Fjerner konfig for ubrukte env variabler.

navikt · Jul 10, 2024 · f5f9edf · f5f9edf
1 parent 8ca0f7c
commit f5f9edf
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 75 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -42,7 +42,7 @@ ij_java_align_multiline_parameters_in_calls = false
 ij_java_align_multiline_parenthesized_expression = false
 ij_java_align_multiline_records = true
 ij_java_align_multiline_resources = true
-ij_java_align_multiline_ternary_operation = false
+ij_java_align_multiline_ternary_operation = true
 ij_java_align_multiline_text_blocks = false
 ij_java_align_multiline_throws_list = false
 ij_java_align_subsequent_simple_methods = false
@@ -74,7 +74,7 @@ ij_java_block_brace_style = end_of_line
 ij_java_block_comment_at_first_column = true
 ij_java_call_parameters_new_line_after_left_paren = false
 ij_java_call_parameters_right_paren_on_new_line = false
-ij_java_call_parameters_wrap = normal
+ij_java_call_parameters_wrap = on_every_item
 ij_java_case_statement_on_separate_line = true
 ij_java_catch_on_new_line = false
 ij_java_class_annotation_wrap = split_into_lines
@@ -87,7 +87,7 @@ ij_java_do_while_brace_force = always
 ij_java_doc_add_blank_line_after_description = true
 ij_java_doc_add_blank_line_after_param_comments = false
 ij_java_doc_add_blank_line_after_return = false
-ij_java_doc_add_p_tag_on_empty_lines = true
+ij_java_doc_add_p_tag_on_empty_lines = false
 ij_java_doc_align_exception_comments = true
 ij_java_doc_align_param_comments = true
 ij_java_doc_do_not_wrap_if_one_line = false
@@ -123,7 +123,7 @@ ij_java_for_statement_wrap = off
 ij_java_generate_final_locals = false
 ij_java_generate_final_parameters = false
 ij_java_if_brace_force = always
-ij_java_imports_layout = $*, |, java.**, |, javax.**, |, org.**, |, com.**, |, *, |
+ij_java_imports_layout = $*, |, java.**, |, jakarta.**, |, javax.**, |, org.**, |, com.**, |, *, |
 ij_java_indent_case_from_switch = true
 ij_java_insert_inner_class_imports = false
 ij_java_insert_override_annotation = true
@@ -134,7 +134,7 @@ ij_java_keep_blank_lines_in_declarations = 2
 ij_java_keep_control_statement_in_one_line = false
 ij_java_keep_first_column_comment = false
 ij_java_keep_indents_on_empty_lines = false
-ij_java_keep_line_breaks = false
+ij_java_keep_line_breaks = true
 ij_java_keep_multiple_expressions_in_one_line = false
 ij_java_keep_simple_blocks_in_one_line = false
 ij_java_keep_simple_classes_in_one_line = false
@@ -158,13 +158,13 @@ ij_java_modifier_list_wrap = false
 ij_java_names_count_to_use_import_on_demand = 9999999
 ij_java_new_line_after_lparen_in_record_header = false
 ij_java_packages_to_use_import_on_demand = java.awt.*, javax.swing.*
-ij_java_parameter_annotation_wrap = off
+ij_java_parameter_annotation_wrap = on_every_item
 ij_java_parentheses_expression_new_line_after_left_paren = false
 ij_java_parentheses_expression_right_paren_on_new_line = false
 ij_java_place_assignment_sign_on_next_line = false
 ij_java_prefer_longer_names = true
 ij_java_prefer_parameters_wrap = false
-ij_java_record_components_wrap = normal
+ij_java_record_components_wrap = on_every_item
 ij_java_repeat_synchronized = true
 ij_java_replace_instanceof_and_cast = false
 ij_java_replace_null_check = true
@@ -256,8 +256,8 @@ ij_java_spaces_within_try_parentheses = false
 ij_java_spaces_within_while_parentheses = false
 ij_java_special_else_if_treatment = true
 ij_java_subclass_name_suffix = Impl
-ij_java_ternary_operation_signs_on_next_line = false
-ij_java_ternary_operation_wrap = off
+ij_java_ternary_operation_signs_on_next_line = true
+ij_java_ternary_operation_wrap = on_every_item
 ij_java_test_name_suffix = Test
 ij_java_throws_keyword_wrap = off
 ij_java_throws_list_wrap = off

diff --git a/...-filter/src/test/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegateTest.java b/...-filter/src/test/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegateTest.java
@@ -5,25 +5,26 @@
 import static org.mockito.Mockito.when;
 
 import java.lang.reflect.Method;
-import java.util.Map;
 
