Add integration test for keyvault certificate (#21573)

sdk/spring/azure-spring-boot-test-keyvault-certificate/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Release History
+
+## 1.0.0 (Unreleased)
+
+

sdk/spring/azure-spring-boot-test-keyvault-certificate/README.md

@@ -0,0 +1,8 @@
+# Azure Spring Boot Integration tests client library for Java
+
+## Key concepts
+## Getting started
+## Examples
+## Troubleshooting
+## Next steps
+## Contributing

sdk/spring/azure-spring-boot-test-keyvault-certificate/pom.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>com.azure.spring</groupId>
+    <artifactId>azure-spring-boot-test-parent</artifactId>
+    <version>1.0.0</version> <!-- {x-version-update;com.azure.spring:azure-spring-boot-test-parent;current} -->
+    <relativePath>../azure-spring-boot-test-parent</relativePath>
+  </parent>
+
+  <groupId>com.azure.spring</groupId>
+  <artifactId>azure-spring-boot-test-keyvault-certificate</artifactId>
+  <version>1.0.0</version> <!-- {x-version-update;com.azure.spring:azure-spring-boot-test-keyvault-certificate;current} -->
+
+  <dependencies>
+    <dependency>
+      <groupId>com.azure.spring</groupId>
+      <artifactId>azure-spring-boot-starter-keyvault-certificates</artifactId>
+      <version>3.0.0-beta.8</version> <!-- {x-version-update;com.azure.spring:azure-spring-boot-starter-keyvault-certificates;current} -->
+    </dependency>
+    <dependency>
+      <groupId>com.azure.spring</groupId>
+      <artifactId>azure-spring-boot-test-core</artifactId>
+      <version>1.0.0</version> <!-- {x-version-update;com.azure.spring:azure-spring-boot-test-core;current} -->
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+</project>

sdk/spring/azure-spring-boot-test-keyvault-certificate/src/test/java/com/azure/spring/test/keyvault/KeyVaultCertificateIT.java

