navikt · tommytroen · Nov 23, 2023 · Nov 14, 2023 · Nov 23, 2023 · Nov 23, 2023
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -13,8 +13,8 @@ object Version {
  const val nimbus = "9.41"
  const val openapi = "1.6.6"
  const val unboundid = "6.0.3"
- const val wiremock = "2.32.0"
- const val wiremockCloud = "3.1.1"
+ const val wiremock = "3.0.1"
+ const val wiremockCloud = "4.0.4"
  const val h2 = "2.1.214"
 }
 
@@ -30,7 +30,7 @@ plugins {
  kotlin("plugin.allopen") version kotlinVersion
  id("org.jmailen.kotlinter") version "3.10.0"
  id("com.github.ben-manes.versions") version "0.49.0"
- id("org.springframework.boot") version "2.7.5"
+ id("org.springframework.boot") version "3.1.5"
  id("org.jetbrains.kotlin.jvm") version kotlinVersion
  id("org.jetbrains.kotlin.plugin.spring") version kotlinVersion
  id("io.spring.dependency-management") version "1.1.4"
@@ -60,10 +60,10 @@ dependencies {
  implementation("io.github.microutils:kotlin-logging:${Version.kotlinLoggin}")
  implementation("io.micrometer:micrometer-registry-prometheus")
  implementation("javax.inject:javax.inject:1")
- implementation("javax.validation:validation-api")
+ implementation("jakarta.validation:jakarta.validation-api")
  implementation("net.logstash.logback:logstash-logback-encoder:${Version.logbackStash}")
- implementation("org.apache.httpcomponents:httpclient")
- implementation("org.hibernate:hibernate-core")
+ implementation("org.apache.httpcomponents.client5:httpclient5")
+ implementation("jakarta.persistence:jakarta.persistence-api")
  implementation("org.jetbrains.kotlin:kotlin-reflect")
  implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core")
  implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
@@ -80,13 +80,13 @@ dependencies {
  // test
  testImplementation("com.h2database:h2:${Version.h2}")
  testImplementation("no.nav.security:mock-oauth2-server:${Version.mockOAuth2Server}")
- testImplementation("org.hibernate:hibernate-testing")
+ //testImplementation("org.hibernate:hibernate-testing")
  testImplementation("org.springframework.boot:spring-boot-starter-test") {
  exclude(group = "com.vaadin.external.google", module = "android-json")
  exclude(module = "junit")
  }
  testImplementation("org.springframework.security:spring-security-test")
- testImplementation("com.github.tomakehurst:wiremock-jre8:${Version.wiremock}")
+ //testImplementation("com.github.tomakehurst:wiremock-jre8:${Version.wiremock}")
  testImplementation("org.springframework.cloud:spring-cloud-contract-wiremock:${Version.wiremockCloud}")
  testImplementation("org.junit.jupiter:junit-jupiter-api")
  testImplementation("io.kotest:kotest-assertions-core:${Version.kotest}")

diff --git a/src/main/kotlin/no/nav/gandalf/accesstoken/AccessTokenIssuer.kt b/src/main/kotlin/no/nav/gandalf/accesstoken/AccessTokenIssuer.kt
@@ -24,7 +24,7 @@ import java.io.IOException
 import java.time.ZoneId
 import java.time.ZonedDateTime
 import java.util.Date
-import javax.annotation.PostConstruct
+import jakarta.annotation.PostConstruct
 import javax.xml.crypto.KeySelector
 import javax.xml.crypto.MarshalException
 import javax.xml.crypto.dsig.XMLSignatureException

diff --git a/src/main/kotlin/no/nav/gandalf/api/WSTrustRequest.kt b/src/main/kotlin/no/nav/gandalf/api/WSTrustRequest.kt
@@ -1,7 +1,6 @@
 package no.nav.gandalf.api
 
 import no.nav.gandalf.accesstoken.saml.SamlObject
-import org.apache.commons.codec.binary.Base64
 import org.w3c.dom.Document
 import org.w3c.dom.Node
 import org.w3c.dom.NodeList
@@ -13,6 +12,7 @@ import java.io.StringWriter
 import java.io.UnsupportedEncodingException
 import java.nio.charset.Charset
 import java.time.ZonedDateTime
+import java.util.*
 import javax.xml.parsers.DocumentBuilder
 import javax.xml.parsers.DocumentBuilderFactory
 import javax.xml.parsers.ParserConfigurationException
@@ -74,7 +74,7 @@ class WSTrustRequest(
  val decodedOidcToken: String?
  get() {
  if (onBehalfOf != null) {
- return String(Base64.decodeBase64(onBehalfOf), Charset.forName("UTF-8"))
+ return String(Base64.getDecoder().decode(onBehalfOf), Charset.forName("UTF-8"))
  }
  return null
  }

