update readme and changelog for jca (Azure#22283)

Author: zhichengliu12581

sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md

@@ -3,6 +3,7 @@
 ## 1.0.0-beta.8 (Unreleased)
 ### New Features
 - Load JRE key store certificates to AzureKeyVault key store. ([#21845](https://github.com/Azure/azure-sdk-for-java/pull/21845))
+- Support properties of azure.cert-path.well-known and azure.cert-path.custom to support load cert from file system. ([#21947](https://github.com/Azure/azure-sdk-for-java/pull/21947))
 
 ## 1.0.0-beta.7 (2021-05-24)
 ### New Features

sdk/keyvault/azure-security-keyvault-jca/README.md

@@ -112,6 +112,16 @@ try (CloseableHttpClient client = HttpClients.custom().setConnectionManager(mana
 
 Note if you want to use Azure managed identity, you should set the value of `azure.keyvault.uri`, and the rest of the parameters would be `null`.
 
+### File-System certificates
+You can load the certificate in the file system as a trusted certificate by configure the following properties.
+
+```yaml
+azure:
+  cert-path:
+    well-known:     # The file location where you store the well-known certificate
+    custom:         # The file location where you store the custom certificate
+```
+
 ## Troubleshooting
 ### General
 Azure Key Vault JCA clients raise exceptions. For example, if you try to check a client's identity with a certificate chain that does not include a trusted certificate, a `CertificateException` will be thrown. In the following snippet, the error is handled gracefully by catching the exception and displaying additional information about the error.

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java

@@ -22,6 +22,7 @@
 import java.util.HashMap;
 import java.util.logging.Logger;
 
+import static java.util.logging.Level.FINE;
 import static java.util.logging.Level.WARNING;
 
 /**
@@ -50,14 +51,14 @@ public final class KeyVaultKeyStore extends KeyStoreSpi {
     private final JreCertificates jreCertificates;
 
     /**
-     * Store well Know certificates loaded from file system.
+     * Store well Know certificates loaded from specific path.
      */
-    private final FileSystemCertificates wellKnowCertificates;
+    private final SpecificPathCertificates wellKnowCertificates;
 
     /**
-     * Store custom certificates loaded from file system.
+     * Store custom certificates loaded from specific path.
      */
-    private final FileSystemCertificates customCertificates;
+    private final SpecificPathCertificates customCertificates;
 
     /**
      * Store certificates loaded from KeyVault.
@@ -131,8 +132,8 @@ public KeyVaultKeyStore() {
             .map(Boolean::parseBoolean)
             .orElse(false);
         jreCertificates = JreCertificates.getInstance();
-        wellKnowCertificates = FileSystemCertificates.FileSystemCertificatesFactory.getWellKnownFileSystemCertificates(wellKnowPath);
-        customCertificates = FileSystemCertificates.FileSystemCertificatesFactory.getCustomFileSystemCertificates(customPath);
+        wellKnowCertificates = SpecificPathCertificates.getSpecificPathCertificates(wellKnowPath);
+        customCertificates = SpecificPathCertificates.getSpecificPathCertificates(customPath);
         keyVaultCertificates = new KeyVaultCertificates(refreshInterval, keyVaultClient);
         classpathCertificates = new ClasspathCertificates();
         allCertificates = Arrays.asList(jreCertificates, wellKnowCertificates, customCertificates, keyVaultCertificates, classpathCertificates);
@@ -255,17 +256,11 @@ public void engineLoad(KeyStore.LoadStoreParameter param) {
             }
             keyVaultCertificates.setKeyVaultClient(keyVaultClient);
         }
-        loadCertificates();
+        classpathCertificates.loadCertificatesFromClasspath();
     }
 
     @Override
     public void engineLoad(InputStream stream, char[] password) {
-        loadCertificates();
-    }
-
-    private void loadCertificates() {
-        wellKnowCertificates.loadCertificatesFromFileSystem();
-        customCertificates.loadCertificatesFromFileSystem();
         classpathCertificates.loadCertificatesFromClasspath();
     }
 
