From c1516964a6b932c5246568a9acf83b45dda4e360 Mon Sep 17 00:00:00 2001
From: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
Date: Wed, 4 Oct 2023 12:57:41 +0200
Subject: [PATCH] PR changes, style

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
---
 .../http/jwt/AbstractHTTPJwtAuthenticator.java     | 14 +++-----------
 .../dlic/auth/http/jwt/keybyoidc/JwtVerifier.java  |  5 ++---
 .../auth/http/saml/AuthTokenProcessorHandler.java  |  1 -
 .../security/authtoken/jwt/JwtVendorTest.java      |  4 +---
 4 files changed, 6 insertions(+), 18 deletions(-)

diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java
index c80754db0a..1d3e4a3a8d 100644
--- a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java
+++ b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java
@@ -109,34 +109,26 @@ private AuthCredentials extractCredentials0(final RestRequest request) throws Op
         }
 
         SignedJWT jwt;
+        JWTClaimsSet claimsSet;
 
         try {
             jwt = jwtVerifier.getVerifiedJwtToken(jwtString);
+            claimsSet = jwt.getJWTClaimsSet();
         } catch (AuthenticatorUnavailableException e) {
             log.info(e.toString());
             throw new OpenSearchSecurityException(e.getMessage(), RestStatus.SERVICE_UNAVAILABLE);
-        } catch (BadCredentialsException e) {
-            log.info("Extracting JWT token from {} failed", jwtString, e);
-            return null;
-        }
-
-        JWTClaimsSet claimsSet;
-        try {
-            claimsSet = jwt.getJWTClaimsSet();
-        } catch (ParseException e) {
+        } catch (BadCredentialsException | ParseException e) {
             log.info("Extracting JWT token from {} failed", jwtString, e);
             return null;
         }
 
         final String subject = extractSubject(claimsSet);
-
         if (subject == null) {
             log.error("No subject found in JWT token");
             return null;
         }
 
         final String[] roles = extractRoles(claimsSet);
-
         final AuthCredentials ac = new AuthCredentials(subject, roles).markComplete();
 
         for (Entry<String, Object> claim : claimsSet.getClaims().entrySet()) {
diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/JwtVerifier.java b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/JwtVerifier.java
index 90d44ecab7..610536faa7 100644
--- a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/JwtVerifier.java
+++ b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/JwtVerifier.java
@@ -28,7 +28,6 @@
 
 import java.text.ParseException;
 import java.util.Collections;
-import java.util.List;
 
 public class JwtVerifier {
 
@@ -122,10 +121,10 @@ private void validateClaims(SignedJWT jwt) throws ParseException, BadJWTExceptio
     }
 
     private void validateRequiredAudienceAndIssuer(JWTClaimsSet claims) throws BadJWTException {
-        List<String> audience = claims.getAudience();
+        String audience = claims.getAudience().stream().findFirst().orElse("");
         String issuer = claims.getIssuer();
 
-        if (!Strings.isNullOrEmpty(requiredAudience) && !requiredAudience.equals(audience.stream().findFirst().orElse(""))) {
+        if (!Strings.isNullOrEmpty(requiredAudience) && !requiredAudience.equals(audience)) {
             throw new BadJWTException("Invalid audience");
         }
 
diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java b/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java
index 142f9a4970..fc0b38842f 100644
--- a/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java
+++ b/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java
@@ -49,7 +49,6 @@
 import org.apache.logging.log4j.Logger;
 import org.joda.time.DateTime;
 import org.opensearch.security.authtoken.jwt.JwtVendor;
-import org.xml.sax.SAXException;
 
 import org.opensearch.OpenSearchSecurityException;
 import org.opensearch.SpecialPermission;
diff --git a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
index 6a71fde2d3..57aa4255b3 100644
--- a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
+++ b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
@@ -49,9 +49,7 @@ public void testCreateJwkFromSettingsWithoutSigningKey() {
         Throwable exception = Assert.assertThrows(RuntimeException.class, () -> JwtVendor.createJwkFromSettings(settings));
         assertThat(
             exception.getMessage(),
-            equalTo(
-                "Settings for signing key is missing. Please specify at least the option signing_key with a shared secret."
-            )
+            equalTo("Settings for signing key is missing. Please specify at least the option signing_key with a shared secret.")
         );
     }