- add withCert to entraID provider

- add EntraIDTokenAuthConfig
- add test context and endpoint config

Author: atakavci

core/src/main/java/redis/clients/authentication/core/TokenAuthConfig.java

@@ -27,7 +27,7 @@ public static class Builder {
         private IdentityProviderConfig identityProviderConfig;
         private int lowerRefreshBoundMillis;
         private float expirationRefreshRatio;
-        private int tokenRequestExecutionTimeoutInMs;
+        private int tokenRequestExecTimeoutInMs;
         private int maxAttemptsToRetry;
         private int delayInMsToRetry;
 
@@ -41,8 +41,8 @@ public Builder lowerRefreshBoundMillis(int lowerRefreshBoundMillis) {
             return this;
         }
 
-        public Builder tokenRequestExecutionTimeoutInMs(int tokenRequestExecutionTimeoutInMs) {
-            this.tokenRequestExecutionTimeoutInMs = tokenRequestExecutionTimeoutInMs;
+        public Builder tokenRequestExecTimeoutInMs(int tokenRequestExecTimeoutInMs) {
+            this.tokenRequestExecTimeoutInMs = tokenRequestExecTimeoutInMs;
             return this;
         }
 
@@ -63,7 +63,7 @@ public Builder identityProviderConfig(IdentityProviderConfig identityProviderCon
 
         public TokenAuthConfig build() {
             return new TokenAuthConfig(new TokenManagerConfig(expirationRefreshRatio,
-                    lowerRefreshBoundMillis, tokenRequestExecutionTimeoutInMs,
+                    lowerRefreshBoundMillis, tokenRequestExecTimeoutInMs,
                     new TokenManagerConfig.RetryPolicy(maxAttemptsToRetry, delayInMsToRetry)),
                     identityProviderConfig);
         }

core/src/main/java/redis/clients/authentication/core/TokenManager.java

@@ -9,6 +9,9 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 public class TokenManager {
 
     private TokenManagerConfig tokenManagerConfig;
@@ -19,6 +22,8 @@ public class TokenManager {
     private boolean stopped = false;
     private ScheduledFuture<?> scheduledTask;
     private int numberOfRetries = 0;
+    private Exception lastException;
+    private Logger logger = LoggerFactory.getLogger(getClass());
 
     public TokenManager(IdentityProvider identityProvider, TokenManagerConfig tokenManagerConfig) {
         this.identityProvider = identityProvider;
@@ -59,9 +64,9 @@ protected Token renewToken() {
         }
         Token newToken = null;
         try {
-            Future<Token> requestResult = executor.submit(() -> identityProvider.requestToken());
-            newToken = requestResult.get(tokenManagerConfig.getTokenRequestExecutionTimeoutInMs(),
-                TimeUnit.MILLISECONDS);
+            Future<Token> requestResult = executor.submit(() -> requestToken());
+            newToken = requestResult.get(tokenManagerConfig.getTokenRequestExecTimeoutInMs(),
+                    TimeUnit.MILLISECONDS);
             long delay = calculateRenewalDelay(newToken.getExpiresAt(), newToken.getReceivedAt());
             scheduledTask = scheduleNext(delay);
             listener.onTokenRenewed(newToken);
@@ -71,13 +76,25 @@ protected Token renewToken() {
                 numberOfRetries++;
                 scheduledTask = scheduleNext(tokenManagerConfig.getRetryPolicy().getdelayInMs());
             } else {
-                listener.onError(e);
-                throw new AuthXException("Token request/renewal failed!", e);
+                TokenRequestException tre = new TokenRequestException(e, lastException);
+                listener.onError(tre);
+                throw tre;
             }
         }
         return null;
     }
 
