joshfree
commented
1 year ago @vcolin7 could you please follow up with @jainprabhash on this issue?
/cc @srnagar
Closed jainprabhash closed 1 year ago
joshfree
commented
1 year ago @vcolin7 could you please follow up with @jainprabhash on this issue?
/cc @srnagar
vcolin7
commented
1 year ago Hi @jainprabhash, thanks for reaching out to us.
I want to preface things by saying that all Key Vault libraries under group com.microsoft.azure (including azure-keyvault) have been deprecated as of last year. We recommend upgrading to our new libraries under group id com.azure. You can do so by following these Migration Guides:
By upgrading, you ensure you keep getting bug fixes, security fixes, updated functionality, and new features.
Now, I don't know the contents of your project's POM and whether keeping Logback is important to you, but you can get around this by excluding the org.slf4j:slf4j-simple dependency that com.microsoft.azure:azure-keyvault is bringing into your project like this:
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-keyvault</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
</exclusion>
</exclusions>
</dependency>Or by excluding the Logback dependency from wherever it's coming from and letting things flow through SLF4J instead. For example:
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>If you are using Spring Boot, it seems this StackOverflow issue might come in handy for you for removing the Logback dependency.
In any case, I recommend you upgrade to the newer Key Vault libraries when you get the chance :)
jainprabhash
commented
1 year ago Thanks for the detailed response @vcolin7
currently, these are the packages/classes that we are using for the vault functionality
import com.microsoft.azure.keyvault.KeyVaultClient; import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials; import com.microsoft.azure.keyvault.models.KeyBundle; import com.microsoft.azure.keyvault.models.KeyOperationResult; import com.microsoft.azure.keyvault.models.SecretBundle; import com.microsoft.azure.keyvault.requests.CreateKeyRequest; import com.microsoft.azure.keyvault.requests.SetSecretRequest; import com.microsoft.azure.keyvault.webkey.JsonWebKeyEncryptionAlgorithm; import com.microsoft.azure.keyvault.webkey.JsonWebKeyOperation; import com.microsoft.azure.keyvault.webkey.JsonWebKeyType;
can you please suggest the corresponding classes in the new com.azure artifact? Also, this is how we are currently fetching our keyvault: ` private static KeyVaultClient vc; private static KeyVaultClient fetchVault() {
synchronized (lockObj) {
if (vc == null) {
// Client ID will be hardwired, and corresponds to the BankSight application created in the Default
// directory of the Azure subscription
String clientId = "xxxxxxxxxxxx";
String key = "xxxxxxxxxxxxyyvcxvyyyyyyyyyyyyyyyyyyyyyyy";
KeyVaultCredentials kvCred = new ClientSecretKeyVaultCredential(clientId, key);
vc = new KeyVaultClient(kvCred);
}
}
if (vc == null) {
logger.error("Failed to get key vault client fetchVault");
}
return vc;
}`this client was used for all the keys as well as secrets. we were also using cryptographic algorithms to encrypt/decrypt keys as well as secrets. Now, would we need to use 3 separate clients (i.e., KeyClient, CryptographyClient, SecretClient) to achieve the same purpose?
Is there a code repo that you can suggest that has done the similar migration?
vcolin7
commented
1 year ago Hey @jainprabhash, it looks like I forgot to add the links to the Migration Guides I mentioned above, my bad! I've updated the comment to include them but here they are just in case:
To answer your question, yes, you would need separate clients for those operations.
jainprabhash
commented
1 year ago Hi @vcolin7, where would I pass my client_id, client_key? the migration docs seem to be using DefaultAzureCredentialBuilder without any parameters.
vcolin7
commented
1 year ago You can set the client_id, client_key and tenant_id as the following environment properties:
AZURE_CLIENT_IDAZURE_CLIENT_SECRETAZURE_TENANT_IDAlternatively, you can use a ClientSecretCredential instead as shown here.
