Merge pull request #119 from AzureAD/sagonzal/cleanUpPublicApi

Make Account internal. Add ClientCrendential interfaces

Author: sangonzal

src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java

@@ -18,14 +18,13 @@
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 
-import static com.microsoft.aad.msal4j.TestConstants.GRAPH_DEFAULT_SCOPE;
 import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE;
 
 @Test
 public class ClientCredentialsIT {
 
     @Test
-    public void acquireTokenClientCredentials_AsymmetricKeyCredential() throws Exception{
+    public void acquireTokenClientCredentials_ClientCertificate() throws Exception{
         String clientId = "55e7e5af-ca53-482d-9aa3-5cb1cc8eecb5";
         IClientCredential credential = getCertificateFromKeyStore();
         assertAcquireTokenCommon(clientId, credential);
@@ -48,7 +47,7 @@ public void acquireTokenClientCredentials_ClientAssertion() throws Exception{
 
         ClientAssertion clientAssertion = JwtHelper.buildJwt(
                 clientId,
-                (AsymmetricKeyCredential) certificateFromKeyStore,
+                (ClientCertificate) certificateFromKeyStore,
                 "https://login.microsoftonline.com/common/oauth2/v2.0/token");
 
 
@@ -73,7 +72,6 @@ private void assertAcquireTokenCommon(String clientId, IClientCredential credent
         Assert.assertNotNull(result.accessToken());
     }
 
-
     private IClientCredential getCertificateFromKeyStore() throws
             NoSuchProviderException, KeyStoreException, IOException, NoSuchAlgorithmException,
             CertificateException, UnrecoverableKeyException {

src/main/java/com/microsoft/aad/msal4j/Account.java

@@ -16,7 +16,7 @@
 @Getter
 @Setter
 @AllArgsConstructor
-public class Account implements IAccount {
+class Account implements IAccount {
 
     String homeAccountId;
 

src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java

@@ -8,24 +8,14 @@
 import lombok.Getter;
 import lombok.experimental.Accessors;
 
-/**
- * Credential type containing an assertion of type
- * "urn:ietf:params:oauth:token-type:jwt".
- */
 @Accessors(fluent = true)
 @Getter
 @EqualsAndHashCode
-public final class ClientAssertion implements IClientCredential{
+final class ClientAssertion implements IClientAssertion {
 
-    public static final String assertionType = JWTAuthentication.CLIENT_ASSERTION_TYPE;
+    static final String assertionType = JWTAuthentication.CLIENT_ASSERTION_TYPE;
     private final String assertion;
 
-    /**
-     * Constructor to create credential with a jwt token encoded as a base64 url
-     * encoded string.
-     *
-     * @param assertion The jwt used as credential.
-     */
     ClientAssertion(final String assertion) {
         if (StringHelper.isBlank(assertion)) {
             throw new NullPointerException("assertion");

src/main/java/com/microsoft/aad/msal4j/AsymmetricKeyCredential.java renamed to src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java

@@ -24,34 +24,17 @@
 import lombok.experimental.Accessors;
 import org.apache.commons.codec.binary.Base64;
 
-/**
- * Credential type containing X509 public certificate and RSA private key.
- */
-public final class AsymmetricKeyCredential implements IClientCredential{
+final class ClientCertificate implements IClientCertificate {
 
     private final static int MIN_KEY_SIZE_IN_BITS = 2048;
 
-    /**
-     * Returns private key of the credential.
-     *
-     * @return private key.
-     */
     @Accessors(fluent = true)
     @Getter
     private final PrivateKey key;
 
     private final X509Certificate publicCertificate;
 
-    /**
-     * Constructor to create credential with client id, private key and public
-     * certificate.
-     *
-     * @param key
-     *            RSA private key to sign the assertion.
-     * @param publicCertificate
-     *            Public certificate used for thumb print.
-     */
-    private AsymmetricKeyCredential(final PrivateKey key, final X509Certificate publicCertificate) {
+    private ClientCertificate(final PrivateKey key, final X509Certificate publicCertificate) {
         if (key == null) {
             throw new NullPointerException("PrivateKey is null or empty");
         }
@@ -86,46 +69,17 @@ else if("sun.security.mscapi.RSAPrivateKey".equals(key.getClass().getName())){
         this.publicCertificate = publicCertificate;
     }
 
