Improve tenant-based flights supporting code, Fixes AB#3321153 (#2717)

Fixes
[AB#3321153](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3321153)

- Refactored getting open-id configuration for AAD authority between
classes (AzureActivityDirectory.java, AzureActiveDirectoryAudience and
OpenIdProviderConfigurationClient)
- Updated common flights manager based on changes in
AzureAD/ad-accounts-for-android#3171 (Refer this
PR for more details)

Author: mohitc1

changelog.txt

@@ -1,5 +1,6 @@
 vNext
 ----------
+- [Minor] Improve tenant-based flighting for broker supporting code (#2717)
 - [PATCH] Fix caching of secret key and add retries for InvalidKeyException during unwrap (#2659)
 - [MINOR] Replace AbstractSecretKeyLoader with ISecretKeyProvider (#2666)
 - [MINOR] Update IP phone app teams signature constants to use SHA-512 format (#2700)

common/src/test/java/com/microsoft/identity/common/internal/mocks/MockCommonFlightsManager.java

@@ -22,6 +22,8 @@
 // THE SOFTWARE.
 package com.microsoft.identity.common.internal.mocks;
 
+import androidx.annotation.NonNull;
+
 import com.microsoft.identity.common.java.flighting.IFlightsManager;
 import com.microsoft.identity.common.java.flighting.IFlightsProvider;
 
@@ -46,4 +48,16 @@ public IFlightsProvider getFlightsProvider() {
     public IFlightsProvider getFlightsProviderForTenant(@NotNull String tenantId) {
         return mMockCommonFlightsProvider;
     }
+
+    @NonNull
+    @Override
+    public IFlightsProvider getFlightsProvider(long waitForConfigsWithTimeoutInMs) {
+        return this.getFlightsProvider();
+    }
+
+    @NonNull
+    @Override
+    public IFlightsProvider getFlightsProviderForTenant(@NonNull String tenantId, long waitForConfigsWithTimeoutInMs) {
+        return this.getFlightsProviderForTenant(tenantId);
+    }
 }

common/src/test/java/com/microsoft/identity/common/internal/ui/webview/AzureActiveDirectoryWebViewClientTest.java

@@ -28,6 +28,7 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.when;
@@ -430,7 +431,7 @@ public void testOnReceivedSslError() {
         final IFlightsManager mockFlightsManager = Mockito.mock(IFlightsManager.class);
         final IFlightsProvider mockFlightsProvider = Mockito.mock(IFlightsProvider.class);
         when(mockFlightsProvider.isFlightEnabled(eq(CommonFlight.SHOULD_PRESERVE_WEBVIEW_FLOW_ON_SSL_ERROR))).thenReturn(true);
-        when(mockFlightsManager.getFlightsProvider()).thenReturn(mockFlightsProvider);
+        when(mockFlightsManager.getFlightsProvider(anyLong())).thenReturn(mockFlightsProvider);
         CommonFlightsManager.INSTANCE.initializeCommonFlightsManager(mockFlightsManager);
         final SslErrorHandler mockHandler = Mockito.mock(android.webkit.SslErrorHandler.class);
         final SslError mockError = Mockito.mock(android.net.http.SslError.class);

common4j/src/main/com/microsoft/identity/common/java/authorities/AzureActiveDirectoryAudience.java

@@ -87,7 +87,15 @@ public String getTenantUuidForAlias(@NonNull final String authority)
         final OpenIdProviderConfiguration providerConfiguration =
                 loadOpenIdProviderConfigurationMetadata(authority);
 