If you want to know more about the former, you can click on DefaultAzureCredential in the document to learn more about it and how to authenticate in different ways depending on your setup. You can also click on azure-identity in the document to learn more about the library in general and the different credential types it offers. However, now that you asked about it, I don't think it's something we make obvious enough for people and we should do a better job of pointing it out. Thanks a lot for the feedback!
I also noticed that this link (Configure DefaultAzureCredential) does not really point anywhere, I'll let the team know about it :)
jainprabhash
commented
1 year ago Hi @vcolin7, I am trying to create a CryptographyClient like this
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(clientId)
.clientSecret(key)
.build();
CryptographyClient cryptographyClient = new CryptographyClientBuilder()
.keyIdentifier("<your-key-id>")
.credential(clientSecretCredential)
.buildClient();I just have one query. What should be there in place of <your-key-id>
vcolin7
commented
1 year ago @jainprabhash The link to the key you want to perform cryptographic operations with
jainprabhash
commented
1 year ago @vcolin7 but then does this mean that for encrypting every key, a new instance of CryptographyClient will be created?
vcolin7
commented
1 year ago It means that you will create a client for each key you want to encrypt things with, but you can encrypt as much content as you want using just one client/key.
jainprabhash
commented
1 year ago Earlier keyIdentifierPath was being as a parameter of the encrypt/decrypt method. but now since it is used to build the client, won't it create multiple clients if the keyIdentifierPath changes which wasn't the case earlier. Is my understanding wrong?
Also, the way we were creating a key earlier was through the following
CreateKeyRequest createKeyRequest = new CreateKeyRequest.Builder(vault, keyName, JsonWebKeyType.RSA_HSM)
.withKeyOperations(JsonWebKeyOperation.ALL_OPERATIONS).build();
result = fetchVault().createKey(createKeyRequest);what is the way to achieve withKeyOperations(JsonWebKeyOperation.ALL_OPERATIONS) in the current architecture. As KeyOperation class in the package com.azure.security.keyvault.keys.models does not have ALL_OPERATIONS value available.
jainprabhash
commented
1 year ago Hi @vcolin7,
after all my changes, it is failing with the following stack strace.
Suppressed: java.lang.Exception: #block terminated with an error
at reactor.core.publisher.BlockingSingleSubscriber.blockingGet(BlockingSingleSubscriber.java:99)
at reactor.core.publisher.Mono.block(Mono.java:1707)
at com.azure.core.http.rest.RestProxy.handleRestReturnType(RestProxy.java:574)
at com.azure.core.http.rest.RestProxy.invoke(RestProxy.java:148)
at com.sun.proxy.$Proxy18.getSecret(Unknown Source)
at com.azure.security.keyvault.secrets.implementation.SecretClientImpl.getSecretWithResponse(SecretClientImpl.java:545)
at com.azure.security.keyvault.secrets.SecretClient.getSecretWithResponse(SecretClient.java:229)
at com.azure.security.keyvault.secrets.SecretClient.getSecret(SecretClient.java:171)
at com.banksight.common.util.crypto.azure.RemoteVault.fetchValueForTenant(RemoteVault.java:463)
at com.banksight.common.util.crypto.azure.RemoteVault.getValueForTenant(RemoteVault.java:432)
at com.banksight.common.util.crypto.azure.RemoteVault.getValueForTenant(RemoteVault.java:399)
at com.banksight.common.util.crypto.azure.RemoteVault.getValue(RemoteVault.java:381)
at com.banksight.security.powerbi.service.PowerBIService.<clinit>(PowerBIService.java:80)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:204)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1312)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1214)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)Is this a known issue? or can you suggest a way to resolve this?
The error is:
com.azure.core.exception.HttpResponseException: Status code 400, "<!DOCTYPE html>
<html>
<head>
<title>Runtime Error</title>
<meta name="viewport" content="width=device-width" />
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Consolas","Lucida Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
@media screen and (max-width: 639px) {
pre { width: 440px; overflow: auto; white-space: pre-wrap; word-wrap: break-word; }
}
@media screen and (max-width: 479px) {
pre { width: 280px; }
}
</style>
</head>
<body bgcolor="white">
<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>
<h2> <i>Runtime Error</i> </h2></span>
<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">
<b> Description: </b>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
<br><br>
<b>Details:</b> To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
<b>Notes:</b> The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
</body>
</html>Earlier keyIdentifierPath was being as a parameter of the encrypt/decrypt method. but now since it is used to build the client, won't it create multiple clients if the keyIdentifierPath changes which wasn't the case earlier. Is my understanding wrong?
