change keyvault track1 to track2 (#26)

secure-app-model/keyvault/cpvsample/README.md

@@ -9,11 +9,12 @@ This sample demonstrates how a Control Panel Vendor partner can utilize the refr
 The following configurations in the [application.properties](src/main/resources/application.properties) file need to be modified:
 
 * **keyvault.baseurl** - The base address for the instance of Azure Key Vault where the refresh token has been stored.
-* **keyvault.clientId** - The identifier for the Azure AD application that has been allowed access to the instance of Azure Key Vault.
-* **keyvault.clientSecret** - The application secret associated with the application configured to access the instance of Azure Key Vault.
+* **AZURE_CLIENT_ID** - The identifier for the Azure AD application that has been allowed access to the instance of Azure Key Vault.
+* **AZURE_CLIENT_SECRET** - The application secret associated with the application configured to access the instance of Azure Key Vault.
+* **AZURE_TENANT_ID** - The application tenant id associated with the application configured to access the instance of Azure Key Vault.
 * **partnercenter.accountId** - The account identifier, also known as the Azure AD tenant identifier, for the partner.
 * **partnercenter.clientId** - The application identifier for the Azure AD application configured for use with the Partner Center API.
 * **partnercenter.clientSecret** - The application secret associated with the application configured to access the Partner Center API.
 * **partnercenter.displayName** - The display name for the Azure AD application. This will be used during the consent process, so it must what is in Azure AD.
 
-Please note that in production scenarios we recommend that you use certificate based authentication to access the instance of Azure Key Vault. The [confidential client flow](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Confidential-client-applications-flows) has been used in the sample for simplicity.
+Please note that in production scenarios we recommend that you use certificate based authentication to access the instance of Azure Key Vault. The [confidential client flow](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Confidential-client-applications-flows) has been used in the sample for simplicity.

secure-app-model/keyvault/cpvsample/pom.xml

@@ -22,9 +22,14 @@
 			<version>1.18.0</version>
 		</dependency>
 		<dependency>
-			<groupId>com.microsoft.azure</groupId>
-			<artifactId>azure-keyvault</artifactId>
-			<version>1.2.2</version>
+			<groupId>com.azure</groupId>
+			<artifactId>azure-identity</artifactId>
+			<version>1.1.2</version>
+		</dependency>
+		<dependency>
+			<groupId>com.azure</groupId>
+			<artifactId>azure-security-keyvault-secrets</artifactId>
+			<version>4.2.1</version>
 		</dependency>
 		<dependency>
 			<groupId>com.microsoft.graph</groupId>

secure-app-model/keyvault/cpvsample/src/main/java/com/microsoft/store/samples/secureappmodel/cpvsample/PropertyName.java

@@ -28,6 +28,11 @@ public class PropertyName
      */
     public static final String KEY_VAULT_CLIENT_ID = "keyvault.clientId";
 
+    /**
+     * The name of the tenant Id property.
+     */
+    public static final String KEY_VAULT_TENANT_ID = "keyvault.tenantId";
+
     /**
      * The name of the client secret property.
      */

secure-app-model/keyvault/cpvsample/src/main/java/com/microsoft/store/samples/secureappmodel/cpvsample/security/AccessTokenProvider.java

@@ -159,9 +159,7 @@ public class AccessTokenProvider implements IAccessTokenProvider
         throws ExecutionException, InterruptedException, MalformedURLException
     {
         IVaultProvider vault = new KeyVaultProvider(
-            properties.getProperty(PropertyName.KEY_VAULT_BASE_URL),
-            properties.getProperty(PropertyName.KEY_VAULT_CLIENT_ID), 
-            properties.getProperty(PropertyName.KEY_VAULT_CLIENT_SECRET));
+            properties.getProperty(PropertyName.KEY_VAULT_BASE_URL));
 
         return getAccessTokenByRefreshToken(
             tenantId,  

secure-app-model/keyvault/cpvsample/src/main/java/com/microsoft/store/samples/secureappmodel/cpvsample/security/KeyVaultProvider.java

@@ -3,18 +3,10 @@
 
 package com.microsoft.store.samples.secureappmodel.cpvsample.security;
 
