Fix | MSI expiry date format fix for Azure Functions (#1308)

peterbae · web-flow · commit 3b4f0a20623e · 2020-04-30T11:16:47.000-07:00
Fix | MSI expiry date format fix for Azure Functions
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerSecurityUtility.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerSecurityUtility.java
@@ -15,9 +15,7 @@
 import java.net.URL;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
-import java.text.DateFormat;
 import java.text.MessageFormat;
-import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
@@ -270,7 +268,7 @@ static SqlFedAuthToken getMSIAuthToken(String resource, String msiClientId) thro
                 && !msiSecret.isEmpty();
 
         if (isAzureFunction) {
-            urlString.append(msiEndpoint).append("?api-version=2017-09-01&resource=").append(resource);
+            urlString.append(msiEndpoint).append("?api-version=2019-08-01&resource=").append(resource);
         } else {
             urlString.append(ActiveDirectoryAuthentication.AZURE_REST_MSI_URL).append("&resource=").append(resource);
             // Retry acquiring access token upto 20 times due to possible IMDS upgrade (Applies to VM only)
@@ -283,11 +281,7 @@ static SqlFedAuthToken getMSIAuthToken(String resource, String msiClientId) thro
 
         // Append Client Id if available
         if (null != msiClientId && !msiClientId.isEmpty()) {
-            if (isAzureFunction) {
-                urlString.append("&clientid=").append(msiClientId);
-            } else {
-                urlString.append("&client_id=").append(msiClientId);
-            }
+            urlString.append("&client_id=").append(msiClientId);
         }
 
         // Loop while maxRetry reaches its limit
@@ -299,7 +293,7 @@ static SqlFedAuthToken getMSIAuthToken(String resource, String msiClientId) thro
                 connection.setRequestMethod("GET");
 
                 if (isAzureFunction) {
-                    connection.setRequestProperty("Secret", msiSecret);
+                    connection.setRequestProperty("X-IDENTITY-HEADER", msiSecret);
                     if (connectionlogger.isLoggable(Level.FINER)) {
                         connectionlogger.finer("Using Azure Function/App Service MSI auth: " + urlString);
                     }
@@ -315,7 +309,7 @@ static SqlFedAuthToken getMSIAuthToken(String resource, String msiClientId) thro
                 try (InputStream stream = connection.getInputStream()) {
 
                     BufferedReader reader = new BufferedReader(new InputStreamReader(stream, UTF_8), 100);
-                    String result = reader.readLine();
+                    StringBuilder result = new StringBuilder(reader.readLine());
 
                     int startIndex_AT = result.indexOf(ActiveDirectoryAuthentication.ACCESS_TOKEN_IDENTIFIER)
                             + ActiveDirectoryAuthentication.ACCESS_TOKEN_IDENTIFIER.length();
@@ -324,30 +318,23 @@ static SqlFedAuthToken getMSIAuthToken(String resource, String msiClientId) thro
 
                     Calendar cal = new Calendar.Builder().setInstant(new Date()).build();
 
+                    int startIndex_ATX;
+
+                    // Fetch expires_on
                     if (isAzureFunction) {
-                        // Fetch expires_on
-                        int startIndex_ATX = result
+                        startIndex_ATX = result
                                 .indexOf(ActiveDirectoryAuthentication.ACCESS_TOKEN_EXPIRES_ON_IDENTIFIER)
                                 + ActiveDirectoryAuthentication.ACCESS_TOKEN_EXPIRES_ON_IDENTIFIER.length();
-                        String accessTokenExpiry = result.substring(startIndex_ATX,
-                                result.indexOf("\"", startIndex_ATX + 1));
-                        if (connectionlogger.isLoggable(Level.FINER)) {
-                            connectionlogger.finer("MSI auth token expires on: " + accessTokenExpiry);
-                        }
-
-                        DateFormat df = new SimpleDateFormat(
-                                ActiveDirectoryAuthentication.ACCESS_TOKEN_EXPIRES_ON_DATE_FORMAT);
-                        cal = new Calendar.Builder().setInstant(df.parse(accessTokenExpiry)).build();
                     } else {
-                        // Fetch expires_in
-                        int startIndex_ATX = result
+                        startIndex_ATX = result
                                 .indexOf(ActiveDirectoryAuthentication.ACCESS_TOKEN_EXPIRES_IN_IDENTIFIER)
                                 + ActiveDirectoryAuthentication.ACCESS_TOKEN_EXPIRES_IN_IDENTIFIER.length();
-                        String accessTokenExpiry = result.substring(startIndex_ATX,
-                                result.indexOf("\"", startIndex_ATX + 1));
-                        cal.add(Calendar.SECOND, Integer.parseInt(accessTokenExpiry));
                     }
 
+                    String accessTokenExpiry = result.substring(startIndex_ATX,
+                            result.indexOf("\"", startIndex_ATX + 1));
+                    cal.add(Calendar.SECOND, Integer.parseInt(accessTokenExpiry));
+
                     return new SqlFedAuthToken(accessToken, cal.getTime());
                 }
             } catch (Exception e) {