@@ -0,0 +1,148 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+package com.azure.spring.test.keyvault;
+
+import com.azure.security.keyvault.jca.KeyVaultLoadStoreParameter;
+import com.azure.spring.test.AppRunner;
+import com.azure.spring.test.keyvault.app.DummyApp;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.PrivateKeyDetails;
+import org.apache.http.ssl.PrivateKeyStrategy;
+import org.apache.http.ssl.SSLContexts;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.web.client.RestTemplate;
+
+import javax.net.ssl.SSLContext;
+import java.net.Socket;
+import java.security.KeyStore;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+import static com.azure.spring.test.keyvault.PropertyConvertorUtils.*;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+public class KeyVaultCertificateIT {
+
+    private RestTemplate restTemplate;
+
+    private static AppRunner app;
+
+    @BeforeAll
+    public static void setEnvironmentProperty() {
+        PropertyConvertorUtils.putEnvironmentPropertyToSystemProperty(
+            Arrays.asList("CERTIFICATE_AZURE_KEYVAULT_URI",
+                "CERTIFICATE_AZURE_KEYVAULT_TENANT_ID",
+                "CERTIFICATE_AZURE_KEYVAULT_CLIENT_ID",
+                "CERTIFICATE_AZURE_KEYVAULT_CLIENT_SECRET")
+        );
+    }
+
+    public static KeyStore getAzureKeyVaultKeyStore() throws Exception {
+        KeyStore trustStore = KeyStore.getInstance("AzureKeyVault");
+        KeyVaultLoadStoreParameter parameter = new KeyVaultLoadStoreParameter(
+            System.getProperty("azure.keyvault.uri"),
+            System.getProperty("azure.keyvault.tenant-id"),
+            System.getProperty("azure.keyvault.client-id"),
+            System.getProperty("azure.keyvault.client-secret"));
+        trustStore.load(parameter);
+        return trustStore;
+    }
+
+    private void setRestTemplate(SSLContext sslContext) {
+        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext,
+            (hostname, session) -> true);
+        CloseableHttpClient httpClient = HttpClients.custom()
+            .setSSLSocketFactory(socketFactory)
+            .build();
+        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
+
+        restTemplate = new RestTemplate(requestFactory);
+    }
+
+    public void setRestTemplate() throws Exception {
+        KeyStore keyStore = getAzureKeyVaultKeyStore();
+        SSLContext sslContext = SSLContexts.custom()
+            .loadTrustMaterial(keyStore, null)
+            .build();
+        setRestTemplate(sslContext);
+    }
+
+    public void setMTLSRestTemplate() throws Exception {
+        KeyStore keyStore = getAzureKeyVaultKeyStore();
+        SSLContext sslContext = SSLContexts.custom()
+            .loadTrustMaterial(keyStore, null)
+            .loadKeyMaterial(keyStore, "".toCharArray(), new ClientPrivateKeyStrategy())
+            .build();
+        setRestTemplate(sslContext);
+    }
+
+    public void startAppRunner(Map<String, String> properties) {
+        app = new AppRunner(DummyApp.class);
+        properties.forEach(app::property);
+        app.start();
+    }
+
+    public Map<String, String> getDefaultMap() {
+        Map<String, String> properties = new HashMap<>();
+        properties.put("azure.keyvault.uri", AZURE_KEYVAULT_URI);
+        properties.put("azure.keyvault.client-id", SPRING_CLIENT_ID);
+        properties.put("azure.keyvault.client-secret", SPRING_CLIENT_SECRET);
+        properties.put("azure.keyvault.tenant-id", SPRING_TENANT_ID);
+        properties.put("server.ssl.key-alias", "myalias");
+        properties.put("server.ssl.key-store-type", "AzureKeyVault");
+        return properties;
+    }
+
+    /**
+     * Test the Spring Boot Health indicator integration.
+     */
+    @Test
+    public void testSpringBootWebApplication() throws Exception {
+        Map<String, String> properties = getDefaultMap();
+        startAppRunner(properties);
+
+        setRestTemplate();
+        sendRequest();
+    }
+
+    @AfterAll
+    public static void destroy() {
+        app.close();
+    }
+
+    /**
+     * Test the Spring Boot Health indicator integration.
+     */
+    @Test
+    public void testSpringBootMTLSWebApplication() throws Exception {
+
+        Map<String, String> properties = getDefaultMap();
+        properties.put("server.ssl.client-auth", "need");
+        properties.put("server.ssl.trust-store-type", "AzureKeyVault");
+
+        startAppRunner(properties);
+
+        setMTLSRestTemplate();
+        sendRequest();
+    }
+
+    public void sendRequest() {
+        final String response = restTemplate.getForObject(
+            "https://localhost:" + app.port() + "", String.class);
+        assertEquals(response, "Hello World");
+    }
+
+    private static class ClientPrivateKeyStrategy implements PrivateKeyStrategy {
+        @Override
+        public String chooseAlias(Map<String, PrivateKeyDetails> map, Socket socket) {
+            return "myalias"; // It should be your certificate alias used in client-side
+        }
+    }
+
+}

sdk/spring/azure-spring-boot-test-keyvault-certificate/src/test/java/com/azure/spring/test/keyvault/PropertyConvertorUtils.java

@@ -0,0 +1,29 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.spring.test.keyvault;
+
+import java.util.List;
+
+public class PropertyConvertorUtils {
+
+    public static final String CERTIFICATE_PREFIX = "certificate_";
+
+    public static final String AZURE_KEYVAULT_URI = System.getenv("CERTIFICATE_AZURE_KEYVAULT_URI");
+    public static final String SPRING_CLIENT_ID = System.getenv("CERTIFICATE_AZURE_KEYVAULT_CLIENT_ID");
+    public static final String SPRING_CLIENT_SECRET = System.getenv("CERTIFICATE_AZURE_KEYVAULT_CLIENT_SECRET");
+    public static final String SPRING_TENANT_ID = System.getenv("CERTIFICATE_AZURE_KEYVAULT_TENANT_ID");
+    public static void putEnvironmentPropertyToSystemProperty(List<String> key) {
+        key.forEach(
+            environmentPropertyKey -> {
+                String value = System.getenv(environmentPropertyKey);
+                String systemPropertyKey = environmentPropertyKey
+                    .toLowerCase()
+                    .replaceFirst(CERTIFICATE_PREFIX, "")
+                    .replaceFirst("azure_keyvault_", "azure.keyvault.")
+                    .replaceAll("_", "-");
+                System.getProperties().put(systemPropertyKey, value);
+            }
+        );
+    }
+}

sdk/spring/azure-spring-boot-test-keyvault-certificate/src/test/java/com/azure/spring/test/keyvault/app/DummyApp.java

@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.spring.test.keyvault.app;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@SpringBootApplication
+public class DummyApp {
+
+    @GetMapping("/")
+    public String helloWorld() {
+        return "Hello World";
+    }
+
+}