-import java.net.MalformedURLException;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
+import com.azure.identity.DefaultAzureCredentialBuilder;
+import com.azure.security.keyvault.secrets.SecretClient;
+import com.azure.security.keyvault.secrets.SecretClientBuilder;
 
-import com.microsoft.aad.adal4j.AuthenticationContext;
-import com.microsoft.aad.adal4j.AuthenticationResult;
-import com.microsoft.aad.adal4j.ClientCredential;
-import com.microsoft.azure.keyvault.KeyVaultClient;
-import com.microsoft.azure.keyvault.KeyVaultClientCustom;
-import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
 
 /**
  * Provides a secure mechanism for retrieving and store sensitive information using Azure Key Vault.
@@ -22,12 +14,12 @@ import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
 public class KeyVaultProvider implements IVaultProvider
 {
     /**
-     * The client used to interact with the Azure Key Vault service.
+     * The client used to manage Secrets in the Azure KeyVault by interacting with the Azure Key Vault service.
      */
-    private KeyVaultClientCustom client;
+    private SecretClient client;
 
     /**
-     * The vault name, e.g. https://myvault.vault.azure.net
+     * The Vault URL, e.g. https://myvault.vault.azure.net
      */
     private String vaultBaseUrl; 
 
@@ -35,117 +27,49 @@ public class KeyVaultProvider implements IVaultProvider
      * Initializes a new instance of the {@link KeyVaultProvider} class.
      * 
      * @param vaultBaseUrl The vault name, e.g. https://myvault.vault.azure.net
-     * @param clientId The identifier of the client requesting the token.
-     * @param clientSecret The secure secret of the client requesting the token.
      */
-    public KeyVaultProvider(String vaultBaseUrl, String clientId, String clientSecret)
+    public KeyVaultProvider(String vaultBaseUrl)
     {
-        client = getKeyVaultClient(clientId, clientSecret);
+        client = getKeyVaultClient();
         this.vaultBaseUrl = vaultBaseUrl;
     }
 
     /**
-     * Gets the specified value from the vault.
+     * Gets the value of the specified secret from the Azure Key Vault..
      * 
      * @param secretName Identifier of the value to be retrieved.
      * @return The value for the specified secret.
      */
     public String getSecret(String secretName)
     {
-        return client.getSecret(vaultBaseUrl, secretName).value();
+        return client.getSecret(secretName).getValue();
     }
 
     /**
-     * Stores the specified value in the vault.
+     * Adds a secret with the specified {@code secretName} and {@code value} to the key vault if it does not exist. 
+     * If the named secret exists, a new version of the secret is created.
      * 
      * @param secretName Identifier of the value to be stored.
      * @param value The value to be stored.
      */
     public void setSecret(String secretName, String value)
     {
-        client.setSecret(vaultBaseUrl, secretName, value);
+        client.setSecret(secretName, value);
     }
 
     /**
-     * Gets an access token from the authority.
+     * Gets the Secret Client, capable of managing Secrets in the Azure Key Vault by interacting with Azure Key Vault service.
      * 
-     * @param authorization Address of the authority to issue the token.
-     * @param resource Identifier of the target resource that is the recipient of the requested token.
-     * @param clientId The identifier of the client requesting the token.
-     * @param clientSecret The secure secret of the client requesting the token.
-     * @return An instance of {@link AuthenticationResult} that contians an access token and refresh token.
-     * 
-     * @throws ExecutionException {@link ExecutionException}
-     * @throws InterruptedException {@link InterruptedException}
-     * @throws MalformedURLException {@link MalformedURLException}
+     * @return The Secret Client, capable of managing Secrets in the Azure Key Vault by interacting with Azure Key Vault service.
      */
-    private AuthenticationResult getAccessToken(String authorization, String resource, String clientId, String clientSecret) 
-        throws ExecutionException, InterruptedException, MalformedURLException
+    private SecretClient getKeyVaultClient()
     {
-        AuthenticationContext authContext; 
-        AuthenticationResult authResult;
-        ExecutorService service = null;
-        Future<AuthenticationResult> future;
+        client = new SecretClientBuilder()
+            .vaultUrl(vaultBaseUrl)
+            .credential(new DefaultAzureCredentialBuilder().build())
+            .buildClient();
 
