Add azp to JWKS endpoint headers (#1285)

* add x-azp header to JWKS fetching and adjust JWKS cache key
* refactor JwtSignatureValidator -> Split into XsuaaJwtSignatureValidator and SapIdJwtSignatureValidator
* refactor OAuth2TokenKeyService and OAuth2TokenKeyServiceWithCache APIs to use generic Map instead of explicit IAS-specific parameters

---------

Co-authored-by: liga-oz <liga.ozolina@sap.com>

Author: finkmanAtSap

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/JsonWebKeyConstants.java

@@ -16,10 +16,10 @@ private JsonWebKeyConstants() {
 	// Parameter names as defined in https://tools.ietf.org/html/rfc7517
 	static final String KEYS_PARAMETER_NAME = "keys";
 	static final String KEY_TYPE_PARAMETER_NAME = "kty";
-	static final String ALGORITHM_PARAMETER_NAME = "alg";
+	static final String ALG_PARAMETER_NAME = "alg";
 	static final String VALUE_PARAMETER_NAME = "value";
-	static final String KEYS_URL_PARAMETER_NAME = "jku";
-	static final String KEY_ID_PARAMETER_NAME = "kid";
+	static final String JKU_PARAMETER_NAME = "jku";
+	static final String KID_PARAMETER_NAME = "kid";
 
 	// Legacy Token Key ID
 	static final String KEY_ID_VALUE_LEGACY = "legacy-token-key";

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/JsonWebKeySet.java

@@ -7,17 +7,14 @@
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 class JsonWebKeySet {
 
 	private final Set<JsonWebKey> jsonWebKeys = new HashSet<>();
-	private final Map<String, Boolean> appTidAccepted = new HashMap<>();
 
 	@Nullable
 	public JsonWebKey getKeyByAlgorithmAndId(JwtSignatureAlgorithm keyAlgorithm, String keyId) {
@@ -45,19 +42,6 @@ private Stream<JsonWebKey> getTokenStreamWithTypeAndKeyId(JwtSignatureAlgorithm
 				.filter(jwk -> kid.equals(jwk.getId()));
 	}
 
-	public boolean containsAppTid(String appTid) {
-		return appTidAccepted.containsKey(appTid);
-	}
-
-	public boolean isAppTidAccepted(String appTid) {
-		return appTidAccepted.get(appTid);
-	}
-
-	public JsonWebKeySet withAppTid(String appTid, boolean isAccepted) {
-		appTidAccepted.put(appTid, isAccepted);
-		return this;
-	}
-
 	public String toString() {
 		return jsonWebKeys.stream().map(String::valueOf).collect(Collectors.joining("|"));
 	}

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/JsonWebKeySetFactory.java

@@ -35,14 +35,14 @@ private static JsonWebKey createJsonWebKey(JSONObject key) {
 		String publicExponent = null;
 
 		String keyType = key.getString(JsonWebKeyConstants.KEY_TYPE_PARAMETER_NAME);
-		if (key.has(JsonWebKeyConstants.ALGORITHM_PARAMETER_NAME)) {
-			keyAlgorithm = key.getString(JsonWebKeyConstants.ALGORITHM_PARAMETER_NAME);
+		if (key.has(JsonWebKeyConstants.ALG_PARAMETER_NAME)) {
+			keyAlgorithm = key.getString(JsonWebKeyConstants.ALG_PARAMETER_NAME);
 		}
 		if (key.has(JsonWebKeyConstants.VALUE_PARAMETER_NAME)) {
 			pemEncodedPublicKey = key.getString(JsonWebKeyConstants.VALUE_PARAMETER_NAME);
 		}
-		if (key.has(JsonWebKeyConstants.KEY_ID_PARAMETER_NAME)) {
-			keyId = key.getString(JsonWebKeyConstants.KEY_ID_PARAMETER_NAME);
+		if (key.has(JsonWebKeyConstants.KID_PARAMETER_NAME)) {
+			keyId = key.getString(JsonWebKeyConstants.KID_PARAMETER_NAME);
 		}
 		if (key.has(JsonWebKeyConstants.RSA_KEY_MODULUS_PARAMETER_NAME)) {
 			modulus = key.getString(JsonWebKeyConstants.RSA_KEY_MODULUS_PARAMETER_NAME);