diff --git a/src/main/kotlin/no/nav/gandalf/api/controllers/TokenExchangeController.kt b/src/main/kotlin/no/nav/gandalf/api/controllers/TokenExchangeController.kt
@@ -19,7 +19,6 @@ import no.nav.gandalf.model.ErrorDescriptiveResponse
 import no.nav.gandalf.model.ErrorResponse
 import no.nav.gandalf.model.ExchangeTokenResponse
 import no.nav.gandalf.service.ExchangeTokenService
-import org.apache.commons.codec.binary.Base64
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
@@ -36,6 +35,7 @@ import no.nav.gandalf.api.Util.badRequestResponse
 import no.nav.gandalf.api.Util.tokenHeaders
 import no.nav.gandalf.api.Util.unauthorizedResponse
 import no.nav.gandalf.api.Util.userDetails
+import java.util.Base64
 
 private val log = KotlinLogging.logger { }
 
@@ -124,7 +124,7 @@ class TokenExchangeController {
  subTokenType.equals("urn:ietf:params:oauth:token-type:saml2") -> {
  log.info("Exchange SAML token to OIDC")
  return try {
- val decodedSaml = Base64.decodeBase64(subjectToken.toByteArray())
+ val decodedSaml = Base64.getDecoder().decode(subjectToken.toByteArray())
  val oidcToken: SignedJWT =
  issuer.exchangeSamlToOidcToken(String(decodedSaml, StandardCharsets.UTF_8))
  ApplicationMetric.exchangeSAMLTokenOk.labels(user).inc()

diff --git a/src/main/kotlin/no/nav/gandalf/api/controllers/TokenInfoController.kt b/src/main/kotlin/no/nav/gandalf/api/controllers/TokenInfoController.kt
@@ -12,7 +12,6 @@ import mu.KotlinLogging
 import no.nav.gandalf.accesstoken.AccessTokenIssuer
 import no.nav.gandalf.model.ErrorDescriptiveResponse
 import no.nav.gandalf.model.Validation
-import org.apache.commons.codec.binary.Base64
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
@@ -26,6 +25,7 @@ import no.nav.gandalf.api.INVALID_CLIENT
 import no.nav.gandalf.api.Util.tokenHeaders
 import no.nav.gandalf.api.Util.unauthorizedResponse
 import no.nav.gandalf.api.Util.userDetails
+import java.util.Base64
 
 private val log = KotlinLogging.logger { }
 
@@ -76,7 +76,7 @@ class ValidateController {
  log.info("Validate SAML token")
  return try {
  val samlObject =
- issuer.validateSamlToken(String(Base64.decodeBase64(samlToken.toByteArray()), StandardCharsets.UTF_8))
+ issuer.validateSamlToken(String(Base64.getDecoder().decode(samlToken.toByteArray()), StandardCharsets.UTF_8))
  ResponseEntity
  .status(HttpStatus.OK)
  .headers(tokenHeaders)

diff --git a/src/main/kotlin/no/nav/gandalf/config/CharacterSetFilter.kt b/src/main/kotlin/no/nav/gandalf/config/CharacterSetFilter.kt
@@ -1,11 +1,11 @@
 package no.nav.gandalf.config
 
 import java.io.IOException
-import javax.servlet.Filter
-import javax.servlet.FilterChain
-import javax.servlet.ServletException
-import javax.servlet.ServletRequest
-import javax.servlet.ServletResponse
+import jakarta.servlet.Filter
+import jakarta.servlet.FilterChain
+import jakarta.servlet.ServletException
+import jakarta.servlet.ServletRequest
+import jakarta.servlet.ServletResponse
 
 class CharacterSetFilter : Filter {
 

diff --git a/src/main/kotlin/no/nav/gandalf/config/SecurityConfig.kt b/src/main/kotlin/no/nav/gandalf/config/SecurityConfig.kt
@@ -12,72 +12,66 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.authentication.AuthenticationProvider
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-import javax.inject.Inject
 
 @Configuration
 class SecurityConfig(
  val ldapConfig: LdapConfig
-) : WebSecurityConfigurerAdapter() {
-
- @Inject
- override fun configure(auth: AuthenticationManagerBuilder) {
- auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider())
+) {
+ @Bean
+ fun ldapAuthenticationManager(): AuthenticationManager {
+ return AuthenticationManager { authentication ->
+ activeDirectoryLdapAuthenticationProvider().authenticate(authentication)
+ }
  }
 
