Resolve merge conflicts

Author: Avery-Dunn

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityRequest.java

@@ -98,7 +98,7 @@ void addTokenRevocationParametersToQuery(ManagedIdentityParameters parameters) {
                 // Add client capabilities as a comma separated string for all the values in client capabilities
                 String clientCapabilities = String.join(",", managedIdentityApplication.getClientCapabilities());
 
-                queryParameters.put(Constants.CLIENT_CAPABILITY_REQUEST_PARAM, Collections.singletonList(clientCapabilities.toString()));
+                queryParameters.put(Constants.CLIENT_CAPABILITY_REQUEST_PARAM, clientCapabilities.toString());
             }
 
             // Pass the token revocation parameter if the claims are present and there is a token to revoke
@@ -107,7 +107,7 @@ void addTokenRevocationParametersToQuery(ManagedIdentityParameters parameters) {
                 if (queryParameters == null) {
                     queryParameters = new HashMap<>();
                 }
-                queryParameters.put(Constants.TOKEN_HASH_CLAIM, Collections.singletonList(parameters.revokedTokenHash()));
+                queryParameters.put(Constants.TOKEN_HASH_CLAIM, parameters.revokedTokenHash());
             }
         }
     }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/StringHelper.java

@@ -79,6 +79,7 @@ static String createSha256HashHexString(String stringToHash) {
 
     static boolean isNullOrBlank(final String str) {
         return str == null || str.trim().isEmpty();
+    }
 
     //Converts a map of parameters into a URL query string
     static String serializeQueryParameters(Map<String, String> params) {

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java

@@ -113,7 +113,7 @@ private void addJWTBearerAssertionParams(Map<String, String> queryParameters, St
     private AuthenticationResult createAuthenticationResultFromOauthHttpResponse(HttpResponse oauthHttpResponse) {
         AuthenticationResult result;
 
-        if (oauthHttpResponse.statusCode() == HttpHelper.HTTP_STATUS_200) {
+        if (oauthHttpResponse.statusCode() == HttpStatus.HTTP_OK) {
             final TokenResponse response = TokenResponse.parseHttpResponse(oauthHttpResponse);
 
             AccountCacheEntity accountCacheEntity = null;
@@ -160,7 +160,7 @@ private AuthenticationResult createAuthenticationResultFromOauthHttpResponse(Htt
 
         } else {
             // http codes indicating that STS did not log request
-            if (oauthHttpResponse.getStatusCode() == HttpStatus.HTTP_TOO_MANY_REQUESTS || oauthHttpResponse.getStatusCode() >= HttpStatus.HTTP_INTERNAL_ERROR) {
+            if (oauthHttpResponse.statusCode() == HttpStatus.HTTP_TOO_MANY_REQUESTS || oauthHttpResponse.statusCode() >= HttpStatus.HTTP_INTERNAL_ERROR) {
                 serviceBundle.getServerSideTelemetry().previousRequests.putAll(
                         serviceBundle.getServerSideTelemetry().previousRequestInProgress);
             }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenResponse.java

@@ -31,7 +31,7 @@ class TokenResponse {
 
     static TokenResponse parseHttpResponse(final HttpResponse httpResponse) {
 
-        if (httpResponse.statusCode() != HttpHelper.HTTP_STATUS_200) {
+        if (httpResponse.statusCode() != HttpStatus.HTTP_OK) {
             throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse);
         }
 

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java

@@ -4,20 +4,23 @@
 package com.microsoft.aad.msal4j;
 
 import com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT;
+import com.nimbusds.jwt.SignedJWT;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.*;
 
 import java.math.BigInteger;
 import java.security.*;
 import java.security.cert.CertificateException;
 import java.security.interfaces.RSAPrivateKey;
+import java.text.ParseException;
 import java.util.*;
 
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
@@ -70,12 +73,14 @@ void testIClientCertificateInterface_CredentialFactoryUsesSha256() throws Except
         HashMap<String, String> tokenResponseValues = new HashMap<>();
         tokenResponseValues.put("access_token", "accessTokenSha256");
 
