't get cached helper.resetMsalRequest(); - + when(helper.httpClient.execute( argThat(new ArgumentMatcher() { @Override @@ -303,13 +285,12 @@ public boolean matches(HttpUriRequest resp) { return resp.getURI().getHost().equals(Helper.SERVICE_URL); }}))) .thenReturn(helper.intuneResponse); - + // Run test that should trigger a 2nd call to GRAPH for service discovery meaning we refreshed the cache client.ValidateRequest(transactionId.toString(), csr); verify(helper.msal, times(4)).getAccessToken(ArgumentMatchers.anySet()); - verify(helper.adal, times(0)).getAccessTokenFromCredential(anyString()); - + // Verify we indeed called graph a 2nd time verify(helper.httpClient, times(2)).execute( argThat(new ArgumentMatcher() {