- override fun configure(http: HttpSecurity) {
+ @Bean
+ @Throws(Exception::class)
+ fun filterChain(http: HttpSecurity): SecurityFilterChain {
  http
  // If you are only creating a service that is used by non-browser clients,
  // you will likely want to disable CSRF protection same for cors
- .cors().disable()
- .csrf().disable()
- .formLogin().disable()
- .authorizeRequests()
- .antMatchers(
- "/rest/v1/sts/token2",
- "/rest/v1/sts/ws/samltoken",
- // Disse to over bruker ldap for auth. men athentesering gjøres seinere.
- "/.well-known/openid-configuration",
- "/rest/v1/sts/.well-known/openid-configuration",
- "/jwks",
- "/rest/v1/sts/jwks",
- "/isAlive",
- "/isReady",
- "/ping",
- "/prometheus",
- // Swagger
- "/api/**",
- "/swagger-ui/**"
- ).permitAll()
- .and()
- .authorizeRequests().anyRequest().authenticated()
- .and()
- .httpBasic()
- .authenticationEntryPoint(authenticationEntryPoint())
- .and()
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .addFilterBefore(CharacterSetFilter(), BasicAuthenticationFilter::class.java)
+ .cors { cors -> cors.disable() }
+ .csrf { csrf -> csrf.disable() }
+ .formLogin { formLogin -> formLogin.disable() }
+ .authorizeHttpRequests {
+ it.requestMatchers(
+ "/rest/v1/sts/token2",
+ "/rest/v1/sts/ws/samltoken",
+ // Disse to over bruker ldap for auth. men athentesering gjøres seinere.
+ "/.well-known/openid-configuration",
+ "/rest/v1/sts/.well-known/openid-configuration",
+ "/jwks",
+ "/rest/v1/sts/jwks",
+ "/isAlive",
+ "/isReady",
+ "/ping",
+ "/prometheus",
+ // Swagger
+ "/api/**",
+ "/swagger-ui/**"
+ ).permitAll()
+ }.authorizeHttpRequests {
+ it.anyRequest().authenticated()
+ }.httpBasic {
+ it.authenticationEntryPoint(authenticationEntryPoint())
+ }.sessionManagement {
+ it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+ }.addFilterBefore(CharacterSetFilter(), BasicAuthenticationFilter::class.java)
+ return http.build()
  }
 
  @Bean
  fun authenticationEntryPoint(): RestAuthenticationEntryPoint? {
  return RestAuthenticationEntryPoint()
  }
 
- @Bean
- @Throws(Exception::class)
- override fun authenticationManagerBean(): AuthenticationManager? {
- return super.authenticationManagerBean()
- }
-
  // @Primary
  // @Bean
- fun activeDirectoryLdapAuthenticationProvider(): AuthenticationProvider? {
+ fun activeDirectoryLdapAuthenticationProvider(): AuthenticationProvider {
  return CustomAuthenticationProvider(LDAPConnectionSetup(ldapConfig))
  }
 

diff --git a/src/main/kotlin/no/nav/gandalf/domain/RsaKeys.kt b/src/main/kotlin/no/nav/gandalf/domain/RsaKeys.kt
@@ -4,11 +4,11 @@ import com.nimbusds.jose.jwk.RSAKey
 import com.nimbusds.oauth2.sdk.ParseException
 import no.nav.gandalf.util.TimestampConverter
 import java.time.LocalDateTime
-import javax.persistence.Column
-import javax.persistence.Convert
-import javax.persistence.Entity
-import javax.persistence.Id
-import javax.persistence.Table
+import jakarta.persistence.Column
+import jakarta.persistence.Convert
+import jakarta.persistence.Entity
+import jakarta.persistence.Id
+import jakarta.persistence.Table
 
 @Entity
 @Table(name = "RSAKEYS")

diff --git a/src/main/kotlin/no/nav/gandalf/ldap/RestAuthenticationEntryPoint.kt b/src/main/kotlin/no/nav/gandalf/ldap/RestAuthenticationEntryPoint.kt
@@ -3,16 +3,16 @@ package no.nav.gandalf.ldap
 import com.fasterxml.jackson.databind.ObjectMapper
 import no.nav.gandalf.api.INVALID_CLIENT
 import no.nav.gandalf.model.ErrorDescriptiveResponse
-import org.apache.http.entity.ContentType
 import org.springframework.http.HttpStatus
 import org.springframework.security.core.AuthenticationException
 import org.springframework.security.web.AuthenticationEntryPoint
 import org.springframework.stereotype.Component
 import java.io.IOException
 import java.io.OutputStream
-import javax.servlet.ServletException
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
+import jakarta.servlet.ServletException
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.apache.hc.core5.http.ContentType
 