-        when(httpClientMock.send(any(HttpRequest.class))).thenAnswer( parameters -> {
+        when(httpClientMock.send(any(HttpRequest.class))).thenAnswer(parameters -> {
             HttpRequest request = parameters.getArgument(0);
-            Set<String> headerParams = ((PrivateKeyJWT) cca.clientAuthentication()).getClientAssertion().getHeader().getIncludedParams();
-//TODO
-            if (request.body().contains(cca.assertion)
-                    && headerParams.contains("x5t#S256")) {
+            String requestBody = request.body();
+
+            SignedJWT signedJWT = SignedJWT.parse(cca.assertion);
+
+            if (requestBody.contains(cca.assertion)
+                    && signedJWT.getHeader().toJSONObject().containsKey("x5t#S256")) {
                 return TestHelper.expectedResponse(200, TestHelper.getSuccessfulTokenResponse(tokenResponseValues));
             }
             return null;

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java

@@ -3,7 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.nimbusds.oauth2.sdk.util.URLUtils;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Nested;
@@ -89,15 +88,15 @@ private HttpRequest expectedRequest(ManagedIdentitySourceType source, String res
         Map<String, String> queryParameters = new HashMap<>();
 
         // Add resource to query parameters (common for all sources)
-        queryParameters.put("resource", singletonList(resource));
+        queryParameters.put("resource", resource);
 
         // Handle claims and capabilities if supported
         if (Constants.TOKEN_REVOCATION_SUPPORTED_ENVIRONMENTS.contains(source)) {
             if (hasCapabilities) {
-                queryParameters.put(Constants.CLIENT_CAPABILITY_REQUEST_PARAM, singletonList("cp1"));
+                queryParameters.put(Constants.CLIENT_CAPABILITY_REQUEST_PARAM, "cp1");
             }
             if (hasClaims) {
-                queryParameters.put(Constants.TOKEN_HASH_CLAIM, singletonList(expectedTokenHash));
+                queryParameters.put(Constants.TOKEN_HASH_CLAIM, expectedTokenHash);
             }
         }
 
@@ -110,18 +109,18 @@ private HttpRequest expectedRequest(ManagedIdentitySourceType source, String res
         }
 
         if (!queryParameters.isEmpty()) {
-            endpoint = endpoint + "?" + URLUtils.serializeParameters(queryParameters);
+            endpoint = endpoint + "?" + StringHelper.serializeQueryParameters(queryParameters);
         }
 
         return new HttpRequest(HttpMethod.GET, endpoint, headers);
     }
 
     private String configureSourceSpecificParameters(ManagedIdentitySourceType source,
                                                      Map<String, String> headers,
-                                                     Map<String, List<String>> queryParameters) {
+                                                     Map<String, String> queryParameters) {
         switch (source) {
             case APP_SERVICE:
-                queryParameters.put("api-version", singletonList("2019-08-01"));
+                queryParameters.put("api-version", "2019-08-01");
                 headers.put("X-IDENTITY-HEADER", "secret");
                 return ManagedIdentityTestConstants.APP_SERVICE_ENDPOINT;
 
@@ -131,37 +130,37 @@ private String configureSourceSpecificParameters(ManagedIdentitySourceType sourc
                 return ManagedIdentityTestConstants.CLOUDSHELL_ENDPOINT;
 
             case AZURE_ARC:
-                queryParameters.put("api-version", singletonList("2019-11-01"));
+                queryParameters.put("api-version", "2019-11-01");
                 headers.put("Metadata", "true");
                 return ManagedIdentityTestConstants.AZURE_ARC_ENDPOINT;
 
             case SERVICE_FABRIC:
-                queryParameters.put("api-version", singletonList("2019-07-01-preview"));
+                queryParameters.put("api-version", "2019-07-01-preview");
                 headers.put("secret", "secret");
                 return ManagedIdentityTestConstants.SERVICE_FABRIC_ENDPOINT;
 
             case IMDS:
             case NONE:
             case DEFAULT_TO_IMDS:
             default:
-                queryParameters.put("api-version", singletonList("2018-02-01"));
+                queryParameters.put("api-version", "2018-02-01");
                 headers.put("Metadata", "true");
                 return ManagedIdentityTestConstants.IMDS_ENDPOINT;
         }
     }
 
