Fix jca hsm (Azure#36648)

Author: saragluna

eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml

@@ -214,7 +214,7 @@
   <!-- Suppress Redundant nullcheck error for JreCertificates$JREKeyStore.loadKeyStore(KeyStore). -->
   <Match>
     <Or>
-      <Class name="com.azure.security.keyvault.jca.implementation.JREKeyStoreFactory"/> <!-- false positive -->
+      <Class name="com.azure.security.keyvault.jca.implementation.JreKeyStoreFactory"/> <!-- false positive -->
     </Or>
     <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/>
   </Match>

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultJcaProvider.java

@@ -3,11 +3,13 @@
 
 package com.azure.security.keyvault.jca;
 
-import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeyLessRsaSignature;
-import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeyLessEcSha384Signature;
-import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeyLessEcSha512Signature;
-import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeyLessEcSha256Signature;
-import com.azure.security.keyvault.jca.implementation.signature.AbstractKeyVaultKeyLessSignature;
+import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeylessRsa256Signature;
+import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeylessRsa512Signature;
+import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeylessEcSha384Signature;
+import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeylessEcSha512Signature;
+import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeylessEcSha256Signature;
+import com.azure.security.keyvault.jca.implementation.signature.AbstractKeyVaultKeylessSignature;
+import com.azure.security.keyvault.jca.implementation.signature.KeyVaultKeylessRsaSsaPssSignature;
 
 import java.lang.reflect.InvocationTargetException;
 import java.security.PrivilegedAction;
@@ -97,10 +99,12 @@ private void initialize() {
                 )
             );
             Stream.of(
-                KeyVaultKeyLessRsaSignature.class,
-                KeyVaultKeyLessEcSha256Signature.class,
-                KeyVaultKeyLessEcSha384Signature.class,
-                KeyVaultKeyLessEcSha512Signature.class)
+                KeyVaultKeylessRsaSsaPssSignature.class,
+                KeyVaultKeylessRsa256Signature.class,
+                KeyVaultKeylessRsa512Signature.class,
+                KeyVaultKeylessEcSha256Signature.class,
+                KeyVaultKeylessEcSha384Signature.class,
+                KeyVaultKeylessEcSha512Signature.class)
                 .forEach(c -> putService(
                     new Service(
                         this,
@@ -116,7 +120,7 @@ private void initialize() {
     }
 
 
-    private String getAlgorithmName(Class<? extends AbstractKeyVaultKeyLessSignature> c) {
+    private String getAlgorithmName(Class<? extends AbstractKeyVaultKeylessSignature> c) {
         try {
             return c.getDeclaredConstructor().newInstance().getAlgorithmName();
         } catch (InstantiationException | IllegalAccessException | InvocationTargetException | NoSuchMethodException e) {

…a/implementation/JREKeyStoreFactory.java …a/implementation/JreKeyStoreFactory.javasdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/JREKeyStoreFactory.java renamed to sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/JreKeyStoreFactory.java sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/JREKeyStoreFactory.java renamed to sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/JreKeyStoreFactory.java

@@ -23,17 +23,17 @@
 /**
  * This class provides a JRE key store.
  */
-public final class JREKeyStoreFactory {
-    private static final String JAVA_HOME =  privilegedGetProperty("java.home", "");
+public final class JreKeyStoreFactory {
+    private static final String JAVA_HOME = privilegedGetProperty("java.home", "");
     private static final Path STORE_PATH = Paths.get(JAVA_HOME).resolve("lib").resolve("security");
     private static final Path DEFAULT_STORE = STORE_PATH.resolve("cacerts");
     private static final Path JSSE_DEFAULT_STORE = STORE_PATH.resolve("jssecacerts");
     private static final String KEY_STORE_PASSWORD = privilegedGetProperty("javax.net.ssl.keyStorePassword", "changeit");
-    private static final Logger LOGGER = Logger.getLogger(JREKeyStoreFactory.class.getName());
+    private static final Logger LOGGER = Logger.getLogger(JreKeyStoreFactory.class.getName());
     private static final KeyStore JRE_KEY_STORE = getJreKeyStore();
 
 
-    private JREKeyStoreFactory() {
+    private JreKeyStoreFactory() {
 
     }
 

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/KeyVaultClient.java

@@ -2,15 +2,12 @@
 // Licensed under the MIT License.
 package com.azure.security.keyvault.jca.implementation;
 
