Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/guacamole-client/pull/336#discussion_r241526188
--- Diff:
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultCredentials.java
---
@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.vault.azure.conf;
+
+import com.google.inject.Inject;
+import com.microsoft.aad.adal4j.AuthenticationContext;
+import com.microsoft.aad.adal4j.AuthenticationResult;
+import com.microsoft.aad.adal4j.ClientCredential;
+import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
+import java.net.MalformedURLException;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import org.apache.guacamole.GuacamoleException;
+
+/**
+ * KeyVaultCredentials implementation which retrieves the required client
ID
+ * and key from guacamole.properties. Note that KeyVaultCredentials as
+ * implemented in the Azure Java SDK is NOT THREADSAFE; it leverages a
+ * non-concurrent HashMap for authentication result caching and does not
+ * perform any synchronization.
+ */
+public class AzureKeyVaultCredentials extends KeyVaultCredentials {
+
+ /**
+ * Service for retrieving configuration information.
+ */
+ @Inject
+ private AzureKeyVaultConfigurationService confService;
+
+ /**
+ * {@inheritDoc}
+ *
+ * @throws AzureKeyVaultAuthenticationException
+ * If an error occurs preventing successful authentication. Note
that
+ * this exception is unchecked. Uses of this class which need to be
+ * aware of errors in the authentication process must manually
catch
+ * this exception.
+ */
+ @Override
+ public String doAuthenticate(String authorization, String resource,
+ String scope) throws AzureKeyVaultAuthenticationException {
+
+ // Read Azure credentials from guacamole.properties
+ ClientCredential credentials;
+ try {
+ credentials = confService.getClientCredentials();
+ }
+ catch (GuacamoleException e) {
--- End diff --
No rationale, but a hard requirement. `doAuthenticate()` is defined by us
but of the Azure API we're using in this extension. We can't add new checked
exceptions like `GuacamoleException` to the prototype of a function we're
implementing that's defined by someone else's interface. Ideally, that
third-party interface would provide some checked exception that we *could*
throw, but no dice - only unchecked exceptions are available for use within
`doAuthenticate()`.
The code elsewhere in this extension that deals with the part of Azure's
API which invokes `doAuthenticate()` has to be conscious of this, catch our
special unchecked exception, and translate things back into an appropriate
`GuacamoleException.
---
