Remove nimbus from main library

Author: Avery-Dunn

msal4j-sdk/pom.xml

@@ -37,6 +37,7 @@
             <groupId>com.nimbusds</groupId>
             <artifactId>oauth2-oidc-sdk</artifactId>
             <version>11.23</version>
+            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>net.minidev</groupId>

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java

@@ -3,15 +3,12 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.nimbusds.jwt.JWTParser;
 import lombok.AccessLevel;
 import lombok.Builder;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.experimental.Accessors;
 
-import java.io.Serializable;
-import java.text.ParseException;
 import java.util.Date;
 
 @Accessors(fluent = true)
@@ -45,14 +42,8 @@ private IdToken getIdTokenObj() {
         if (StringHelper.isBlank(idToken)) {
             return null;
         }
-        try {
-            String idTokenJson = JWTParser.parse(idToken).getParsedParts()[1].decodeToString();
 
-            return JsonHelper.convertJsonToObject(idTokenJson, IdToken.class);
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        return null;
+        return JsonHelper.createIdTokenFromEncodedTokenString(idToken);
     }
 
     @Getter(value = AccessLevel.PACKAGE)
@@ -76,12 +67,7 @@ private ITenantProfile getTenantProfile() {
             return null;
         }
 
-        try {
-            return new TenantProfile(JWTParser.parse(idToken).getJWTClaimsSet().getClaims(),
-                    getAccount().environment());
-        } catch (ParseException e) {
-            throw new MsalClientException("Cached JWT could not be parsed: " + e.getMessage(), AuthenticationErrorCode.INVALID_JWT);
-        }
+        return new TenantProfile(JsonHelper.parseJsonToMap(JsonHelper.getTokenPayloadClaims(idToken)), getAccount().environment());
     }
 
     private String environment;

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java

@@ -23,6 +23,7 @@ class HttpHelper implements IHttpHelper {
 
     public static final int HTTP_STATUS_200 = 200;
     public static final int HTTP_STATUS_400 = 400;
+    public static final int HTTP_STATUS_401 = 401;
     public static final int HTTP_STATUS_429 = 429;
     public static final int HTTP_STATUS_500 = 500;
 

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java

@@ -6,6 +6,7 @@
 import com.azure.json.JsonProviders;
 import com.azure.json.JsonReader;
 import com.azure.json.JsonSerializable;
+import com.azure.json.JsonToken;
 import com.azure.json.ReadValueCallback;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.core.JsonParser;
@@ -40,15 +41,77 @@ static <T> T convertJsonToObject(final String json, final Class<T> tClass) {
     }
 
     static IdToken createIdTokenFromEncodedTokenString(String token) {
-        String idTokenJson;
+        return JsonHelper.convertJsonToObject(getTokenPayloadClaims(token), IdToken.class);
+    }
+
+    static String getTokenPayloadClaims(String token) {
         try {
-            idTokenJson = new String(Base64.getUrlDecoder().decode(token.split("\\.")[1]), StandardCharsets.UTF_8);
+            return new String(Base64.getUrlDecoder().decode(token.split("\\.")[1]), StandardCharsets.UTF_8);
         } catch (ArrayIndexOutOfBoundsException e) {
             throw new MsalClientException("Error parsing ID token, missing payload section.",
                     AuthenticationErrorCode.INVALID_JWT);
         }
+    }
+
+    //Converts a generic JSON string to a Map<String, Object> with relevant types
+    static Map<String, Object> parseJsonToMap(String jsonString) {
+        if (StringHelper.isBlank(jsonString)) {
+            return new HashMap<>();
+        }
+
+        try (JsonReader jsonReader = JsonProviders.createReader(jsonString)) {
+            jsonReader.nextToken();
+            return parseJsonObject(jsonReader);
+        } catch (IOException e) {
+            throw new MsalJsonParsingException(e.getMessage(), AuthenticationErrorCode.INVALID_JSON);
+        }
+    }
+
+    private static List<Object> parseJsonArray(JsonReader jsonReader) throws IOException {
+        List<Object> array = new ArrayList<>();
+
+        while (jsonReader.nextToken() != JsonToken.END_ARRAY) {
+            array.add(parseValue(jsonReader));
+        }
+
+        return array;
+    }
+
+    private static Map<String, Object> parseJsonObject(JsonReader jsonReader) throws IOException {
+        Map<String, Object> object = new HashMap<>();
 