Also, the way we were creating a key earlier was through the following
CreateKeyRequest createKeyRequest = new CreateKeyRequest.Builder(vault, keyName, JsonWebKeyType.RSA_HSM) .withKeyOperations(JsonWebKeyOperation.ALL_OPERATIONS).build(); result = fetchVault().createKey(createKeyRequest);what is the way to achieve
withKeyOperations(JsonWebKeyOperation.ALL_OPERATIONS)in the current architecture. AsKeyOperationclass in the packagecom.azure.security.keyvault.keys.modelsdoes not haveALL_OPERATIONSvalue available.
Hey @jainprabhash, sorry for the late reply. You would need to create a client for every key you intend to perform cryptographic operations with. If you need multiple clients, you can reuse a single client builder like so:
CryptographyClientBuilder builder = new CryptographyClientBuilder();
CryptographyClient myFirstClient = builder.keyIdentifier("https://my-key-vault.vault.azure.net/keys/myFirstKey")
.buildClient();
CryptographyClient anotherClient = builder.keyIdentifier("https://my-key-vault.vault.azure.net/keys/anotherKey")
.buildClient();
CryptographyClient oneMoreClient = builder.keyIdentifier("https://my-key-vault.vault.azure.net/keys/oneMoreKey")
.buildClient();As for creating a key with all cryptographic permissions, you can do so like this:
CreateKeyOptions createKeyOptions = new CreateKeyOptions("someKeyName", KeyType.RSA) // I picked RSA but you can use any type in KeyType
.setKeyOperations(KeyOperation.ENCRYPT, KeyOperation.DECRYPT, KeyOperation.SIGN, KeyOperation.VERIFY,
KeyOperation.WRAP_KEY, KeyOperation.UNWRAP_KEY);
keyClient.createKey(createKeyOptions);If you need more information on how to perform these or other operations, you can refer to our documentation for each library:
vcolin7
commented
1 year ago @jainprabhash about the error you encountered, I can't say I've seen this before, although it looks like your configuration can be modified to show a bit more of the cause:
I am not a Spring expert but if I were to venture a guess I would say that there's probably a problem when trying to get the request out to the internet. To get more information, I would configure logging on the SDK to INFO or VERBOSE. If you already configured a Logback or SLF4J implementation for your project, you can simply set the environment variable AZURE_LOG_LEVEL to INFO or VERBOSE to see what's going on with our libraries.
You can also enable HTTP logging in your client by using the httpLogOptions() method like this:
SecretClient secretClient = new SecretClientBuilder()
.vaultUrl("<your-key-vault-url>")
.httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS))
.credential(new DefaultAzureCredentialBuilder().build())
.buildClient();thank you so much for your response @vcolin7. The issue seems to be resolved now.
Just one more issue that is pending is that, I had to add azure-identity to the pom for credentialBuilder. but is causing the following issue
o.s.b.d.LoggingFailureAnalysisReporter : __***************************_APPLICATION FAILED TO START_***************************__Description:__An attempt was made to call a method that does not exist. The attempt was made from the following location:__ reactor.netty.http.client.HttpClientConnect$HttpObserver.<init>(HttpClientConnect.java:329)__The following method did not exist:__ 'reactor.util.context.ContextView reactor.core.publisher.MonoSink.contextView()'__The method's class, reactor.core.publisher.MonoSink, is available from the following locations:__ jar:file:/usr/src/lib/tenant-22.12.0-SNAPSHOT.jar!/BOOT-INF/lib/reactor-core-3.3.4.RELEASE.jar!/reactor/core/publisher/MonoSink.class__It was loaded from the following location:__ jar:file:/usr/src/lib/tenant-22.12.0-SNAPSHOT.jar!/BOOT-INF/lib/reactor-core-3.3.4.RELEASE.jar!/___Action:__Correct the classpath of your application so that it contains a single, compatible version of reactor.core.publisher.MonoSink_ how can I resolve this? Should I exclude io.projectreactor:reactor-core from azure-identity<
I've tried the following but that still doesn't seem to resolve the issue.
