Azure · g2vinay · Sep 14, 2023 · Sep 13, 2023 · Sep 13, 2023
@@ -94,35 +94,59 @@ public ClientCertificateCredentialBuilder pemCertificate(String certificatePath)
      * @param certificate the input stream containing the PEM certificate
      * @return An updated instance of this builder.
      */
-    ClientCertificateCredentialBuilder pemCertificate(InputStream certificate) {
+    public ClientCertificateCredentialBuilder pemCertificate(InputStream certificate) {
         this.clientCertificate = certificate;
         return this;
     }
 
     /**
      * Sets the path and password of the PFX certificate for authenticating to AAD.
      *
+     * @deprecated This API is deprecated and will be removed. Specify the PFX certificate via
+     * {@link ClientCertificateCredentialBuilder#pfxCertificate(String)} API and client certificate password via
+     * the {@link ClientCertificateCredentialBuilder#clientCertificatePassword(String)} API as applicable.
+     *
      * @param certificatePath the password protected PFX file containing the certificate
      * @param clientCertificatePassword the password protecting the PFX file
      * @return An updated instance of this builder.
      */
+    @Deprecated
     public ClientCertificateCredentialBuilder pfxCertificate(String certificatePath,
                                                              String clientCertificatePassword) {
         this.clientCertificatePath = certificatePath;
         this.clientCertificatePassword = clientCertificatePassword;
         return this;
     }
 
+    /**
+     * Sets the path of the PFX certificate for authenticating to AAD.
+     *
+     * @param certificatePath the password protected PFX file containing the certificate
+     * @return An updated instance of this builder.
+     */
+    public ClientCertificateCredentialBuilder pfxCertificate(String certificatePath) {
+        this.clientCertificatePath = certificatePath;
+        return this;
+    }
+
     /**
      * Sets the input stream holding the PFX certificate and its password for authenticating to AAD.
      *
      * @param certificate the input stream containing the password protected PFX certificate
-     * @param clientCertificatePassword the password protecting the PFX file
      * @return An updated instance of this builder.
      */
-    ClientCertificateCredentialBuilder pfxCertificate(InputStream certificate,
-                                                             String clientCertificatePassword) {
+    public ClientCertificateCredentialBuilder pfxCertificate(InputStream certificate) {
         this.clientCertificate = certificate;
+        return this;
+    }
+
+    /**
+     * Sets the password of the client certificate for authenticating to AAD.
+     *
+     * @param clientCertificatePassword the password protecting the certificate
+     * @return An updated instance of this builder.
+     */
+    public ClientCertificateCredentialBuilder clientCertificatePassword(String clientCertificatePassword) {
         this.clientCertificatePassword = clientCertificatePassword;
         return this;
     }

@@ -1174,6 +1174,18 @@ public Mono<AccessToken> authenticateToIMDSEndpoint(TokenRequestContext request)
                                 "ManagedIdentityCredential authentication unavailable. "
                                     + "Connection to IMDS endpoint cannot be established.", null));
                     }
+
+                    if (responseCode == 403) {
+                        if (connection.getResponseMessage()
+                            .contains("A socket operation was attempted to an unreachable network")) {
+                            throw LoggingUtil.logCredentialUnavailableException(LOGGER, options,
+                                new CredentialUnavailableException(
+                                    "Managed Identity response was not in the expected format."
+                                        + " See the inner exception for details.",
+                                    new Exception(connection.getResponseMessage())));
+                        }
+                    }
+
                     if (responseCode == 410
                             || responseCode == 429
                             || responseCode == 404

@@ -229,7 +229,7 @@ public void testValidPfxCertificatePath() throws Exception {
         })) {
             // test
             ClientCertificateCredential credential =
-                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID).pfxCertificate(pfxPath, pfxPassword).build();
+                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID).pfxCertificate(pfxPath).clientCertificatePassword(pfxPassword).build();
             StepVerifier.create(credential.getToken(request2))
                 .expectNextMatches(accessToken -> token2.equals(accessToken.getToken())
                     && expiresAt.getSecond() == accessToken.getExpiresAt().getSecond())
@@ -309,7 +309,8 @@ public void testValidPfxCertificate() throws Exception {
         })) {
             // test
             ClientCertificateCredential credential =
-                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID).pfxCertificate(pfxCert, pfxPassword).build();
+                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID)
+                    .pfxCertificate(pfxCert).clientCertificatePassword(pfxPassword).build();
 
             StepVerifier.create(credential.getToken(request2))
                 .expectNextMatches(accessToken -> token2.equals(accessToken.getToken())
@@ -324,7 +325,8 @@ public void testValidPfxCertificate() throws Exception {
         })) {
             // test
             ClientCertificateCredential credential =
-                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID).pfxCertificate(pfxCert, pfxPassword).build();
+                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID)
+                    .pfxCertificate(pfxCert).clientCertificatePassword(pfxPassword).build();
             AccessToken accessToken = credential.getTokenSync(request2);
             Assert.assertEquals(token2, accessToken.getToken());
             Assert.assertTrue(expiresAt.getSecond() == accessToken.getExpiresAt().getSecond());
@@ -370,7 +372,7 @@ public void testInvalidPfxCertificatePath() throws Exception {
         })) {
             // test
             ClientCertificateCredential credential =
-                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID).pfxCertificate(pfxPath, pfxPassword).build();
+                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID).pfxCertificate(pfxPath).clientCertificatePassword(pfxPassword).build();
             StepVerifier.create(credential.getToken(request))
                 .expectErrorMatches(e -> e instanceof MsalServiceException && "bad pfx".equals(e.getMessage()))
                 .verify();
@@ -415,7 +417,8 @@ public void testInvalidPfxCertificate() throws Exception {
         })) {
             // test
             ClientCertificateCredential credential =
-                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID).pfxCertificate(pfxCert, pfxPassword).build();
+                new ClientCertificateCredentialBuilder().tenantId(TENANT_ID).clientId(CLIENT_ID)
+                    .pfxCertificate(pfxCert).clientCertificatePassword(pfxPassword).build();
             StepVerifier.create(credential.getToken(request2))
                 .expectErrorMatches(e -> e instanceof MsalServiceException && "bad pfx".equals(e.getMessage()))
                 .verify();