-        try
-        {
-            service = Executors.newFixedThreadPool(1);
-            authContext = new AuthenticationContext(authorization, true, service);
-
-            future = authContext.acquireToken(
-                resource,
-                new ClientCredential(
-                    clientId, 
-                    clientSecret), 
-                null);
-            
-            authResult = future.get();
-
-            return authResult;
-        }
-        finally
-        {
-            service.shutdown();
-        }
-    }
-
-    /**
-     * Gets a client that is capable of interacting with the Azure Key Vault service.
-     *
-     * @param clientId The identifier of the client requesting the token.
-     * @param clientSecret The secure secret of the client requesting the token. 
-     * 
-     * @return A client that is capable of interacting with the Azure Key Vault service.
-     */
-    private KeyVaultClientCustom getKeyVaultClient(String clientId, String clientSecret)
-    {
-        return new KeyVaultClient(new KeyVaultCredentials() 
-        {
-            /**
-             * @param authorization Address of the authority to issue the token.
-             * @param resource Identifier of the target resource that is the recipient of the requested token, a URL.
-             * @param scope The scope of the authentication request.
-             *
-             * @return Access token to be used with Azure Key Vault operations.
-             */
-            @Override
-             public String doAuthenticate(String authorization, String resource, String scope) 
-             {
-                 AuthenticationResult authResult; 
-                 
-                 try 
-                 {
-                     authResult = getAccessToken(authorization, resource, clientId, clientSecret);
- 
-                     return authResult.getAccessToken();
-                 }
-                 catch(Exception ex)
-                 {
-                     ex.printStackTrace();
-                 }
- 
-                 return "";
-             }
-        });
+        return client;
+        
     }
 }

secure-app-model/keyvault/cpvsample/src/main/resources/application.properties

@@ -2,6 +2,7 @@ azuread.authority=https://login.microsoftonline.com
 keyvault.baseurl=
 keyvault.clientId=
 keyvault.clientSecret=
+keyvault.tenantId=
 partnercenter.accountId=
 partnercenter.clientId=
 partnercenter.clientSecret=

secure-app-model/keyvault/cspsample/README.md

@@ -9,10 +9,11 @@ This sample demonstrates how a Cloud Solution Provider partner can utilize the r
 The following configurations in the [application.properties](src/main/resources/application.properties) file need to be modified:
 
 * **keyvault.baseurl** - The base address for the instance of Azure Key Vault where the refresh token has been stored.
-* **keyvault.clientId** - The identifier for the Azure AD application that has been allowed access to the instance of Azure Key Vault.
-* **keyvault.clientSecret** - The application secret associated with the application configured to access the instance of Azure Key Vault.
+* **AZURE_CLIENT_ID** - The identifier for the Azure AD application that has been allowed access to the instance of Azure Key Vault.
+* **AZURE_CLIENT_SECRET** - The application secret associated with the application configured to access the instance of Azure Key Vault.
+* **AZURE_TENANT_ID** - The application tenant id associated with the application configured to access the instance of Azure Key Vault.
 * **partnercenter.accountId** - The account identifier, also known as the Azure AD tenant identifier, for the partner.
 * **partnercenter.clientId** - The application identifier for the Azure AD application configured for use with the Partner Center API.
 * **partnercenter.clientSecret** - The application secret associated with the application configured to access the Partner Center API.
 
-Please note that in production scenarios we recommend that you use certificate based authentication to access the instance of Azure Key Vault. The [confidential client flow](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Confidential-client-applications-flows) has been used in the sample for simplicity.
+Please note that in production scenarios we recommend that you use certificate based authentication to access the instance of Azure Key Vault. The [confidential client flow](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Confidential-client-applications-flows) has been used in the sample for simplicity.

secure-app-model/keyvault/cspsample/pom.xml

@@ -22,9 +22,14 @@
 			<version>1.18.0</version>
 		</dependency>
 		<dependency>
-			<groupId>com.microsoft.azure</groupId>
-			<artifactId>azure-keyvault</artifactId>
-			<version>1.2.2</version>
+			<groupId>com.azure</groupId>
+			<artifactId>azure-identity</artifactId>
+			<version>1.1.2</version>
+		</dependency>
+		<dependency>
+			<groupId>com.azure</groupId>
+			<artifactId>azure-security-keyvault-secrets</artifactId>
+			<version>4.2.1</version>
 		</dependency>
 		<dependency>
 			<groupId>com.microsoft.graph</groupId>

secure-app-model/keyvault/cspsample/src/main/java/com/microsoft/store/samples/secureappmodel/cspsample/PropertyName.java

