Henter Azure og Token X props fra env isdf well-known

felles/auth-filter/src/test/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegateTest.java

@@ -17,14 +17,11 @@
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
 
-import no.nav.vedtak.mapper.json.DefaultJsonMapper;
 import no.nav.vedtak.sikkerhet.kontekst.IdentType;
 import no.nav.vedtak.sikkerhet.kontekst.KontekstHolder;
 import no.nav.vedtak.sikkerhet.kontekst.SikkerhetContext;
 import no.nav.vedtak.sikkerhet.oidc.config.AzureProperty;
 import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider;
-import no.nav.vedtak.sikkerhet.oidc.config.impl.WellKnownConfigurationHelper;
-import no.nav.vedtak.sikkerhet.oidc.config.impl.WellKnownOpenIdConfiguration;
 import no.nav.vedtak.sikkerhet.oidc.token.OpenIDToken;
 import no.nav.vedtak.sikkerhet.oidc.token.TokenString;
 import no.nav.vedtak.sikkerhet.oidc.validator.OidcTokenValidator;
@@ -38,29 +35,33 @@ class AuthenticationFilterDelegateTest {
     private final ContainerRequestContext request = Mockito.mock(ContainerRequestContext.class);
 
     public void setupAll() {
-        var wellKnownUrl = OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH;
+        var wellKnownUrl = OidcTokenGenerator.ISSUER + "/" + "dummy";
         System.setProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name(), wellKnownUrl);
         System.setProperty(AzureProperty.AZURE_APP_CLIENT_ID.name(), "OIDC");
-        System.setProperty("systembruker.username", "JUnit Test");
+        System.setProperty(AzureProperty.AZURE_APP_CLIENT_SECRET.name(), "dummy");
+        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name(), OidcTokenGenerator.ISSUER);
+        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name(), OidcTokenGenerator.ISSUER + "/jwks_uri");
+        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_TOKEN_ENDPOINT.name(), "dummy");
 
-        var wellKnownResponse = new WellKnownOpenIdConfiguration(OidcTokenGenerator.ISSUER, OidcTokenGenerator.ISSUER + "/jwks_uri", "dummy");
-        WellKnownConfigurationHelper.setWellKnownConfig(wellKnownUrl, DefaultJsonMapper.toJson(wellKnownResponse));
+        System.setProperty("systembruker.username", "JUnit Test");
 
         OidcTokenValidatorConfig.addValidator(OpenIDProvider.AZUREAD, tokenValidator);
     }
 
     @BeforeEach
     public void setUp() {
-        WellKnownConfigurationHelper.unsetWellKnownConfig();
         setupAll();
     }
 
     @AfterEach
     public void teardown() {
         System.clearProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name());
         System.clearProperty(AzureProperty.AZURE_APP_CLIENT_ID.name());
+        System.clearProperty(AzureProperty.AZURE_APP_CLIENT_SECRET.name());
+        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name());
+        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name());
+        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_TOKEN_ENDPOINT.name());
         System.clearProperty("systembruker.username");
-
     }
 
     @Test

felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/AzureProperty.java

@@ -10,6 +10,9 @@ public enum AzureProperty {
     AZURE_APP_JWK,
     AZURE_APP_PRE_AUTHORIZED_APPS,
     AZURE_APP_TENANT_ID,
+    AZURE_OPENID_CONFIG_ISSUER,
+    AZURE_OPENID_CONFIG_JWKS_URI,
+    AZURE_OPENID_CONFIG_TOKEN_ENDPOINT,
     AZURE_APP_WELL_KNOWN_URL;
 
     public static final String NAV_IDENT = "NAVident";

felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/TokenXProperty.java

@@ -10,5 +10,4 @@ public enum TokenXProperty {
     TOKEN_X_ISSUER,
     TOKEN_X_JWKS_URI,
     TOKEN_X_TOKEN_ENDPOINT;
-
 }

felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/impl/OidcProviderConfig.java

@@ -83,17 +83,17 @@ private static Set<OpenIDConfiguration> hentConfig() {
         }
 