@@ -281,7 +276,7 @@ private List<String> getAllAliases() {
         aliasLists.forEach((key, value) -> {
             value.forEach(a -> {
                 if (allAliases.contains(a)) {
-                    LOGGER.log(WARNING, String.format("The certificate with alias %s under %s already exists", a, key));
+                    LOGGER.log(FINE, String.format("The certificate with alias %s under %s already exists", a, key));
                 } else {
                     allAliases.add(a);
                 }

…keyvault/jca/FileSystemCertificates.java …yvault/jca/SpecificPathCertificates.javasdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/FileSystemCertificates.java renamed to sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/SpecificPathCertificates.java sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/FileSystemCertificates.java renamed to sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/SpecificPathCertificates.java

@@ -29,25 +29,27 @@
 /**
  * Store certificates loaded from file system.
  */
-public final class FileSystemCertificates implements AzureCertificates {
+public final class SpecificPathCertificates implements AzureCertificates {
+
+    private static final Map<String, SpecificPathCertificates> CACHE = new HashMap<>();
 
     /**
      * Stores the logger.
      */
-    private static final Logger LOGGER = Logger.getLogger(FileSystemCertificates.class.getName());
+    private static final Logger LOGGER = Logger.getLogger(SpecificPathCertificates.class.getName());
 
     /**
-     * Stores the jre key store aliases.
+     * Stores the specific path aliases.
      */
     private final List<String> aliases = new ArrayList<>();
 
     /**
-     * Stores the file system certificates by alias.
+     * Stores the specific path certificates by alias.
      */
     private final Map<String, Certificate> certificates = new HashMap<>();
 
     /**
-     * Stores the file system certificate keys by alias.
+     * Stores the specific path certificate keys by alias.
      */
     private final Map<String, Key> certificateKeys = new HashMap<>();
 
@@ -80,8 +82,9 @@ public void deleteEntry(String alias) {
      *
      * @param certificatePath Store the file path where certificates are placed
      */
-    private FileSystemCertificates(String certificatePath) {
+    private SpecificPathCertificates(String certificatePath) {
         this.certificatePath = certificatePath;
+        loadCertificatesFromSpecificPath();
     }
 
     /**
@@ -93,7 +96,7 @@ private FileSystemCertificates(String certificatePath) {
     public void setCertificateEntry(String alias, Certificate certificate) {
         //Add verification to avoid certificate files with the same file name but different suffixes
         if (aliases.contains(alias)) {
-            LOGGER.log(WARNING, "Cannot load certificates with the same alias in file system", alias);
+            LOGGER.log(WARNING, "Cannot load certificates with the same alias in specific path", alias);
             return;
         }
         aliases.add(alias);
@@ -119,26 +122,27 @@ private void setCertificateByFile(File file) throws IOException {
                     new Object[]{alias, file.getName()});
             }
         } catch (CertificateException e) {
-            LOGGER.log(WARNING, "Unable to load file system certificate from: " + file.getName(), e);
+            LOGGER.log(WARNING, "Unable to load specific path certificate from: " + file.getName(), e);
         }
     }
 
     /**
      * Load certificates in the file directory
      */
-    void loadCertificatesFromFileSystem() {
+    private void loadCertificatesFromSpecificPath() {
         try {
             List<File> files = getFiles();
             for (File file : files) {
                 setCertificateByFile(file);
             }
         } catch (IOException ioe) {
-            LOGGER.log(WARNING, "Unable to determine certificates to file system", ioe);
+            LOGGER.log(WARNING, "Unable to determine certificates to specific path", ioe);
         }
     }
 
     /**
      * Get alias from file
+     *
      * @param file File containing certificate information
      * @return certificate alias
      */
@@ -170,45 +174,17 @@ private List<File> getFiles() {
     }
 