-        final String issuer = providerConfiguration.getIssuer();
+        return getTenantIdFromOpenIdProviderConfiguration(providerConfiguration);
+    }
+
+    /**
+     * Util method to extract tenant UUID from the OpenIdProviderConfiguration's Issuer. It's expected
+     * configuration is of AAD authority, so that tenant UUID is present in the path of the issuer.
+     */
+    public static String getTenantIdFromOpenIdProviderConfiguration(@NonNull final OpenIdProviderConfiguration configuration) throws ClientException {
+        final String issuer = configuration.getIssuer();
         final CommonURIBuilder issuerUri;
         try {
             issuerUri = new CommonURIBuilder(issuer);
@@ -108,9 +116,9 @@ public String getTenantUuidForAlias(@NonNull final String authority)
 
             throw new ClientException(errMsg);
         }
-        final String tenantUUID = paths.get(0);
+        final String tenantUuid = paths.get(0);
 
-        if (!StringUtil.isUuid(tenantUUID)) {
+        if (!StringUtil.isUuid(tenantUuid)) {
             final String errMsg = "OpenId Metadata did not contain UUID in the path ";
             Logger.error(
                     TAG,
@@ -120,7 +128,7 @@ public String getTenantUuidForAlias(@NonNull final String authority)
 
             throw new ClientException(errMsg);
         }
-        return tenantUUID;
+        return tenantUuid;
     }
 
     /**

common4j/src/main/com/microsoft/identity/common/java/flighting/CommonFlightsManager.kt

@@ -50,12 +50,12 @@ object CommonFlightsManager : IFlightsManager {
         mFlightsManager = DefaultValueFlightsManager
     }
 
-    override fun getFlightsProvider(): IFlightsProvider {
-        return mFlightsManager.getFlightsProvider()
+    override fun getFlightsProvider(waitForConfigsWithTimeoutInMs: Long): IFlightsProvider {
+        return mFlightsManager.getFlightsProvider(waitForConfigsWithTimeoutInMs)
     }
 
-    override fun getFlightsProviderForTenant(tenantId: String): IFlightsProvider {
-        return mFlightsManager.getFlightsProviderForTenant(tenantId)
+    override fun getFlightsProviderForTenant(tenantId: String, waitForConfigsWithTimeoutInMs: Long): IFlightsProvider {
+        return mFlightsManager.getFlightsProviderForTenant(tenantId, waitForConfigsWithTimeoutInMs)
     }
 
     /**
@@ -97,11 +97,14 @@ object CommonFlightsManager : IFlightsManager {
      * default value for the flight config provided.
      */
     private object DefaultValueFlightsManager : IFlightsManager {
-        override fun getFlightsProvider(): IFlightsProvider {
+        override fun getFlightsProvider(waitForConfigsWithTimeoutInMs: Long): IFlightsProvider {
             return DefaultValueFlightsProvider
         }
 
-        override fun getFlightsProviderForTenant(tenantId: String): IFlightsProvider {
+        override fun getFlightsProviderForTenant(
+            tenantId: String,
+            waitForConfigsWithTimeoutInMs: Long
+        ): IFlightsProvider {
             return DefaultValueFlightsProvider
         }
     }

common4j/src/main/com/microsoft/identity/common/java/flighting/IFlightsManager.kt

@@ -31,11 +31,28 @@ interface IFlightsManager {
     /**
      * Flights provider applicable by default. Features should always this
      * unless the feature behaviour is tenant specific one same device.
+     * Calls [getFlightsProvider] with a default timeout of 0 milliseconds. 0 indicates no wait.
      */
-    fun getFlightsProvider(): IFlightsProvider
+    fun getFlightsProvider(): IFlightsProvider = getFlightsProvider(0)
+
+    /**
+     * Flights provider applicable by default. Features should always use this
+     * unless the feature behaviour is tenant specific one same device.
+     * @param waitForConfigsWithTimeoutInMs The timeout in milliseconds to wait for initial configurations from source.
+     */
+    fun getFlightsProvider(waitForConfigsWithTimeoutInMs: Long = 0): IFlightsProvider
+
+    /**
+     * Flights provider for the given tenant
+     * @param tenantId The tenant ID for which the flights provider is requested.
+     * Calls [getFlightsProviderForTenant] with a default timeout of 0 milliseconds. 0 indicates no wait.
+     */
+    fun getFlightsProviderForTenant(tenantId: String): IFlightsProvider = getFlightsProviderForTenant(tenantId, 0)
 