         // Azure - ikke alle apps trenger denne (tokenx-apps)
-        var azureKonfigUrl = getAzureProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL);
+        var azureKonfigUrl = ENV.getProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name());
         if (azureKonfigUrl != null) {
             LOG.debug("Oppretter AzureAD konfig fra '{}'", azureKonfigUrl);
-            idProviderConfigs.add(createAzureAppConfiguration(azureKonfigUrl));
+            idProviderConfigs.add(createAzureAppConfiguration());
         }
 
         // TokenX
-        var tokenxKonfigUrl = getTokenXProperty(TokenXProperty.TOKEN_X_WELL_KNOWN_URL);
+        var tokenxKonfigUrl =  ENV.getProperty(TokenXProperty.TOKEN_X_WELL_KNOWN_URL.name());
         if (tokenxKonfigUrl != null) {
             LOG.debug("Oppretter TokenX konfig fra '{}'", tokenxKonfigUrl);
-            idProviderConfigs.add(createTokenXConfiguration(tokenxKonfigUrl));
+            idProviderConfigs.add(createTokenXConfiguration());
         }
 
         var providere = idProviderConfigs.stream().map(OpenIDConfiguration::type).map(OpenIDProvider::name).collect(Collectors.joining(", "));
@@ -115,24 +115,24 @@ private static OpenIDConfiguration createStsConfiguration(String wellKnownUrl) {
     }
 
     @SuppressWarnings("unused")
-    private static OpenIDConfiguration createAzureAppConfiguration(String wellKnownUrl) {
-        var proxyUrl = ENV.isFss() ? URI.create(ENV.getProperty(AZURE_HTTP_PROXY, getDefaultProxy())) : null;
+    private static OpenIDConfiguration createAzureAppConfiguration() {
+        var proxyUrl = (ENV.isFss() && ENV.isProd()) ? URI.create(ENV.getProperty(AZURE_HTTP_PROXY, getDefaultProxy())) : null;
         return createConfiguration(OpenIDProvider.AZUREAD,
-            getIssuerFra(wellKnownUrl, proxyUrl).orElseThrow(),
-            getJwksFra(wellKnownUrl, proxyUrl).orElseThrow(),
-            getTokenEndpointFra(wellKnownUrl, proxyUrl).orElseThrow(),
-            ENV.isFss(),
+            getAzureProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER),
+            getAzureProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI),
+            getAzureProperty(AzureProperty.AZURE_OPENID_CONFIG_TOKEN_ENDPOINT),
+            (ENV.isFss() && ENV.isProd()),
             proxyUrl,
             getAzureProperty(AzureProperty.AZURE_APP_CLIENT_ID),
             getAzureProperty(AzureProperty.AZURE_APP_CLIENT_SECRET),
             ENV.isLocal());
     }
 
-    private static OpenIDConfiguration createTokenXConfiguration(String wellKnownUrl) {
+    private static OpenIDConfiguration createTokenXConfiguration() {
         return createConfiguration(OpenIDProvider.TOKENX,
-            getIssuerFra(wellKnownUrl).orElseThrow(),
-            getJwksFra(wellKnownUrl).orElseThrow(),
-            getTokenEndpointFra(wellKnownUrl).orElseThrow(),
+            getTokenXProperty(TokenXProperty.TOKEN_X_ISSUER),
+            getTokenXProperty(TokenXProperty.TOKEN_X_JWKS_URI),
+            getTokenXProperty(TokenXProperty.TOKEN_X_TOKEN_ENDPOINT),
             false,
             null,
             getTokenXProperty(TokenXProperty.TOKEN_X_CLIENT_ID),

felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/impl/WellKnownConfigurationHelper.java

@@ -93,25 +93,4 @@ private static WellKnownOpenIdConfiguration hentWellKnownConfig(String wellKnown
         }
     }
 
-    public static void setWellKnownConfig(String wellKnownUrl, String jsonAsString) {
-        guardForTestOnly();
-        wellKnownConfigMap.computeIfAbsent(wellKnownUrl, key -> {
-            try {
-                return READER.readValue(jsonAsString);
-            } catch (IOException e) {
-                throw new IllegalArgumentException("Ugyldig json: ", e);
-            }
-        });
-    }
-
-    public static void unsetWellKnownConfig() {
-        guardForTestOnly();
-        wellKnownConfigMap = new HashMap<>();
-    }
-
-    private static void guardForTestOnly() {
-        if (!ENV.isLocal()) {
-            throw new IllegalStateException("Skal aldri kjøres i miljø!");
-        }
-    }
 }

felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/OidcTokenValidatorTest.java

