Address PR feedback

Author: Avery-Dunn

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java

@@ -101,12 +101,7 @@ private void initClientAuthentication(IClientCredential clientCredential) {
         } else if (clientCredential instanceof ClientCertificate) {
             this.clientCertAuthentication = true;
             this.clientCertificate = (ClientCertificate) clientCredential;
-            if (Authority.detectAuthorityType(this.authenticationAuthority.canonicalAuthorityUrl()) == AuthorityType.ADFS) {
-                //When this was added, ADFS did not support SHA256 hashes for client certificates
-                clientAuthentication = buildValidClientCertificateAuthority(true);
-            } else  {
-                clientAuthentication = buildValidClientCertificateAuthority(false);
-            }
+            clientAuthentication = buildValidClientCertificateAuthority();
         } else if (clientCredential instanceof ClientAssertion) {
             clientAuthentication = createClientAuthFromClientAssertion((ClientAssertion) clientCredential);
         } else {
@@ -120,19 +115,17 @@ protected ClientAuthentication clientAuthentication() {
             final Date currentDateTime = new Date(System.currentTimeMillis());
             final Date expirationTime = ((PrivateKeyJWT) clientAuthentication).getJWTAuthenticationClaimsSet().getExpirationTime();
             if (expirationTime.before(currentDateTime)) {
-                if (Authority.detectAuthorityType(this.authenticationAuthority.canonicalAuthorityUrl()) == AuthorityType.ADFS) {
-                    clientAuthentication = buildValidClientCertificateAuthority(true);
-                } else  {
-                    clientAuthentication = buildValidClientCertificateAuthority(false);
-                }
+                clientAuthentication = buildValidClientCertificateAuthority();
             }
         }
         return clientAuthentication;
     }
 
-    //The library originally used SHA-1 for thumbprints as other algorithms were not supported server-side,
-    //  and while support for SHA-256 has been added certain flows still only allow SHA-1
-    private ClientAuthentication buildValidClientCertificateAuthority(boolean useSha1) {
+    private ClientAuthentication buildValidClientCertificateAuthority() {
+        //The library originally used SHA-1 for thumbprints as other algorithms were not supported server-side.
+        //When this was written support for SHA-256 had been added, however ADFS scenarios still only allowed SHA-1.
+        boolean useSha1 = Authority.detectAuthorityType(this.authenticationAuthority.canonicalAuthorityUrl()) == AuthorityType.ADFS;
+
         ClientAssertion clientAssertion = JwtHelper.buildJwt(
                 clientId(),
                 clientCertificate,

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JwtHelper.java

@@ -58,10 +58,11 @@ static ClientAssertion buildJwt(String clientId, final ClientCertificate credent
 
             //SHA-256 is preferred, however certain flows still require SHA-1 due to what is supported server-side. If SHA-256
             // is not supported or the IClientCredential.publicCertificateHash256() method is not implemented, the library will default to SHA-1.
-            if (useSha1 || credential.publicCertificateHash256() == null) {
+            String hash256 = credential.publicCertificateHash256();
+            if (useSha1 || hash256 == null) {
                 builder.x509CertThumbprint(new Base64URL(credential.publicCertificateHash()));
             } else {
-                builder.x509CertSHA256Thumbprint(new Base64URL(credential.publicCertificateHash256()));
+                builder.x509CertSHA256Thumbprint(new Base64URL(hash256));
             }
 
             jwt = new SignedJWT(builder.build(), claimsSet);