-import org.jose4j.json.JsonUtil;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.container.ContainerRequestContext;
+import jakarta.ws.rs.container.ResourceInfo;
+
 import org.jose4j.jwt.NumericDate;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
 
-import jakarta.ws.rs.Path;
-import jakarta.ws.rs.WebApplicationException;
-import jakarta.ws.rs.container.ContainerRequestContext;
-import jakarta.ws.rs.container.ResourceInfo;
+import no.nav.vedtak.mapper.json.DefaultJsonMapper;
 import no.nav.vedtak.sikkerhet.kontekst.IdentType;
 import no.nav.vedtak.sikkerhet.kontekst.KontekstHolder;
 import no.nav.vedtak.sikkerhet.kontekst.SikkerhetContext;
 import no.nav.vedtak.sikkerhet.oidc.config.AzureProperty;
 import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider;
 import no.nav.vedtak.sikkerhet.oidc.config.impl.WellKnownConfigurationHelper;
+import no.nav.vedtak.sikkerhet.oidc.config.impl.WellKnownOpenIdConfiguration;
 import no.nav.vedtak.sikkerhet.oidc.token.OpenIDToken;
 import no.nav.vedtak.sikkerhet.oidc.token.TokenString;
 import no.nav.vedtak.sikkerhet.oidc.validator.OidcTokenValidator;
@@ -37,18 +38,14 @@ class AuthenticationFilterDelegateTest {
     private final ContainerRequestContext request = Mockito.mock(ContainerRequestContext.class);
 
     public void setupAll() {
-
-        System.setProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name(),
-            OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH);
+        var wellKnownUrl = OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH;
+        System.setProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name(), wellKnownUrl);
         System.setProperty(AzureProperty.AZURE_APP_CLIENT_ID.name(), "OIDC");
-        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name(), OidcTokenGenerator.ISSUER);
-        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name(), OidcTokenGenerator.ISSUER + "/jwks_uri");
         System.setProperty("systembruker.username", "JUnit Test");
 
-        Map<String, String> testData = Map.of("issuer", OidcTokenGenerator.ISSUER, AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name(),
-            OidcTokenGenerator.ISSUER + "/jwks_uri");
-        WellKnownConfigurationHelper.setWellKnownConfig(OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH,
-            JsonUtil.toJson(testData));
+        var wellKnownResponse = new WellKnownOpenIdConfiguration(OidcTokenGenerator.ISSUER, OidcTokenGenerator.ISSUER + "/jwks_uri", "dummy");
+        WellKnownConfigurationHelper.setWellKnownConfig(wellKnownUrl, DefaultJsonMapper.toJson(wellKnownResponse));
+
         OidcTokenValidatorConfig.addValidator(OpenIDProvider.AZUREAD, tokenValidator);
     }
 
@@ -62,8 +59,6 @@ public void setUp() {
     public void teardown() {
         System.clearProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name());
         System.clearProperty(AzureProperty.AZURE_APP_CLIENT_ID.name());
-        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name());
-        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name());
         System.clearProperty("systembruker.username");
 
     }

diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/AzureProperty.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/AzureProperty.java
@@ -10,10 +10,7 @@ public enum AzureProperty {
     AZURE_APP_JWK,
     AZURE_APP_PRE_AUTHORIZED_APPS,
     AZURE_APP_TENANT_ID,
-    AZURE_APP_WELL_KNOWN_URL,
-    AZURE_OPENID_CONFIG_ISSUER,
-    AZURE_OPENID_CONFIG_JWKS_URI,
-    AZURE_OPENID_CONFIG_TOKEN_ENDPOINT;
+    AZURE_APP_WELL_KNOWN_URL;
 
     public static final String NAV_IDENT = "NAVident";
     public static final String AZP_NAME = "azp_name";

diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/impl/OidcProviderConfig.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/impl/OidcProviderConfig.java
@@ -29,12 +29,7 @@ public final class OidcProviderConfig {
     private static final Logger LOG = LoggerFactory.getLogger(OidcProviderConfig.class);
 
     private static final String STS_WELL_KNOWN_URL = "oidc.sts.well.known.url";
-    private static final String STS_CONFIG_ISSUER = "oidc.sts.openid.config.issuer";
-    private static final String STS_CONFIG_JWKS_URI = "oidc.sts.openid.config.jwks.uri";
-    private static final String STS_CONFIG_TOKEN_ENDPOINT = "oidc.sts.openid.config.token.endpoint";
-
     private static final String AZURE_HTTP_PROXY = "azure.http.proxy"; // settes ikke av naiserator
-
     private static final String PROXY_KEY = "proxy.url"; // FP-oppsett lite brukt
     private static final String DEFAULT_PROXY_URL = "http://webproxy.nais:8088";
 
