Rename certificates-refresh-interval to certificates-refresh-interval--in-ms in keyvault jca (Azure#24339)

Author: zhichengliu12581

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java

@@ -25,9 +25,11 @@
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Objects;
 import java.util.Map;
 import java.util.Optional;
 import java.util.logging.Logger;
+import java.util.stream.Stream;
 
 import static java.util.logging.Level.FINE;
 import static java.util.logging.Level.WARNING;
@@ -122,10 +124,7 @@ public KeyVaultKeyStore() {
         String clientId = System.getProperty("azure.keyvault.client-id");
         String clientSecret = System.getProperty("azure.keyvault.client-secret");
         String managedIdentity = System.getProperty("azure.keyvault.managed-identity");
-        long refreshInterval = Optional.of("azure.keyvault.jca.certificates-refresh-interval")
-                                       .map(System::getProperty)
-                                       .map(Long::valueOf)
-                                       .orElse(0L);
+        long refreshInterval = getRefreshInterval();
         refreshCertificatesWhenHaveUnTrustCertificate =
             Optional.of("azure.keyvault.jca.refresh-certificates-when-have-un-trust-certificate")
                     .map(System::getProperty)
@@ -141,6 +140,15 @@ public KeyVaultKeyStore() {
             jreCertificates, wellKnowCertificates, customCertificates, keyVaultCertificates, classpathCertificates);
     }
 
+    Long getRefreshInterval() {
+        return Stream.of("azure.keyvault.jca.certificates-refresh-interval-in-ms", "azure.keyvault.jca.certificates-refresh-interval")
+                     .map(System::getProperty)
+                     .filter(Objects::nonNull)
+                     .map(Long::valueOf)
+                     .findFirst()
+                     .orElse(0L);
+    }
+
     /**
      * get key vault key store by system property
      *

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultCertificatesTest.java

@@ -84,7 +84,7 @@ private X509Certificate getTestCertificate() {
 
     @Test
     public void testCertificatesRefreshInterval() throws Exception {
-        System.setProperty("azure.keyvault.jca.certificates-refresh-interval", "1000");
+        System.setProperty("azure.keyvault.jca.certificates-refresh-interval-in-ms", "1000");
         KeyStore keyStore = PropertyConvertorUtils.getKeyVaultKeyStore();
         assertNotNull(keyStore.getCertificate(certificateName));
         keyStore.deleteEntry(certificateName);

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreTest.java

@@ -7,57 +7,27 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.condition.EnabledIfEnvironmentVariable;
 
-import java.io.ByteArrayInputStream;
 import java.security.KeyStore;
-import java.security.ProviderException;
 import java.security.Security;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Base64;
 
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+
 
 /**
  * The JUnit tests for the KeyVaultKeyStore class.
  */
 @EnabledIfEnvironmentVariable(named = "AZURE_KEYVAULT_CERTIFICATE_NAME", matches = "myalias")
 public class KeyVaultKeyStoreTest {
 
-
-    /**
-     * Stores the CER test certificate (which is valid til 2120).
-     */
-    private static final String TEST_CERTIFICATE
-        = "MIIDeDCCAmCgAwIBAgIQGghBu97rQJKNnUHPWU7xjDANBgkqhkiG9w0BAQsFADAk"
-        + "MSIwIAYDVQQDExlodW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMCAXDTIwMDkwMjE3"
-        + "NDUyNFoYDzIxMjAwOTAyMTc1NTI0WjAkMSIwIAYDVQQDExlodW5kcmVkLXllYXJz"
-        + "LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU14"
-        + "btkN5wmcO2WKXqm1NUKXzi79EtqiFFkrLgPAwj5NNwMw2Akm3GpdEpwkJ8/q3l7d"
-        + "frDEVOO9gwZbz7xppyqutjxjllw8CCgjFdfK02btz56CGgh3X25ZZtzPbuMZJM0j"
-        + "o4mVEdaFNJ0eUeMppS0DcbbuTWCF7Jf1gvr8GVqx+E0IJUFkE+D4kdTbnJSaeK0A"
-        + "KEt94z88MPX18h8ud14uRVmUCYVZrZeswdE2tO1BpazrXELHuXCtrjGxsDDjDzeP"
-        + "98aFI9kblkqoJS4TsmloLEjwZLm80cyJDEmpXXMtR7C0FFXFI1BAtIa4mxSgBLsT"
-        + "L4GVPEGNANR8COYkHQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRME"
-        + "AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAkBgNVHREEHTAbghlo"
-        + "dW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOGTt4H3ho30O4e+"
-        + "hebwJjm2VMvIMB0GA1UdDgQWBBThk7eB94aN9DuHvoXm8CY5tlTLyDANBgkqhkiG"
-        + "9w0BAQsFAAOCAQEAGp8mCioVCmM+kZv6r+K2j2uog1k4HBwN1NfRoSsibDB8+QXF"
-        + "bmNf3M0imiuR/KJgODyuROwaa/AalxNFMOP8XTL2YmP7XsddBs9ONHHQXKjY/Ojl"
-        + "PsIPR7vZjwYPfEB+XEKl2fOIxDQQ921POBV7M6DdTC49T5X+FsLR1AIIfinVetT9"
-        + "QmNuvzulBX0T0rea/qpcPK4HTj7ToyImOaf8sXRv2s2ODLUrKWu5hhTNH2l6RIkQ"
-        + "U/aIAdQRfDaSE9jhtcVu5d5kCgBs7nz5AzeCisDPo5zIt4Mxej3iVaAJ79oEbHOE"
-        + "p192KLXLV/pscA4Wgb+PJ8AAEa5B6xq8p9JO+Q==";
+    private static String certificateName;
 
