Added changes suggested in PR. Specially, the getAccessToken() and getRefreshToken() will now return an empty object with an error message instead of throwing an exception

Author: rvelaVenafi

examples/com/venafi/vcert/sdk/example/TppTokenClient.java

@@ -0,0 +1,77 @@
+package com.venafi.vcert.sdk.example;
+
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Arrays;
+import java.util.Collections;
+
+import com.venafi.vcert.sdk.Config;
+import com.venafi.vcert.sdk.VCertClient;
+import com.venafi.vcert.sdk.VCertException;
+import com.venafi.vcert.sdk.VCertTknClient;
+import com.venafi.vcert.sdk.certificate.CertificateRequest;
+import com.venafi.vcert.sdk.certificate.KeyType;
+import com.venafi.vcert.sdk.certificate.PEMCollection;
+import com.venafi.vcert.sdk.connectors.ZoneConfiguration;
+import com.venafi.vcert.sdk.connectors.tpp.TokenInfo;
+import com.venafi.vcert.sdk.endpoint.Authentication;
+import com.venafi.vcert.sdk.endpoint.ConnectorType;
+
+public class TppTokenClient {
+
+  public static void main(String[] args) throws VCertException, CertificateEncodingException,
+      NoSuchAlgorithmException, KeyManagementException {
+
+    String url = System.getenv("TPP_TOKEN_URL");
+    String zone = System.getenv("TPPZONE");
+    String appInfo = System.getenv("PRODUCT");
+    String tpp_user = System.getenv("TPPUSER");
+    String tpp_passwd = System.getenv("TPPPASSWORD");
+
+    if (tpp_user == null)
+      tpp_user = "local:admin";
+    if (tpp_passwd == null)
+      tpp_passwd = "password";
+    if (url == null)
+      url = "https://tpp.venafi.example/vedsdk";
+    if (zone == null)
+      zone = "Certificates\\vcert\\";
+    if (appInfo == null)
+      appInfo = "CompanyName AppName";
+
+    // Configuration
+    Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(url).appInfo(appInfo)
+        // To use proxy uncomment the lines below
+        // .proxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888)))
+        // .proxyUser("myUser")
+        // .proxyPassword("myPasscode")
+        .build();
+
+    Authentication auth = Authentication.builder().user(tpp_user).password(tpp_passwd).build();
+
+    VCertTknClient client = new VCertTknClient(config);
+    TokenInfo tknInfo = client.getAccessToken(auth);
+
+    ZoneConfiguration zoneConfiguration = client.readZoneConfiguration(zone);
+
+    // Generate a certificate
+    CertificateRequest certificateRequest = new CertificateRequest()
+        .subject(new CertificateRequest.PKIXName().commonName("vcert-java.venafi.example")
+            .organization(Collections.singletonList("Venafi, Inc."))
+            .organizationalUnit(Arrays.asList("Product Management"))
+            .country(Collections.singletonList("US"))
+            .locality(Collections.singletonList("Salt Lake City"))
+            .province(Collections.singletonList("Utah")))
+        .keyType(KeyType.RSA).keyLength(2048);
+
+    certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
+
+    // Submit the certificate request
+    client.requestCertificate(certificateRequest, zoneConfiguration);
+
+    // Retrieve PEM collection from Venafi
+    PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
+    System.out.println(pemCollection.certificate());
+  }
+}

src/main/java/com/venafi/vcert/sdk/connectors/tpp/TokenInfo.java

@@ -14,5 +14,6 @@ public class TokenInfo {
 	private String  scope;
 	private String  identity;
 	private long refreshUntil;
-	
+	private boolean authorized;
+	private String errorMessage;
 }

src/main/java/com/venafi/vcert/sdk/connectors/tpp/Tpp.java

@@ -66,7 +66,8 @@ CertificateRetrieveResponse certificateRetrieve(
   AuthorizeTokenResponse authorizeToken(AbstractTppConnector.AuthorizeTokenRequest authorizeRequest);
 
   @RequestLine("POST /vedauth/authorize/token")
-  @Headers("Content-Type: application/json") RefreshTokenResponse refreshToken(AbstractTppConnector.RefreshTokenRequest request);
+  @Headers("Content-Type: application/json")
+  RefreshTokenResponse refreshToken(AbstractTppConnector.RefreshTokenRequest request);
 