-import static java.util.logging.Level.INFO;
-import static java.util.logging.Level.WARNING;
-
+import com.azure.security.keyvault.jca.implementation.model.AccessToken;
 import com.azure.security.keyvault.jca.implementation.model.CertificateBundle;
 import com.azure.security.keyvault.jca.implementation.model.CertificateItem;
 import com.azure.security.keyvault.jca.implementation.model.CertificateListResult;
 import com.azure.security.keyvault.jca.implementation.model.CertificatePolicy;
 import com.azure.security.keyvault.jca.implementation.model.KeyProperties;
-import com.azure.security.keyvault.jca.implementation.model.AccessToken;
 import com.azure.security.keyvault.jca.implementation.model.SecretBundle;
 import com.azure.security.keyvault.jca.implementation.model.SignResult;
 import com.azure.security.keyvault.jca.implementation.utils.AccessTokenUtil;
@@ -39,9 +36,13 @@
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Optional;
 import java.util.logging.Logger;
 
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Level.WARNING;
+
 /**
  * The REST client specific to Azure Key Vault.
  */
@@ -327,13 +328,15 @@ public Key getKey(String alias, char[] password) {
             // and we can't access private key(which is not exportable), we will use
             // the Azure Key Vault Secrets API to obtain the private key (keyless).
             LOGGER.exiting("KeyVaultClient", "getKey", null);
+
+            String keyType2 = keyType.contains("-HSM") ? keyType.substring(0, keyType.indexOf("-HSM")) : keyType;
             return Optional.ofNullable(certificateBundle)
                            .map(CertificateBundle::getKid)
-                           .map(kid -> new KeyVaultPrivateKey(keyType, kid, this))
+                           .map(kid -> new KeyVaultPrivateKey(keyType2, kid, this))
                            .orElse(null);
         }
         String certificateSecretUri = certificateBundle.getSid();
-        HashMap<String, String> headers = new HashMap<>();
+        Map<String, String> headers = new HashMap<>();
         headers.put("Authorization", "Bearer " + getAccessToken());
         String body = HttpUtil.get(certificateSecretUri + API_VERSION_POSTFIX, headers);
         if (body == null) {
@@ -389,7 +392,7 @@ public Key getKey(String alias, char[] password) {
     public byte[] getSignedWithPrivateKey(String digestName, String digestValue, String keyId) {
         SignResult result = null;
         String bodyString = String.format("{\"alg\": \"" + digestName + "\", \"value\": \"%s\"}", digestValue);
-        HashMap<String, String> headers = new HashMap<>();
+        Map<String, String> headers = new HashMap<>();
         headers.put("Authorization", "Bearer " + getAccessToken());
         String url = String.format("%s/sign%s", keyId, API_VERSION_POSTFIX);
         String response = HttpUtil.post(url, headers, bodyString, "application/json");

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/certificates/JreCertificates.java

@@ -3,7 +3,7 @@
 
 package com.azure.security.keyvault.jca.implementation.certificates;
 
-import com.azure.security.keyvault.jca.implementation.JREKeyStoreFactory;
+import com.azure.security.keyvault.jca.implementation.JreKeyStoreFactory;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -49,7 +49,7 @@ public final class JreCertificates implements AzureCertificates {
      * Private constructor
      */
     private JreCertificates() {
-        KeyStore jreKeyStore = JREKeyStoreFactory.getDefaultKeyStore();
+        KeyStore jreKeyStore = JreKeyStoreFactory.getDefaultKeyStore();
         aliases = Optional.ofNullable(jreKeyStore)
             .map(a -> {
                 try {

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/certificates/package-info.java

@@ -17,9 +17,9 @@
 import java.security.spec.AlgorithmParameterSpec;
 
 /**
- * KeyVault Signature to key less sign
+ * KeyVault Signature to keyless sign
  */
-public abstract class AbstractKeyVaultKeyLessSignature extends SignatureSpi {
+public abstract class AbstractKeyVaultKeylessSignature extends SignatureSpi {
 
     protected KeyVaultClient keyVaultClient;
 

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/model/package-info.java

@@ -5,7 +5,7 @@
 /**
  * key vault SHA256
  */
-public final class KeyVaultKeyLessEcSha256Signature extends KeyVaultKeyLessECSignature {
+public final class KeyVaultKeylessEcSha256Signature extends KeyVaultKeylessEcSignature {
 
     @Override
     public String getAlgorithmName() {
@@ -15,7 +15,7 @@ public String getAlgorithmName() {
     /**
      * support SHA-256
      */
-    public KeyVaultKeyLessEcSha256Signature() {
+    public KeyVaultKeylessEcSha256Signature() {
         super("SHA-256", "ES256");
     }