+    protected Token requestToken() {
+        lastException = null;
+        try {
+            return identityProvider.requestToken();
+        } catch (Exception e) {
+            lastException = e;
+            logger.error("Request to identity provider failed with message: " + e.getMessage(), e);
+            throw e;
+        }
+    }
+
     public long calculateRenewalDelay(long expireDate, long issueDate) {
         long ttlLowerRefresh = ttlForLowerRefresh(expireDate);
         long ttlRatioRefresh = ttlForRatioRefresh(expireDate, issueDate);

core/src/main/java/redis/clients/authentication/core/TokenManagerConfig.java

@@ -7,7 +7,7 @@ public class TokenManagerConfig {
 
     private final float expirationRefreshRatio;
     private final int lowerRefreshBoundMillis;
-    private final int tokenRequestExecutionTimeoutInMs;
+    private final int tokenRequestExecTimeoutInMs;
     private final RetryPolicy retryPolicy;
 
     public static class RetryPolicy {
@@ -30,10 +30,10 @@ public int getdelayInMs() {
     }
 
     public TokenManagerConfig(float expirationRefreshRatio, int lowerRefreshBoundMillis,
-            int tokenRequestExecutionTimeoutInMs, RetryPolicy retryPolicy) {
+            int tokenRequestExecTimeoutInMs, RetryPolicy retryPolicy) {
         this.expirationRefreshRatio = expirationRefreshRatio;
         this.lowerRefreshBoundMillis = lowerRefreshBoundMillis;
-        this.tokenRequestExecutionTimeoutInMs = tokenRequestExecutionTimeoutInMs;
+        this.tokenRequestExecTimeoutInMs = tokenRequestExecTimeoutInMs;
         this.retryPolicy = retryPolicy;
     }
 
@@ -59,8 +59,8 @@ public int getLowerRefreshBoundMillis() {
     /**
      * Represents the maximum time in milliseconds to wait for a token request to complete.
      */
-    public int getTokenRequestExecutionTimeoutInMs() {
-        return tokenRequestExecutionTimeoutInMs;
+    public int getTokenRequestExecTimeoutInMs() {
+        return tokenRequestExecTimeoutInMs;
     }
 
     /**

core/src/main/java/redis/clients/authentication/core/TokenRequestException.java

@@ -0,0 +1,24 @@
+package redis.clients.authentication.core;
+
+public class TokenRequestException extends AuthXException {
+
+    private static final String msg = "Token request/renewal failed!";
+    private final Exception identityProviderFailedWith;
+
+    public TokenRequestException(Throwable cause, Exception identityProviderFailedWith) {
+        super(getMessage(identityProviderFailedWith), cause);
+        this.identityProviderFailedWith = identityProviderFailedWith;
+    }
+
+    public Exception getIdentityProviderFailedWith() {
+        return identityProviderFailedWith;
+    }
+
+    private static String getMessage(Exception identityProviderFailedWith) {
+        if (identityProviderFailedWith == null) {
+            return msg;
+        }
+        return msg + " Identity provider failed with: " + identityProviderFailedWith.getMessage();
+    }
+
+}

entraid/pom.xml

@@ -51,6 +51,7 @@
 	</properties>
 
   <dependencies>
+  	
 	<dependency>
 		<groupId>com.auth0</groupId>
 		<artifactId>java-jwt</artifactId>
@@ -66,6 +67,12 @@
 		<artifactId>msal4j</artifactId>
 		<version>1.17.2</version>
 	</dependency>
+	<dependency>
+		<groupId>redis.clients</groupId>
+		<artifactId>jedis</artifactId>
+		<version>5.3.0-SNAPSHOT</version>
+		<scope>test</scope>
+	</dependency>
    <dependency>
 		<groupId>junit</groupId>
 		<artifactId>junit</artifactId>

entraid/src/main/java/redis/clients/authentication/entraid/EntraIDIdentityProvider.java

@@ -1,6 +1,8 @@
 package redis.clients.authentication.entraid;
 
 import java.net.MalformedURLException;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
@@ -21,14 +23,19 @@ public final class EntraIDIdentityProvider implements IdentityProvider {
 
     public EntraIDIdentityProvider(String clientId, String authority, String secret,
             Set<String> scopes) {
-        init(clientId, authority, secret, scopes);
+        IClientCredential credential = ClientCredentialFactory.createFromSecret(secret);
+        init(clientId, authority, credential, scopes);
     }
 