   @RequestLine("GET /vedauth/revoke/token")
   @Headers("Authorization: {token}")

src/main/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnector.java

@@ -8,6 +8,7 @@
 import com.venafi.vcert.sdk.endpoint.ConnectorType;
 import com.venafi.vcert.sdk.utils.Is;
 import feign.FeignException;
+import feign.FeignException.Unauthorized;
 import feign.Response;
 import lombok.Setter;
 
@@ -84,14 +85,22 @@ public TokenInfo getAccessToken(Authentication auth) throws VCertException {
             throw new VCertException(MISSING_CREDENTIALS_MESSAGE);
         }
 
-        AuthorizeTokenRequest info = new AuthorizeTokenRequest( auth.user(), auth.password(), auth.clientId(), auth.scope(), auth.state(), auth.redirectUri() );
-        AuthorizeTokenResponse response = tpp.authorizeToken( info );
-        TokenInfo accessTokenInfo = new TokenInfo(response.accessToken(), response.refreshToken(), response.expire(), response.tokenType(), response.scope(), response.identity(), response.refreshUntil());
-
-        this.credentials = auth;
-        this.credentials.accessToken(accessTokenInfo.accessToken());
-        this.credentials.refreshToken(accessTokenInfo.refreshToken());
-
+        TokenInfo accessTokenInfo;
+        try {
+            AuthorizeTokenRequest authRequest =
+                new AuthorizeTokenRequest(auth.user(), auth.password(), auth.clientId(), auth.scope(), auth.state(),
+                    auth.redirectUri());
+            AuthorizeTokenResponse response = tpp.authorizeToken(authRequest);
+            accessTokenInfo = new TokenInfo(response.accessToken(), response.refreshToken(), response.expire(),
+                response.tokenType(), response.scope(), response.identity(), response.refreshUntil(), true, null);
+
+            this.credentials = auth;
+            this.credentials.accessToken(accessTokenInfo.accessToken());
+            this.credentials.refreshToken(accessTokenInfo.refreshToken());
+        } catch(Unauthorized e){
+            accessTokenInfo = new TokenInfo(null, null, -1, null, null,
+                null, -1, false, e.getMessage());
+        }
         return accessTokenInfo;
     }
 
@@ -105,21 +114,23 @@ public TokenInfo refreshAccessToken(String clientId ) throws VCertException{
         if(isBlank(credentials.refreshToken())){
             throw new VCertException(MISSING_REFRESH_TOKEN_MESSAGE);
         }
+        TokenInfo tokenInfo;
         try {
             RefreshTokenRequest request = new RefreshTokenRequest(credentials.refreshToken(), clientId);
             RefreshTokenResponse response = tpp.refreshToken( request );
 
-            TokenInfo tokenInfo = new TokenInfo(response.accessToken(), response.refreshToken(), response.expire(),
-                    response.tokenType(), response.scope(), "",
-                    response.refreshUntil());
+             tokenInfo = new TokenInfo(response.accessToken(), response.refreshToken(), response.expire(),
+                    response.tokenType(), response.scope(), "", response.refreshUntil(), true, null);
 
             this.credentials.accessToken(tokenInfo.accessToken());
             this.credentials.refreshToken(tokenInfo.refreshToken());
 
             return tokenInfo;
         }catch (FeignException.BadRequest e){
-            throw new VCertException(e.getMessage());
+            tokenInfo = new TokenInfo(null, null, -1, null, null,
+                null, -1, false, e.getMessage());
         }
+        return tokenInfo;
     }
 
     @Override

src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorAT.java

@@ -6,7 +6,6 @@
 import com.venafi.vcert.sdk.connectors.ZoneConfiguration;
 import com.venafi.vcert.sdk.endpoint.Authentication;
 import feign.FeignException;
-import feign.FeignException.Unauthorized;
 
 import org.apache.commons.codec.digest.DigestUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -53,6 +52,8 @@ void authenticate() throws VCertException {
             TokenInfo info = classUnderTest.getAccessToken(authentication);
 
             assertThat(info).isNotNull();
+            assertThat(info.authorized()).isTrue();
+            assertThat(info.errorMessage()).isNull();
             assertThat(info.accessToken()).isNotNull();
             assertThat(info.refreshToken()).isNotNull();
 
@@ -66,13 +67,15 @@ void authenticateNoParameter() throws VCertException{
         TokenInfo localInfo = classUnderTest.getAccessToken();
 
         assertThat(localInfo).isNotNull();
+        assertThat(localInfo.authorized()).isTrue();
+        assertThat(localInfo.errorMessage()).isNull();
         assertThat(localInfo.accessToken()).isNotNull();
         assertThat(localInfo.refreshToken()).isNotNull();
     }
 
