Add azp header for Identity JWKS Retrieval (#1312)

* add x-azp header to JWKS fetching and adjust JWKS cache key
* refactor JwtSignatureValidator -> Split into XsuaaJwtSignatureValidator and SapIdJwtSignatureValidator
* refactor OAuth2TokenKeyService and OAuth2TokenKeyServiceWithCache APIs to use generic Map instead of explicit IAS-specific parameters

---------

Co-authored-by: liga-oz <liga.ozolina@sap.com>

CHANGELOG.md

@@ -2,7 +2,10 @@
 All notable changes to this project will be documented in this file.
 
 ## 2.15.0
-- [token-client]
+- [java-security]
+  - add x-azp header to IAS JWKS fetching and adjust JWKS cache key
+  - `OAuth2TokenKeyService` and `OAuth2TokenKeyServiceWithCache`
+    - Refactor API to use generic Map instead of explicit IAS-specific parameters
 
 #### Dependency upgrades
 - Bump spring.security.version from 5.8.6 to 5.8.7

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/JsonWebKeyConstants.java

@@ -16,10 +16,10 @@ private JsonWebKeyConstants() {
 	// Parameter names as defined in https://tools.ietf.org/html/rfc7517
 	static final String KEYS_PARAMETER_NAME = "keys";
 	static final String KEY_TYPE_PARAMETER_NAME = "kty";
-	static final String ALGORITHM_PARAMETER_NAME = "alg";
+	static final String ALG_PARAMETER_NAME = "alg";
 	static final String VALUE_PARAMETER_NAME = "value";
-	static final String KEYS_URL_PARAMETER_NAME = "jku";
-	static final String KEY_ID_PARAMETER_NAME = "kid";
+	static final String JKU_PARAMETER_NAME = "jku";
+	static final String KID_PARAMETER_NAME = "kid";
 
 	// Legacy Token Key ID
 	static final String KEY_ID_VALUE_LEGACY = "legacy-token-key";

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/JsonWebKeySet.java

@@ -7,17 +7,14 @@
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 class JsonWebKeySet {
 
 	private final Set<JsonWebKey> jsonWebKeys = new HashSet<>();
-	private final Map<String, Boolean> appTidAccepted = new HashMap<>();
 
 	@Nullable
 	public JsonWebKey getKeyByAlgorithmAndId(JwtSignatureAlgorithm keyAlgorithm, String keyId) {
@@ -45,19 +42,6 @@ private Stream<JsonWebKey> getTokenStreamWithTypeAndKeyId(JwtSignatureAlgorithm
 				.filter(jwk -> kid.equals(jwk.getId()));
 	}
 
-	public boolean containsAppTid(String appTid) {
-		return appTidAccepted.containsKey(appTid);
-	}
-
-	public boolean isAppTidAccepted(String appTid) {
-		return appTidAccepted.get(appTid);
-	}
-
-	public JsonWebKeySet withAppTid(String appTid, boolean isAccepted) {
-		appTidAccepted.put(appTid, isAccepted);
-		return this;
-	}
-
 	public String toString() {
 		return jsonWebKeys.stream().map(String::valueOf).collect(Collectors.joining("|"));
 	}

java-security/src/main/java/com/sap/cloud/security/token/validation/validators/JsonWebKeySetFactory.java

@@ -35,14 +35,14 @@ private static JsonWebKey createJsonWebKey(JSONObject key) {
 		String publicExponent = null;
 
 		String keyType = key.getString(JsonWebKeyConstants.KEY_TYPE_PARAMETER_NAME);
-		if (key.has(JsonWebKeyConstants.ALGORITHM_PARAMETER_NAME)) {
-			keyAlgorithm = key.getString(JsonWebKeyConstants.ALGORITHM_PARAMETER_NAME);
+		if (key.has(JsonWebKeyConstants.ALG_PARAMETER_NAME)) {
+			keyAlgorithm = key.getString(JsonWebKeyConstants.ALG_PARAMETER_NAME);
 		}
 		if (key.has(JsonWebKeyConstants.VALUE_PARAMETER_NAME)) {
 			pemEncodedPublicKey = key.getString(JsonWebKeyConstants.VALUE_PARAMETER_NAME);
 		}
-		if (key.has(JsonWebKeyConstants.KEY_ID_PARAMETER_NAME)) {
-			keyId = key.getString(JsonWebKeyConstants.KEY_ID_PARAMETER_NAME);
+		if (key.has(JsonWebKeyConstants.KID_PARAMETER_NAME)) {
+			keyId = key.getString(JsonWebKeyConstants.KID_PARAMETER_NAME);
 		}
 		if (key.has(JsonWebKeyConstants.RSA_KEY_MODULUS_PARAMETER_NAME)) {
 			modulus = key.getString(JsonWebKeyConstants.RSA_KEY_MODULUS_PARAMETER_NAME);