Skip to content

Commit 07895cf

Browse files
Add azp to JWKS endpoint headers (#1285)
* add x-azp header to JWKS fetching and adjust JWKS cache key * refactor JwtSignatureValidator -> Split into XsuaaJwtSignatureValidator and SapIdJwtSignatureValidator * refactor OAuth2TokenKeyService and OAuth2TokenKeyServiceWithCache APIs to use generic Map instead of explicit IAS-specific parameters --------- Co-authored-by: liga-oz <liga.ozolina@sap.com>
1 parent 9cefa6e commit 07895cf

20 files changed

+535
-571
lines changed

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/JsonWebKeyConstants.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,10 @@ private JsonWebKeyConstants() {
1616
// Parameter names as defined in https://tools.ietf.org/html/rfc7517
1717
static final String KEYS_PARAMETER_NAME = "keys";
1818
static final String KEY_TYPE_PARAMETER_NAME = "kty";
19-
static final String ALGORITHM_PARAMETER_NAME = "alg";
19+
static final String ALG_PARAMETER_NAME = "alg";
2020
static final String VALUE_PARAMETER_NAME = "value";
21-
static final String KEYS_URL_PARAMETER_NAME = "jku";
22-
static final String KEY_ID_PARAMETER_NAME = "kid";
21+
static final String JKU_PARAMETER_NAME = "jku";
22+
static final String KID_PARAMETER_NAME = "kid";
2323

2424
// Legacy Token Key ID
2525
static final String KEY_ID_VALUE_LEGACY = "legacy-token-key";

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/JsonWebKeySet.java

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -7,17 +7,14 @@
77

88
import javax.annotation.Nonnull;
99
import javax.annotation.Nullable;
10-
import java.util.HashMap;
1110
import java.util.HashSet;
12-
import java.util.Map;
1311
import java.util.Set;
1412
import java.util.stream.Collectors;
1513
import java.util.stream.Stream;
1614

1715
class JsonWebKeySet {
1816

1917
private final Set<JsonWebKey> jsonWebKeys = new HashSet<>();
20-
private final Map<String, Boolean> appTidAccepted = new HashMap<>();
2118

2219
@Nullable
2320
public JsonWebKey getKeyByAlgorithmAndId(JwtSignatureAlgorithm keyAlgorithm, String keyId) {
@@ -45,19 +42,6 @@ private Stream<JsonWebKey> getTokenStreamWithTypeAndKeyId(JwtSignatureAlgorithm
4542
.filter(jwk -> kid.equals(jwk.getId()));
4643
}
4744

48-
public boolean containsAppTid(String appTid) {
49-
return appTidAccepted.containsKey(appTid);
50-
}
51-
52-
public boolean isAppTidAccepted(String appTid) {
53-
return appTidAccepted.get(appTid);
54-
}
55-
56-
public JsonWebKeySet withAppTid(String appTid, boolean isAccepted) {
57-
appTidAccepted.put(appTid, isAccepted);
58-
return this;
59-
}
60-
6145
public String toString() {
6246
return jsonWebKeys.stream().map(String::valueOf).collect(Collectors.joining("|"));
6347
}

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/JsonWebKeySetFactory.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,14 @@ private static JsonWebKey createJsonWebKey(JSONObject key) {
3535
String publicExponent = null;
3636

3737
String keyType = key.getString(JsonWebKeyConstants.KEY_TYPE_PARAMETER_NAME);
38-
if (key.has(JsonWebKeyConstants.ALGORITHM_PARAMETER_NAME)) {
39-
keyAlgorithm = key.getString(JsonWebKeyConstants.ALGORITHM_PARAMETER_NAME);
38+
if (key.has(JsonWebKeyConstants.ALG_PARAMETER_NAME)) {
39+
keyAlgorithm = key.getString(JsonWebKeyConstants.ALG_PARAMETER_NAME);
4040
}
4141
if (key.has(JsonWebKeyConstants.VALUE_PARAMETER_NAME)) {
4242
pemEncodedPublicKey = key.getString(JsonWebKeyConstants.VALUE_PARAMETER_NAME);
4343
}
44-
if (key.has(JsonWebKeyConstants.KEY_ID_PARAMETER_NAME)) {
45-
keyId = key.getString(JsonWebKeyConstants.KEY_ID_PARAMETER_NAME);
44+
if (key.has(JsonWebKeyConstants.KID_PARAMETER_NAME)) {
45+
keyId = key.getString(JsonWebKeyConstants.KID_PARAMETER_NAME);
4646
}
4747
if (key.has(JsonWebKeyConstants.RSA_KEY_MODULUS_PARAMETER_NAME)) {
4848
modulus = key.getString(JsonWebKeyConstants.RSA_KEY_MODULUS_PARAMETER_NAME);

0 commit comments

Comments
 (0)