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.7.3</version>
<exclusions>
<exclusion>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-core</artifactId>
</exclusion>
</exclusions>
</dependency>@jainprabhash The reactor-core dependency is included in all of our Azure libraries. I'd recommend excluding it from other places in your project that bring that older version instead. Alternatively, you can pin the latest version to the top of your project, however, this can become problematic in the future as you would need to keep updating that periodically when you update dependencies so your project doesn't crash (like right now).
jainprabhash
commented
1 year ago @vcolin7 I have the following latest version of azure-identity, it was giving me an error asking to add allow additional tenant property. When I did that it is giving the following error:
pom.xml:
<!-- https://mvnrepository.com/artifact/com.azure/azure-identity -->
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.7.3</version>
</dependency>allowing additional tenants:
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId("xxxxxxxxxxxxxxx")
.clientSecret("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
.tenantId("<tenant-id>")
.additionallyAllowedTenants("*")
.build();new error:
15:15:17.806 [ForkJoinPool.commonPool-worker-5] ERROR com.azure.identity.ClientSecretCredential - Azure Identity => ERROR in getToken() call for scopes [https://vault.azure.net/.default]: 'com.azure.core.http.HttpResponse com.azure.core.http.HttpPipeline.sendSync(com.azure.core.http.HttpRequest, com.azure.core.util.Context)'
15:15:17.806 [ForkJoinPool.commonPool-worker-5] ERROR com.azure.core.implementation.AccessTokenCache - Failed to acquire a new access token.
15:15:17.807 [ForkJoinPool.commonPool-worker-5] DEBUG com.azure.core.http.policy.RetryPolicy - [Error Resume] Try count: 0, Error: {}
java.lang.NoSuchMethodError: 'com.azure.core.http.HttpResponse com.azure.core.http.HttpPipeline.sendSync(com.azure.core.http.HttpRequest, com.azure.core.util.Context)'
at com.azure.identity.implementation.HttpPipelineAdapter.send(HttpPipelineAdapter.java:67)
at com.microsoft.aad.msal4j.HttpHelper.executeHttpRequestWithRetries(HttpHelper.java:96)
at com.microsoft.aad.msal4j.HttpHelper.executeHttpRequest(HttpHelper.java:49)
at com.microsoft.aad.msal4j.AadInstanceDiscoveryProvider.executeRequest(AadInstanceDiscoveryProvider.java:266)
at com.microsoft.aad.msal4j.AadInstanceDiscoveryProvider.sendInstanceDiscoveryRequest(AadInstanceDiscoveryProvider.java:223)
at com.microsoft.aad.msal4j.AadInstanceDiscoveryProvider.doInstanceDiscoveryAndCache(AadInstanceDiscoveryProvider.java:321)
at com.microsoft.aad.msal4j.AadInstanceDiscoveryProvider.getMetadataEntry(AadInstanceDiscoveryProvider.java:83)
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.getAuthorityWithPrefNetworkHost(AuthenticationResultSupplier.java:39)
at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:23)
at com.microsoft.aad.msal4j.AcquireTokenByClientCredentialSupplier.execute(AcquireTokenByClientCredentialSupplier.java:46)
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:69)
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:18)
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1692)
at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020)
at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656)
at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594)
at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:177)The logs you got make me think that there's a dependency conflict for the com.azure:azure-core library package. The method in question (HttpPipeline.sendSync(HttpRequest, Context)) was added in version 1.30.0. Would you mind you sharing your project's POM or dependency tree?
