com.azure.identity.ClientCertificateCredential Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of azure-identity Show documentation

This module contains client library for Microsoft Azure Identity.

There is a newer version: 1.14.2

// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

package com.azure.identity;

import com.azure.core.annotation.Immutable;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.identity.implementation.IdentityClient;
import com.azure.identity.implementation.IdentityClientBuilder;
import com.azure.identity.implementation.IdentityClientOptions;
import reactor.core.publisher.Mono;

import java.util.Objects;

/**
 * An AAD credential that acquires a token with a client certificate for an AAD application.
 *
 * Sample: Construct a simple ClientCertificateCredential
 *  * ClientCertificateCredential credential1 = new ClientCertificateCredentialBuilder()
 *     .tenantId(tenantId)
 *     .clientId(clientId)
 *     .pemCertificate("C:\\fakepath\\cert.pem")
 *     .build();
 * 
 *
 * Sample: Construct a ClientCertificateCredential behind a proxy
 *  * ClientCertificateCredential credential2 = new ClientCertificateCredentialBuilder()
 *     .tenantId(tenantId)
 *     .clientId(clientId)
 *     .pfxCertificate("C:\\fakepath\\cert.pfx", "P{@literal @}s$w0rd")
 *     .proxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress("10.21.32.43", 5465)))
 *     .build();
 * 
 */
@Immutable
public class ClientCertificateCredential implements TokenCredential {
    private final IdentityClient identityClient;

    /**
     * Creates a ClientSecretCredential with default identity client options.
     * @param tenantId the tenant ID of the application
     * @param clientId the client ID of the application
     * @param certificatePath the PEM file or PFX file containing the certificate
     * @param certificatePassword the password protecting the PFX file
     * @param identityClientOptions the options to configure the identity client
     */
    ClientCertificateCredential(String tenantId, String clientId, String certificatePath, String certificatePassword,
                                IdentityClientOptions identityClientOptions) {
        Objects.requireNonNull(certificatePath, "'certificatePath' cannot be null.");
        identityClient = new IdentityClientBuilder()
            .tenantId(tenantId)
            .clientId(clientId)
            .certificatePath(certificatePath)
            .certificatePassword(certificatePassword)
            .identityClientOptions(identityClientOptions)
            .build();
    }

    @Override
    public Mono getToken(TokenRequestContext request) {
        return identityClient.authenticateWithConfidentialClientCache(request)
            .onErrorResume(t -> Mono.empty())
            .switchIfEmpty(Mono.defer(() -> identityClient.authenticateWithConfidentialClient(request)));
    }
}