     /**
      * Flights provider for the given tenant
+     * @param tenantId The tenant ID for which the flights provider is requested.
+     * @param waitForConfigsWithTimeoutInMs The timeout in milliseconds to wait for initial configurations from source.
      */
-    fun getFlightsProviderForTenant(tenantId: String): IFlightsProvider
+    fun getFlightsProviderForTenant(tenantId: String, waitForConfigsWithTimeoutInMs: Long = 0): IFlightsProvider
 }

common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/azureactivedirectory/AzureActiveDirectory.java

@@ -22,31 +22,32 @@
 // THE SOFTWARE.
 package com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory;
 
-import lombok.NonNull;
+import static com.microsoft.identity.common.java.exception.ServiceException.OPENID_PROVIDER_CONFIGURATION_FAILED_TO_LOAD;
 
 import com.google.gson.Gson;
 import com.google.gson.reflect.TypeToken;
 import com.microsoft.identity.common.java.authorities.Environment;
 import com.microsoft.identity.common.java.cache.HttpCache;
+import com.microsoft.identity.common.java.exception.ClientException;
+import com.microsoft.identity.common.java.exception.ServiceException;
 import com.microsoft.identity.common.java.interfaces.IPlatformComponents;
 import com.microsoft.identity.common.java.logging.Logger;
-import com.microsoft.identity.common.java.exception.ClientException;
 import com.microsoft.identity.common.java.net.HttpClient;
 import com.microsoft.identity.common.java.net.HttpResponse;
 import com.microsoft.identity.common.java.net.UrlConnectionHttpClient;
 import com.microsoft.identity.common.java.providers.IdentityProvider;
 import com.microsoft.identity.common.java.providers.oauth2.OAuth2StrategyParameters;
+import com.microsoft.identity.common.java.providers.oauth2.OpenIdProviderConfiguration;
+import com.microsoft.identity.common.java.providers.oauth2.OpenIdProviderConfigurationClient;
+import com.microsoft.identity.common.java.util.CommonURIBuilder;
 import com.microsoft.identity.common.java.util.ObjectMapper;
 import com.microsoft.identity.common.java.util.StringUtil;
-import com.microsoft.identity.common.java.util.CommonURIBuilder;
 import com.microsoft.identity.common.java.util.UrlUtil;
 
 import org.json.JSONException;
 
-import java.io.IOException;
 import java.lang.reflect.Type;
 import java.net.HttpURLConnection;
-import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
@@ -59,6 +60,8 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
+import lombok.NonNull;
+
 /**
  * Implements the IdentityProvider base class...
  */
@@ -246,6 +249,34 @@ public static synchronized List<AzureActiveDirectoryCloud> getClouds() {
         return new ArrayList<>();
     }
 
+    /**
+     * Loads the OpenID Provider Configuration metadata for the specified tenant by first constructing
+     * AAD authority URL like https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration
+     *
+     * @param tenant The tenant identifier. Could be tenant id (guid) or tenant name (contoso.onmicrosoft.com).
+     * @return The OpenID Provider Configuration for the specified tenant.
+     * @throws ServiceException If there is an error loading the configuration.
+     * @throws ClientException  If there is a client-side error.
+     */
+    public static OpenIdProviderConfiguration loadOpenIdProviderConfigurationMetadataForTenant(
+            @NonNull final String tenant
+    ) throws ServiceException, ClientException {
+        final OpenIdProviderConfigurationClient client =
+                new OpenIdProviderConfigurationClient();
+        try {
+            final String tenantedAuthorityUrl = new CommonURIBuilder(getDefaultCloudUrl())
+                    .setPathSegments(tenant)
+                    .build()
+                    .toString();
+            return client.loadOpenIdProviderConfigurationFromAuthority(tenantedAuthorityUrl);
+        } catch (final URISyntaxException e) {
+            throw new ClientException(
+                    OPENID_PROVIDER_CONFIGURATION_FAILED_TO_LOAD,
+                    "URISyntaxException while requesting metadata",
+                    e
+            );
+        }
+    }
     /**
      * Deserializes the supplied JSONArray of cloud instances into a native List.
      *

common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/OpenIdProviderConfigurationClient.java

