Merge pull request #478 from navikt/modernize

Kotlinize

.github/workflows/build-master.yml

@@ -12,10 +12,10 @@ jobs:
       - name: Checkout latest code
         uses: actions/checkout@v2
 
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v1
         with:
-          java-version: 11
+          java-version: 17
 
       - name: Setup build cache
         uses: actions/cache@v1
@@ -29,12 +29,12 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: mvn -B -Pgithub  jacoco:prepare-agent install jacoco:report sonar:sonar  -Dsonar.projectKey=navikt_token-support 
+        run: mvn -B verify jacoco:prepare-agent jacoco:report sonar:sonar -Dsonar.projectKey=navikt_token-support -Dmaven.javadoc.skip=true
 
   release-notes:
     runs-on: ubuntu-latest
     steps:
       - name: Release Drafter
         uses: release-drafter/release-drafter@v5
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -30,7 +30,7 @@ jobs:
 
       - uses: actions/setup-java@v1
         with:
-          java-version: '11.x'
+          java-version: 17
       - uses: actions/cache@v1
         with:
           path: ~/.m2
@@ -42,4 +42,4 @@ jobs:
           mvn compile -B
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v1

.github/workflows/publish-release.yml

@@ -12,10 +12,10 @@ jobs:
       - name: Checkout latest code
         uses: actions/checkout@v2
 
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v1
         with:
-          java-version: 11
+          java-version: 17
 
       - name: Setup build cache
         uses: actions/cache@v1
@@ -53,4 +53,4 @@ jobs:
         run: |
           git config user.email "[email protected]"
           git config user.name "GitHub Actions release"
-          mvn  --settings .github/settings.xml -Pgithub --batch-mode -Dmaven.main.skip=true -Dmaven.test.skip=true  -Dmaven.javadoc.skip=true deploy
+          mvn  --settings .github/settings.xml -Pgithub --batch-mode -Dmaven.main.skip=true -Dmaven.test.skip=true  -Dmaven.javadoc.skip=true deploy

.github/workflows/test-pull-requests.yml

@@ -8,11 +8,13 @@ jobs:
     steps:
       - name: Checkout latest code
         uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v1
         with:
-          java-version: 11
+          java-version: 17
 
       - name: Setup build cache
         uses: actions/cache@v1
@@ -25,5 +27,6 @@ jobs:
         env:
           GITHUB_USERNAME: x-access-token
           GITHUB_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           GITHUB_TOKEN:  ${{ secrets.GITHUB_TOKEN }}
-        run: mvn -B  -Pgithub jacoco:prepare-agent jacoco:report sonar:sonar deploy -Dsonar.projectKey=navikt_token-support -Dsonar.login=${SONAR_TOKEN}
+        run: mvn -B  -Pgithub jacoco:prepare-agent deploy jacoco:report sonar:sonar -e --batch-mode --settings .github/settings.xml -Dsonar.projectKey=navikt_token-support -Dmaven.javadoc.skip=true -Dsonar.login=${SONAR_TOKEN}

.java-version

@@ -1 +1 @@
-11
+17

pom.xml

@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>no.nav.security</groupId>
     <artifactId>token-support</artifactId>
-    <version>1.3-SNAPSHOT</version>
+    <version>2.0.0-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>token-support</name>
     <description>
@@ -19,6 +19,7 @@
         </license>
     </licenses>
     <developers>
+
         <developer>
             <organization>NAV (Arbeids- og velferdsdirektoratet) - The Norwegian Labour and Welfare Administration
             </organization>
@@ -40,16 +41,15 @@
         <module>token-client-kotlin-demo</module>
         <module>token-client-core</module>
     </modules>
-
     <properties>
         <sonar.host.url>https://sonarcloud.io</sonar.host.url>
         <sonar.organization>navit</sonar.organization>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-        <maven.compiler.source>11</maven.compiler.source>
-        <maven.compiler.target>11</maven.compiler.target>
-        <java.version>11</java.version>
-        <spring-boot.version>2.6.3</spring-boot.version>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+        <java.version>17</java.version>
+        <spring-boot.version>2.6.4</spring-boot.version>
         <oauth2-oidc-sdk.version>9.27</oauth2-oidc-sdk.version>
         <validation-api.version>2.0.1.Final</validation-api.version>
         <rest-assured.version>4.5.1</rest-assured.version>
@@ -64,7 +64,7 @@
         <logback.version>1.2.10</logback.version>
         <nimbus.jose.jwt.version>9.20</nimbus.jose.jwt.version>
         <kotest.version>5.1.0</kotest.version>
-        <kotlin.compiler.jvmTarget>11</kotlin.compiler.jvmTarget>
+        <kotlin.compiler.jvmTarget>17</kotlin.compiler.jvmTarget>
     </properties>
 