@@ -33,6 +33,11 @@ public class PropertyName
      */
     public static final String KEY_VAULT_CLIENT_SECRET = "keyvault.clientSecret";
 
+    /**
+     * The name of the tenant Id property.
+     */
+    public static final String KEY_VAULT_TENANT_ID = "keyvault.tenantId";
+
     /**
      * The name of the Partner Center account identifier property.
      */

secure-app-model/keyvault/cspsample/src/main/java/com/microsoft/store/samples/secureappmodel/cspsample/security/AccessTokenProvider.java

@@ -159,9 +159,7 @@ public class AccessTokenProvider implements IAccessTokenProvider
         throws ExecutionException, InterruptedException, MalformedURLException
     {
         IVaultProvider vault = new KeyVaultProvider(
-            properties.getProperty(PropertyName.KEY_VAULT_BASE_URL),
-            properties.getProperty(PropertyName.KEY_VAULT_CLIENT_ID), 
-            properties.getProperty(PropertyName.KEY_VAULT_CLIENT_SECRET));
+            properties.getProperty(PropertyName.KEY_VAULT_BASE_URL));
 
         return getAccessTokenByRefreshToken(
             tenantId,  

secure-app-model/keyvault/cspsample/src/main/java/com/microsoft/store/samples/secureappmodel/cspsample/security/KeyVaultProvider.java

@@ -3,18 +3,10 @@
 
 package com.microsoft.store.samples.secureappmodel.cspsample.security;
 
-import java.net.MalformedURLException;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
+import com.azure.identity.DefaultAzureCredentialBuilder;
+import com.azure.security.keyvault.secrets.SecretClient;
+import com.azure.security.keyvault.secrets.SecretClientBuilder;
 
-import com.microsoft.aad.adal4j.AuthenticationContext;
-import com.microsoft.aad.adal4j.AuthenticationResult;
-import com.microsoft.aad.adal4j.ClientCredential;
-import com.microsoft.azure.keyvault.KeyVaultClient;
-import com.microsoft.azure.keyvault.KeyVaultClientCustom;
-import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
 
 /**
  * Provides a secure mechanism for retrieving and store sensitive information using Azure Key Vault.
@@ -22,12 +14,12 @@ import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
 public class KeyVaultProvider implements IVaultProvider
 {
     /**
-     * The client used to interact with the Azure Key Vault service.
+     * The client used to manage Secrets in the Azure KeyVault by interacting with the Azure Key Vault service.
      */
-    private KeyVaultClientCustom client;
+    private SecretClient client;
 
     /**
-     * The vault name, e.g. https://myvault.vault.azure.net
+     * The Vault URL, e.g. https://myvault.vault.azure.net
      */
     private String vaultBaseUrl; 
 
@@ -35,117 +27,49 @@ public class KeyVaultProvider implements IVaultProvider
      * Initializes a new instance of the {@link KeyVaultProvider} class.
      * 
      * @param vaultBaseUrl The vault name, e.g. https://myvault.vault.azure.net
-     * @param clientId The identifier of the client requesting the token.
-     * @param clientSecret The secure secret of the client requesting the token.
      */
-    public KeyVaultProvider(String vaultBaseUrl, String clientId, String clientSecret)
+    public KeyVaultProvider(String vaultBaseUrl)
     {
-        client = getKeyVaultClient(clientId, clientSecret);
+        client = getKeyVaultClient();
         this.vaultBaseUrl = vaultBaseUrl;
     }
 
     /**
-     * Gets the specified value from the vault.
+     * Gets the value of the specified secret from the Azure Key Vault..
      * 
      * @param secretName Identifier of the value to be retrieved.
      * @return The value for the specified secret.
      */
     public String getSecret(String secretName)
     {
-        return client.getSecret(vaultBaseUrl, secretName).value();
+        return client.getSecret(secretName).getValue();
     }
 
