PR changes, style

Signed-off-by: Maciej Mierzwa <[email protected]>
MaciejMierzwa · Oct 4, 2023 · c151696 · c151696
1 parent da51bec
commit c151696
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 18 deletions.
diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java
@@ -109,34 +109,26 @@ private AuthCredentials extractCredentials0(final RestRequest request) throws Op
         }
 
         SignedJWT jwt;
+        JWTClaimsSet claimsSet;
 
         try {
             jwt = jwtVerifier.getVerifiedJwtToken(jwtString);
+            claimsSet = jwt.getJWTClaimsSet();
         } catch (AuthenticatorUnavailableException e) {
             log.info(e.toString());
             throw new OpenSearchSecurityException(e.getMessage(), RestStatus.SERVICE_UNAVAILABLE);
-        } catch (BadCredentialsException e) {
-            log.info("Extracting JWT token from {} failed", jwtString, e);
-            return null;
-        }
-
-        JWTClaimsSet claimsSet;
-        try {
-            claimsSet = jwt.getJWTClaimsSet();
-        } catch (ParseException e) {
+        } catch (BadCredentialsException | ParseException e) {
             log.info("Extracting JWT token from {} failed", jwtString, e);
             return null;
         }
 
         final String subject = extractSubject(claimsSet);
-
         if (subject == null) {
             log.error("No subject found in JWT token");
             return null;
         }
 
         final String[] roles = extractRoles(claimsSet);
-
         final AuthCredentials ac = new AuthCredentials(subject, roles).markComplete();
 
         for (Entry<String, Object> claim : claimsSet.getClaims().entrySet()) {

diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/JwtVerifier.java b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/JwtVerifier.java
@@ -28,7 +28,6 @@
 
 import java.text.ParseException;
 import java.util.Collections;
-import java.util.List;
 
 public class JwtVerifier {
 
@@ -122,10 +121,10 @@ private void validateClaims(SignedJWT jwt) throws ParseException, BadJWTExceptio
     }
 
     private void validateRequiredAudienceAndIssuer(JWTClaimsSet claims) throws BadJWTException {
-        List<String> audience = claims.getAudience();
+        String audience = claims.getAudience().stream().findFirst().orElse("");
         String issuer = claims.getIssuer();
 
-        if (!Strings.isNullOrEmpty(requiredAudience) && !requiredAudience.equals(audience.stream().findFirst().orElse(""))) {
+        if (!Strings.isNullOrEmpty(requiredAudience) && !requiredAudience.equals(audience)) {
             throw new BadJWTException("Invalid audience");
         }
 

diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java b/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java
@@ -49,7 +49,6 @@
 import org.apache.logging.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensearch.security.authtoken.jwt.JwtVendor;
-import org.xml.sax.SAXException;
 
 import org.opensearch.OpenSearchSecurityException;
 import org.opensearch.SpecialPermission;

diff --git a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
@@ -49,9 +49,7 @@ public void testCreateJwkFromSettingsWithoutSigningKey() {
         Throwable exception = Assert.assertThrows(RuntimeException.class, () -> JwtVendor.createJwkFromSettings(settings));
         assertThat(
             exception.getMessage(),
-            equalTo(
-                "Settings for signing key is missing. Please specify at least the option signing_key with a shared secret."
-            )
+            equalTo("Settings for signing key is missing. Please specify at least the option signing_key with a shared secret.")
         );
     }