jainprabhash
commented
1 year ago after running mvn dependency:tree, I can see the following azure-core dependency coming from azure-identity:
com.azure:azure-identity:jar:1.7.3:compile
[INFO] | +- com.azure:azure-core:jar:1.35.0:compile
[INFO] | +- com.azure:azure-core-http-netty:jar:1.12.8:compile
[INFO] | | +- io.netty:netty-handler:jar:4.1.48.Final:compile
[INFO] | | | +- io.netty:netty-common:jar:4.1.48.Final:compile
[INFO] | | | +- io.netty:netty-resolver:jar:4.1.48.Final:compile
[INFO] | | | \- io.netty:netty-transport:jar:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-handler-proxy:jar:4.1.48.Final:compile
[INFO] | | | \- io.netty:netty-codec-socks:jar:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-buffer:jar:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-codec:jar:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-codec-http:jar:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-codec-http2:jar:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-transport-native-unix-common:jar:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-transport-native-kqueue:jar:osx-x86_64:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-tcnative-boringssl-static:jar:2.0.30.Final:compile
[INFO] | | \- io.projectreactor.netty:reactor-netty-http:jar:1.0.26:compile
[INFO] | | +- io.netty:netty-resolver-dns:jar:4.1.48.Final:compile
[INFO] | | | \- io.netty:netty-codec-dns:jar:4.1.48.Final:compile
[INFO] | | +- io.netty:netty-resolver-dns-native-macos:jar:osx-x86_64:4.1.86.Final:compile
[INFO] | | | \- io.netty:netty-resolver-dns-classes-macos:jar:4.1.86.Final:compile
[INFO] | | \- io.projectreactor.netty:reactor-netty-core:jar:1.0.26:compile
[INFO] | +- com.microsoft.azure:msal4j:jar:1.13.3:compile
[INFO] | +- com.microsoft.azure:msal4j-persistence-extension:jar:1.1.0:compile
[INFO] | | \- net.java.dev.jna:jna:jar:4.5.2:compile
[INFO] | \- net.java.dev.jna:jna-platform:jar:4.5.2:compile@jainprabhash Could you share the whole POM or dependency tree? Also, a code sample of what you're trying to do would be very useful.
You could also try to rebuild the whole project, as these issues usually occur when you're compiling your project against a specific version of a library but providing a different one at runtime. You can find more information on this here.
jainprabhash
commented
1 year ago Hi @vcolin7,
This is the whole dependency tree:
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>11</java.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<hibernate.version>5.3.7.Final</hibernate.version>
<flyway.version>6.3.3</flyway.version>
<hibernate-validator.version>6.1.4.Final</hibernate-validator.version>
<postgresql.version>42.2.14</postgresql.version>
<mssql-jdbc.version>7.0.0.jre8</mssql-jdbc.version>
<azure-keyvault.version>1.2.6</azure-keyvault.version>
<nats.version>2.16.5</nats.version>
<javers-version>5.3.1</javers-version>
<azure-storage-version>8.0.0</azure-storage-version>
<javax-validation.version>2.0.1.Final</javax-validation.version>
<io-jsonwebtoken-version>0.10.5</io-jsonwebtoken-version>
<graalvm.version>19.0.0</graalvm.version>
<hystrix-version>1.5.12</hystrix-version>
<openpojo.version>0.9.1</openpojo.version>
</properties>
<!-- Spring Boot Starter Parent -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.6.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-client</artifactId>
<version>2.2.4</version>
</dependency>
<!-- Spring Boot Starters -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-hateoas</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
<!--Lettuce is now used instead of Jedis as the Redis driver when spring-boot-starter-data-redis
is used. Switch dependencies if Jedis needs to be integrated by excluding
io.lettuce:lettuce-core and adding redis.clients:jedis instead. -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
<exclusions>
<exclusion>
<groupId>io.lettuce</groupId>
<artifactId>lettuce-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
</dependency>
<dependency>
<groupId>com.hazelcast</groupId>
<artifactId>spring-data-hazelcast</artifactId>
<version>2.2.2</version>
</dependency>
<dependency>
<groupId>com.esotericsoftware</groupId>
<artifactId>kryo</artifactId>
<version>4.0.1</version>
</dependency>
<dependency>
<!-- version of hazelcast client already present as part of spring data
jpa, hence the warning -->
<groupId>com.hazelcast</groupId>
<artifactId>hazelcast-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-hazelcast</artifactId>
</dependency>
<!-- Spring JUnit Starter dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<exclusions>
<exclusion>
<groupId>com.vaadin.external.google</groupId>
