Notify STS when encryption keys are updated in azurecore (#22384)

2026-04-03 02:20:30 -04:00 · 2023-03-22 11:46:30 -07:00
parent 1e4800a60c
commit 94b3261276
8 changed files with 124 additions and 35 deletions
--- a/extensions/azurecore/src/account-provider/azureAccountProviderService.ts
+++ b/extensions/azurecore/src/account-provider/azureAccountProviderService.ts
@@ -12,7 +12,7 @@ import { promises as fsPromises } from 'fs';
 import { SimpleTokenCache } from './utils/simpleTokenCache';
 import providerSettings from './providerSettings';
 import { AzureAccountProvider as AzureAccountProvider } from './azureAccountProvider';
-import { AzureAccountProviderMetadata } from 'azurecore';
+import { AzureAccountProviderMetadata, CacheEncryptionKeys } from 'azurecore';
 import { ProviderSettings } from './interfaces';
 import { MsalCachePluginProvider } from './utils/msalCachePlugin';
 import * as loc from '../localizedConstants';
@@ -41,10 +41,12 @@ export class AzureAccountProviderService implements vscode.Disposable {
 	private _event: events.EventEmitter = new events.EventEmitter();
 	private readonly _uriEventHandler: UriEventHandler = new UriEventHandler();
 	public clientApplication!: PublicClientApplication;
+	private _onEncryptionKeysUpdated: vscode.EventEmitter<CacheEncryptionKeys>;

 	constructor(private _context: vscode.ExtensionContext,
 		private _userStoragePath: string,
 		private _authLibrary: string) {
+		this._onEncryptionKeysUpdated = new vscode.EventEmitter<CacheEncryptionKeys>();
 		this._disposables.push(vscode.window.registerUriHandler(this._uriEventHandler));
 	}

@@ -75,6 +77,10 @@ export class AzureAccountProviderService implements vscode.Disposable {
 			});
 	}

+	public getEncryptionKeysEmitter(): vscode.EventEmitter<CacheEncryptionKeys> {
+		return this._onEncryptionKeysUpdated;
+	}
+
 	public dispose() {
 		while (this._disposables.length) {
 			const item = this._disposables.pop();
@@ -155,10 +161,12 @@ export class AzureAccountProviderService implements vscode.Disposable {

 			// ADAL Token Cache
 			let simpleTokenCache = new SimpleTokenCache(tokenCacheKey, this._userStoragePath, noSystemKeychain, this._credentialProvider);
-			await simpleTokenCache.init();
+			if (this._authLibrary === Constants.AuthLibrary.ADAL) {
+				await simpleTokenCache.init();
+			}

 			// MSAL Cache Plugin
-			this._cachePluginProvider = new MsalCachePluginProvider(tokenCacheKeyMsal, this._userStoragePath, this._credentialProvider);
+			this._cachePluginProvider = new MsalCachePluginProvider(tokenCacheKeyMsal, this._userStoragePath, this._credentialProvider, this._onEncryptionKeysUpdated);

 			const msalConfiguration: Configuration = {
 				auth: {
--- a/extensions/azurecore/src/account-provider/utils/fileEncryptionHelper.ts
+++ b/extensions/azurecore/src/account-provider/utils/fileEncryptionHelper.ts
@@ -9,12 +9,14 @@ import * as vscode from 'vscode';
 import { AuthLibrary } from '../../constants';
 import * as LocalizedConstants from '../../localizedConstants';
 import { Logger } from '../../utils/Logger';
+import { CacheEncryptionKeys } from 'azurecore';

 export class FileEncryptionHelper {
 	constructor(
 		private readonly _authLibrary: AuthLibrary,
 		private readonly _credentialService: azdata.CredentialProvider,
-		protected readonly _fileName: string
+		protected readonly _fileName: string,
+		private readonly _onEncryptionKeysUpdated?: vscode.EventEmitter<CacheEncryptionKeys>
 	) {
 		this._algorithm = this._authLibrary === AuthLibrary.MSAL ? 'aes-256-cbc' : 'aes-256-gcm';
 		this._bufferEncoding = this._authLibrary === AuthLibrary.MSAL ? 'utf16le' : 'hex';
@@ -48,6 +50,14 @@ export class FileEncryptionHelper {
 			this._ivBuffer = Buffer.from(iv, this._bufferEncoding);
 			this._keyBuffer = Buffer.from(key, this._bufferEncoding);
 		}
+
+		// Emit event with cache encryption keys to send notification to provider services.
+		if (this._authLibrary === AuthLibrary.MSAL && this._onEncryptionKeysUpdated) {
+			this._onEncryptionKeysUpdated.fire({
+				iv: this._ivBuffer.toString(this._bufferEncoding),
+				key: this._keyBuffer.toString(this._bufferEncoding)
+			});
+		}
 	}

 	fileSaver = async (content: string): Promise<string> => {
--- a/extensions/azurecore/src/account-provider/utils/msalCachePlugin.ts
+++ b/extensions/azurecore/src/account-provider/utils/msalCachePlugin.ts
@@ -9,18 +9,21 @@ import { promises as fsPromises } from 'fs';
 import * as lockFile from 'lockfile';
 import * as path from 'path';
 import * as azdata from 'azdata';
+import * as vscode from 'vscode';
 import { AccountsClearTokenCacheCommand, AuthLibrary } from '../../constants';
 import { Logger } from '../../utils/Logger';
 import { FileEncryptionHelper } from './fileEncryptionHelper';
+import { CacheEncryptionKeys } from 'azurecore';

 export class MsalCachePluginProvider {
 	constructor(
 		private readonly _serviceName: string,
 		private readonly _msalFilePath: string,
-		private readonly _credentialService: azdata.CredentialProvider
+		private readonly _credentialService: azdata.CredentialProvider,
+		private readonly _onEncryptionKeysUpdated: vscode.EventEmitter<CacheEncryptionKeys>
 	) {
 		this._msalFilePath = path.join(this._msalFilePath, this._serviceName);
-		this._fileEncryptionHelper = new FileEncryptionHelper(AuthLibrary.MSAL, this._credentialService, this._serviceName);
+		this._fileEncryptionHelper = new FileEncryptionHelper(AuthLibrary.MSAL, this._credentialService, this._serviceName, this._onEncryptionKeysUpdated);
 	}

 	private _lockTaken: boolean = false;