 @Component
 class RestAuthenticationEntryPoint : AuthenticationEntryPoint {

diff --git a/src/main/kotlin/no/nav/gandalf/repository/RsaKeysRepository.kt b/src/main/kotlin/no/nav/gandalf/repository/RsaKeysRepository.kt
@@ -13,10 +13,10 @@ import java.security.interfaces.RSAPrivateKey
 import java.security.interfaces.RSAPublicKey
 import java.time.LocalDateTime
 import java.util.UUID
-import javax.persistence.EntityManager
-import javax.persistence.PersistenceContext
-import javax.persistence.TypedQuery
-import javax.transaction.Transactional
+import jakarta.persistence.EntityManager
+import jakarta.persistence.PersistenceContext
+import jakarta.persistence.TypedQuery
+import jakarta.transaction.Transactional
 
 private val log = KotlinLogging.logger { }
 

diff --git a/src/main/kotlin/no/nav/gandalf/service/ExchangeTokenService.kt b/src/main/kotlin/no/nav/gandalf/service/ExchangeTokenService.kt
@@ -2,8 +2,8 @@ package no.nav.gandalf.service
 
 import com.nimbusds.jwt.SignedJWT
 import no.nav.gandalf.model.ExchangeTokenResponse
-import org.apache.commons.codec.binary.Base64
 import org.springframework.stereotype.Service
+import java.util.Base64
 
 @Service
 class ExchangeTokenService {
@@ -20,10 +20,10 @@ class ExchangeTokenService {
  ExchangeTokenResponse(
  access_token = when {
  UrlEncoding -> {
- Base64.encodeBase64URLSafeString(accessToken.toByteArray())
+ Base64.getUrlEncoder().encodeToString(accessToken.toByteArray())
  }
  else -> {
- Base64.encodeBase64String(accessToken.toByteArray())
+ Base64.getEncoder().encodeToString(accessToken.toByteArray())
  }
  },
  token_type = tokenType,

diff --git a/src/main/kotlin/no/nav/gandalf/util/TimestampConverter.kt b/src/main/kotlin/no/nav/gandalf/util/TimestampConverter.kt
@@ -2,8 +2,8 @@ package no.nav.gandalf.util
 
 import java.sql.Timestamp
 import java.time.LocalDateTime
-import javax.persistence.AttributeConverter
-import javax.persistence.Converter
+import jakarta.persistence.AttributeConverter
+import jakarta.persistence.Converter
 
 @Converter(autoApply = true)
 class TimestampConverter : AttributeConverter<LocalDateTime?, Timestamp?> {

diff --git a/src/test/kotlin/no/nav/gandalf/api/AccessTokenControllerTest.kt b/src/test/kotlin/no/nav/gandalf/api/AccessTokenControllerTest.kt
@@ -19,8 +19,8 @@ import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath
-import wiremock.org.apache.http.message.BasicNameValuePair
-import javax.annotation.PostConstruct
+import jakarta.annotation.PostConstruct
+import wiremock.org.apache.hc.core5.http.message.BasicNameValuePair
 
 @AutoConfigureMockMvc
 @ActiveProfiles("test")

diff --git a/src/test/kotlin/no/nav/gandalf/api/TokenExchangeControllerTest.kt b/src/test/kotlin/no/nav/gandalf/api/TokenExchangeControllerTest.kt
@@ -31,10 +31,10 @@ import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilde
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath
-import wiremock.org.apache.http.client.entity.UrlEncodedFormEntity
-import wiremock.org.apache.http.message.BasicNameValuePair
-import wiremock.org.apache.http.util.EntityUtils
-import javax.annotation.PostConstruct
+import jakarta.annotation.PostConstruct
+import wiremock.org.apache.hc.client5.http.entity.UrlEncodedFormEntity
+import wiremock.org.apache.hc.core5.http.io.entity.EntityUtils
+import wiremock.org.apache.hc.core5.http.message.BasicNameValuePair
 
 @AutoConfigureMockMvc
 @ActiveProfiles("test")

diff --git a/src/test/kotlin/no/nav/gandalf/keystore/RsaKeysProviderTest.kt b/src/test/kotlin/no/nav/gandalf/keystore/RsaKeysProviderTest.kt
@@ -15,7 +15,7 @@ import org.springframework.transaction.PlatformTransactionManager
 import org.springframework.transaction.TransactionStatus
 import org.springframework.transaction.support.TransactionCallbackWithoutResult
 import org.springframework.transaction.support.TransactionTemplate
-import javax.transaction.Transactional
+import jakarta.transaction.Transactional
 
 @RunWith(SpringRunner::class)
 @SpringBootTest