     /**
-     * Stores the specified value in the vault.
+     * Adds a secret with the specified {@code secretName} and {@code value} to the key vault if it does not exist. 
+     * If the named secret exists, a new version of the secret is created.
      * 
      * @param secretName Identifier of the value to be stored.
      * @param value The value to be stored.
      */
     public void setSecret(String secretName, String value)
     {
-        client.setSecret(vaultBaseUrl, secretName, value);
+        client.setSecret(secretName, value);
     }
 
     /**
-     * Gets an access token from the authority.
+     * Gets the Secret Client, capable of managing Secrets in the Azure Key Vault by interacting with Azure Key Vault service.
      * 
-     * @param authorization Address of the authority to issue the token.
-     * @param resource Identifier of the target resource that is the recipient of the requested token.
-     * @param clientId The identifier of the client requesting the token.
-     * @param clientSecret The secure secret of the client requesting the token.
-     * @return An instance of {@link AuthenticationResult} that contians an access token and refresh token.
-     * 
-     * @throws ExecutionException {@link ExecutionException}
-     * @throws InterruptedException {@link InterruptedException}
-     * @throws MalformedURLException {@link MalformedURLException}
+     * @return The Secret Client, capable of managing Secrets in the Azure Key Vault by interacting with Azure Key Vault service.
      */
-    private AuthenticationResult getAccessToken(String authorization, String resource, String clientId, String clientSecret) 
-        throws ExecutionException, InterruptedException, MalformedURLException
+    private SecretClient getKeyVaultClient()
     {
-        AuthenticationContext authContext; 
-        AuthenticationResult authResult;
-        ExecutorService service = null;
-        Future<AuthenticationResult> future;
+        client = new SecretClientBuilder()
+            .vaultUrl(vaultBaseUrl)
+            .credential(new DefaultAzureCredentialBuilder().build())
+            .buildClient();
 
-        try
-        {
-            service = Executors.newFixedThreadPool(1);
-            authContext = new AuthenticationContext(authorization, true, service);
-
-            future = authContext.acquireToken(
-                resource,
-                new ClientCredential(
-                    clientId, 
-                    clientSecret), 
-                null);
-            
-            authResult = future.get();
-
-            return authResult;
-        }
-        finally
-        {
-            service.shutdown();
-        }
-    }
-
-    /**
-     * Gets a client that is capable of interacting with the Azure Key Vault service.
-     *
-     * @param clientId The identifier of the client requesting the token.
-     * @param clientSecret The secure secret of the client requesting the token. 
-     * 
-     * @return A client that is capable of interacting with the Azure Key Vault service.
-     */
-    private KeyVaultClientCustom getKeyVaultClient(String clientId, String clientSecret)
-    {
-        return new KeyVaultClient(new KeyVaultCredentials() 
-        {
-            /**
-             * @param authorization Address of the authority to issue the token.
-             * @param resource Identifier of the target resource that is the recipient of the requested token, a URL.
-             * @param scope The scope of the authentication request.
-             *
-             * @return Access token to be used with Azure Key Vault operations.
-             */
-            @Override
-             public String doAuthenticate(String authorization, String resource, String scope) 
-             {
-                 AuthenticationResult authResult; 
-                 
-                 try 
-                 {
-                     authResult = getAccessToken(authorization, resource, clientId, clientSecret);
- 
-                     return authResult.getAccessToken();
-                 }
-                 catch(Exception ex)
-                 {
-                     ex.printStackTrace();
-                 }
- 
-                 return "";
-             }
-        });
+        return client;
+        
     }
 }

secure-app-model/keyvault/cspsample/src/main/resources/application.properties

@@ -2,6 +2,7 @@ azuread.authority=https://login.microsoftonline.com
 keyvault.baseurl=
 keyvault.clientId=
 keyvault.clientSecret=
+keyvault.tenantId=
 partnercenter.accountId=
 partnercenter.clientId= 
 partnercenter.clientSecret=

secure-app-model/keyvault/partnerconsent/README.md

@@ -11,7 +11,8 @@ The required configurations for this sample are found in the [web.xml](src/main/
 * **client_id** - The application identifier that represent your application.
 * **client_secret** - The secret associated with the application that represents your application.
 * **keyvault_url** - The base address for the instance of Azure Key Vault you have deployed (e.g. <https://myvault.vault.azure.net/>).
-* **keyvault_cient_id** - The application identifier that you have configured to access the instance of Azure Key Vault.
-* **keyvault_client_secret** - The application secret associated with the application configured to access the instance of Azure Key Vault.
+* **AZURE_CLIENT_ID** - The application identifier that you have configured to access the instance of Azure Key Vault.
+* **AZURE_CLIENT_SECRET** - The application secret associated with the application configured to access the instance of Azure Key Vault.
+* **AZURE_TENANT_ID** - The application tenant id associated with the application configured to access the instance of Azure Key Vault.
 