     <scm>
@@ -80,6 +80,30 @@
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>2.22.2</version>
             </plugin>
+            <plugin>
+                <groupId>org.jetbrains.kotlin</groupId>
+                <artifactId>kotlin-maven-plugin</artifactId>
+                <version>${kotlin.version}</version>
+                <executions>
+                    <execution>
+                        <id>compile</id>
+                        <phase>compile</phase>
+                        <goals>
+                            <goal>compile</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>test-compile</id>
+                        <phase>test-compile</phase>
+                        <goals>
+                            <goal>test-compile</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <jvmTarget>1.8</jvmTarget>
+                </configuration>
+            </plugin>
 
             <plugin>
                 <groupId>org.jacoco</groupId>
@@ -256,11 +280,6 @@
                 <artifactId>token-validation-spring-test</artifactId>
                 <version>${project.version}</version>
             </dependency>
-            <dependency>
-                <groupId>${project.groupId}</groupId>
-                <artifactId>token-validation-test-support</artifactId>
-                <version>${project.version}</version>
-            </dependency>
             <dependency>
                 <groupId>${project.groupId}</groupId>
                 <artifactId>token-client-spring</artifactId>
@@ -397,5 +416,16 @@
             <groupId>com.nimbusds</groupId>
             <artifactId>nimbus-jose-jwt</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.jetbrains.kotlin</groupId>
+            <artifactId>kotlin-stdlib-jdk8</artifactId>
+            <version>${kotlin.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jetbrains.kotlin</groupId>
+            <artifactId>kotlin-test</artifactId>
+            <version>${kotlin.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>

token-client-core/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>token-support</artifactId>
         <groupId>no.nav.security</groupId>
-        <version>1.3-SNAPSHOT</version>
+        <version>2.0.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

token-client-core/src/main/java/no/nav/security/token/support/client/core/ClientAuthenticationProperties.java

@@ -8,14 +8,15 @@
 import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
-import java.util.function.Supplier;
+
+import static com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.*;
 
 public class ClientAuthenticationProperties {
 
     private static final List<ClientAuthenticationMethod> CLIENT_AUTH_METHODS = List.of(
-        ClientAuthenticationMethod.CLIENT_SECRET_BASIC,
-        ClientAuthenticationMethod.CLIENT_SECRET_POST,
-        ClientAuthenticationMethod.PRIVATE_KEY_JWT
+        CLIENT_SECRET_BASIC,
+        CLIENT_SECRET_POST,
+        PRIVATE_KEY_JWT
     );
 
     @NotNull
@@ -50,10 +51,12 @@ private static RSAKey loadKey(String clientPrivateKey) {
 
     private static ClientAuthenticationMethod getSupported(ClientAuthenticationMethod clientAuthMethod) {
         return clientAuthMethod == null ?
-            ClientAuthenticationMethod.CLIENT_SECRET_BASIC :
+            CLIENT_SECRET_BASIC :
             Optional.of(clientAuthMethod)
                 .filter(CLIENT_AUTH_METHODS::contains)
-                .orElseThrow(unsupported(clientAuthMethod));
+                .orElseThrow(() -> new IllegalArgumentException(
+                    String.format("unsupported %s with value %s, must be one of %s",
+                        ClientAuthenticationMethod.class.getSimpleName(), clientAuthMethod, CLIENT_AUTH_METHODS)));
     }
 
     public static ClientAuthenticationPropertiesBuilder builder() {
@@ -62,21 +65,15 @@ public static ClientAuthenticationPropertiesBuilder builder() {
 
     private void validateAfterPropertiesSet() {
         Objects.requireNonNull(clientId, "clientId cannot be null");
-        if (ClientAuthenticationMethod.CLIENT_SECRET_BASIC.equals(this.clientAuthMethod)) {
+        if (CLIENT_SECRET_BASIC.equals(this.clientAuthMethod)) {
             Objects.requireNonNull(clientSecret, "clientSecret cannot be null");
-        } else if (ClientAuthenticationMethod.CLIENT_SECRET_POST.equals(this.clientAuthMethod)) {
+        } else if (CLIENT_SECRET_POST.equals(this.clientAuthMethod)) {
             Objects.requireNonNull(clientSecret, "clientSecret cannot be null");
-        } else if (ClientAuthenticationMethod.PRIVATE_KEY_JWT.equals(this.clientAuthMethod)) {
+        } else if (PRIVATE_KEY_JWT.equals(this.clientAuthMethod)) {
             Objects.requireNonNull(clientJwk, "clientPrivateKey must be set");
         }
     }
 