@@ -14,13 +14,10 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
-import no.nav.vedtak.mapper.json.DefaultJsonMapper;
 import no.nav.vedtak.sikkerhet.kontekst.Groups;
 import no.nav.vedtak.sikkerhet.oidc.config.AzureProperty;
 import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider;
 import no.nav.vedtak.sikkerhet.oidc.config.impl.OidcProviderConfig;
-import no.nav.vedtak.sikkerhet.oidc.config.impl.WellKnownConfigurationHelper;
-import no.nav.vedtak.sikkerhet.oidc.config.impl.WellKnownOpenIdConfiguration;
 import no.nav.vedtak.sikkerhet.oidc.jwks.JwksKeyHandlerImpl;
 import no.nav.vedtak.sikkerhet.oidc.token.TokenString;
 
@@ -30,15 +27,27 @@ class OidcTokenValidatorTest {
 
     @BeforeEach
     public void beforeEach() {
-        var wellKnownUrl = OidcTokenGenerator.ISSUER + "/" + WellKnownConfigurationHelper.STANDARD_WELL_KNOWN_PATH;
+        var wellKnownUrl = OidcTokenGenerator.ISSUER + "/dummy_url";
         System.setProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name(), wellKnownUrl);
         System.setProperty(AzureProperty.AZURE_APP_CLIENT_ID.name(), "OIDC");
-        var wellKnownResponse = new WellKnownOpenIdConfiguration(OidcTokenGenerator.ISSUER, "dummy", "dummy");
-        WellKnownConfigurationHelper.setWellKnownConfig(wellKnownUrl, DefaultJsonMapper.toJson(wellKnownResponse));
+        System.setProperty(AzureProperty.AZURE_APP_CLIENT_SECRET.name(), "dummy");
+        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name(), OidcTokenGenerator.ISSUER);
+        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name(), "dummy");
+        System.setProperty(AzureProperty.AZURE_OPENID_CONFIG_TOKEN_ENDPOINT.name(), "dummy");
         tokenValidator = new OidcTokenValidator(OidcProviderConfig.instance().getOidcConfig(OpenIDProvider.AZUREAD).orElseThrow(),
             new JwksKeyHandlerFromString(KeyStoreTool.getJwks()));
     }
 
+    @AfterEach
+    public void cleanSystemProperties() {
+        System.clearProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name());
+        System.clearProperty(AzureProperty.AZURE_APP_CLIENT_ID.name());
+        System.clearProperty(AzureProperty.AZURE_APP_CLIENT_SECRET.name());
+        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_ISSUER.name());
+        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_JWKS_URI.name());
+        System.clearProperty(AzureProperty.AZURE_OPENID_CONFIG_TOKEN_ENDPOINT.name());
+    }
+
     @Test
     void skal_godta_token_som_har_forventede_verdier() {
         var token = new OidcTokenGenerator().createHeaderTokenHolder();
@@ -257,8 +266,6 @@ void skal_ikke_godta_token_som_er_signert_med_feil_sertifikat() {
 
     @Test
     void skal_ikke_godta_å_validere_token_når_det_mangler_konfigurasjon_for_issuer() {
-        WellKnownConfigurationHelper.setWellKnownConfig("azureAD", "{}");
-
         var keyHandler = new JwksKeyHandlerFromString(KeyStoreTool.getJwks());
         var message = assertThrows(IllegalStateException.class,
             () -> new OidcTokenValidator(OpenIDProvider.AZUREAD, null, keyHandler, "OIDC"));
@@ -315,13 +322,6 @@ void skal_ikke_godta_noe_som_ikke_er_et_gyldig_JWT() {
         assertInvalid(result4, "Invalid OIDC JWT processing failed");
     }
 
-    @AfterEach
-    public void cleanSystemProperties() {
-        System.clearProperty(AzureProperty.AZURE_APP_WELL_KNOWN_URL.name());
-        System.clearProperty(AzureProperty.AZURE_APP_CLIENT_ID.name());
-
-    }
-
     private static class JwksKeyHandlerFromString extends JwksKeyHandlerImpl {
         private JwksKeyHandlerFromString(String jwks) {
             super(() -> jwks, URI.create("http://www.vg.no"));