@@ -83,8 +78,7 @@ private static Set<OpenIDConfiguration> hentConfig() {
         Set<OpenIDConfiguration> idProviderConfigs = new HashSet<>();
 
         // OIDC STS
-        if (ENV.getProperty(STS_WELL_KNOWN_URL) != null
-            || ENV.getProperty(STS_CONFIG_ISSUER) != null) { // Det er kanskje noen apper som ikke bruker STS token validering??
+        if (ENV.getProperty(STS_WELL_KNOWN_URL) != null) { // Det er kanskje noen apper som ikke bruker STS token validering??
             idProviderConfigs.add(createStsConfiguration(ENV.getProperty(STS_WELL_KNOWN_URL)));
         }
 
@@ -110,10 +104,11 @@ private static Set<OpenIDConfiguration> hentConfig() {
 
     private static OpenIDConfiguration createStsConfiguration(String wellKnownUrl) {
         return createConfiguration(OpenIDProvider.STS,
-            Optional.ofNullable(ENV.getProperty(STS_CONFIG_ISSUER)).or(() -> getIssuerFra(wellKnownUrl)).orElse(null),
-            Optional.ofNullable(ENV.getProperty(STS_CONFIG_JWKS_URI)).or(() -> getJwksFra(wellKnownUrl)).orElse(null),
-            Optional.ofNullable(ENV.getProperty(STS_CONFIG_TOKEN_ENDPOINT)).or(() -> getTokenEndpointFra(wellKnownUrl)).orElse(null),
-            false, null,
+            getIssuerFra(wellKnownUrl).orElse(null),
+            getJwksFra(wellKnownUrl).orElse(null),
+            getTokenEndpointFra(wellKnownUrl).orElse(null),
+            false,
+            null,
             Systembruker.username(),
             Systembruker.password(),
             true);
@@ -123,19 +118,29 @@ private static OpenIDConfiguration createStsConfiguration(String wellKnownUrl) {
     private static OpenIDConfiguration createAzureAppConfiguration(String wellKnownUrl) {
         var proxyUrl = ENV.isFss() ? URI.create(ENV.getProperty(AZURE_HTTP_PROXY, getDefaultProxy())) : null;
         return createConfiguration(OpenIDProvider.AZUREAD,
-            Optional.ofNullable(getAzureProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER))
-                .orElseGet(() -> getIssuerFra(wellKnownUrl, proxyUrl).orElse(null)),
-            Optional.ofNullable(getAzureProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI))
-                .orElseGet(() -> getJwksFra(wellKnownUrl, proxyUrl).orElse(null)),
-            Optional.ofNullable(getAzureProperty(AzureProperty.AZURE_OPENID_CONFIG_TOKEN_ENDPOINT))
-                .orElseGet(() -> getTokenEndpointFra(wellKnownUrl, proxyUrl).orElse(null)),
+            getIssuerFra(wellKnownUrl, proxyUrl).orElseThrow(),
+            getJwksFra(wellKnownUrl, proxyUrl).orElseThrow(),
+            getTokenEndpointFra(wellKnownUrl, proxyUrl).orElseThrow(),
             ENV.isFss(),
             proxyUrl,
             getAzureProperty(AzureProperty.AZURE_APP_CLIENT_ID),
             getAzureProperty(AzureProperty.AZURE_APP_CLIENT_SECRET),
             ENV.isLocal());
     }
 
+    private static OpenIDConfiguration createTokenXConfiguration(String wellKnownUrl) {
+        return createConfiguration(OpenIDProvider.TOKENX,
+            getIssuerFra(wellKnownUrl).orElseThrow(),
+            getJwksFra(wellKnownUrl).orElseThrow(),
+            getTokenEndpointFra(wellKnownUrl).orElseThrow(),
+            false,
+            null,
+            getTokenXProperty(TokenXProperty.TOKEN_X_CLIENT_ID),
+            null,
+            // Signerer requests med jws
+            false);
+    }
+
     private static String getAzureProperty(AzureProperty property) {
         return Optional.ofNullable(ENV.getProperty(property.name()))
             .orElseGet(() -> ENV.getProperty(property.name().toLowerCase().replace('_', '.')));
@@ -146,13 +151,6 @@ private static String getTokenXProperty(TokenXProperty property) {
             .orElseGet(() -> ENV.getProperty(property.name().toLowerCase().replace('_', '.')));
     }
 