<artifactId>android-json</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Other Spring dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.2.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
<!-- TODO : Should be removed Spring Boot Properties migrator -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-properties-migrator</artifactId>
<scope>runtime</scope>
<exclusions>
<exclusion>
<groupId>com.vaadin.external.google</groupId>
<artifactId>android-json</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-hibernate5</artifactId>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.media</groupId>
<artifactId>jersey-media-multipart</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/io.swagger.core.v3/swagger-jaxrs2 -->
<dependency>
<groupId>io.swagger.core.v3</groupId>
<artifactId>swagger-jaxrs2</artifactId>
<version>2.1.4</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>31.1-jre</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
</dependency>
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>2.4.8</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.json/json -->
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20190722</version>
</dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>adal4j</artifactId>
<version>1.6.7</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>oauth2-oidc-sdk</artifactId>
<version>10.5.1</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-engine-core</artifactId>
<version>2.3</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
<dependency>
<groupId>org.owasp.antisamy</groupId>
<artifactId>antisamy</artifactId>
<version>1.7.2</version>
<exclusions>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.xmlgraphics</groupId>
<artifactId>xmlgraphics-commons</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.2</version>
<exclusions>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.11.0</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.commons/commons-collections4 -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.4</version>
</dependency>
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-envers</artifactId>
</dependency>
<dependency>
<groupId>org.javers</groupId>
<artifactId>javers-core</artifactId>
<version>${javers-version}</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.9.4</version><!--$NO-MVN-MAN-VER$ -->
</dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
<version>1.7</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.10.0</version>
</dependency>
<dependency>
<groupId>javax.interceptor</groupId>
<artifactId>javax.interceptor-api</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-csv</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
<exclusions>
<exclusion>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>stax2-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.woodstox</groupId>
<artifactId>woodstox-core</artifactId>
<version>6.0.2</version>
</dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/com.azure/azure-storage-blob -->
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-storage-blob</artifactId>
<version>12.14.4</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.azure/azure-identity -->
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.7.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.netty/netty-codec-http -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-http</artifactId>
<version>4.1.76.Final</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.netty/netty-common -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-common</artifactId>
<version>4.1.76.Final</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.projectreactor/reactor-core. -->
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-core</artifactId>
<version>3.4.17</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.azure/azure-security-keyvault-secrets -->
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-security-keyvault-secrets</artifactId>
<version>4.5.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.azure/azure-security-keyvault-certificates -->
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-security-keyvault-certificates</artifactId>
<version>4.4.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.azure/azure-security-keyvault-keys -->
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-security-keyvault-keys</artifactId>
<version>4.5.3</version>
</dependency>
<dependency>
<groupId>io.nats</groupId>
<artifactId>jnats</artifactId>
<version>${nats.version}</version>
</dependency>
<dependency>
<groupId>org.reflections</groupId>
<artifactId>reflections</artifactId>
<version>0.9.11</version>
</dependency>
<dependency>
<groupId>org.springframework.kafka</groupId>