     /**
-     * Factory of FileSystemCertificate, to avoid loading files multiple times
+     * Get File System certificates by path
+     *
+     * @param path certificate path, which works only in first time
+     * @return file certificate
      */
-    public static class FileSystemCertificatesFactory {
-
-        private static volatile FileSystemCertificates customFileSystemCertificates;
-
-        /**
-         * Get Singleton custom file system certificates
-         * @param path custom certificate path, which works only in first time
-         * @return custom file certificate
-         */
-        public static FileSystemCertificates getCustomFileSystemCertificates(String path) {
-            if (customFileSystemCertificates == null) {
-                synchronized (FileSystemCertificatesFactory.class) {
-                    if (customFileSystemCertificates == null) {
-                        customFileSystemCertificates = new FileSystemCertificates(path);
-                    }
-                }
-            }
-            return customFileSystemCertificates;
-        }
-
-        private static volatile FileSystemCertificates wellKnownFileSystemCertificates;
-
-        /**
-         * Get Singleton well known file system certificates
-         * @param path well known certificate path, which works only in first time
-         * @return well known file certificate
-         */
-        public static FileSystemCertificates getWellKnownFileSystemCertificates(String path) {
-            if (wellKnownFileSystemCertificates == null) {
-                synchronized (FileSystemCertificatesFactory.class) {
-                    if (wellKnownFileSystemCertificates == null) {
-                        wellKnownFileSystemCertificates = new FileSystemCertificates(path);
-                    }
-                }
-            }
-            return wellKnownFileSystemCertificates;
+    public static synchronized SpecificPathCertificates getSpecificPathCertificates(String path) {
+        SpecificPathCertificates result = CACHE.getOrDefault(path, null);
+        if (result == null) {
+            result = new SpecificPathCertificates(path);
+            CACHE.put(path, result);
         }
+        return result;
     }
-
 }

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/FileSystemCertificatesTest.java

@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.jca;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+public class SpecificPathCertificatesTest {
+
+    SpecificPathCertificates specificPathCertificates;
+
+    public static String getFilePath(String packageName) {
+        String filepath = "\\src\\test\\resources\\" + packageName;
+        return System.getProperty("user.dir") + filepath.replace("\\", System.getProperty("file.separator"));
+    }
+
+    @Test
+    public void testSetCertificateEntry() {
+        specificPathCertificates = SpecificPathCertificates.getSpecificPathCertificates(getFilePath("custom\\"));
+        Assertions.assertTrue(specificPathCertificates.getAliases().contains("sideload"));
+    }
+}

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/SpecificPathCertificatesTest.java

@@ -37,7 +37,7 @@ public static void init() {
         /*
          * Set system properties.
          */
-        PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca(PropertyConvertorUtils.SYSTEM_PROPERTIES);
+        PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca();
     }
 
     @Test

sdk/keyvault/azure-security-test-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/test/FileSystemCertificatesTest.java

@@ -54,7 +54,7 @@ public class KeyVaultCertificatesTest {
 
     @BeforeAll
     public static void setEnvironmentProperty() {
-        PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca(PropertyConvertorUtils.SYSTEM_PROPERTIES);
+        PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca();
         PropertyConvertorUtils.addKeyVaultJcaProvider();
         certificateName = System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME");
     }

sdk/keyvault/azure-security-test-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/test/JreKeyStoreTest.java

@@ -24,7 +24,7 @@ public class KeyVaultJcaProviderTest {
      */
     @Test
     public void testGetCertificate() throws Exception {
-        PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca(PropertyConvertorUtils.SYSTEM_PROPERTIES);
+        PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca();
         PropertyConvertorUtils.addKeyVaultJcaProvider();
         KeyStore keystore = PropertyConvertorUtils.getKeyVaultKeyStore();
         assertNotNull(keystore.getCertificate(System.getenv("AZURE_KEYVAULT_CERTIFICATE_NAME")));