diff --git a/README.md b/README.md index 9fd91d491..144fa4fb2 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,11 @@ +[![Bygg og deploy](https://github.com/navikt/fp-felles/actions/workflows/build.yml/badge.svg)](https://github.com/navikt/fp-felles/actions/workflows/build.yml) +[![Sonarcloud Status](https://sonarcloud.io/api/project_badges/measure?project=navikt_fp-felles&metric=alert_status)](https://sonarcloud.io/dashboard?id=navikt_fp-felles) +[![SonarCloud Coverage](https://sonarcloud.io/api/project_badges/measure?project=navikt_fp-felles&metric=coverage)](https://sonarcloud.io/component_measures/metric/coverage/list?id=navikt_fp-felles) +[![SonarCloud Bugs](https://sonarcloud.io/api/project_badges/measure?project=navikt_fp-felles&metric=bugs)](https://sonarcloud.io/component_measures/metric/reliability_rating/list?id=navikt_fp-felles) +[![SonarCloud Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=navikt_fp-felles&metric=vulnerabilities)](https://sonarcloud.io/component_measures/metric/security_rating/list?id=navikt_fp-felles) +![GitHub release (latest by date)](https://img.shields.io/github/v/release/navikt/fp-felles) +![GitHub](https://img.shields.io/github/license/navikt/fp-felles) + # fp-felles Inneholder følgende hovedmoduler diff --git a/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/AbacDataAttributter.java b/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/AbacDataAttributter.java index 413df1770..03abe30ff 100644 --- a/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/AbacDataAttributter.java +++ b/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/AbacDataAttributter.java @@ -43,7 +43,7 @@ public AbacDataAttributter leggTil(AbacAttributtType type, Collection sa } public AbacDataAttributter leggTil(AbacAttributtType type, Object verdi) { - requireNonNull(verdi, "Attributt av type " + type + " kan ikke være null"); //$NON-NLS-1$ //$NON-NLS-2$ + requireNonNull(verdi, "Attributt av type " + type + " kan ikke være null"); Set a = attributter.get(type); if (a == null) { a = new LinkedHashSet<>(4); // det er vanligvis bare 1 attributt i settet @@ -56,7 +56,7 @@ public AbacDataAttributter leggTil(AbacAttributtType type, Object verdi) { @SuppressWarnings("unchecked") public Set getVerdier(AbacAttributtType type) { return attributter.containsKey(type) - ? (Set) attributter.get(type) // NOSONAR cast fungerer når settere/gettere er symmetriske slik de skal være her + ? (Set) attributter.get(type) : Collections.emptySet(); } diff --git a/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/BeskyttetRessursInterceptor.java b/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/BeskyttetRessursInterceptor.java index 54d792842..75e987350 100644 --- a/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/BeskyttetRessursInterceptor.java +++ b/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/BeskyttetRessursInterceptor.java @@ -131,9 +131,9 @@ static void leggTilAttributterFraParameter(AbacDataAttributter attributter, Obje if (tilpassetAnnotering != null) { leggTil(attributter, tilpassetAnnotering, parameterValue); } else { - if (parameterValue instanceof AbacDto abacDto) { // NOSONAR for å støtte både enkelt-DTO-er og collection av DTO-er + if (parameterValue instanceof AbacDto abacDto) { attributter.leggTil(abacDto.abacAttributter()); - } else if (parameterValue instanceof Collection collection) { // NOSONAR for å støtte både enkelt-DTO-er og collection av DTO-er + } else if (parameterValue instanceof Collection collection) { leggTilAbacDtoSamling(attributter, collection); } } diff --git "a/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/pipdata/PipAkt\303\270rId.java" "b/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/pipdata/PipAkt\303\270rId.java" index e6e541212..550ffe579 100644 --- "a/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/pipdata/PipAkt\303\270rId.java" +++ "b/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/pipdata/PipAkt\303\270rId.java" @@ -22,7 +22,7 @@ public class PipAktørId implements Serializable, Comparable, Ressu @JsonValue @NotNull @javax.validation.constraints.Pattern(regexp = VALID_REGEXP, message = "aktørId ${validatedValue} har ikke gyldig verdi (pattern '{regexp}')") - private String aktørId; // NOSONAR + private String aktørId; public PipAktørId(Long aktørId) { Objects.requireNonNull(aktørId, "aktørId"); diff --git a/felles/abac/src/test/java/no/nav/vedtak/sikkerhet/pdp/PdpKlientImplTest.java b/felles/abac/src/test/java/no/nav/vedtak/sikkerhet/pdp/PdpKlientImplTest.java index 375701005..081f488fb 100644 --- a/felles/abac/src/test/java/no/nav/vedtak/sikkerhet/pdp/PdpKlientImplTest.java +++ b/felles/abac/src/test/java/no/nav/vedtak/sikkerhet/pdp/PdpKlientImplTest.java @@ -41,7 +41,7 @@ import no.nav.vedtak.sikkerhet.pdp.xacml.XacmlRequest; import no.nav.vedtak.sikkerhet.pdp.xacml.XacmlResponse; -public class PdpKlientImplTest { +class PdpKlientImplTest { private static final String JWT_TOKENSTRING = "eyAidHlwIjogIkpXVCIsICJraWQiOiAiU0gxSWVSU2sxT1VGSDNzd1orRXVVcTE5VHZRPSIsICJhbGciOiAiUlMyNTYiIH0.eyAiYXRfaGFzaCI6ICIyb2c1RGk5ZW9LeFhOa3VPd0dvVUdBIiwgInN1YiI6ICJzMTQyNDQzIiwgImF1ZGl0VHJhY2tpbmdJZCI6ICI1NTM0ZmQ4ZS03MmE2LTRhMWQtOWU5YS1iZmEzYThhMTljMDUtNjE2NjA2NyIsICJpc3MiOiAiaHR0cHM6Ly9pc3NvLXQuYWRlby5ubzo0NDMvaXNzby9vYXV0aDIiLCAidG9rZW5OYW1lIjogImlkX3Rva2VuIiwgImF1ZCI6ICJPSURDIiwgImNfaGFzaCI6ICJiVWYzcU5CN3dTdi0wVlN0bjhXLURnIiwgIm9yZy5mb3JnZXJvY2sub3BlbmlkY29ubmVjdC5vcHMiOiAiMTdhOGZiMzYtMGI0Ny00YzRkLWE4YWYtZWM4Nzc3Y2MyZmIyIiwgImF6cCI6ICJPSURDIiwgImF1dGhfdGltZSI6IDE0OTgwMzk5MTQsICJyZWFsbSI6ICIvIiwgImV4cCI6IDE0OTgwNDM1MTUsICJ0b2tlblR5cGUiOiAiSldUVG9rZW4iLCAiaWF0IjogMTQ5ODAzOTkxNSB9.S2DKQweQWZIfjaAT2UP9_dxrK5zqpXj8IgtjDLt5PVfLYfZqpWGaX-ckXG0GlztDVBlRK4ylmIYacTmEAUV_bRa_qWKRNxF83SlQRgHDSiE82SGv5WHOGEcAxf2w_d50XsgA2KDBCyv0bFIp9bCiKzP11uWPW0v4uIkyw2xVxMVPMCuiMUtYFh80sMDf9T4FuQcFd0LxoYcSFDEDlwCdRiF3ufw73qtMYBlNIMbTGHx-DZWkZV7CgukmCee79gwQIvGwdLrgaDrHFCJUDCbB1FFEaE3p3_BZbj0T54fCvL69aHyWm1zEd9Pys15yZdSh3oSSr4yVNIxhoF-nQ7gY-g;"; public static final OpenIDToken JWT_TOKEN = new OpenIDToken(OpenIDProvider.STS, new TokenString(JWT_TOKENSTRING)); @@ -58,7 +58,7 @@ public void setUp() { } @Test - public void kallPdpMedSamlTokenNårIdTokenErSamlToken() { + void kallPdpMedSamlTokenNårIdTokenErSamlToken() { var idToken = Token.withSamlToken("SAML"); var responseWrapper = createResponse("xacmlresponse.json"); var captor = ArgumentCaptor.forClass(XacmlRequest.class); @@ -72,7 +72,7 @@ public void setUp() { } @Test - public void kallPdpUtenFnrResourceHvisPersonlisteErTom() { + void