Replace deprecated API usages of jsonwebtoken lib

src/integration-test/kotlin/fi/hsl/jore4/auth/MockOIDCProvider.kt

@@ -11,7 +11,6 @@ import com.nimbusds.oauth2.sdk.auth.Secret
 import com.nimbusds.oauth2.sdk.id.ClientID
 import fi.hsl.jore4.auth.oidc.OIDCAuthInterceptor
 import io.jsonwebtoken.Jwts
-import io.jsonwebtoken.SignatureAlgorithm
 import org.springframework.http.MediaType
 import java.lang.IllegalStateException
 import java.net.URLEncoder
@@ -167,19 +166,19 @@ object MockOIDCProvider {
         keyId: String = Constants.OIDC_PROVIDER_SIGNING_KEY_ID,
         audience: String = Constants.OIDC_CLIENT_ID
     ): String {
-
-        val signatureAlgorithm = SignatureAlgorithm.RS256
         val signingKey = JWK.parse(Constants.OIDC_PROVIDER_SIGNING_KEY)
             .toRSAKey()
             .toRSAPrivateKey()
 
         return Jwts.builder()
-            .setIssuedAt(Date(issuedAt))
-            .setExpiration(Date(expiresAt))
-            .setIssuer(issuer)
-            .setHeaderParam("kid", keyId)
+            .issuedAt(Date(issuedAt))
+            .expiration(Date(expiresAt))
+            .issuer(issuer)
+            .header()
+            .add("kid", keyId)
+            .and()
             .claim("aud", audience)
-            .signWith(signatureAlgorithm, signingKey)
+            .signWith(signingKey)
             .compact()
     }
 

src/main/kotlin/fi/hsl/jore4/auth/oidc/OIDCProviderMetadataSupplier.kt

@@ -42,7 +42,7 @@ open class OIDCProviderMetadataSupplier(
         val response = request.toHTTPRequest().send()
 
         // parse the metadata
-        val opMetadata = OIDCProviderMetadata.parse(response.contentAsJSONObject)
+        val opMetadata = OIDCProviderMetadata.parse(response.bodyAsJSONObject)
 
         if (opMetadata.issuer != issuer) throw IllegalStateException("Invalid OIDC issuer")
 

src/main/kotlin/fi/hsl/jore4/auth/oidc/PublicKeyResolver.kt → src/main/kotlin/fi/hsl/jore4/auth/oidc/PublicKeyLocator.kt

@@ -2,9 +2,9 @@ package fi.hsl.jore4.auth.oidc
 
 import com.nimbusds.jose.jwk.JWKSet
 import com.nimbusds.jose.jwk.KeyType
-import io.jsonwebtoken.Claims
+import io.jsonwebtoken.Header
 import io.jsonwebtoken.JwsHeader
-import io.jsonwebtoken.SigningKeyResolver
+import io.jsonwebtoken.Locator
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.stereotype.Component
@@ -16,34 +16,26 @@ import java.security.KeyException
  * the key to the used JWT parser.
  */
 @Component
-open class PublicKeyResolver(
+open class PublicKeyLocator(
     private val oidcProviderMetadataSupplier: OIDCProviderMetadataSupplier
-) : SigningKeyResolver {
+) : Locator<Key> {
     companion object {
-        private val LOGGER: Logger = LoggerFactory.getLogger(PublicKeyResolver::class.java)
+        private val LOGGER: Logger = LoggerFactory.getLogger(PublicKeyLocator::class.java)
+
+        private fun resolveHeaderType(header: Header?) = header?.javaClass?.canonicalName ?: "null"
     }
 
     @Volatile
     private var jwkSet = JWKSet()
 
-    override fun resolveSigningKey(
-        header: JwsHeader,
-        claims: Claims
-    ): Key {
-        return getPublicKey(header)
-    }
-
-    override fun resolveSigningKey(
-        header: JwsHeader,
-        p1: ByteArray?
-    ): Key {
-        return getPublicKey(header)
-    }
+    /**
+     * Resolve the public key that is referenced in the given JWS {@header}.
+     */
+    override fun locate(header: Header?): Key {
+        require(
+            header is JwsHeader
+        ) { "Header must be of type JwsHeader, but it was of type '${resolveHeaderType(header)}'!" }
 
-    fun resolveSigningKey(
-        header: JwsHeader,
-        plaintext: String
-    ): Key {
         return getPublicKey(header)
     }
 
@@ -55,7 +47,7 @@ open class PublicKeyResolver(
      * Note that only RSA keys are currently supported.
      */
     private fun getPublicKey(header: JwsHeader): Key {
-        val keyId = header[JwsHeader.KEY_ID] as String? ?: throw KeyException("Could not find key id")
+        val keyId = header.keyId ?: throw KeyException("Could not find key id")
 
         var key = jwkSet.getKeyByKeyId(keyId)
 

src/main/kotlin/fi/hsl/jore4/auth/oidc/TokenVerificationService.kt

@@ -9,8 +9,8 @@ import io.jsonwebtoken.ExpiredJwtException
 import io.jsonwebtoken.Jws
 import io.jsonwebtoken.Jwts
 import io.jsonwebtoken.MalformedJwtException
-import io.jsonwebtoken.SignatureException
 import io.jsonwebtoken.UnsupportedJwtException
+import io.jsonwebtoken.security.SignatureException
 import org.slf4j.LoggerFactory
 import org.springframework.stereotype.Service
 
@@ -19,7 +19,7 @@ import org.springframework.stereotype.Service
  */
 @Service
 open class TokenVerificationService(
-    publicKeyResolver: PublicKeyResolver,
+    publicKeyLocator: PublicKeyLocator,
     private val oidcProperties: OIDCProperties,
     private val oidcProviderMetadataSupplier: OIDCProviderMetadataSupplier
 ) {
@@ -29,7 +29,7 @@ open class TokenVerificationService(
 
     private val jwtsParser =
         Jwts.parser()
-            .setSigningKeyResolver(publicKeyResolver)
+            .keyLocator(publicKeyLocator)
             .requireIssuer(oidcProperties.providerBaseUrl)
             .requireAudience(oidcProperties.clientId)
 
@@ -67,7 +67,7 @@ open class TokenVerificationService(
      */
     open fun parseAndVerifyAccessToken(accessToken: AccessToken): Jws<Claims> {
         try {
-            return jwtsParser.build().parseClaimsJws(accessToken.toString())
+            return jwtsParser.build().parseSignedClaims(accessToken.toString())
         } catch (ex: UnsupportedJwtException) {
             LOGGER.warn("Authorization attempt with unsupported JWT token.", ex)
             throw UnauthorizedException("Authorization attempt with unsupported JWT token")