-    protected void init(String clientId, String authority, String secret, Set<String> scopes) {
-        IClientCredential credential = ClientCredentialFactory.createFromSecret(secret);
+    public EntraIDIdentityProvider(String clientId, String authority, PrivateKey key, X509Certificate cert,
+            Set<String> scopes) {
+        IClientCredential credential = ClientCredentialFactory.createFromCertificate(key, cert);
+        init(clientId, authority, credential, scopes);
+    }
+
+    protected void init(String clientId, String authority, IClientCredential credential, Set<String> scopes) {
         try {
-            app = ConfidentialClientApplication.builder(clientId, credential).authority(authority)
-                    .build();
+            app = ConfidentialClientApplication.builder(clientId, credential).authority(authority).build();
         } catch (MalformedURLException e) {
             throw new RedisEntraIDException("Failed to init EntraID client!", e);
         }

entraid/src/main/java/redis/clients/authentication/entraid/EntraIDIdentityProviderConfig.java

@@ -1,71 +1,60 @@
 package redis.clients.authentication.entraid;
 
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
 import java.util.Set;
+
 import redis.clients.authentication.core.IdentityProvider;
 import redis.clients.authentication.core.IdentityProviderConfig;
 
 public final class EntraIDIdentityProviderConfig implements IdentityProviderConfig, AutoCloseable {
 
+    public enum EntraIDAccess {
+        WithSecret,
+        WithCert,
+    }
+
     private String clientId;
-    private String credential;
+    private EntraIDAccess accessWith;
+    private String secret;
+    private PrivateKey key;
+    private X509Certificate cert;
     private String authority;
     private Set<String> scopes;
 
-    public EntraIDIdentityProviderConfig() {
+    public EntraIDIdentityProviderConfig(String clientId,
+            EntraIDAccess accessWith,
+            String secret,
+            PrivateKey key,
+            X509Certificate cert,
+            String authority, Set<String> scopes) {
+        this.clientId = clientId;
+        this.accessWith = accessWith;
+        this.secret = secret;
+        this.key = key;
+        this.cert = cert;
+        this.authority = authority;
+        this.scopes = scopes;
     }
 
     @Override
     public IdentityProvider getProvider() {
-        IdentityProvider identityProvider = new EntraIDIdentityProvider(clientId, authority,
-                credential, scopes);
-        clear();
-        return identityProvider;
-    }
-
-    public static class Builder {
-
-        private String clientId;
-        private String credential;
-        private String authority;
-        private Set<String> scopes;
-
-        public Builder clientId(String clientId) {
-            this.clientId = clientId;
-            return this;
-        }
-
-        public Builder credential(String credential) {
-            this.credential = credential;
-            return this;
+        IdentityProvider identityProvider = null;
+        switch (accessWith) {
+            case WithSecret:
+                identityProvider = new EntraIDIdentityProvider(clientId, authority,
+                        secret, scopes);
+                break;
+            case WithCert:
+                identityProvider = new EntraIDIdentityProvider(clientId, authority,
+                        key, cert, scopes);
+                break;
+            default:
+                throw new RedisEntraIDException("Access type and credentials must be set!");
         }
 
-        public Builder authority(String authority) {
-            this.authority = authority;
-            return this;
-        }
-
-        public Builder scopes(Set<String> scopes) {
-            this.scopes = scopes;
-            return this;
-        }
-
-        public EntraIDIdentityProviderConfig build() {
-            EntraIDIdentityProviderConfig config = new EntraIDIdentityProviderConfig();
-            config.clientId = this.clientId;
-            config.credential = this.credential;
-            config.authority = this.authority;
-            config.scopes = this.scopes;
-            this.clientId = null;
-            this.credential = null;
-            this.authority = null;
-            this.scopes = null;
-            return config;
-        }
-
-    }
-
-    public static Builder builder() {
-        return new Builder();
+        clear();
+        return identityProvider;
     }
 
     @Override
@@ -75,7 +64,9 @@ public void close() throws Exception {
 
     private void clear() {
         clientId = null;
-        credential = null;
+        secret = null;
+        key = null;
+        cert = null;
         authority = null;
         scopes = null;
     }