kallPdpUtenFnrResourceHvisPersonlisteErTom() { var idToken = Token.withOidcToken(JWT_TOKEN, "TEST", IdentType.InternBruker); var responseWrapper = createResponse("xacmlresponse.json"); var captor = ArgumentCaptor.forClass(XacmlRequest.class); @@ -87,7 +87,7 @@ public void kallPdpUtenFnrResourceHvisPersonlisteErTom() { } @Test - public void kallPdpMedJwtTokenBodyNårIdTokenErJwtToken() { + void kallPdpMedJwtTokenBodyNårIdTokenErJwtToken() { var idToken = Token.withOidcToken(JWT_TOKEN, "TEST", IdentType.InternBruker); var responseWrapper = createResponse("xacmlresponse.json"); var captor = ArgumentCaptor.forClass(XacmlRequest.class); @@ -102,7 +102,7 @@ public void kallPdpUtenFnrResourceHvisPersonlisteErTom() { } @Test - public void kallPdpMedJwtTokenBodyNårIdTokenErTokeXToken() { + void kallPdpMedJwtTokenBodyNårIdTokenErTokeXToken() { var idToken = Token.withOidcToken(JWT_TOKENX_TOKEN, "TEST", IdentType.InternBruker); var responseWrapper = createResponse("xacmlresponse.json"); var captor = ArgumentCaptor.forClass(XacmlRequest.class); @@ -117,7 +117,7 @@ public void kallPdpUtenFnrResourceHvisPersonlisteErTom() { } @Test - public void kallPdpMedFlereAttributtSettNårPersonlisteStørreEnn1() { + void kallPdpMedFlereAttributtSettNårPersonlisteStørreEnn1() { var idToken = Token.withOidcToken(JWT_TOKEN, "TEST", IdentType.InternBruker); var responseWrapper = createResponse("xacml3response.json"); var captor = ArgumentCaptor.forClass(XacmlRequest.class); @@ -140,7 +140,7 @@ public void kallPdpUtenFnrResourceHvisPersonlisteErTom() { } @Test - public void kallPdpMedFlereAttributtSettNårPersonlisteStørreEnn2() { + void kallPdpMedFlereAttributtSettNårPersonlisteStørreEnn2() { var idToken = Token.withOidcToken(JWT_TOKEN, "TEST", IdentType.InternBruker); var responseWrapper = createResponse("xacmlresponse-array.json"); var captor = ArgumentCaptor.forClass(XacmlRequest.class); @@ -163,7 +163,7 @@ public void kallPdpUtenFnrResourceHvisPersonlisteErTom() { } @Test - public void sporingsloggListeSkalHaSammeRekkefølgePåidenterSomXacmlRequest() { + void sporingsloggListeSkalHaSammeRekkefølgePåidenterSomXacmlRequest() { var idToken = Token.withOidcToken(JWT_TOKEN, "TEST", IdentType.InternBruker); var responseWrapper = createResponse("xacml3response.json"); var captor = ArgumentCaptor.forClass(XacmlRequest.class); @@ -194,7 +194,7 @@ public void kallPdpUtenFnrResourceHvisPersonlisteErTom() { } @Test - public void skal_base64_encode_saml_token() { + void skal_base64_encode_saml_token() { var idToken = Token.withSamlToken(""); @SuppressWarnings("unused") var responseWrapper = createResponse("xacmlresponse_multiple_obligation.json"); @@ -213,7 +213,7 @@ public void skal_base64_encode_saml_token() { } @Test - public void skal_bare_ta_med_deny_advice() { + void skal_bare_ta_med_deny_advice() { var idToken = Token.withSamlToken(""); var responseWrapper = createResponse("xacmlresponse_1deny_1permit.json"); @@ -246,7 +246,7 @@ private void assertHasAttribute(List attributes, String } @Test - public void skalFeileVedUkjentObligation() { + void skalFeileVedUkjentObligation() { var idToken = Token.withSamlToken("SAML"); var responseWrapper = createResponse("xacmlresponse_multiple_obligation.json"); @@ -263,7 +263,7 @@ public void skalFeileVedUkjentObligation() { } @Test - public void skal_håndtere_blanding_av_fnr_og_aktør_id() { + void skal_håndtere_blanding_av_fnr_og_aktør_id() { var idToken = Token.withOidcToken(JWT_TOKEN, "TEST", IdentType.InternBruker); var responseWrapper = createResponse("xacml3response.json"); @@ -315,7 +315,7 @@ private XacmlResponse createResponse(String jsonFile) { } @Test - public void lese_sammenligne_request() throws IOException { + void lese_sammenligne_request() throws IOException { File file = new File(getClass().getClassLoader().getResource("request.json").getFile()); var target = DefaultJsonMapper.getObjectMapper().readValue(file, XacmlRequest.class); diff --git a/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java b/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java index 7fb10813f..c05ce3379 100644 --- a/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java +++ b/felles/auth-filter/src/main/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegate.java @@ -88,7 +88,7 @@ public static void fjernKontekst() { } private static void setCallAndConsumerId(ContainerRequestContext request) { - String callId = Optional.ofNullable(request.getHeaderString(MDCOperations.HTTP_HEADER_CALL_ID)) // NOSONAR Akseptertet headere + String callId = Optional.ofNullable(request.getHeaderString(MDCOperations.HTTP_HEADER_CALL_ID)) .or(() -> Optional.ofNullable(request.getHeaderString(MDCOperations.HTTP_HEADER_ALT_CALL_ID))) .orElseGet(MDCOperations::generateCallId); MDCOperations.putCallId(callId); diff --git a/felles/auth-filter/src/test/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegateTest.java b/felles/auth-filter/src/test/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegateTest.java index 53a64abde..4c0b46f21 100644 --- a/felles/auth-filter/src/test/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegateTest.java +++ b/felles/auth-filter/src/test/java/no/nav/vedtak/sikkerhet/jaxrs/AuthenticationFilterDelegateTest.java @@ -34,7 +34,7 @@ import no.nav.vedtak.sikkerhet.oidc.validator.OidcTokenValidatorConfig; import no.nav.vedtak.sikkerhet.oidc.validator.OidcTokenValidatorResult; -public class AuthenticationFilterDelegateTest { +class AuthenticationFilterDelegateTest { private OidcTokenValidator tokenValidator = Mockito.mock(OidcTokenValidator.class); @@ -76,7 +76,7 @@ public void teardown() throws Exception{ } @Test - public void skal_slippe_gjennom_forespørsel_etter_ubeskyttet_ressurs() throws Exception { + void skal_slippe_gjennom_forespørsel_etter_ubeskyttet_ressurs() throws Exception { Method method = RestClass.class.getMethod("ubeskyttet"); ResourceInfo ri = new TestInvocationContext(method, RestClass.class); @@ -87,7 +87,7 @@ public void teardown() throws Exception{ @Test - public void skal_ikke_slippe_gjennom_forespørsel_men_svare_med_401_etter_beskyttet_ressurs_når_forespørselen_ikke_har_med_id_token() throws Exception { + void skal_ikke_slippe_gjennom_forespørsel_men_svare_med_401_etter_beskyttet_ressurs_når_forespørselen_ikke_har_med_id_token() throws Exception { Method method = RestClass.class.getMethod("beskyttet"); ResourceInfo ri = new TestInvocationContext(method, RestClass.class); @@ -98,7 +98,7 @@ public void teardown() throws Exception{ @Test - public void skal_sende_401_for_utløpt_Authorization_header() throws Exception { + void