-    private void configureIdentitySpecificParameters(ManagedIdentityId id, Map<String, List<String>> queryParameters) {
+    private void configureIdentitySpecificParameters(ManagedIdentityId id, Map<String, String> queryParameters) {
         switch (id.getIdType()) {
             case SYSTEM_ASSIGNED:
                 break;
             case CLIENT_ID:
-                queryParameters.put("client_id", singletonList(id.getUserAssignedId()));
+                queryParameters.put("client_id", id.getUserAssignedId());
                 break;
             case RESOURCE_ID:
                 if (ManagedIdentityClient.getManagedIdentitySource() == ManagedIdentitySourceType.IMDS) {
-                    queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID_IMDS, Collections.singletonList(id.getUserAssignedId()));
+                    queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID_IMDS, id.getUserAssignedId());
                 } else {
-                    queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID, Collections.singletonList(id.getUserAssignedId()));
+                    queryParameters.put(Constants.MANAGED_IDENTITY_RESOURCE_ID, id.getUserAssignedId());
                 }
                 break;
             case OBJECT_ID:
@@ -359,8 +358,6 @@ void managedIdentityTest_WithClaims(ManagedIdentitySourceType source, String end
 
             when(httpClientMock.send(any())).thenReturn(expectedResponse(HttpStatus.HTTP_OK, getSuccessfulResponse(ManagedIdentityTestConstants.RESOURCE)));
 
-            String claimsJson = "{\"default\":\"claim\"}";
-
             // First call, get the token from the identity provider.
             IAuthenticationResult result = acquireTokenCommon(ManagedIdentityTestConstants.RESOURCE).get();
 
@@ -378,7 +375,7 @@ void managedIdentityTest_WithClaims(ManagedIdentitySourceType source, String end
             // Third call, when claims are passed bypass the cache.
             result = miApp.acquireTokenForManagedIdentity(
                     ManagedIdentityParameters.builder(ManagedIdentityTestConstants.RESOURCE)
-                            .claims(claimsJson)
+                            .claims(TestConfiguration.CLAIMS_REQUEST)
                             .build()).get();
 
             assertTokenFromIdentityProvider(result);
@@ -430,7 +427,6 @@ void managedIdentity_ClaimsAndCapabilities(ManagedIdentitySourceType source, Str
                     .httpClient(httpClientMock)
                     .build();
 
-            String claimsJson = "{\"default\":\"claim\"}";
             // First call, get the token from the identity provider.
             IAuthenticationResult result = acquireTokenCommon(ManagedIdentityTestConstants.RESOURCE).get();
 
@@ -448,7 +444,7 @@ void managedIdentity_ClaimsAndCapabilities(ManagedIdentitySourceType source, Str
             // Third call, when claims are passed bypass the cache.
             result = miApp.acquireTokenForManagedIdentity(
                     ManagedIdentityParameters.builder(ManagedIdentityTestConstants.RESOURCE)
-                            .claims(claimsJson)
+                            .claims(TestConfiguration.CLAIMS_REQUEST)
                             .build()).get();
 
             assertTokenFromIdentityProvider(result);
@@ -770,7 +766,7 @@ void managedIdentity_RequestFailed_NoPayload(ManagedIdentitySourceType source, S
 
             when(httpClientMock.send(expectedRequest(source, ManagedIdentityTestConstants.RESOURCE))).thenReturn(expectedResponse(500, ""));
 
-            assertMsalServiceException(acquireTokenCommon(ManagedIdentityTestConstants.RESOURCE), source, MsalError.MANAGED_IDENTITY_RESPONSE_PARSE_FAILURE);
+            assertMsalServiceException(acquireTokenCommon(ManagedIdentityTestConstants.RESOURCE), source, MsalError.MANAGED_IDENTITY_REQUEST_FAILED);
         }
 