@@ -53,17 +53,10 @@
 public class OpenIdProviderConfigurationClient {
 
     private static final String TAG = OpenIdProviderConfigurationClient.class.getSimpleName();
-    private static final String HTTPS_SCHEME = "https";
-    private static final String WELL_KNOWN_CONFIG_HOST = "login.microsoftonline.com";
     private static final String WELL_KNOWN_CONFIG_PATH = "/v2.0/.well-known/openid-configuration";
-    private static final ExecutorService sBackgroundExecutor = Executors.newCachedThreadPool();
     private static final Map<URI, OpenIdProviderConfiguration> sConfigCache = new HashMap<>();
     private static final HttpClient httpClient = UrlConnectionHttpClient.getDefaultInstance();
 
-    public interface OpenIdProviderConfigurationCallback
-            extends TaskCompletedCallbackWithError<OpenIdProviderConfiguration, Exception> {
-    }
-
     private static final Gson GSON = new Gson();
 
     private String sanitize(@NonNull final String issuer) {
@@ -76,43 +69,6 @@ private String sanitize(@NonNull final String issuer) {
         return sanitizedIssuer;
     }
 
-    public void loadOpenIdProviderConfiguration(
-            @NonNull final OpenIdProviderConfigurationCallback callback, @NonNull final String authority) {
-        sBackgroundExecutor.submit(new Runnable() {
-            @Override
-            public void run() {
-                try {
-                    callback.onTaskCompleted(loadOpenIdProviderConfigurationFromAuthority(authority));
-                } catch (ServiceException e) {
-                    callback.onError(e);
-                }
-            }
-        });
-    }
-
-    /**
-     * Get OpenID provider configuration.
-     *
-     * @return OpenIdProviderConfiguration
-     */
-    public synchronized OpenIdProviderConfiguration loadOpenIdProviderConfigurationFromTenant(@NonNull final String tenantIdentifier)
-            throws ServiceException {
-        try {
-            final String tenantedAuthorityUrl = new CommonURIBuilder()
-                    .setScheme(HTTPS_SCHEME)
-                    .setHost(WELL_KNOWN_CONFIG_HOST)
-                    .setPathSegments(tenantIdentifier)
-                    .build().toString();
-            return loadOpenIdProviderConfigurationInternal(tenantedAuthorityUrl, null);
-        } catch (final URISyntaxException e) {
-            throw new ServiceException(
-                    OPENID_PROVIDER_CONFIGURATION_FAILED_TO_LOAD,
-                    "IOException while requesting metadata",
-                    e
-            );
-        }
-    }
-
     /**
      * Get OpenID provider configuration.
      *

common4j/src/test/com/microsoft/identity/common/java/flighting/MockFlightsManager.java

@@ -41,6 +41,18 @@ public IFlightsProvider getFlightsProvider() {
         return mMockBrokerFlightsProvider;
     }
 
+    @NotNull
+    @Override
+    public IFlightsProvider getFlightsProviderForTenant(@NotNull String tenantId, long waitForConfigsWithTimeoutInMs) {
+        return this.getFlightsProviderForTenant(tenantId);
+    }
+
+    @NotNull
+    @Override
+    public IFlightsProvider getFlightsProvider(long waitForConfigsWithTimeoutInMs) {
+        return this.getFlightsProvider();
+    }
+
     @NotNull
     @Override
     public IFlightsProvider getFlightsProviderForTenant(@NotNull String tenantId) {