skal_sende_401_for_utløpt_Authorization_header() throws Exception { var utløptIdToken = getUtløptToken(); Method method = RestClass.class.getMethod("beskyttet"); ResourceInfo ri = new TestInvocationContext(method, RestClass.class); @@ -113,7 +113,7 @@ public void teardown() throws Exception{ } @Test - public void skal_slippe_gjennom_forespørsel_etter_beskyttet_ressurs_når_forespørselen_har_med_id_token_som_validerer() + void skal_slippe_gjennom_forespørsel_etter_beskyttet_ressurs_når_forespørselen_har_med_id_token_som_validerer() throws Exception { Method method = RestClass.class.getMethod("beskyttet"); ResourceInfo ri = new TestInvocationContext(method, RestClass.class); @@ -133,7 +133,7 @@ public void teardown() throws Exception{ @Test - public void skal_slippe_gjennom_token_tilstrekkelig_levetid_til_å_brukes_til_kall_til_andre_tjenester() + void skal_slippe_gjennom_token_tilstrekkelig_levetid_til_å_brukes_til_kall_til_andre_tjenester() throws Exception { Method method = RestClass.class.getMethod("beskyttet"); ResourceInfo ri = new TestInvocationContext(method, RestClass.class); @@ -151,7 +151,7 @@ public void teardown() throws Exception{ } @Test - public void skal_slippe_gjennom_token_tilstrekkelig_levetid_til_å_brukes_til_kall_til_andre_tjenester_selv_om_kortere_enn_gammel_grense() + void skal_slippe_gjennom_token_tilstrekkelig_levetid_til_å_brukes_til_kall_til_andre_tjenester_selv_om_kortere_enn_gammel_grense() throws Exception { Method method = RestClass.class.getMethod("beskyttet"); ResourceInfo ri = new TestInvocationContext(method, RestClass.class); diff --git a/felles/db/src/main/java/no/nav/vedtak/felles/jpa/EntityManagerProducer.java b/felles/db/src/main/java/no/nav/vedtak/felles/jpa/EntityManagerProducer.java index 65d8e7928..351028ae0 100644 --- a/felles/db/src/main/java/no/nav/vedtak/felles/jpa/EntityManagerProducer.java +++ b/felles/db/src/main/java/no/nav/vedtak/felles/jpa/EntityManagerProducer.java @@ -35,7 +35,7 @@ public class EntityManagerProducer { /** * registrerte {@link EntityManagerFactory}. */ - private static final Map CACHE_FACTORIES = new ConcurrentHashMap<>(); // NOSONAR + private static final Map CACHE_FACTORIES = new ConcurrentHashMap<>(); @Produces @RequestScoped diff --git a/felles/db/src/main/java/no/nav/vedtak/felles/jpa/TransactionHandler.java b/felles/db/src/main/java/no/nav/vedtak/felles/jpa/TransactionHandler.java index 4db597c06..204f1bcd3 100644 --- a/felles/db/src/main/java/no/nav/vedtak/felles/jpa/TransactionHandler.java +++ b/felles/db/src/main/java/no/nav/vedtak/felles/jpa/TransactionHandler.java @@ -37,10 +37,10 @@ public R apply(EntityManager em) throws Exception { } } - protected abstract R doWork(EntityManager entityManager) throws Exception; // NOSONAR + protected abstract R doWork(EntityManager entityManager) throws Exception; // NOSONAR public interface Work { - R doWork(EntityManager em) throws Exception; // NOSONAR + R doWork(EntityManager em) throws Exception; // NOSONAR } -} \ No newline at end of file +} diff --git a/felles/db/src/main/java/no/nav/vedtak/felles/jpa/converters/PropertiesToStringConverter.java b/felles/db/src/main/java/no/nav/vedtak/felles/jpa/converters/PropertiesToStringConverter.java index 8bbea4e27..0e1c916a3 100644 --- a/felles/db/src/main/java/no/nav/vedtak/felles/jpa/converters/PropertiesToStringConverter.java +++ b/felles/db/src/main/java/no/nav/vedtak/felles/jpa/converters/PropertiesToStringConverter.java @@ -36,7 +36,7 @@ public Properties convertToEntityAttribute(String dbData) { try { props.load(new StringReader(dbData)); } catch (IOException e) { - throw new IllegalArgumentException("Kan ikke lese properties til string:" + props, e); //$NON-NLS-1$ + throw new IllegalArgumentException("Kan ikke lese properties til string:" + props, e); } } return props; diff --git a/felles/db/src/main/java/no/nav/vedtak/felles/jpa/savepoint/RunWithSavepoint.java b/felles/db/src/main/java/no/nav/vedtak/felles/jpa/savepoint/RunWithSavepoint.java index 4c8a039fc..1821e85e0 100644 --- a/felles/db/src/main/java/no/nav/vedtak/felles/jpa/savepoint/RunWithSavepoint.java +++ b/felles/db/src/main/java/no/nav/vedtak/felles/jpa/savepoint/RunWithSavepoint.java @@ -54,8 +54,7 @@ public V execute(Connection conn) throws SQLException { // allerede skjedd, ikke håndter på nytt men la 'vårt' savepoint i fred throw e; } catch (Throwable t) { // NOSONAR - // alle andre feil intercepts medfører rollback siden vi ikke kan være sikre på - // tilstand. + // alle andre feil intercepts medfører rollback siden vi ikke kan være sikre på tilstand. em.clear(); // rydd ugyldig state if (!conn.isClosed()) { conn.rollback(savepoint); diff --git a/felles/db/src/test/java/no/nav/vedtak/felles/jpa/converters/BooleanToStringConverterTest.java b/felles/db/src/test/java/no/nav/vedtak/felles/jpa/converters/BooleanToStringConverterTest.java index 3a0a3896e..0e78ec5e4 100644 --- a/felles/db/src/test/java/no/nav/vedtak/felles/jpa/converters/BooleanToStringConverterTest.java +++ b/felles/db/src/test/java/no/nav/vedtak/felles/jpa/converters/BooleanToStringConverterTest.java @@ -4,38 +4,38 @@ import org.junit.jupiter.api.Test; -public class BooleanToStringConverterTest { +class BooleanToStringConverterTest { private static final BooleanToStringConverter BOOLEAN_TO_STRING_CONVERTER = new BooleanToStringConverter(); @Test - public void skal_konvertere_J_til_TRUE() { + void skal_konvertere_J_til_TRUE() { assertThat(BOOLEAN_TO_STRING_CONVERTER.convertToEntityAttribute("J")).isEqualTo(Boolean.TRUE); } @Test - public void skal_konvertere_N_til_FALSE() { + void skal_konvertere_N_til_FALSE() { assertThat(BOOLEAN_TO_STRING_CONVERTER.convertToEntityAttribute("N")).isEqualTo(Boolean.FALSE); } @Test - public void skal_konverte_null_string_til_null_boolean() { + void skal_konverte_null_string_til_null_boolean() { assertThat(BOOLEAN_TO_STRING_CONVERTER.convertToEntityAttribute(null)).isNull(); } @Test - public void skal_konverte_TRUE_til_J() { + void skal_konverte_TRUE_til_J() { assertThat(BOOLEAN_TO_STRING_CONVERTER.convertToDatabaseColumn(Boolean.TRUE)).isEqualTo("J"); } @Test - public void skal_konverte_FALSE_til_N() { + void skal_konverte_FALSE_til_N() { assertThat(BOOLEAN_TO_STRING_CONVERTER.convertToDatabaseColumn(Boolean.FALSE)).isEqualTo("N"); } @Test - public void skal_konverte_null_boolean_til_null_streng() { + void skal_konverte_null_boolean_til_null_streng() { assertThat(BOOLEAN_TO_STRING_CONVERTER.convertToDatabaseColumn(null)).isEqualTo(null); } -} \ No newline at end of file +} diff --git a/felles/db/src/test/java/no/nav/vedtak/felles/jpa/converters/PropertiesToStringConverterTest.java