     private static KeyVaultKeyStore keystore;
 
-    private static String certificateName;
-
     @BeforeAll
     public static void setEnvironmentProperty() {
         PropertyConvertorUtils.putEnvironmentPropertyToSystemPropertyForKeyVaultJca();
@@ -76,44 +46,12 @@ public void testEngineGetCertificate() {
         assertNotNull(keystore.engineGetCertificate(certificateName));
     }
 
-    @Test
-    public void testEngineGetCertificateAlias() {
-        X509Certificate certificate;
-
-        try {
-            byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE);
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateBytes));
-        } catch (CertificateException e) {
-            throw new ProviderException(e);
-        }
-        keystore.engineSetCertificateEntry("setcert", certificate);
-        assertNotNull(keystore.engineGetCertificateAlias(certificate));
-    }
 
     @Test
     public void testEngineGetCertificateChain() {
         assertNotNull(keystore.engineGetCertificateChain(certificateName));
     }
 
-    @Test
-    public void testEngineSetCertificateEntry() {
-
-        X509Certificate certificate;
-
-        try {
-            byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE);
-            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
-            certificate =
-                (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateBytes));
-        } catch (CertificateException e) {
-            throw new ProviderException(e);
-        }
-
-        keystore.engineSetCertificateEntry("setcert", certificate);
-        assertNotNull(keystore.engineGetCertificate("setcert"));
-    }
-
     @Test
     public void testEngineGetKey() {
         assertNotNull(keystore.engineGetKey(certificateName, null));
@@ -152,12 +90,6 @@ public void testEngineSize() {
         assertTrue(keystore.engineSize() >= 0);
     }
 
-    @Test
-    public void testEngineStore() {
-        KeyVaultKeyStore keystore = new KeyVaultKeyStore();
-        keystore.engineStore(null, null);
-    }
-
     @Test
     public void testRefreshEngineGetCertificate() throws Exception {
         System.setProperty("azure.keyvault.jca.refresh-certificates-when-have-un-trust-certificate", "true");

sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/KeyVaultKeyStoreUnitTest.java