-        return JsonHelper.convertJsonToObject(idTokenJson, IdToken.class);
+        while (jsonReader.nextToken() != JsonToken.END_OBJECT) {
+            String fieldName = jsonReader.getFieldName();
+            object.put(fieldName, parseValue(jsonReader));
+        }
+
+        return object;
+    }
+
+    private static Object parseValue(JsonReader jsonReader) throws IOException {
+        JsonToken token = jsonReader.currentToken();
+
+        switch (token) {
+            case STRING:
+                return jsonReader.getString();
+            case NUMBER:
+                try {
+                    return jsonReader.getLong();
+                } catch (ArithmeticException e) {
+                    return jsonReader.getDouble();
+                }
+            case BOOLEAN:
+                return jsonReader.getBoolean();
+            case NULL:
+                return null;
+            case START_ARRAY:
+                return parseJsonArray(jsonReader);
+            case START_OBJECT:
+                return parseJsonObject(jsonReader);
+            default:
+                jsonReader.skipChildren();
+                return null;
+        }
     }
 
     //This method is used to convert a JSON string to an object which implements the JsonSerializable interface from com.azure.json

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JsonHelper.java

@@ -6,10 +6,8 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
-import com.nimbusds.jwt.JWTParser;
 
 import java.io.IOException;
-import java.text.ParseException;
 import java.util.*;
 import java.util.concurrent.locks.ReadWriteLock;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
@@ -331,7 +329,7 @@ Set<IAccount> getAccounts(String clientId) {
 
                     ITenantProfile profile = null;
                     if (idToken != null) {
-                        Map<String, ?> idTokenClaims = JWTParser.parse(idToken.secret()).getJWTClaimsSet().getClaims();
+                        Map<String, ?> idTokenClaims = JsonHelper.parseJsonToMap(JsonHelper.getTokenPayloadClaims(idToken.secret));
                         profile = new TenantProfile(idTokenClaims, accCached.environment());
                     }
 
@@ -352,8 +350,6 @@ Set<IAccount> getAccounts(String clientId) {
                 }
 
                 return new HashSet<>(rootAccounts.values());
-            } catch (ParseException e) {
-                throw new MsalClientException("Cached JWT could not be parsed: " + e.getMessage(), AuthenticationErrorCode.INVALID_JWT);
             } finally {
                 lock.readLock().unlock();
             }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCache.java

@@ -3,7 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
 

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java

@@ -3,16 +3,13 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.nimbusds.oauth2.sdk.util.URLUtils;
-import labapi.App;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.params.provider.ValueSource;
-import org.mockito.ArgumentCaptor;
 import org.mockito.junit.jupiter.MockitoExtension;
 
 import java.net.SocketException;
@@ -78,69 +75,69 @@ private HttpRequest expectedRequest(ManagedIdentitySourceType source, String res
             ManagedIdentityId id) {
         String endpoint = null;
         Map<String, String> headers = new HashMap<>();
-        Map<String, List<String>> queryParameters = new HashMap<>();
+        Map<String, String> queryParameters = new HashMap<>();
 