b/felles/db/src/test/java/no/nav/vedtak/felles/jpa/converters/PropertiesToStringConverterTest.java index 81e4fbc6e..a33aec68c 100644 --- a/felles/db/src/test/java/no/nav/vedtak/felles/jpa/converters/PropertiesToStringConverterTest.java +++ b/felles/db/src/test/java/no/nav/vedtak/felles/jpa/converters/PropertiesToStringConverterTest.java @@ -7,10 +7,10 @@ import org.junit.jupiter.api.Test; -public class PropertiesToStringConverterTest { +class PropertiesToStringConverterTest { @Test - public void test_method_convertToDatabaseColumn() { + void test_method_convertToDatabaseColumn() { final String propNavn = "propNavn"; final String propVerdi = "propVerdi"; Properties properties = new Properties(); @@ -20,13 +20,13 @@ public void test_method_convertToDatabaseColumn() { } @Test - public void test_method_convertToDatabaseColumn_null_sjekk() { + void test_method_convertToDatabaseColumn_null_sjekk() { Properties properties = new Properties(); assertNull(new PropertiesToStringConverter().convertToDatabaseColumn(properties)); } @Test - public void test_method_convertToEntityAttribute() { + void test_method_convertToEntityAttribute() { final String dbData = "navn=testNavn\nby=oslo\nland=norge"; Properties properties = new PropertiesToStringConverter().convertToEntityAttribute(dbData); assertThat(properties.getProperty("land")).isEqualTo("norge"); diff --git a/felles/klient/src/main/java/no/nav/vedtak/klient/http/ResponseHandler.java b/felles/klient/src/main/java/no/nav/vedtak/klient/http/ResponseHandler.java index 6257da679..532b32792 100644 --- a/felles/klient/src/main/java/no/nav/vedtak/klient/http/ResponseHandler.java +++ b/felles/klient/src/main/java/no/nav/vedtak/klient/http/ResponseHandler.java @@ -11,7 +11,6 @@ final class ResponseHandler { private ResponseHandler() { - // NOSONAR } static W handleResponse(final HttpResponse response, URI endpoint, Set acceptStatus) { diff --git a/felles/kontekst/src/main/java/no/nav/vedtak/sikkerhet/kontekst/BasisKontekst.java b/felles/kontekst/src/main/java/no/nav/vedtak/sikkerhet/kontekst/BasisKontekst.java index faeafa4eb..8e90b3ac7 100644 --- a/felles/kontekst/src/main/java/no/nav/vedtak/sikkerhet/kontekst/BasisKontekst.java +++ b/felles/kontekst/src/main/java/no/nav/vedtak/sikkerhet/kontekst/BasisKontekst.java @@ -55,8 +55,9 @@ public static BasisKontekst forProsesstask() { } public static BasisKontekst forProsesstaskUtenSystembruker() { - var appname = "srv" + Environment.current().application(); - return new BasisKontekst(SikkerhetContext.SYSTEM, appname, IdentType.Prosess, Optional.ofNullable(Environment.current().clientId()).orElse(appname)); + var username = "srv" + Optional.ofNullable(Environment.current().application()).orElse("local"); + var konsument = Optional.ofNullable(Environment.current().clientId()).orElse(username); + return new BasisKontekst(SikkerhetContext.SYSTEM, username, IdentType.Prosess, konsument); } public static BasisKontekst ikkeAutentisertRequest(String consumerId) { diff --git a/felles/log/src/main/java/no/nav/vedtak/log/util/MemoryAppender.java b/felles/log/src/main/java/no/nav/vedtak/log/util/MemoryAppender.java index 6ba22070e..ae88bdd65 100644 --- a/felles/log/src/main/java/no/nav/vedtak/log/util/MemoryAppender.java +++ b/felles/log/src/main/java/no/nav/vedtak/log/util/MemoryAppender.java @@ -80,9 +80,9 @@ public static MemoryAppender sniff(Class clazz) { public static MemoryAppender sniff(org.slf4j.Logger logger) { var log = Logger.class.cast(logger); - log.setLevel(Level.INFO); + log.setLevel(Level.INFO); // NOSONAR test-utility var sniffer = new MemoryAppender(log.getName()); - log.addAppender(sniffer); + log.addAppender(sniffer); // NOSONAR test-utility sniffer.start(); return sniffer; } diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/impl/OidcProviderConfig.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/impl/OidcProviderConfig.java index 2140e147c..ca1f0eeb6 100644 --- a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/impl/OidcProviderConfig.java +++ b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/config/impl/OidcProviderConfig.java @@ -46,7 +46,7 @@ public final class OidcProviderConfig { private static Set PROVIDERS = new HashSet<>(); - private final Set providers; + private final Set instanceProviders; private final Map issuers; private static OidcProviderConfig instance; @@ -56,8 +56,8 @@ private OidcProviderConfig() { } private OidcProviderConfig(Set providers) { - this.providers = new HashSet<>(providers); - this.issuers = this.providers.stream().collect(Collectors.toMap(c -> c.issuer().toString(), Function.identity())); + this.instanceProviders = new HashSet<>(providers); + this.issuers = this.instanceProviders.stream().collect(Collectors.toMap(c -> c.issuer().toString(), Function.identity())); } public static synchronized OidcProviderConfig instance() { @@ -70,7 +70,7 @@ public static synchronized OidcProviderConfig instance() { } public Optional getOidcConfig(OpenIDProvider type) { - return providers.stream().filter(p -> p.type().equals(type)).findFirst(); + return instanceProviders.stream().filter(p -> p.type().equals(type)).findFirst(); } public Optional getOidcConfig(String issuer) { @@ -112,10 +112,11 @@ private static Set hentConfig() { idProviderConfigs.add(createTokenXConfiguration(tokenxKonfigUrl)); } - LOG.info("ID Providere som er tilgjengelig: {}", idProviderConfigs.stream() + var providere = idProviderConfigs.stream() .map(OpenIDConfiguration::type) .map(OpenIDProvider::name) - .collect(Collectors.joining(", "))); + .collect(Collectors.joining(", ")); + LOG.info("ID Providere som er tilgjengelig: {}", providere); return idProviderConfigs; } @@ -182,7 +183,7 @@ private static OpenIDConfiguration createTokenXConfiguration(String wellKnownUrl false); } - private static OpenIDConfiguration createConfiguration(OpenIDProvider type, + private static OpenIDConfiguration createConfiguration(OpenIDProvider type, // NOSONAR String issuer, String jwks, String tokenEndpoint, diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/TokenProvider.