<artifactId>spring-kafka</artifactId>
</dependency>
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>5.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.retry/spring-retry -->
<dependency>
<groupId>org.springframework.retry</groupId>
<artifactId>spring-retry</artifactId>
</dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-storage</artifactId>
<version>${azure-storage-version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>${io-jsonwebtoken-version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>${io-jsonwebtoken-version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>${io-jsonwebtoken-version}</version>
<scope>runtime</scope>
</dependency>
<!-- used for equals / hashcode testing for domain entities -->
<!-- https://mvnrepository.com/artifact/nl.jqno.equalsverifier/equalsverifier -->
<dependency>
<groupId>nl.jqno.equalsverifier</groupId>
<artifactId>equalsverifier</artifactId>
<version>3.12</version>
</dependency>
<dependency>
<groupId>com.openpojo</groupId>
<artifactId>openpojo</artifactId>
<version>${openpojo.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
</dependency>
<!-- GraalVM -->
<dependency>
<groupId>org.graalvm.sdk</groupId>
<artifactId>graal-sdk</artifactId>
<version>${graalvm.version}</version>
</dependency>
<dependency>
<groupId>org.graalvm.js</groupId>
<artifactId>js</artifactId>
<version>${graalvm.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.graalvm.js</groupId>
<artifactId>js-scriptengine</artifactId>
<version>${graalvm.version}</version>
</dependency>
<dependency>
<groupId>org.graalvm.tools</groupId>
<artifactId>profiler</artifactId>
<version>${graalvm.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.graalvm.tools</groupId>
<artifactId>chromeinspector</artifactId>
<version>${graalvm.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.graalvm.truffle</groupId>
<artifactId>truffle-api</artifactId>
<version>${graalvm.version}</version>
</dependency>
<dependency>
<groupId>org.graalvm.regex</groupId>
<artifactId>regex</artifactId>
<version>${graalvm.version}</version>
</dependency>
<dependency>
<groupId>com.ibm.icu</groupId>
<artifactId>icu4j</artifactId>
<version>72.1</version>
</dependency>
<!-- Netflix Hystrix -->
<dependency>
<groupId>com.netflix.hystrix</groupId>
<artifactId>hystrix-core</artifactId>
<version>${hystrix-version}</version>
</dependency>
<dependency>
<groupId>com.netflix.hystrix</groupId>
<artifactId>hystrix-metrics-event-stream</artifactId>
<version>${hystrix-version}</version>
</dependency>
<dependency>
<groupId>org.awaitility</groupId>
<artifactId>awaitility</artifactId>
<version>3.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.awaitility</groupId>
<artifactId>awaitility-proxy</artifactId>
<version>3.0.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.github.javafaker</groupId>
<artifactId>javafaker</artifactId>
<version>0.18</version>
<scope>compile</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.mozilla/rhino -->
<dependency>
<groupId>org.mozilla</groupId>
<artifactId>rhino</artifactId>
<version>1.7.11</version>
</dependency>
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>1.2.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.owasp/security-logging-logback -->
<dependency>
<groupId>org.owasp</groupId>
<artifactId>security-logging-logback</artifactId>
<version>1.1.7</version>
</dependency>
<!-- https://mvnrepository.com/artifact/ch.qos.logback/logback-classic overriding managed version-->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.11</version>
</dependency>
<!-- https://mvnrepository.com/artifact/ch.qos.logback/logback-core overriding managed version-->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.2.11</version>
</dependency>
<!-- https://mvnrepository.com/artifact/net.lingala.zip4j/zip4j -->
<dependency>
<groupId>net.lingala.zip4j</groupId>
<artifactId>zip4j</artifactId>
<version>2.6.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.mockito/mockito-core -->
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
<!-- Veracode conflict resolution start -->
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.11.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework/spring-webmvc -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>5.2.7.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.70</version>
</dependency>
<!-- https://mvnrepository.com/artifact/xerces/xercesImpl -->
<!-- No updates yet for nekohtml under antisamy -->
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.12.2</version>
<exclusions>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core -->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>9.0.69</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-websocket -->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