         switch (source) {
             case APP_SERVICE:
                 endpoint = appServiceEndpoint;
-                queryParameters.put("api-version", Collections.singletonList("2019-08-01"));
-                queryParameters.put("resource", Collections.singletonList(resource));
+                queryParameters.put("api-version", "2019-08-01");
+                queryParameters.put("resource", resource);
                 headers.put("X-IDENTITY-HEADER", "secret");
                 break;
             case CLOUD_SHELL:
                 endpoint = cloudShellEndpoint;
                 headers.put("ContentType", "application/x-www-form-urlencoded");
                 headers.put("Metadata", "true");
-                queryParameters.put("resource", Collections.singletonList(resource));
+                queryParameters.put("resource", resource);
                 break;
             case IMDS:
                 endpoint = IMDS_ENDPOINT;
-                queryParameters.put("api-version", Collections.singletonList("2018-02-01"));
-                queryParameters.put("resource", Collections.singletonList(resource));
+                queryParameters.put("api-version", "2018-02-01");
+                queryParameters.put("resource", resource);
                 headers.put("Metadata", "true");
                 break;
             case AZURE_ARC:
                 endpoint = azureArcEndpoint;
-                queryParameters.put("api-version", Collections.singletonList("2019-11-01"));
-                queryParameters.put("resource", Collections.singletonList(resource));
+                queryParameters.put("api-version", "2019-11-01");
+                queryParameters.put("resource", resource);
                 headers.put("Metadata", "true");
                 break;
             case SERVICE_FABRIC:
                 endpoint = serviceFabricEndpoint;
-                queryParameters.put("api-version", Collections.singletonList("2019-07-01-preview"));
-                queryParameters.put("resource", Collections.singletonList(resource));
+                queryParameters.put("api-version", "2019-07-01-preview");
+                queryParameters.put("resource", resource);
                 headers.put("secret", "secret");
                 break;
             case NONE:
             case DEFAULT_TO_IMDS:
                 endpoint = IMDS_ENDPOINT;
-                queryParameters.put("api-version", Collections.singletonList("2018-02-01"));
-                queryParameters.put("resource", Collections.singletonList(resource));
+                queryParameters.put("api-version", "2018-02-01");
+                queryParameters.put("resource", resource);
                 headers.put("Metadata", "true");
                 break;
         }
 
         switch (id.getIdType()) {
             case CLIENT_ID:
-                queryParameters.put("client_id", Collections.singletonList(id.getUserAssignedId()));
+                queryParameters.put("client_id", id.getUserAssignedId());
                 break;
             case RESOURCE_ID:
-                queryParameters.put("mi_res_id", Collections.singletonList(id.getUserAssignedId()));
+                queryParameters.put("mi_res_id", id.getUserAssignedId());
                 break;
             case OBJECT_ID:
-                queryParameters.put("object_id", singletonList(id.getUserAssignedId()));
+                queryParameters.put("object_id", id.getUserAssignedId());
                 break;
         }
 
         return new HttpRequest(HttpMethod.GET, computeUri(endpoint, queryParameters), headers);
     }
 
-    private String computeUri(String endpoint, Map<String, List<String>> queryParameters) {
+    private String computeUri(String endpoint, Map<String, String> queryParameters) {
         if (queryParameters.isEmpty()) {
             return endpoint;
         }
 
-        String queryString = URLUtils.serializeParameters(queryParameters);
+        String queryString = StringHelper.serializeQueryParameters(queryParameters);
 
         return endpoint + "?" + queryString;
     }

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java

@@ -3,7 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.nimbusds.oauth2.sdk.http.HTTPResponse;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -97,7 +96,7 @@ private PublicClientApplication getClientApplicationMockedWithOneTokenEndpointRe
 
         switch (responseType) {
             case RETRY_AFTER_HEADER:
-                httpResponse.statusCode(HTTPResponse.SC_OK);
+                httpResponse.statusCode(HttpHelper.HTTP_STATUS_200);
                 httpResponse.body(TestConfiguration.TOKEN_ENDPOINT_OK_RESPONSE_ID_AND_ACCESS);
 
                 headers.put("Retry-After", Arrays.asList(THROTTLE_IN_SEC.toString()));