     @Test
     @DisplayName("Authenticate with invalid credentials")
-    void authenticateInvalid(){
+    void authenticateInvalid() throws VCertException{
         Authentication authentication = Authentication.builder()
             .user("sample")
             .password("password")
@@ -81,7 +84,11 @@ void authenticateInvalid(){
 
         classUnderTest.credentials(authentication);
 
-        assertThrows(Unauthorized.class, () ->classUnderTest.getAccessToken());
+        TokenInfo info = classUnderTest.getAccessToken();
+        assertThat(info).isNotNull();
+        assertThat(info.authorized()).isFalse();
+        assertThat(info.errorMessage()).isNotNull();
+
 
         // After setting invalid credentials to TPP, setting variable <info> to null
         // will allow for new token to be authorized
@@ -319,7 +326,11 @@ void refreshToken() throws VCertException{
         TokenInfo refreshInfo = classUnderTest.refreshAccessToken("vcert-sdk");
 
         assertThat(refreshInfo).isNotNull();
+        assertThat(refreshInfo.authorized()).isTrue();
+        assertThat(refreshInfo.errorMessage()).isNull();
+        assertThat(refreshInfo.accessToken()).isNotNull();
         assertThat(refreshInfo.accessToken()).isNotEqualTo(info.accessToken());
+        assertThat(refreshInfo.refreshToken()).isNotNull();
         assertThat(refreshInfo.refreshToken()).isNotEqualTo(info.refreshToken());
     }
 
@@ -331,7 +342,11 @@ void refreshTokenInvalid() throws VCertException{
             .build();
         classUnderTest.credentials(invalidCredentials);
 
-        assertThrows(VCertException.class, () -> classUnderTest.refreshAccessToken("vcert-sdk"));
+        TokenInfo info = classUnderTest.refreshAccessToken("vcert-sdk");
+
+        assertThat(info).isNotNull();
+        assertThat(info.authorized()).isFalse();
+        assertThat(info.errorMessage()).isNotNull();
 
         // After setting invalid credentials to TPP, setting variable <info> to null
         // will allow for new token to be authorized

src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorTest.java

@@ -64,6 +64,9 @@ void setUp() throws VCertException {
 
         Authentication authentication = Authentication.builder().user("user").password("pass").build();
         info = classUnderTest.getAccessToken(authentication);
+        assertThat(info).isNotNull();
+        assertThat(info.authorized()).isTrue();
+        assertThat(info.errorMessage()).isNull();
     }
 
     @Test
@@ -212,6 +215,8 @@ void refreshAccessToken() throws VCertException{
 
         TokenInfo newInfo = classUnderTest.refreshAccessToken("vcert-sdk");
         assertNotNull(newInfo);
+        assertThat(newInfo.authorized()).isTrue();
+        assertThat(newInfo.errorMessage()).isNull();
         assertNotNull(newInfo.accessToken());
         assertNotNull(newInfo.refreshToken());
 
@@ -221,16 +226,19 @@ void refreshAccessToken() throws VCertException{
 
     @Test
     @DisplayName("Refresh invalid access token")
-    void refreshAccessTokenInvalid(){
+    void refreshAccessTokenInvalid() throws VCertException{
         final Request request = Request.create(Request.HttpMethod.POST, "", new HashMap<String, Collection<String>>(), null);
 
         when(tpp.refreshToken(any(AbstractTppConnector.RefreshTokenRequest.class))).thenThrow(new FeignException.BadRequest("400 Grant has been revoked, has expired, or the refresh token is invalid", request, null));
 
-        final Throwable throwable =
-                assertThrows(VCertException.class, () -> classUnderTest.refreshAccessToken("vcert-sdk"));
-        logger.info("VCertException = %s", throwable.getMessage());
+        TokenInfo info = classUnderTest.refreshAccessToken("vcert-sdk");
+        assertThat(info).isNotNull();
+        assertThat(info.authorized()).isFalse();
+        assertThat(info.errorMessage()).isNotNull();
+
+        logger.info("VCertException = %s", info.errorMessage());
 
-        assertThat(throwable.getMessage()).contains("Grant has been revoked, has expired, or the refresh token is invalid");
+        assertThat(info.errorMessage()).contains("Grant has been revoked, has expired, or the refresh token is invalid");
     }
 
     @Test