-    private static OpenIDConfiguration createTokenXConfiguration(String wellKnownUrl) {
-        return createConfiguration(OpenIDProvider.TOKENX, getIssuerFra(wellKnownUrl).orElseThrow(), getJwksFra(wellKnownUrl).orElseThrow(),
-            getTokenEndpointFra(wellKnownUrl).orElse(null), false, null, getTokenXProperty(TokenXProperty.TOKEN_X_CLIENT_ID), null,
-            // Signerer requests med jws
-            false);
-    }
-
     private static OpenIDConfiguration createConfiguration(OpenIDProvider type,
                                                            // NOSONAR
                                                            String issuer,
@@ -163,9 +161,15 @@ private static OpenIDConfiguration createConfiguration(OpenIDProvider type,
                                                            String clientName,
                                                            String clientPassword,
                                                            boolean skipAudienceValidation) {
-        return new OpenIDConfiguration(type, tilURI(issuer, "issuer", type), tilURI(jwks, "jwksUri", type),
-            tokenEndpoint != null ? tilURI(tokenEndpoint, "tokenEndpoint", type) : null, useProxyForJwks, proxy, Objects.requireNonNull(clientName),
-            clientPassword, skipAudienceValidation);
+        return new OpenIDConfiguration(type,
+            tilURI(issuer, "issuer", type),
+            tilURI(jwks, "jwksUri", type),
+            tokenEndpoint != null ? tilURI(tokenEndpoint, "tokenEndpoint", type) : null,
+            useProxyForJwks,
+            proxy,
+            Objects.requireNonNull(clientName),
+            clientPassword,
+            skipAudienceValidation);
     }
 
     private static String getDefaultProxy() {
@@ -177,7 +181,8 @@ private static URI tilURI(String url, String key, OpenIDProvider provider) {
             return URI.create(url);
         } catch (IllegalArgumentException e) {
             throw new TekniskException("F-644196",
-                String.format("Syntaksfeil i token validator konfigurasjonen av '%s' for '%s'", key, provider.name()), e);
+                String.format("Syntaksfeil i token validator konfigurasjonen av '%s' for '%s'", key, provider.name()),
+                e);
         }
     }
 }
diff --git a/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/OidcTokenValidatorTest.java b/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/OidcTokenValidatorTest.java
@@ -7,21 +7,20 @@
 import java.net.URI;
 import java.util.Arrays;
 import java.util.Base64;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
-import org.jose4j.json.JsonUtil;
 import org.jose4j.jwt.NumericDate;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
+import no.nav.vedtak.mapper.json.DefaultJsonMapper;
 import no.nav.vedtak.sikkerhet.kontekst.Groups;
 import no.nav.vedtak.sikkerhet.oidc.config.AzureProperty;
 import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider;
 import no.nav.vedtak.sikkerhet.oidc.config.impl.OidcProviderConfig;
 import no.nav.vedtak.sikkerhet.oidc.config.impl.WellKnownConfigurationHelper;
+import no.nav.vedtak.sikkerhet.oidc.config.impl.WellKnownOpenIdConfiguration;
 import no.nav.vedtak.sikkerhet.oidc.jwks.JwksKeyHandlerImpl;
 import no.nav.vedtak.sikkerhet.oidc.token.TokenString;
 
@@ -31,19 +30,11 @@ class OidcTokenValidatorTest {
 
     @BeforeEach
     public void beforeEach() {
-
-        System.setProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name(),
-            OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH);
+        var wellKnownUrl = OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH;
+        System.setProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name(), wellKnownUrl);
         System.setProperty(AzureProperty.AZURE_APP_CLIENT_ID.name(), "OIDC");
-        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name(), OidcTokenGenerator.ISSUER);
-        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name(), OidcTokenGenerator.ISSUER + "/jwks_uri");
-        Map<String, String> testData = new HashMap<>() {
-            {
-                put(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name(), OidcTokenGenerator.ISSUER);
-            }
-        };
-        WellKnownConfigurationHelper.setWellKnownConfig(OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH,
-            JsonUtil.toJson(testData));
+        var wellKnownResponse = new WellKnownOpenIdConfiguration(OidcTokenGenerator.ISSUER, "dummy", "dummy");
+        WellKnownConfigurationHelper.setWellKnownConfig(wellKnownUrl, DefaultJsonMapper.toJson(wellKnownResponse));
         tokenValidator = new OidcTokenValidator(OidcProviderConfig.instance().getOidcConfig(OpenIDProvider.AZUREAD).orElseThrow(),
             new JwksKeyHandlerFromString(KeyStoreTool.getJwks()));
     }
@@ -328,8 +319,6 @@ void skal_ikke_godta_noe_som_ikke_er_et_gyldig_JWT() {
     public void cleanSystemProperties() {
         System.clearProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name());
         System.clearProperty(AzureProperty.AZURE_APP_CLIENT_ID.name());
-        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name());
-        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name());
 
     }