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/TokenProvider.java index c9d17b43e..554065be0 100644 --- a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/TokenProvider.java +++ b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/TokenProvider.java @@ -7,7 +7,6 @@ import no.nav.foreldrepenger.konfig.Environment; import no.nav.vedtak.sikkerhet.kontekst.DefaultRequestKontekstProvider; import no.nav.vedtak.sikkerhet.kontekst.IdentType; -import no.nav.vedtak.sikkerhet.kontekst.Kontekst; import no.nav.vedtak.sikkerhet.kontekst.KontekstProvider; import no.nav.vedtak.sikkerhet.kontekst.RequestKontekst; import no.nav.vedtak.sikkerhet.kontekst.SikkerhetContext; @@ -22,7 +21,9 @@ public final class TokenProvider { private static final KontekstProvider KONTEKST_PROVIDER = new DefaultRequestKontekstProvider(); - private static final String ENV_CLIENT_ID = Optional.ofNullable(Environment.current().clientId()).orElseGet(() -> Environment.current().application()); + private static final String ENV_CLIENT_ID = Optional.ofNullable(Environment.current().clientId()) + .or(() -> Optional.ofNullable(Environment.current().application())) + .orElse("local"); private static final Set USE_SYSTEM = Set.of(SikkerhetContext.SYSTEM, SikkerhetContext.WSREQUEST); private static final boolean SYSTEM_USE_AZURE = !"false".equalsIgnoreCase(Environment.current().getProperty("token.system.use.azure")); @@ -82,7 +83,8 @@ public static OpenIDToken getTokenForSystem(OpenIDProvider provider, String scop public static String getConsumerIdFor(SikkerhetContext context) { return switch (context) { case REQUEST, WSREQUEST -> getCurrentConsumerId(); - case SYSTEM -> SYSTEM_USE_AZURE ? ENV_CLIENT_ID : ConfigProvider.getOpenIDConfiguration(OpenIDProvider.STS).map(OpenIDConfiguration::clientId).orElse(null); + case SYSTEM -> SYSTEM_USE_AZURE ? ENV_CLIENT_ID : + ConfigProvider.getOpenIDConfiguration(OpenIDProvider.STS).map(OpenIDConfiguration::clientId).orElse(null); }; } diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/AzureSystemTokenKlient.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/AzureSystemTokenKlient.java index aa538742c..180f78454 100644 --- a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/AzureSystemTokenKlient.java +++ b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/AzureSystemTokenKlient.java @@ -12,7 +12,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import no.nav.foreldrepenger.konfig.Environment; import no.nav.vedtak.sikkerhet.oidc.config.ConfigProvider; import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider; import no.nav.vedtak.sikkerhet.oidc.token.OpenIDToken; @@ -21,7 +20,6 @@ public class AzureSystemTokenKlient { - private static final Environment ENV = Environment.current(); private static final Logger LOG = LoggerFactory.getLogger(AzureSystemTokenKlient.class); private static AzureSystemTokenKlient INSTANCE; diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/StsSystemTokenKlient.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/StsSystemTokenKlient.java index a8f7a6d3d..cfed6a969 100644 --- a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/StsSystemTokenKlient.java +++ b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/StsSystemTokenKlient.java @@ -8,7 +8,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import no.nav.foreldrepenger.konfig.Environment; import no.nav.vedtak.log.mdc.MDCOperations; import no.nav.vedtak.sikkerhet.oidc.config.ConfigProvider; import no.nav.vedtak.sikkerhet.oidc.config.OpenIDConfiguration; @@ -18,7 +17,6 @@ public class StsSystemTokenKlient { - private static final Environment ENV = Environment.current(); private static final Logger LOG = LoggerFactory.getLogger(StsSystemTokenKlient.class); private static final String SCOPE = "openid"; @@ -27,6 +25,9 @@ public class StsSystemTokenKlient { private static OpenIDToken accessToken; + private StsSystemTokenKlient() { + } + public static synchronized OpenIDToken hentAccessToken() { if (accessToken != null && accessToken.isNotExpired()) { return accessToken.copy(); diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/tokenx/TokenXchange.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/tokenx/TokenXchange.java index f53b66a29..163be503e 100644 --- a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/tokenx/TokenXchange.java +++ b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/tokenx/TokenXchange.java @@ -23,7 +23,6 @@ public final class TokenXchange { private static final Logger LOG = LoggerFactory.getLogger(TokenXchange.class); private TokenXchange() { - // NOSONAR } public static OpenIDToken exchange(URI targetEndpoint) { diff --git a/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/jwks/JwksKeyHandlerTest.java b/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/jwks/JwksKeyHandlerTest.java index 865ffd83d..44de364f0 100644 --- a/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/jwks/JwksKeyHandlerTest.java +++ b/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/jwks/JwksKeyHandlerTest.java @@ -13,12 +13,12 @@ import org.junit.jupiter.api.Test; -public class JwksKeyHandlerTest { +class JwksKeyHandlerTest { private static final URI STD_URI = URI.create("http://www.vg.no"); @Test - public void skal_parse_jwks_og_hente_ut_key() throws Exception { + void skal_parse_jwks_og_hente_ut_key() throws Exception { String jsonStreng = les("example-jwks.json"); JwksKeyHandler handler = new JwksKeyHandlerImpl(new TestKeySupplier(jsonStreng), STD_URI); @@ -36,7 +36,7 @@ public void skal_parse_jwks_og_hente_ut_key() throws Exception { } @Test - public void skal_returnere_null_dersom_key_ikke_finnes_i_jwks() throws Exception { + void skal_returnere_null_dersom_key_ikke_finnes_i_jwks() throws Exception { String jsonStreng = les("example-jwks.json"); JwksKeyHandler handler = new JwksKeyHandlerImpl(new TestKeySupplier(jsonStreng), STD_URI); @@ -46,7 +46,7 @@ public void skal_returnere_null_dersom_key_ikke_finnes_i_jwks() throws Exception } @Test - public void __key_rotation__skal_ikke_hente_nye_nøkler_fra_jwks_supplier_dersom_nøkkel_finnes_i_cache() throws Exception { + void __key_rotation__skal_ikke_hente_nye_nøkler_fra_jwks_supplier_dersom_nøkkel_finnes_i_cache() throws Exception { String jwks1 = les("example-jwks.json"); String jwks2 = les("example2-jwks.json"); TestKeySupplier keySupplier = new TestKeySupplier(jwks2, jwks1); @@ -65,7 +65,7 @@ public void skal_returnere_null_dersom_key_ikke_finnes_i_jwks() throws Exception } @Test - public void __key_rotation__skal_hente_nye_nøkler_fra_jwks_supplier_dersom_nøkkel_ikke_finnes_i_cache() throws Exception { + void __key_rotation__skal_hente_nye_nøkler_fra_jwks_supplier_dersom_nøkkel_ikke_finnes_i_cache() throws Exception { String jwks1 = les("example-jwks.json"); String jwks2 = les("example2-jwks.json"); TestKeySupplier keySupplier = new TestKeySupplier(jwks1, jwks2); diff --git a/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/JwtUtilTest.java b/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/JwtUtilTest.java index 501748d53..2f4346919 100644 --- a/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/JwtUtilTest.java +++ b/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/JwtUtilTest.java @@ -9,10 +9,10 @@ import no.nav.vedtak.exception.TekniskException; import no.nav.vedtak.exception.VLException; -public class JwtUtilTest { +class JwtUtilTest { @Test - public void skal_kunne_pelle_ut_payload_fra_jwt() { + void skal_kunne_pelle_ut_payload_fra_jwt() { String etJWT = "eyAidHlwIjogIkpXVCIsICJraWQiOiAiU0gxSWVSU2sxT1VGSDNzd1orRXVVcTE5VHZRPSIsICJhbGciOiAiUlMyNTYiIH0.eyAiYXRfaGFzaCI6ICItcVcwcGVhdFUwWFNKa3AtY3JlT19RIiwgInN1YiI6ICJ1MTM5MTU4IiwgImF1ZGl0VHJhY2tpbmdJZCI6ICI3Y2Y5M2ZiOS00NmU1LTQ4MjUtYjU4Ni1jZjU4ZDdiOWIyNDYtMTAwMjUwNjgiLCAiaXNzIjogImh0dHBzOi8vaXNzby10LmFkZW8ubm86NDQzL2lzc28vb2F1dGgyIiwgInRva2VuTmFtZSI6ICJpZF90b2tlbiIsICJhdWQiOiAiT0lEQyIsICJjX2hhc2giOiAiUUh1Mm8xWU9aVTFGN2EwTkYydFo5ZyIsICJvcmcuZm9yZ2Vyb2NrLm9wZW5pZGNvbm5lY3Qub3BzIjogIjAxZDNhMGRlLTA3NzctNGNkMy1iNmE0LWJkN2RkNzAyMjE1ZiIsICJhenAiOiAiT0lEQyIsICJhdXRoX3RpbWUiOiAxNDk0ODQ3NzgyLCAicmVhbG0iOiAiLyIsICJleHAiOiAxNDk0ODUxMzgyLCAidG9rZW5UeXBlIjogIkpXVFRva2VuIiwgImlhdCI6IDE0OTQ4NDc3ODIgfQ.UH6nMEPT4ogNVDS0UFXp0w1kwAE2zIo7eE8P_Cm6LBX7t8BegqLX_1XEXEcJ5Zqgact4Zkf3_LfN_R3OgcX2z1_6H8iVPMNf7XRv-N1WJxNCyW970lvw30xOSL9sd76xiQJ6Q3Hc0PfoJpkVQzZEzHYzAHJ9SbQ-a9YtPlXMf0OzI91W0gL8O49Susnpy7Fy3UcskNpws8nPrjDTdHeneMtAtz0f6XaHdgLgH9F4LKl9xj43nOweKWaE6u_0FqCgiFpX8CaV39-nvQNJv0cgXZQjaxP7dPryVZwes6SsnzfiTofIuVI26GgnDtqu2a2qqaOrQ3Ai7aIpNS_dNrY3PQ"; String payload = JwtUtil.getJwtBody(etJWT); @@ -22,14 +22,14 @@ public void skal_kunne_pelle_ut_payload_fra_jwt() { } @Test - public void skal_feile_dersom_input_er_helt_feil() { + void skal_feile_dersom_input_er_helt_feil() { var e = assertThrows(VLException.class, () -> JwtUtil.getJwtBody("tull.og.tøys")); assertTrue(e.getMessage().contains("Feil ved parsing av JWT")); } @Test - public void skal_hente_clientName_fra_azp_claim() { + void skal_hente_clientName_fra_azp_claim() { /* * JWT-body { "iss": "https://foo.bar.adeo.no/openam/oauth2", "exp": 1527256661, * "jti": "IfOmOW1mohKVRutF1n-QhA", "iat": 1527253061, "sub": "demo", "aud": @@ -43,7 +43,7 @@ public void skal_hente_clientName_fra_azp_claim() { } @Test - public void skal_hente_clientName_fra_aud_hvis_azp_claim_mangler() { + void skal_hente_clientName_fra_aud_hvis_azp_claim_mangler() { /* * JWT-body { "iss": "https://foo.bar.adeo.no/openam/oauth2", "exp": 1527256661, * "jti": "yzuc_Rdd_6Imo2-4ErfCTw", "iat": 1527253061, "sub": "demo", "aud": @@ -57,7 +57,7 @@ public void skal_hente_clientName_fra_aud_hvis_azp_claim_mangler() { } @Test - public void kan_ikke_hente_clientName_hvis_azp_claim_mangler_og_aud_større_enn_1() { + void kan_ikke_hente_clientName_hvis_azp_claim_mangler_og_aud_større_enn_1() { /* * JWT-body { "iss": "https://foo.bar.adeo.no/openam/oauth2", "exp": 1527256661, * "jti": "dLD-drhxM8xQUgI5eMAJTQ", "iat": 1527253061, "sub": "demo", "aud": [ diff --git a/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/OidcTokenValidatorTest.java b/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/OidcTokenValidatorTest.java index a41df7a15..efff257ef 100644 --- a/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/OidcTokenValidatorTest.java +++ b/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/oidc/validator/OidcTokenValidatorTest.java @@ -24,7 +24,7 @@ import no.nav.vedtak.sikkerhet.oidc.jwks.JwksKeyHandlerImpl; import no.nav.vedtak.sikkerhet.oidc.token.TokenString; -public class OidcTokenValidatorTest { +class OidcTokenValidatorTest { private OidcTokenValidator tokenValidator; @@ -45,14 +45,14 @@ public void beforeEach() { } @Test - public void skal_godta_token_som_har_forventede_verdier() { + void skal_godta_token_som_har_forventede_verdier() { var token = new OidcTokenGenerator().createHeaderTokenHolder(); OidcTokenValidatorResult result = tokenValidator.validate(token); assertValid(result); } @Test - public void skal_godta_token_som_har_forventede_verdier_og_i_tillegg_har_noen_ukjente_claims() { + void skal_godta_token_som_har_forventede_verdier_og_i_tillegg_har_noen_ukjente_claims() { var token = new OidcTokenGenerator() .withClaim("email", "foo@bar.nav.no") .createHeaderTokenHolder(); @@ -62,7 +62,7 @@ public void skal_godta_token_som_har_forventede_verdier_og_i_tillegg_har_noen_uk } @Test - public void skal_ikke_godta_token_som_har_feil_issuer() { + void skal_ikke_godta_token_som_har_feil_issuer() { // OpenID Connect Core 1.0 incorporating errata set 1 // 3.1.3.7 ID Token Validation // 2 ..The Issuer Identifier for the OpenID provider .. MUST exactly match the @@ -77,7 +77,7 @@ public void skal_ikke_godta_token_som_har_feil_issuer() { } @Test - public void skal_godta_token_uansett_audience() { + void skal_godta_token_uansett_audience() { // OpenID Connect Core 1.0 incorporating errata set 1 // 3.1.3.7 ID Token Validation // 3 ..The ID token MUST be rejected if the ID Token does not list the Client as @@ -100,7 +100,7 @@ public void skal_godta_token_uansett_audience() { } @Test - public void skal_ikke_godta_at_azp_mangler_hvis_det_er_multiple_audiences_fordi_dette_trengs_for_å_senere_kunne_gjøre_refresh_av_token() { + void skal_ikke_godta_at_azp_mangler_hvis_det_er_multiple_audiences_fordi_dette_trengs_for_å_senere_kunne_gjøre_refresh_av_token() { // OpenID Connect Core 1.0 incorporating errata set 1 // 3.1.3.7 ID Token Validation // 4 If the ID Token contains multiple audiences, the Client SHOULD verify that @@ -115,7 +115,7 @@ public void skal_godta_token_uansett_audience() { } @Test - public void skal_ikke_godta_at_azp_inneholder_noe_annet_enn_aktuelt_klientnavn() { + void skal_ikke_godta_at_azp_inneholder_noe_annet_enn_aktuelt_klientnavn() { // OpenID Connect Core 1.0 incorporating errata set 1 // 3.1.3.7 ID Token Validation // 5 If an azp (authorized party) Claim is present, the Client SHOULD verify @@ -133,7 +133,7 @@ public void skal_ikke_godta_at_azp_inneholder_noe_annet_enn_aktuelt_klientnavn() } @Test - public void skal_ekstrahere_kortnavn_fra_aad_client_credentials_med_azpname() { + void skal_ekstrahere_kortnavn_fra_aad_client_credentials_med_azpname() { // OpenID Connect Core 1.0 incorporating errata set 1 // 3.1.3.7 ID Token Validation // 5 If an azp (authorized party) Claim is present, the Client SHOULD verify @@ -153,7 +153,7 @@ public void skal_ekstrahere_kortnavn_fra_aad_client_credentials_med_azpname() { } @Test - public void skal_ikke_godta_token_som_er_signert_med_feil_sertifikat() { + void skal_ikke_godta_token_som_er_signert_med_feil_sertifikat() { // OpenID Connect Core 1.0 incorporating errata set 1 // 3.1.3.7 ID Token Validation // 6 ... The Client MUST validate the signature of all other ID Tokens according @@ -170,7 +170,7 @@ public void skal_ikke_godta_token_som_er_signert_med_feil_sertifikat() { } @Test - public void skal_ikke_godta_token_som_har_gått_ut_på_tid() { + void skal_ikke_godta_token_som_har_gått_ut_på_tid() { // OpenID Connect Core 1.0 incorporating errata set 1 // 3.1.3.7 ID Token Validation // 9 The current time MUST be before the time represented by the exp Claim @@ -184,7 +184,7 @@ public void skal_ikke_godta_token_som_er_signert_med_feil_sertifikat() { } @Test - public void skal_godta_token_som_har_gått_ut_på_tid_i_egen_metode_som_validerer_uten_tid() { + void skal_godta_token_som_har_gått_ut_på_tid_i_egen_metode_som_validerer_uten_tid() { long now = NumericDate.now().getValue(); var token = new OidcTokenGenerator() .withIssuedAt(NumericDate.fromSeconds(now - 3601)) @@ -195,21 +195,21 @@ public void skal_ikke_godta_token_som_er_signert_med_feil_sertifikat() { } @Test - public void skal_ikke_godta_å_validere_token_når_det_mangler_konfigurasjon_for_issuer() { + void skal_ikke_godta_å_validere_token_når_det_mangler_konfigurasjon_for_issuer() { WellKnownConfigurationHelper.setWellKnownConfig("azureAD", "{}"); var e = assertThrows(IllegalStateException.class, () -> new OidcTokenValidator(OpenIDProvider.AZUREAD, null, new JwksKeyHandlerFromString(KeyStoreTool.getJwks()), "OIDC")); assertTrue(e.getMessage().contains("Expected issuer must be configured")); } @Test - public void skal_ikke_godta_å_validere_token_når_det_mangler_konfigurasjon_for_audience() { + void skal_ikke_godta_å_validere_token_når_det_mangler_konfigurasjon_for_audience() { System.clearProperty(AzureProperty.AZURE_APP_CLIENT_ID.name()); var e = assertThrows(IllegalStateException.class, () -> new OidcTokenValidator(OpenIDProvider.AZUREAD, OidcTokenGenerator.ISSUER, new JwksKeyHandlerFromString(KeyStoreTool.getJwks()), null)); assertTrue(e.getMessage().contains("Expected audience must be configured")); } @Test - public void skal_ikke_godta_token_som_har_kid_som_ikke_finnes_i_jwks() { + void skal_ikke_godta_token_som_har_kid_som_ikke_finnes_i_jwks() { var token = new OidcTokenGenerator() .withKid("124135g8e") .createHeaderTokenHolder(); @@ -219,14 +219,14 @@ public void skal_ikke_godta_token_som_har_kid_som_ikke_finnes_i_jwks() { } @Test - public void skal_ikke_godta_null() { + void skal_ikke_godta_null() { OidcTokenValidatorResult result = tokenValidator.validate(null); assertThat(result.isValid()).isFalse(); assertThat(result.getErrorMessage()).isEqualTo("Missing token (token was null)"); } @Test - public void skal_ikke_godta_noe_som_ikke_er_et_gyldig_JWT() { + void skal_ikke_godta_noe_som_ikke_er_et_gyldig_JWT() { OidcTokenValidatorResult result1 = tokenValidator.validate(new TokenString("")); assertInvalid(result1, "Invalid OIDC JWT processing failed", diff --git a/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/tokenx/TestAssertionGenerator.java b/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/tokenx/TestAssertionGenerator.java index 6a2f32fb2..034f5dbdc 100644 --- a/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/tokenx/TestAssertionGenerator.java +++ b/felles/oidc/src/test/java/no/nav/vedtak/sikkerhet/tokenx/TestAssertionGenerator.java @@ -14,7 +14,7 @@ public class TestAssertionGenerator { @Test - public void lag_signer_valider_tokenx_assertion() throws MalformedClaimException { + void lag_signer_valider_tokenx_assertion() throws MalformedClaimException { var generator = new TokenXAssertionGenerator(URI.create("https://token/endpoint"), "minKlient", KeyStoreTool.getJsonWebKey()); var token = generator.assertion(); diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/ContextPathHolder.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/ContextPathHolder.java index 70294f192..e8a98720c 100644 --- a/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/ContextPathHolder.java +++ b/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/ContextPathHolder.java @@ -10,7 +10,7 @@ public class ContextPathHolder { private static final Logger LOG = LoggerFactory.getLogger(ContextPathHolder.class); - private static volatile ContextPathHolder instance; + private static volatile ContextPathHolder instance; // NOSONAR private final String cookiePath; private final boolean harSattCookiePath; diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/context/ThreadLocalSubjectHandler.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/context/ThreadLocalSubjectHandler.java index a4ceaa040..cc1913172 100644 --- a/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/context/ThreadLocalSubjectHandler.java +++ b/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/context/ThreadLocalSubjectHandler.java @@ -14,4 +14,8 @@ public Subject getSubject() { public void setSubject(Subject subject) { subjectHolder.set(subject); } -} \ No newline at end of file + + public void fjernSubject() { + subjectHolder.remove(); + } +} diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/jaspic/OidcAuthModule.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/jaspic/OidcAuthModule.java index a278613f7..5a8ec8530 100644 --- a/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/jaspic/OidcAuthModule.java +++ b/felles/sikkerhet/src/main/java/no/nav/vedtak/sikkerhet/jaspic/OidcAuthModule.java @@ -154,7 +154,7 @@ protected void validateCleanSubjecthandler() { } public void setCallAndConsumerId(HttpServletRequest request) { - String callId = Optional.ofNullable(request.getHeader(MDCOperations.HTTP_HEADER_CALL_ID)) // NOSONAR Akseptertet headere + String callId = Optional.ofNullable(request.getHeader(MDCOperations.HTTP_HEADER_CALL_ID)) .orElseGet(() -> request.getHeader(MDCOperations.HTTP_HEADER_ALT_CALL_ID)); if (callId != null) { MDCOperations.putCallId(callId); @@ -162,7 +162,7 @@ public void setCallAndConsumerId(HttpServletRequest request) { MDCOperations.putCallId(); } - String consumerId = request.getHeader(MDCOperations.HTTP_HEADER_CONSUMER_ID); // NOSONAR Akseptertet headere + String consumerId = request.getHeader(MDCOperations.HTTP_HEADER_CONSUMER_ID); if (consumerId != null) { MDCOperations.putConsumerId(consumerId); } diff --git a/felles/sikkerhet/src/test/java/no/nav/vedtak/sikkerhet/jaspic/OidcAuthModuleTest.java b/felles/sikkerhet/src/test/java/no/nav/vedtak/sikkerhet/jaspic/OidcAuthModuleTest.java index a8ec0faae..7bb89cf49 100644 --- a/felles/sikkerhet/src/test/java/no/nav/vedtak/sikkerhet/jaspic/OidcAuthModuleTest.java +++ b/felles/sikkerhet/src/test/java/no/nav/vedtak/sikkerhet/jaspic/OidcAuthModuleTest.java @@ -35,7 +35,7 @@ import no.nav.vedtak.sikkerhet.oidc.validator.OidcTokenValidatorConfig; import no.nav.vedtak.sikkerhet.oidc.validator.OidcTokenValidatorResult; -public class OidcAuthModuleTest { +class OidcAuthModuleTest { private OidcTokenValidator tokenValidator = Mockito.mock(OidcTokenValidator.class); private TokenLocator tokenLocator = Mockito.mock(TokenLocator.class); @@ -73,7 +73,7 @@ public void setUp() throws Exception{ } @Test - public void skal_slippe_gjennom_forespørsel_etter_ubeskyttet_ressurs() throws Exception { + void skal_slippe_gjennom_forespørsel_etter_ubeskyttet_ressurs() throws Exception { MessageInfo request = createRequestForUnprotectedResource(); AuthStatus result = authModule.validateRequest(request, subject, serviceSubject); @@ -81,7 +81,7 @@ public void setUp() throws Exception{ } @Test - public void skal_ikke_slippe_gjennom_forespørsel_men_svare_med_401_etter_beskyttet_ressurs_når_forespørselen_ikke_har_med_id_token() + void skal_ikke_slippe_gjennom_forespørsel_men_svare_med_401_etter_beskyttet_ressurs_når_forespørselen_ikke_har_med_id_token() throws Exception { when(request.getHeader("Accept")).thenReturn("application/json"); MessageInfo request = createRequestForProtectedResource(); @@ -95,7 +95,7 @@ public void setUp() throws Exception{ } @Test - public void skal_sende_401_for_ugyldig_Authorization_header() + void skal_sende_401_for_ugyldig_Authorization_header() throws Exception { var utløptIdToken = getUtløptToken(); @@ -112,7 +112,7 @@ public void skal_sende_401_for_ugyldig_Authorization_header() } @Test - public void skal_ikke_slippe_gjennom_forespørsel_men_svare_med_redirect_til_openam_etter_beskyttet_ressurs_når_forespørselen_ikke_har_med_id_token() + void skal_ikke_slippe_gjennom_forespørsel_men_svare_med_redirect_til_openam_etter_beskyttet_ressurs_når_forespørselen_ikke_har_med_id_token() throws Exception { when(request.getHeader("Accept")).thenReturn("*/*"); MessageInfo request = createRequestForProtectedResource(); @@ -125,7 +125,7 @@ public void skal_sende_401_for_ugyldig_Authorization_header() } @Test - public void skal_slippe_gjennom_forespørsel_etter_beskyttet_ressurs_når_forespørselen_har_med_id_token_som_validerer() + void skal_slippe_gjennom_forespørsel_etter_beskyttet_ressurs_når_forespørselen_har_med_id_token_som_validerer() throws Exception { MessageInfo request = createRequestForProtectedResource(); @@ -139,7 +139,7 @@ public void skal_sende_401_for_ugyldig_Authorization_header() } @Test - public void skal_ikke_slippe_gjennom_forespørsel_etter_beskyttet_ressurs_når_forespørselen_har_med_et_utløpt_id_token_og_ikke_noe_refresh_token() + void skal_ikke_slippe_gjennom_forespørsel_etter_beskyttet_ressurs_når_forespørselen_har_med_et_utløpt_id_token_og_ikke_noe_refresh_token() throws Exception { MessageInfo request = createRequestForProtectedResource(); @@ -157,7 +157,7 @@ public void skal_sende_401_for_ugyldig_Authorization_header() } @Test - public void skal_ikke_slippe_gjennom_forespørsel_og_svare_med_redirect_når_det_ikke_er_satt_application_json() throws Exception { + void skal_ikke_slippe_gjennom_forespørsel_og_svare_med_redirect_når_det_ikke_er_satt_application_json() throws Exception { MessageInfo request = createRequestForProtectedResource(); var ugyldigToken = getUtløptToken(); @@ -173,7 +173,7 @@ public void skal_sende_401_for_ugyldig_Authorization_header() } @Test - public void skal_ikke_slippe_gjennom_forespørsel_etter_beskyttet_ressurs_når_forespørselen_har_med_et_utløpt_id_token_og_ikke_klarer_å_hente_nytt_token_med_refresh_token() + void skal_ikke_slippe_gjennom_forespørsel_etter_beskyttet_ressurs_når_forespørselen_har_med_et_utløpt_id_token_og_ikke_klarer_å_hente_nytt_token_med_refresh_token() throws Exception { MessageInfo request = createRequestForProtectedResource(); @@ -191,7 +191,7 @@ public void skal_sende_401_for_ugyldig_Authorization_header() @Test - public void skal_slippe_gjennom_token_tilstrekkelig_levetid_til_å_brukes_til_kall_til_andre_tjenester() + void skal_slippe_gjennom_token_tilstrekkelig_levetid_til_å_brukes_til_kall_til_andre_tjenester() throws Exception { MessageInfo request = createRequestForProtectedResource(); @@ -208,7 +208,7 @@ public void skal_sende_401_for_ugyldig_Authorization_header() } @Test - public void skal_slippe_gjennom_token_tilstrekkelig_levetid_til_å_brukes_til_kall_til_andre_tjenester_selv_om_kortere_enn_gammel_grense() + void skal_slippe_gjennom_token_tilstrekkelig_levetid_til_å_brukes_til_kall_til_andre_tjenester_selv_om_kortere_enn_gammel_grense() throws Exception { MessageInfo request = createRequestForProtectedResource(); diff --git a/felles/testutilities/src/test/java/no/nav/vedtak/felles/testutilities/cdi/CdiExtensionTest.java b/felles/testutilities/src/test/java/no/nav/vedtak/felles/testutilities/cdi/CdiExtensionTest.java index 9e9631133..e195c76df 100644 --- a/felles/testutilities/src/test/java/no/nav/vedtak/felles/testutilities/cdi/CdiExtensionTest.java +++ b/felles/testutilities/src/test/java/no/nav/vedtak/felles/testutilities/cdi/CdiExtensionTest.java @@ -9,7 +9,7 @@ import org.junit.jupiter.api.extension.ExtendWith; @ExtendWith(CdiAwareExtension.class) -public class CdiExtensionTest { +class CdiExtensionTest { @Inject private AppBean appBean; diff --git a/felles/util/src/test/java/no/nav/vedtak/util/InputValideringRegexTest.java b/felles/util/src/test/java/no/nav/vedtak/util/InputValideringRegexTest.java index 14e54291c..9d732aac3 100644 --- a/felles/util/src/test/java/no/nav/vedtak/util/InputValideringRegexTest.java +++ b/felles/util/src/test/java/no/nav/vedtak/util/InputValideringRegexTest.java @@ -1,6 +1,10 @@ package no.nav.vedtak.util; -import static no.nav.vedtak.util.InputValideringRegex.*; +import static no.nav.vedtak.util.InputValideringRegex.ADRESSE; +import static no.nav.vedtak.util.InputValideringRegex.ARBEIDSGIVER; +import static no.nav.vedtak.util.InputValideringRegex.FRITEKST; +import static no.nav.vedtak.util.InputValideringRegex.KODEVERK; +import static no.nav.vedtak.util.InputValideringRegex.NAVN; import static org.assertj.core.api.Assertions.assertThat; import org.junit.jupiter.api.Test; @@ -8,7 +12,7 @@ public class InputValideringRegexTest { @Test - public void skal_matche_ulike_navn() { + void skal_matche_ulike_navn() { assertThat("Gisle-Børge").matches(NAVN); assertThat("Kari Normann").matches(NAVN); assertThat("Mc'Donald").matches(NAVN); @@ -28,25 +32,25 @@ public void skal_matche_ulike_navn() { } @Test - public void skal_ikke_tillate_diverse_som_navn() { + void skal_ikke_tillate_diverse_som_navn() { assertThat("