-    /**
-     * Base64 encoded hash of the the public certificate.
-     *
-     * @return base64 encoded string
-     * @throws CertificateEncodingException if an encoding error occurs
-     * @throws NoSuchAlgorithmException if requested algorithm is not available in the environment
-     */
     public String publicCertificateHash()
             throws CertificateEncodingException, NoSuchAlgorithmException {
-        return Base64.encodeBase64String(AsymmetricKeyCredential
+        return Base64.encodeBase64String(ClientCertificate
                 .getHash(this.publicCertificate.getEncoded()));
     }
 
-    /**
-     * Base64 encoded public certificate.
-     *
-     * @return base64 encoded string
-     * @throws CertificateEncodingException if an encoding error occurs
-     */
     public String publicCertificate() throws CertificateEncodingException {
         return Base64.encodeBase64String(this.publicCertificate.getEncoded());
     }
 
-    /**
-     * Static method to create KeyCredential instance.
-     *
-     * @param pkcs12Certificate
-     *            PKCS12 certificate stream containing public and private key.
-     *            Caller is responsible for handling the input stream.
-     * @param password
-     *            certificate password
-     * @return KeyCredential instance
-     * @throws KeyStoreException {@link KeyStoreException}
-     * @throws NoSuchProviderException {@link NoSuchProviderException}
-     * @throws NoSuchAlgorithmException {@link NoSuchAlgorithmException}
-     * @throws CertificateException {@link CertificateException}
-     * @throws IOException {@link IOException}
-     * @throws UnrecoverableKeyException {@link UnrecoverableKeyException}
-     */
-    static AsymmetricKeyCredential create(final InputStream pkcs12Certificate, final String password)
+    static ClientCertificate create(final InputStream pkcs12Certificate, final String password)
             throws KeyStoreException, NoSuchProviderException,
             NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
         final KeyStore keystore = KeyStore.getInstance("PKCS12", "SunJSSE");
@@ -139,17 +93,8 @@ static AsymmetricKeyCredential create(final InputStream pkcs12Certificate, final
         return create(key, publicCertificate);
     }
 
-    /**
-     * Static method to create KeyCredential instance.
-     *
-     * @param key
-     *            RSA private key to sign the assertion.
-     * @param publicCertificate
-     *            Public certificate used for thumb print.
-     * @return KeyCredential instance
-     */
-    static AsymmetricKeyCredential create(final PrivateKey key, final X509Certificate publicCertificate) {
-        return new AsymmetricKeyCredential(key, publicCertificate);
+    static ClientCertificate create(final PrivateKey key, final X509Certificate publicCertificate) {
+        return new ClientCertificate(key, publicCertificate);
     }
 
     private static byte[] getHash(final byte[] inputBytes) throws NoSuchAlgorithmException {

src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java

@@ -19,44 +19,44 @@ public class ClientCredentialFactory {
      * @param secret secret of application requesting a token
      * @return {@link ClientSecret}
      */
-    public static IClientCredential createFromSecret(String secret){
+    public static IClientSecret createFromSecret(String secret){
         return new ClientSecret(secret);
     }
 
     /**
-     * Static method to create a {@link AsymmetricKeyCredential} instance from a certificate
+     * Static method to create a {@link ClientCertificate} instance from a certificate
      * @param pkcs12Certificate InputStream containing PCKS12 formatted certificate
      * @param password certificate password
-     * @return {@link AsymmetricKeyCredential}
+     * @return {@link ClientCertificate}
      * @throws CertificateException
      * @throws UnrecoverableKeyException
      * @throws NoSuchAlgorithmException
      * @throws KeyStoreException
      * @throws NoSuchProviderException
      * @throws IOException
      */
-    public static IClientCredential createFromCertificate(final InputStream pkcs12Certificate, final String password)
+    public static IClientCertificate createFromCertificate(final InputStream pkcs12Certificate, final String password)
             throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException,
             KeyStoreException, NoSuchProviderException, IOException {
-        return AsymmetricKeyCredential.create(pkcs12Certificate, password);
+        return ClientCertificate.create(pkcs12Certificate, password);
     }
 
