Clientcore keycredpolicy https (Azure#45184)

* Add HTTPS check to KeyCredentialPolicy, fix exception type for OAuthBearerTokenAuthenticationPolicy.

* add test for HTTPS check

* fixup docs to include @throws

* spotless

* fix test, add exclusion

* remove extra method since it didn't help my doc situation anyway.

* remove unused imports

Author: billwert

sdk/clientcore/core/spotbugs-exclude.xml

@@ -19,6 +19,7 @@
       <Class name="io.clientcore.core.http.models.HttpRequest" />
       <Class name="io.clientcore.core.http.pipeline.HttpPipelineBuilder" />
       <Class name="io.clientcore.core.http.pipeline.HttpRetryPolicy" />
+      <Class name="io.clientcore.core.http.pipeline.KeyCredentialPolicy" />
       <Class name="io.clientcore.core.http.pipeline.OAuthBearerTokenAuthenticationPolicy" />
       <Class name="io.clientcore.core.implementation.GenericParameterizedType" />
       <Class name="io.clientcore.core.implementation.ReflectionUtilsMethodHandle" />

sdk/clientcore/core/src/main/java/io/clientcore/core/http/pipeline/KeyCredentialPolicy.java

@@ -74,8 +74,16 @@ private static HttpHeaderName validateName(String name) {
         this.prefix = prefix != null ? prefix.trim() : null;
     }
 
+    /**
+     * {@inheritDoc}
+     * @throws IllegalStateException If the request is not using {@code HTTPS}.
+     */
     @Override
     public Response<BinaryData> process(HttpRequest httpRequest, HttpPipelineNextPolicy next) {
+        if (!"https".equals(httpRequest.getUri().getScheme())) {
+            throw LOGGER.logThrowableAsError(
+                new IllegalStateException("Key credentials require HTTPS to prevent leaking the key."));
+        }
         setCredential(httpRequest.getHeaders());
         return next.process();
     }

sdk/clientcore/core/src/main/java/io/clientcore/core/http/pipeline/OAuthBearerTokenAuthenticationPolicy.java

@@ -64,11 +64,15 @@ public void authorizeRequest(HttpRequest httpRequest, OAuthTokenRequestContext c
         httpRequest.getHeaders().set(HttpHeaderName.AUTHORIZATION, BEARER + " " + token.getToken());
     }
 
+    /**
+     * {@inheritDoc}
+     * @throws IllegalStateException If the request is not using {@code HTTPS}.
+     */
     @Override
     public Response<BinaryData> process(HttpRequest httpRequest, HttpPipelineNextPolicy next) {
         if (!"https".equals(httpRequest.getUri().getScheme())) {
             throw LOGGER.logThrowableAsError(
-                new RuntimeException("Token credentials require a URL using the HTTPS protocol scheme"));
+                new IllegalStateException("Token credentials require a URL using the HTTPS protocol scheme"));
         }
 
         HttpPipelineNextPolicy nextPolicy = next.copy();

sdk/clientcore/core/src/test/java/io/clientcore/core/http/pipeline/KeyCredentialPolicyTests.java

@@ -4,15 +4,21 @@
 package io.clientcore.core.http.pipeline;
 
 import io.clientcore.core.credentials.KeyCredential;
+import io.clientcore.core.http.client.HttpClient;
 import io.clientcore.core.http.models.HttpHeaderName;
 import io.clientcore.core.http.models.HttpHeaders;
+import io.clientcore.core.http.models.HttpMethod;
+import io.clientcore.core.http.models.HttpRequest;
+import io.clientcore.core.http.models.Response;
+import io.clientcore.core.models.binarydata.BinaryData;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 
 import java.util.stream.Stream;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.fail;
 
 public class KeyCredentialPolicyTests {
     @ParameterizedTest
@@ -25,6 +31,28 @@ public void setCredential(KeyCredentialPolicy policy, String expectedHeader) {
         assertEquals(expectedHeader, headers.getValue(HttpHeaderName.AUTHORIZATION));
     }
 
+    @ParameterizedTest
+    @MethodSource("validateSchemesSupplier")
+    public void validateSchemes(String url, boolean shouldPass) {
+        KeyCredential credential = new KeyCredential("fakeKeyPlaceholder");
+        KeyCredentialPolicy policy = new KeyCredentialPolicy(HttpHeaderName.AUTHORIZATION.toString(), credential, null);
+        HttpPipelinePolicy mockReturnPolicy = (HttpRequest request,
+            HttpPipelineNextPolicy next) -> new Response<>(request, 200, null, BinaryData.empty());
+        HttpClient client = (request) -> {
+            return new Response<>(request, 200, null, BinaryData.empty());
+        };
+        HttpPipeline pipeline
+            = new HttpPipelineBuilder().addPolicy(policy).addPolicy(mockReturnPolicy).httpClient(client).build();
+        HttpRequest request = new HttpRequest().setMethod(HttpMethod.GET).setUri(url);
+        try {
+            pipeline.send(request);
+        } catch (IllegalStateException e) {
+            if (shouldPass) {
+                fail("Expected request to pass but it failed with: " + e.getMessage());
+            }
+        }
+    }
+
     private static Stream<Arguments> setCredentialSupplier() {
         String fakeKey = "fakeKeyPlaceholder";
         KeyCredential credential = new KeyCredential(fakeKey);
@@ -36,4 +64,8 @@ private static Stream<Arguments> setCredentialSupplier() {
             Arguments.of(new KeyCredentialPolicy(HttpHeaderName.AUTHORIZATION.toString(), credential, "Bearer "),
                 "Bearer " + fakeKey));
     }
+
+    private static Stream<Arguments> validateSchemesSupplier() {
+        return Stream.of(Arguments.of("http://localhost", false), Arguments.of("https://localhost", true));
+    }
 }