diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyService.java index d72cf9e..f2af8f0 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyService.java @@ -18,17 +18,16 @@ public class ValidateJWTLegacyService { public static final String TOKEN_TYPE_A2A = "a2a"; - private final A2AClientLegacyPropConfig a2AClientLegacyPropConfig; private final JWTValidator jwtValidator; + private final Map clientApplicationsPublicKeyMap; public ValidateJWTLegacyService(A2AClientLegacyPropConfig a2AClientLegacyPropConfig, JWTValidator jwtValidator) { - this.a2AClientLegacyPropConfig = a2AClientLegacyPropConfig; + this.clientApplicationsPublicKeyMap = a2AClientLegacyPropConfig.getPublicKeysAsMap(); this.jwtValidator = jwtValidator; } public Pair> validate(String token) { - Map clientApplicationsPublicKeyMap = a2AClientLegacyPropConfig.getPublicKeysAsMap(); - Pair> claims = validateToken(clientApplicationsPublicKeyMap, token); + Pair> claims = validateToken(token); validateM2MType(claims.getRight()); validateClaims(claims.getRight()); @@ -53,14 +52,16 @@ private void validateClaims(Map claims) { } } - private Pair> validateToken(Map clientApplicationsPublicKeyMap, String token) { - try { - return clientApplicationsPublicKeyMap.keySet().stream() - .map(key -> Pair.of(key, jwtValidator.validate(token, clientApplicationsPublicKeyMap.get(key)))) - .findFirst() - .orElseThrow(() -> new InvalidTokenException("Invalid token for A2A call")); - } catch (Exception e) { - return null; + private Pair> validateToken(String token) { + for (String key : clientApplicationsPublicKeyMap.keySet()) { + PublicKey publicKey = clientApplicationsPublicKeyMap.get(key); + try { + Map claims = jwtValidator.validate(token, publicKey); + return Pair.of(key, claims); + } catch (Exception e) { + log.debug("continue cycling - validation failed with key {}", key); + } } + throw new InvalidTokenException("Invalid token for A2A call"); } } diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyServiceTest.java index 9275b3f..73ecd6f 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyServiceTest.java @@ -31,24 +31,27 @@ class ValidateJWTLegacyServiceTest { @Mock private JWTValidator jwtValidatorMock; private ValidateJWTLegacyService service; - private KeyPair keyPair; - + private KeyPair keyPair1; + private KeyPair keyPair2; @BeforeEach void setup() throws Exception { + keyPair1 = JWTValidatorUtils.generateKeyPair(); + keyPair2 = JWTValidatorUtils.generateKeyPair(); + Map publicKeyMap = Map.of( + "A2A-IPA_TEST_1", keyPair1.getPublic(), + "A2A-IPA_TEST_2", keyPair2.getPublic()); + when(a2AClientLegacyPropConfig.getPublicKeysAsMap()).thenReturn(publicKeyMap); service = new ValidateJWTLegacyService(a2AClientLegacyPropConfig, jwtValidatorMock); - keyPair = JWTValidatorUtils.generateKeyPair(); } @Test void GivenValidTokenThenOk() { - String appName = "A2A-IPA_TEST_1"; - PublicKey publicKey = keyPair.getPublic(); - String token = JWTValidatorUtils.generateLegacyToken(keyPair, "a2a", Instant.now(), Instant.now().plusSeconds(3_600_000L), "jti"); - when(a2AClientLegacyPropConfig.getPublicKeysAsMap()).thenReturn(Map.of(appName, publicKey)); + String appName = "A2A-IPA_TEST_2"; + String token = JWTValidatorUtils.generateLegacyToken(keyPair2, "a2a", Instant.now(), Instant.now().plusSeconds(3_600_000L), "jti"); Map claimsMap = JWT.decode(token).getClaims(); - Mockito.when(jwtValidatorMock.validate(token, publicKey)).thenReturn(claimsMap); + Mockito.when(jwtValidatorMock.validate(token, keyPair2.getPublic())).thenReturn(claimsMap); Pair> result = service.validate(token); @@ -57,18 +60,18 @@ void GivenValidTokenThenOk() { @Test void GivenInvalidTokenThenInvalidTokenException() { - String appName = "A2A-IPA_TEST_1"; - PublicKey publicKey = keyPair.getPublic(); - String token = "invalidToken"; - when(a2AClientLegacyPropConfig.getPublicKeysAsMap()).thenReturn(Map.of(appName, publicKey)); + String token = JWTValidatorUtils.generateLegacyToken(keyPair1, "a2a", Instant.now(), Instant.now().plusSeconds(3_600_000L), "jti"); + + Map claimsMap = JWT.decode(token).getClaims(); + Mockito.when(jwtValidatorMock.validate(token, keyPair2.getPublic())).thenReturn(claimsMap); - assertThrows(Exception.class, () -> service.validate(token), "given an invalid token"); + assertThrows(Exception.class, () -> service.validate("invalidToken"), "given an invalid token"); } @Test void GivenNonM2MAuthTokenThenInvalidTokenException() { - PublicKey publicKey = keyPair.getPublic(); - String token = JWTValidatorUtils.generateLegacyToken(keyPair, "notA2A", Instant.now(), Instant.now().plusSeconds(3_600L), "jwtId"); + PublicKey publicKey = keyPair2.getPublic(); + String token = JWTValidatorUtils.generateLegacyToken(keyPair2, "notA2A", Instant.now(), Instant.now().plusSeconds(3_600L), "jwtId"); when(a2AClientLegacyPropConfig.getPublicKeysAsMap()).thenReturn(Map.of("A2A-IPA_TEST_1", publicKey)); Map claimsMap = JWT.decode(token).getClaims(); @@ -79,8 +82,8 @@ void GivenNonM2MAuthTokenThenInvalidTokenException() { @Test void GivenInvalidIatThenInvalidTokenException() { - PublicKey publicKey = keyPair.getPublic(); - String token = JWTValidatorUtils.generateLegacyToken(keyPair, "a2a", Instant.now().plusSeconds(3_600L), Instant.now().plusSeconds(3_600_000L), "jwtId"); + PublicKey publicKey = keyPair2.getPublic(); + String token = JWTValidatorUtils.generateLegacyToken(keyPair2, "a2a", Instant.now().plusSeconds(3_600L), Instant.now().plusSeconds(3_600_000L), "jwtId"); when(a2AClientLegacyPropConfig.getPublicKeysAsMap()).thenReturn(Map.of("A2A-IPA_TEST_1", publicKey)); @@ -93,8 +96,8 @@ void GivenInvalidIatThenInvalidTokenException() { @Test void GivenInvalidExpThenInvalidTokenException() { - PublicKey publicKey = keyPair.getPublic(); - String token = JWTValidatorUtils.generateLegacyToken(keyPair, "a2a", Instant.now(), Instant.now().minusSeconds(3_600L), "jwtId"); + PublicKey publicKey = keyPair2.getPublic(); + String token = JWTValidatorUtils.generateLegacyToken(keyPair2, "a2a", Instant.now(), Instant.now().minusSeconds(3_600L), "jwtId"); when(a2AClientLegacyPropConfig.getPublicKeysAsMap()).thenReturn(Map.of("A2A-IPA_TEST_1", publicKey)); @@ -106,8 +109,8 @@ void GivenInvalidExpThenInvalidTokenException() { @Test void GivenInvalidJtiThenInvalidTokenException() { - PublicKey publicKey = keyPair.getPublic(); - String token = JWTValidatorUtils.generateLegacyToken(keyPair, "a2a", Instant.now(), Instant.now().plusSeconds(3_600L), ""); + PublicKey publicKey = keyPair2.getPublic(); + String token = JWTValidatorUtils.generateLegacyToken(keyPair2, "a2a", Instant.now(), Instant.now().plusSeconds(3_600L), ""); when(a2AClientLegacyPropConfig.getPublicKeysAsMap()).thenReturn(Map.of("A2A-IPA_TEST_1", publicKey));