         @ParameterizedTest

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java

@@ -92,7 +92,7 @@ private PublicClientApplication getClientApplicationMockedWithOneTokenEndpointRe
 
         switch (responseType) {
             case RETRY_AFTER_HEADER:
-                httpResponse.statusCode(HttpHelper.HTTP_STATUS_200);
+                httpResponse.statusCode(HttpStatus.HTTP_OK);
                 httpResponse.body(TestConfiguration.TOKEN_ENDPOINT_OK_RESPONSE_ID_AND_ACCESS);
 
                 headers.put("Retry-After", Arrays.asList(THROTTLE_IN_SEC.toString()));

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java

@@ -42,7 +42,7 @@ void executeOAuthRequest_SCBadRequestErrorInvalidGrant_InteractionRequiredExcept
         OAuthHttpRequest msalOAuthHttpRequest = mock(OAuthHttpRequest.class);
 
         HttpResponse httpResponse = new HttpResponse();
-        httpResponse.statusCode(HttpHelper.HTTP_STATUS_400);
+        httpResponse.statusCode(HttpStatus.HTTP_BAD_REQUEST);
 
         String claims = "{\\\"access_token\\\":{\\\"polids\\\":{\\\"essential\\\":true,\\\"values\\\":[\\\"5ce770ea-8690-4747-aa73-c5b3cd509cd4\\\"]}}}";
 
@@ -79,7 +79,7 @@ void executeOAuthRequest_SCBadRequestErrorInvalidGrant_SubErrorFilteredServiceEx
         OAuthHttpRequest msalOAuthHttpRequest = mock(OAuthHttpRequest.class);
 
         HttpResponse httpResponse = new HttpResponse();
-        httpResponse.statusCode(HttpHelper.HTTP_STATUS_400);
+        httpResponse.statusCode(HttpStatus.HTTP_BAD_REQUEST);
 
         String claims = "{\\\"access_token\\\":{\\\"polids\\\":{\\\"essential\\\":true,\\\"values\\\":[\\\"5ce770ea-8690-4747-aa73-c5b3cd509cd4\\\"]}}}";
 
@@ -233,9 +233,7 @@ void testExecuteOAuth_Success() throws MsalException, IOException, URISyntaxExce
         doReturn(httpResponse).when(msalOAuthHttpRequest).send();
         doReturn(JsonHelper.convertJsonToMap(TestConfiguration.TOKEN_ENDPOINT_OK_RESPONSE_ID_AND_ACCESS)).when(httpResponse).getBodyAsMap();
 
-        httpResponse.ensureStatusCode(HttpStatus.HTTP_OK);
-
-        doReturn(HttpStatus.HTTP_OK).when(httpResponse).getStatusCode();
+        doReturn(HttpStatus.HTTP_OK).when(httpResponse).statusCode();
 
         final AuthenticationResult result = request.executeTokenRequest();
 

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java

@@ -83,10 +83,10 @@ private PublicClientApplication getApp_MockedWith_OKTokenEndpointResponse_Invali
             throws Exception {
         IHttpClient httpClientMock = mock(IHttpClient.class);
 
-        HttpResponse httpResponse = getHttpResponse(HttpHelper.HTTP_STATUS_200, TestConfiguration.TOKEN_ENDPOINT_OK_RESPONSE_ID_AND_ACCESS);
+        HttpResponse httpResponse = getHttpResponse(HttpStatus.HTTP_OK, TestConfiguration.TOKEN_ENDPOINT_OK_RESPONSE_ID_AND_ACCESS);
         lenient().doReturn(httpResponse).when(httpClientMock).send(any());
 
-        httpResponse = getHttpResponse(HttpHelper.HTTP_STATUS_401, TestConfiguration.TOKEN_ENDPOINT_INVALID_GRANT_ERROR_RESPONSE);
+        httpResponse = getHttpResponse(HttpStatus.HTTP_UNAUTHORIZED, TestConfiguration.TOKEN_ENDPOINT_INVALID_GRANT_ERROR_RESPONSE);
         lenient().doReturn(httpResponse).when(httpClientMock).send(any());
 
         PublicClientApplication app = getPublicClientApp(httpClientMock);