<version>9.0.69</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.dom4j/dom4j -->
<!-- Requires upgrade of hibernate otherwise -->
<dependency>
<groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
<version>2.1.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-codec/commons-codec -->
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.15</version>
</dependency>
<!-- Veracode conflict resolution end -->
</dependencies>And this is the code I've been running it on
public class RemoteKeyVaultLocalExecution {
private static String keyIdentifierPath = "https://xxxxxxx.vault.azure.net/keys/";
public static void main(String[] args) throws InterruptedException, IllegalArgumentException {
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId("xxxxxxxxxxxxxxx")
.clientSecret("xxxxxxxxxxxxxxxxxxxxxx")
.tenantId(EnvironmentConfiguration.getCurrentTenant())
.additionallyAllowedTenants("*")
.build();
SecretClient secretClient = new SecretClientBuilder()
.vaultUrl("https://xxxxxxx.vault.azure.net")
.credential(clientSecretCredential)
.buildClient();
KeyClient keyClient = new KeyClientBuilder()
.vaultUrl("https://xxxxxxx.vault.azure.net")
.credential(clientSecretCredential)
.buildClient();
KeyVaultKey key = keyClient.getKey("yyyyy");
System.out.printf("Key is returned with name %s and value %s \n", key.getName(), key.getKey());
KeyVaultSecret bankSecret = secretClient.getSecret("zzzzzzzzzzzzzzz");
System.out.printf("Secret is returned with name %s and value %s \n", bankSecret.getName(), bankSecret.getValue());
byte[] byteText = Base64.decodeBase64(bankSecret.getValue());
System.out.printf("key identifier for crypto lient is %s \n",new StringBuilder(keyIdentifierPath).append(fetchIdentifierForKey(null, null)).toString());
CryptographyClient cryptographyClient = new CryptographyClientBuilder()
.keyIdentifier(new StringBuilder(keyIdentifierPath).append(fetchIdentifierForKey(null, null)).toString())
.credential(clientSecretCredential)
.buildClient();
DecryptResult result = cryptographyClient.decrypt(EncryptionAlgorithm.RSA1_5, byteText);
try {
String decryptedResult = new String(result.getPlainText(), "UTF-16");
System.out.printf("decrypted result for secret with name %s is %s \n", bankSecret.getName(), decryptedResult);
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private static String fetchIdentifierForKey(String pod, String tenant) {
if (pod == null) {
pod = "ppppppp";
}
pod = StringUtils.isEmpty(pod) ? "" : pod + "-";
if (tenant == null || tenant.contentEquals(MultiTenantConstants.NONE)) {
tenant = "tttttttt";
}
return new StringBuilder(pod).append(tenant).toString();
}
}Hi @vcolin7 Any update?
vcolin7
commented
1 year ago Hey @jainprabhash, sorry for the late reply, I've been quite busy. I took a look at your project's POM and when running it through the command mvn dependency:tree I noticed Maven is resolving the azure-core dependency to version 1.25.0, which was released in February 2022. The API HttpPipeline.sendSync() was added later that year around June (for version 1.30.0), which means that when newer code from libraries like Key Vault attempt to use this method it can't be found and a NoSuchMethodError is raised.
I would recommend you adopt using the Azure SDK BOM to handle dependencies for you and ensure that all of them will be compatible with one another.
Alternatively, you can do one of the following:
com.azure group to the latest versions manually.However, I think these options are worse maintenance-wise if you want to keep your versions updated regularly. In my opinion, it's just better to use the BOM to keep everything aligned when it comes to dependencies.
Query/Question I am trying to upgrade my azure-keyvault maven dependency from version 1.2.2 to 1.2.6. As soon as I start my test suite, this error appears:
LoggerFactory is not a Logback LoggerContext but Logback is on the classpath. Either remove Logback or the competing implementation (class org.slf4j.impl.SimpleLoggerFactory loaded from file:/Users/Prabhash.Jain/.m2/repository/org/slf4j/slf4j-simple/1.7.30/slf4j-simple-1.7.30.jar). If you are using WebLogic you will need to add 'org.slf4j' to prefer-application-packages in WEB-INF/weblogic.xml: org.slf4j.impl.SimpleLoggerFactoryIs there anything extra that I need to do?Why is this not a Bug or a feature Request? Because i'm not sure if I missed any exclusion tags, as I could not find any documentation
Setup (please complete the following information if applicable):
Library/Libraries: com.microsoft.azure:azure-keyvault:1.2.6
Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report