     /**
-     * Static method to create a {@link AsymmetricKeyCredential} instance.
+     * Static method to create a {@link ClientCertificate} instance.
      * @param key  RSA private key to sign the assertion.
      * @param publicCertificate x509 public certificate used for thumbprint
-     * @return {@link AsymmetricKeyCredential}
+     * @return {@link ClientCertificate}
      */
-    public static IClientCredential createFromCertificate(final PrivateKey key, final X509Certificate publicCertificate) {
-        return AsymmetricKeyCredential.create(key, publicCertificate);
+    public static IClientCertificate createFromCertificate(final PrivateKey key, final X509Certificate publicCertificate) {
+        return ClientCertificate.create(key, publicCertificate);
     }
 
     /**
      * Static method to create a {@link ClientAssertion} instance.
      * @param clientAssertion Jwt token encoded as a base64 URL encoded string
      * @return {@link ClientAssertion}
      */
-    public static IClientCredential createFromClientAssertion(String clientAssertion){
+    public static IClientAssertion createFromClientAssertion(String clientAssertion){
         return new ClientAssertion(clientAssertion);
     }
 }

src/main/java/com/microsoft/aad/msal4j/ClientSecret.java

@@ -7,13 +7,8 @@
 import lombok.Getter;
 import lombok.experimental.Accessors;
 
-
-/**
- * Representation of client credential containing a secret in string format
- */
 @EqualsAndHashCode
-public final class ClientSecret implements IClientCredential {
-
+final class ClientSecret implements IClientSecret {
 
     @Accessors(fluent = true)
     @Getter

src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java

@@ -67,10 +67,10 @@ private void initClientAuthentication(IClientCredential clientCredential) {
             clientAuthentication = new ClientSecretPost(
                     new ClientID(clientId()),
                     new Secret(((ClientSecret) clientCredential).clientSecret()));
-        } else if (clientCredential instanceof AsymmetricKeyCredential) {
+        } else if (clientCredential instanceof ClientCertificate) {
             ClientAssertion clientAssertion = JwtHelper.buildJwt(
                     clientId(),
-                    (AsymmetricKeyCredential) clientCredential,
+                    (ClientCertificate) clientCredential,
                     this.authenticationAuthority.selfSignedJwtAudience());
 
             clientAuthentication = createClientAuthFromClientAssertion(clientAssertion);

src/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java

@@ -13,7 +13,7 @@
 /**
  * Interface representing an application for which tokens can be acquired.
  */
-public interface IClientApplicationBase {
+interface IClientApplicationBase {
 
     String DEFAULT_AUTHORITY = "https://login.microsoftonline.com/common/";
 

src/main/java/com/microsoft/aad/msal4j/IClientAssertion.java

@@ -0,0 +1,16 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+/**
+ * Credential type containing an assertion of type
+ * "urn:ietf:params:oauth:token-type:jwt".
+ */
+public interface IClientAssertion extends IClientCredential{
+
+    /**
+     * @return Jwt token encoded as a base64 URL encoded string
+     */
+    String assertion();
+}

src/main/java/com/microsoft/aad/msal4j/IClientCertificate.java

@@ -0,0 +1,38 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.cert.CertificateEncodingException;
+
+/**
+ * Credential type containing X509 public certificate and RSA private key.
+ */
+public interface IClientCertificate extends IClientCredential{
+
+    /**
+     * Returns private key of the credential.
+     *
+     * @return private key.
+     */
+    PrivateKey key();
+
+    /**
+     * Base64 encoded hash of the the public certificate.
+     *
+     * @return base64 encoded string
+     * @throws CertificateEncodingException if an encoding error occurs
+     * @throws NoSuchAlgorithmException if requested algorithm is not available in the environment
+     */
+    String publicCertificateHash() throws CertificateEncodingException, NoSuchAlgorithmException;
+
+    /**
+     * Base64 encoded public certificate.
+     *
+     * @return base64 encoded string
+     * @throws CertificateEncodingException if an encoding error occurs
+     */
+    String publicCertificate() throws CertificateEncodingException;
+}