@@ -0,0 +1,95 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.jca;
+
+import org.junit.jupiter.api.Test;
+
+import java.io.ByteArrayInputStream;
+import java.security.ProviderException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Base64;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+public class KeyVaultKeyStoreUnitTest {
+
+    /**
+     * Stores the CER test certificate (which is valid til 2120).
+     */
+    private static final String TEST_CERTIFICATE
+        = "MIIDeDCCAmCgAwIBAgIQGghBu97rQJKNnUHPWU7xjDANBgkqhkiG9w0BAQsFADAk"
+        + "MSIwIAYDVQQDExlodW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMCAXDTIwMDkwMjE3"
+        + "NDUyNFoYDzIxMjAwOTAyMTc1NTI0WjAkMSIwIAYDVQQDExlodW5kcmVkLXllYXJz"
+        + "LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU14"
+        + "btkN5wmcO2WKXqm1NUKXzi79EtqiFFkrLgPAwj5NNwMw2Akm3GpdEpwkJ8/q3l7d"
+        + "frDEVOO9gwZbz7xppyqutjxjllw8CCgjFdfK02btz56CGgh3X25ZZtzPbuMZJM0j"
+        + "o4mVEdaFNJ0eUeMppS0DcbbuTWCF7Jf1gvr8GVqx+E0IJUFkE+D4kdTbnJSaeK0A"
+        + "KEt94z88MPX18h8ud14uRVmUCYVZrZeswdE2tO1BpazrXELHuXCtrjGxsDDjDzeP"
+        + "98aFI9kblkqoJS4TsmloLEjwZLm80cyJDEmpXXMtR7C0FFXFI1BAtIa4mxSgBLsT"
+        + "L4GVPEGNANR8COYkHQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRME"
+        + "AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAkBgNVHREEHTAbghlo"
+        + "dW5kcmVkLXllYXJzLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOGTt4H3ho30O4e+"
+        + "hebwJjm2VMvIMB0GA1UdDgQWBBThk7eB94aN9DuHvoXm8CY5tlTLyDANBgkqhkiG"
+        + "9w0BAQsFAAOCAQEAGp8mCioVCmM+kZv6r+K2j2uog1k4HBwN1NfRoSsibDB8+QXF"
+        + "bmNf3M0imiuR/KJgODyuROwaa/AalxNFMOP8XTL2YmP7XsddBs9ONHHQXKjY/Ojl"
+        + "PsIPR7vZjwYPfEB+XEKl2fOIxDQQ921POBV7M6DdTC49T5X+FsLR1AIIfinVetT9"
+        + "QmNuvzulBX0T0rea/qpcPK4HTj7ToyImOaf8sXRv2s2ODLUrKWu5hhTNH2l6RIkQ"
+        + "U/aIAdQRfDaSE9jhtcVu5d5kCgBs7nz5AzeCisDPo5zIt4Mxej3iVaAJ79oEbHOE"
+        + "p192KLXLV/pscA4Wgb+PJ8AAEa5B6xq8p9JO+Q==";
+
+    @Test
+    public void testEngineStore() {
+        KeyVaultKeyStore keystore = new KeyVaultKeyStore();
+        keystore.engineStore(null, null);
+    }
+
+    @Test
+    public void testGetRefreshInterval() {
+        System.clearProperty("azure.keyvault.jca.certificates-refresh-interval");
+        System.clearProperty("azure.keyvault.jca.certificates-refresh-interval-in-ms");
+        KeyVaultKeyStore keystore = new KeyVaultKeyStore();
+        assertEquals(keystore.getRefreshInterval(), 0);
+        System.setProperty("azure.keyvault.jca.certificates-refresh-interval", "2000");
+        keystore = new KeyVaultKeyStore();
+        assertEquals(keystore.getRefreshInterval(), 2000);
+        System.setProperty("azure.keyvault.jca.certificates-refresh-interval-in-ms", "1000");
+        assertEquals(keystore.getRefreshInterval(), 1000);
+    }
+
+    @Test
+    public void testEngineGetCertificateAlias() {
+        KeyVaultKeyStore keystore = new KeyVaultKeyStore();
+        X509Certificate certificate;
+        try {
+            byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE);
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateBytes));
+        } catch (CertificateException e) {
+            throw new ProviderException(e);
+        }
+        keystore.engineSetCertificateEntry("setcert", certificate);
+        assertNotNull(keystore.engineGetCertificateAlias(certificate));
+    }
+
+    @Test
+    public void testEngineSetCertificateEntry() {
+        KeyVaultKeyStore keystore = new KeyVaultKeyStore();
+        X509Certificate certificate;
+        try {
+            byte[] certificateBytes = Base64.getDecoder().decode(TEST_CERTIFICATE);
+            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+            certificate =
+                (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateBytes));
+        } catch (CertificateException e) {
+            throw new ProviderException(e);
+        }
+
+        keystore.engineSetCertificateEntry("setcert", certificate);
+        assertNotNull(keystore.engineGetCertificate("setcert"));
+    }
+
+}

sdk/spring/azure-spring-boot-starter-keyvault-certificates/CHANGELOG.md

@@ -5,6 +5,7 @@
 ### Features Added
 
 ### Breaking Changes
+Rename `azure.keyvault.jca.certificates-refresh-interval` to `azure.keyvault.jca.certificates-refresh-interval-in-ms`.
 
 ### Bugs Fixed
 

sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md

@@ -316,7 +316,7 @@ KeyVaultKeyStore can fetch certificates from KeyVault periodically if the follow
 azure:
   keyvault:
     jca:
-       certificates-refresh-interval: 1800000
+       certificates-refresh-interval-in-ms: 1800000
 ```
 
 Its value is 0(ms) by default, and certificate will not automatically refresh when its value <= 0.

sdk/spring/azure-spring-boot-starter-keyvault-certificates/src/main/java/com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.java

@@ -33,6 +33,7 @@ public void postProcessEnvironment(ConfigurableEnvironment environment, SpringAp
         putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.client-secret");
         putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.managed-identity");
         putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.jca.certificates-refresh-interval");
+        putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.jca.certificates-refresh-interval-in-ms");
         putEnvironmentPropertyToSystemProperty(environment, "azure.keyvault.jca.refresh-certificates-when-have-un-trust-certificate");
         putEnvironmentPropertyToSystemProperty(environment, "azure.cert-path.well-known");
         putEnvironmentPropertyToSystemProperty(environment, "azure.cert-path.custom");