 Please note that in production scenarios we recommend that you use certificate based authentication to access the instance of Azure Key Vault. The [confidential client flow](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Confidential-client-applications-flows) has been used in the sample for simplicity.

secure-app-model/keyvault/partnerconsent/pom.xml

@@ -34,9 +34,14 @@
 			<version>1.7.30</version>
 		</dependency>
 		<dependency>
-			<groupId>com.microsoft.azure</groupId>
-			<artifactId>azure-keyvault</artifactId>
-			<version>1.2.2</version>
+			<groupId>com.azure</groupId>
+			<artifactId>azure-identity</artifactId>
+			<version>1.1.2</version>
+		</dependency>
+		<dependency>
+			<groupId>com.azure</groupId>
+			<artifactId>azure-security-keyvault-secrets</artifactId>
+			<version>4.2.1</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>

secure-app-model/keyvault/partnerconsent/src/main/java/com/microsoft/store/samples/partnerconsent/security/AuthenticationFilter.java

@@ -233,9 +233,7 @@ public class AuthenticationFilter implements Filter
         redirectUrl = getConfigValue(config, "redirect_url");
 
         vault = new KeyVaultProvider(
-            getConfigValue(config, "keyvault_base_url"),
-            getConfigValue(config, "keyvault_client_id"),
-            getConfigValue(config, "keyvault_client_secret"));
+            getConfigValue(config, "keyvault_base_url"));
     }
 
     /**

secure-app-model/keyvault/partnerconsent/src/main/java/com/microsoft/store/samples/partnerconsent/security/KeyVaultProvider.java

@@ -3,18 +3,10 @@
 
 package com.microsoft.store.samples.partnerconsent.security;
 
-import java.net.MalformedURLException;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
+import com.azure.identity.DefaultAzureCredentialBuilder;
+import com.azure.security.keyvault.secrets.SecretClient;
+import com.azure.security.keyvault.secrets.SecretClientBuilder;
 
-import com.microsoft.aad.adal4j.AuthenticationContext;
-import com.microsoft.aad.adal4j.AuthenticationResult;
-import com.microsoft.aad.adal4j.ClientCredential;
-import com.microsoft.azure.keyvault.KeyVaultClient;
-import com.microsoft.azure.keyvault.KeyVaultClientCustom;
-import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
 
 /**
  * Provides a secure mechanism for retrieving and store sensitive information using Azure Key Vault.
@@ -22,12 +14,12 @@ import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
 public class KeyVaultProvider implements IVaultProvider
 {
     /**
-     * The client used to interact with the Azure Key Vault service.
+     * The client used to manage Secrets in the Azure KeyVault by interacting with the Azure Key Vault service.
      */
-    private KeyVaultClientCustom client;
+    private SecretClient client;
 
     /**
-     * The vault name, e.g. https://myvault.vault.azure.net
+     * The Vault URL, e.g. https://myvault.vault.azure.net
      */
     private String vaultBaseUrl; 
 
@@ -35,117 +27,49 @@ public class KeyVaultProvider implements IVaultProvider
      * Initializes a new instance of the {@link KeyVaultProvider} class.
      * 
      * @param vaultBaseUrl The vault name, e.g. https://myvault.vault.azure.net
-     * @param clientId The identifier of the client requesting the token.
-     * @param clientSecret The secure secret of the client requesting the token.
      */
-    public KeyVaultProvider(String vaultBaseUrl, String clientId, String clientSecret)
+    public KeyVaultProvider(String vaultBaseUrl)
     {
-        client = getKeyVaultClient(clientId, clientSecret);
+        client = getKeyVaultClient();
         this.vaultBaseUrl = vaultBaseUrl;
     }
 