-    private static Supplier<IllegalArgumentException> unsupported(ClientAuthenticationMethod clientAuthMethod) {
-        return () -> new IllegalArgumentException(
-            String.format("unsupported %s with value %s, must be one of %s",
-                ClientAuthenticationMethod.class.getSimpleName(), clientAuthMethod, CLIENT_AUTH_METHODS));
-    }
-
     public @NotNull String getClientId() {
         return this.clientId;
     }
@@ -101,7 +98,7 @@ public RSAKey getClientRsaKey() {
     public boolean equals(Object o) {
         if (this == o) return true;
         if (o == null || getClass() != o.getClass()) return false;
-        ClientAuthenticationProperties that = (ClientAuthenticationProperties) o;
+        var that = (ClientAuthenticationProperties) o;
         return Objects.equals(clientId, that.clientId)
             && Objects.equals(clientAuthMethod, that.clientAuthMethod)
             && Objects.equals(clientSecret, that.clientSecret)

token-client-core/src/main/java/no/nav/security/token/support/client/core/OAuth2ClientException.java

@@ -3,7 +3,7 @@
 public class OAuth2ClientException extends RuntimeException {
 
     public OAuth2ClientException(String message) {
-        super(message);
+        this(message,null);
     }
 
     public OAuth2ClientException(String message, Throwable cause) {

token-client-core/src/main/java/no/nav/security/token/support/client/core/OAuth2GrantType.java

@@ -1,38 +1,14 @@
 package no.nav.security.token.support.client.core;
 
-import java.util.Objects;
 import java.util.Optional;
 
-public class OAuth2GrantType {
+public record OAuth2GrantType(String value) {
     public static final OAuth2GrantType JWT_BEARER = new OAuth2GrantType("urn:ietf:params:oauth:grant-type:jwt-bearer");
     public static final OAuth2GrantType CLIENT_CREDENTIALS = new OAuth2GrantType("client_credentials");
     public static final OAuth2GrantType TOKEN_EXCHANGE = new OAuth2GrantType("urn:ietf:params:oauth:grant-type:token-exchange");
-    private final String value;
 
     public OAuth2GrantType(String value) {
         this.value = Optional.ofNullable(value)
-        .orElseThrow(() -> new OAuth2ClientException("value for OAuth2GrantType cannot be null"));
-    }
-
-    public String getValue() {
-        return value;
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        OAuth2GrantType that = (OAuth2GrantType) o;
-        return value.equals(that.value);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(value);
-    }
-
-    @Override
-    public String toString() {
-        return value;
+            .orElseThrow(() -> new OAuth2ClientException("value for OAuth2GrantType cannot be null"));
     }
 }

token-client-core/src/main/java/no/nav/security/token/support/client/core/auth/ClientAssertion.java

@@ -4,7 +4,6 @@
 import com.nimbusds.jose.JOSEObjectType;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
-import com.nimbusds.jose.JWSSigner;
 import com.nimbusds.jose.crypto.RSASSASigner;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jwt.JWTClaimsSet;
@@ -43,7 +42,7 @@ public ClientAssertion(URI tokenEndpointUrl, String clientId, RSAKey rsaKey, int
     }
 
     public String assertion() {
-        Instant now = Instant.now();
+        var now = Instant.now();
         return createSignedJWT(rsaKey, new JWTClaimsSet.Builder()
             .audience(tokenEndpointUrl.toString())
             .expirationTime(Date.from(now.plusSeconds(expiryInSeconds)))
@@ -61,12 +60,11 @@ public String assertionType() {
 
     private SignedJWT createSignedJWT(RSAKey rsaJwk, JWTClaimsSet claimsSet) {
         try {
-            JWSHeader.Builder header = new JWSHeader.Builder(JWSAlgorithm.RS256)
+            var header = new JWSHeader.Builder(JWSAlgorithm.RS256)
                 .keyID(rsaJwk.getKeyID())
                 .type(JOSEObjectType.JWT);
-            SignedJWT signedJWT = new SignedJWT(header.build(), claimsSet);
-            JWSSigner signer = new RSASSASigner(rsaJwk.toPrivateKey());
-            signedJWT.sign(signer);
+            var signedJWT = new SignedJWT(header.build(), claimsSet);
+            signedJWT.sign(new RSASSASigner(rsaJwk.toPrivateKey()));
             return signedJWT;
         } catch (JOSEException e) {
             throw new RuntimeException(e);

token-client-core/src/main/java/no/nav/security/token/support/client/core/http/OAuth2HttpHeaders.java

@@ -2,7 +2,7 @@
 
 import java.util.*;
 
-import static java.lang.String.*;
+import static java.lang.String.CASE_INSENSITIVE_ORDER;
 
 public class OAuth2HttpHeaders {
 
@@ -16,7 +16,6 @@ public static OAuth2HttpHeaders of(Map<String, List<String>> headers) {
         return new OAuth2HttpHeaders(headers);
     }
 
-    @SuppressWarnings("WeakerAccess")
     public static Builder builder() {
         return new Builder();
     }
@@ -29,7 +28,7 @@ public Map<String, List<String>> headers() {
     public boolean equals(Object o) {
         if (this == o) return true;
         if (o == null || getClass() != o.getClass()) return false;
-        OAuth2HttpHeaders that = (OAuth2HttpHeaders) o;
+        var that = (OAuth2HttpHeaders) o;
         return Objects.equals(headers, that.headers);
     }