Provide correct key discovery url for sovereign clouds (#571)

jenkinsci · May 12, 2024 · 5fd019a · 5fd019a
1 parent cef0bc3
commit 5fd019a
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 11 deletions.
diff --git a/.run/azure-ad [hpi_run].run.xml b/.run/azure-ad [hpi_run].run.xml
@@ -12,7 +12,6 @@
           <option name="mavenProperties">
             <map>
               <entry key="java.awt.headless" value="true" />
-              <entry key="jenkins.version" value="2.355" />
               <entry key="port" value="6322" />
               <entry key="skip.npm" value="true" />
             </map>
@@ -25,6 +24,7 @@
       </option>
       <option name="myRunnerParameters">
         <MavenRunnerParameters>
+          <option name="cmdOptions" />
           <option name="profiles">
             <set />
           </option>
@@ -33,12 +33,16 @@
               <option value="hpi:run" />
             </list>
           </option>
+          <option name="multimoduleDir" />
           <option name="pomFileName" />
           <option name="profilesMap">
             <map>
               <entry key="quick-build" value="true" />
             </map>
           </option>
+          <option name="projectsCmdOptionValues">
+            <list />
+          </option>
           <option name="resolveToWorkspace" value="false" />
           <option name="workingDirPath" value="$PROJECT_DIR$" />
         </MavenRunnerParameters>
@@ -51,7 +55,7 @@
       <option name="IS_IGNORE_MISSING_FILES" value="false" />
       <option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
       <ENTRIES>
-        <ENTRY IS_ENABLED="true" PARSER="runconfig" />
+        <ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
       </ENTRIES>
     </extension>
     <method v="2" />

diff --git a/src/main/java/com/microsoft/jenkins/azuread/AzureEnvironment.java b/src/main/java/com/microsoft/jenkins/azuread/AzureEnvironment.java
@@ -9,7 +9,6 @@ public final class AzureEnvironment {
 
     public static final String AZURE_PUBLIC_CLOUD = "Azure";
     public static final String AZURE_CHINA = "Azure China";
-    public static final String AZURE_GERMANY = "Azure Germany";
     public static final String AZURE_US_GOVERNMENT_L4 = "Azure US Government L4";
     public static final String AZURE_US_GOVERNMENT_L5 = "Azure US Government L5 (DOD)";
 

diff --git a/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java b/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java
@@ -95,12 +95,10 @@
 import java.util.stream.Collectors;
 
 import static com.microsoft.jenkins.azuread.AzureEnvironment.AZURE_CHINA;
-import static com.microsoft.jenkins.azuread.AzureEnvironment.AZURE_GERMANY;
 import static com.microsoft.jenkins.azuread.AzureEnvironment.AZURE_PUBLIC_CLOUD;
 import static com.microsoft.jenkins.azuread.AzureEnvironment.AZURE_US_GOVERNMENT_L4;
 import static com.microsoft.jenkins.azuread.AzureEnvironment.AZURE_US_GOVERNMENT_L5;
 import static com.microsoft.jenkins.azuread.AzureEnvironment.getAuthorityHost;
-import static com.microsoft.jenkins.azuread.AzureEnvironment.getServiceRoot;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.singletonList;
 import static java.util.Objects.requireNonNull;
@@ -183,7 +181,7 @@ public void setSingleLogout(boolean singleLogout) {
     }
 
     private final Supplier<JwtConsumer> jwtConsumer = Suppliers.memoize(() ->
-            Utils.JwtUtil.jwt(getClientId(), getTenant()));
+            Utils.JwtUtil.jwt(getAuthorityHost(getAzureEnvironmentName()), getClientId(), getTenant()));
 
     public String getClientIdSecret() {
         return clientId.getEncryptedValue();
@@ -740,7 +738,6 @@ public ListBoxModel doFillAzureEnvironmentNameItems() {
 
             model.add(AZURE_PUBLIC_CLOUD);
             model.add(AZURE_CHINA);
-            model.add(AZURE_GERMANY);
             model.add(AZURE_US_GOVERNMENT_L4);
             model.add(AZURE_US_GOVERNMENT_L5);
             return model;

diff --git a/src/main/java/com/microsoft/jenkins/azuread/Utils.java b/src/main/java/com/microsoft/jenkins/azuread/Utils.java
@@ -12,6 +12,8 @@
 import hudson.Functions;
 import hudson.ProxyConfiguration;
 import hudson.util.FormValidation;
+import java.net.URI;
+import java.net.URISyntaxException;
 import jenkins.model.Jenkins;
 import org.jose4j.http.Get;
 import org.jose4j.jwk.HttpsJwks;
@@ -71,17 +73,21 @@ public static <T> String toJson(T obj) {
 
     public static class JwtUtil {
         public static final long DEFAULT_CACHE_DURATION = TimeUnit.HOURS.toSeconds(24);
-        public static JwtConsumer jwt(final String clientId, final String tenantId) {
+        public static JwtConsumer jwt(final String authorityHost, final String clientId, final String tenantId) {
             String keyDiscoveryUrl = String.format(
-                    "https://login.microsoftonline.com/%s/discovery/keys?appId=%s", tenantId, clientId
+                    "%s%s/discovery/keys?appId=%s", authorityHost, tenantId, clientId
             );
-            final String expectedIssuer = String.format("https://login.microsoftonline.com/%s/v2.0", tenantId);
+            final String expectedIssuer = String.format("%s%s/v2.0", authorityHost, tenantId);
             HttpsJwks httpsJwks = new HttpsJwks(keyDiscoveryUrl);
             httpsJwks.setDefaultCacheDuration(DEFAULT_CACHE_DURATION);
             ProxyConfiguration proxy = Jenkins.get().getProxy();
             if (proxy != null) {
                 Get get = new Get();
-                get.setHttpProxy(proxy.createProxy("login.microsoftonline.com"));
+                try {
+                    get.setHttpProxy(proxy.createProxy(new URI(authorityHost).getHost()));
+                } catch (URISyntaxException e) {
+                    throw new RuntimeException(e);
+                }
                 httpsJwks.setSimpleHttpGet(get);
             }