     /**
-     * Gets the specified value from the vault.
+     * Gets the value of the specified secret from the Azure Key Vault..
      * 
      * @param secretName Identifier of the value to be retrieved.
      * @return The value for the specified secret.
      */
     public String getSecret(String secretName)
     {
-        return client.getSecret(vaultBaseUrl, secretName).value();
+        return client.getSecret(secretName).getValue();
     }
 
     /**
-     * Stores the specified value in the vault.
+     * Adds a secret with the specified {@code secretName} and {@code value} to the key vault if it does not exist. 
+     * If the named secret exists, a new version of the secret is created.
      * 
      * @param secretName Identifier of the value to be stored.
      * @param value The value to be stored.
      */
     public void setSecret(String secretName, String value)
     {
-        client.setSecret(vaultBaseUrl, secretName, value);
+        client.setSecret(secretName, value);
     }
 
     /**
-     * Gets an access token from the authority.
+     * Gets the Secret Client, capable of managing Secrets in the Azure Key Vault by interacting with Azure Key Vault service.
      * 
-     * @param authorization Address of the authority to issue the token.
-     * @param resource Identifier of the target resource that is the recipient of the requested token.
-     * @param clientId The identifier of the client requesting the token.
-     * @param clientSecret The secure secret of the client requesting the token.
-     * @return An instance of {@link AuthenticationResult} that contains an access token and refresh token.
-     * 
-     * @throws ExecutionException {@link ExecutionException}
-     * @throws InterruptedException {@link InterruptedException}
-     * @throws MalformedURLException {@link MalformedURLException}
+     * @return The Secret Client, capable of managing Secrets in the Azure Key Vault by interacting with Azure Key Vault service.
      */
-    private AuthenticationResult getAccessToken(String authorization, String resource, String clientId, String clientSecret) 
-        throws ExecutionException, InterruptedException, MalformedURLException
+    private SecretClient getKeyVaultClient()
     {
-        AuthenticationContext authContext; 
-        AuthenticationResult authResult;
-        ExecutorService service = null;
-        Future<AuthenticationResult> future;
+        client = new SecretClientBuilder()
+            .vaultUrl(vaultBaseUrl)
+            .credential(new DefaultAzureCredentialBuilder().build())
+            .buildClient();
 
-        try
-        {
-            service = Executors.newFixedThreadPool(1);
-            authContext = new AuthenticationContext(authorization, true, service);
-
-            future = authContext.acquireToken(
-                resource,
-                new ClientCredential(
-                    clientId, 
-                    clientSecret), 
-                null);
-            
-            authResult = future.get();
-
-            return authResult;
-        }
-        finally
-        {
-            service.shutdown();
-        }
-    }
-
-    /**
-     * Gets a client that is capable of interacting with the Azure Key Vault service.
-     *
-     * @param clientId The identifier of the client requesting the token.
-     * @param clientSecret The secure secret of the client requesting the token. 
-     * 
-     * @return A client that is capable of interacting with the Azure Key Vault service.
-     */
-    private KeyVaultClientCustom getKeyVaultClient(String clientId, String clientSecret)
-    {
-        return new KeyVaultClient(new KeyVaultCredentials() 
-        {
-            /**
-             * @param authorization Address of the authority to issue the token.
-             * @param resource Identifier of the target resource that is the recipient of the requested token, a URL.
-             * @param scope The scope of the authentication request.
-             *
-             * @return Access token to be used with Azure Key Vault operations.
-             */
-            @Override
-             public String doAuthenticate(String authorization, String resource, String scope) 
-             {
-                 AuthenticationResult authResult; 
-                 
-                 try 
-                 {
-                     authResult = getAccessToken(authorization, resource, clientId, clientSecret);
- 
-                     return authResult.getAccessToken();
-                 }
-                 catch(Exception ex)
-                 {
-                     ex.printStackTrace();
-                 }
- 
-                 return "";
-             }
-        });
+        return client;
+        
     }
 }

secure-app-model/keyvault/partnerconsent/src/main/webapp/WEB-INF/web.xml

@@ -35,6 +35,10 @@
 			<param-name>keyvault_client_secret</param-name>
 			<param-value></param-value>
 		</init-param>
+		<init-param>
+			<param-name>keyvault_tenant_id</param-name>
+			<param-value></param-value>
+		</init-param>
 		<init-param>
 			<param-name>keyvault_certifcate_path</param-name>
 			<param-value></param-value>