Abac med Azure Jwt støtte. (#1174)

navikt · Sep 9, 2022 · 043b0ad · 043b0ad
1 parent 7163a5c
commit 043b0ad
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/Token.java b/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/Token.java
@@ -13,6 +13,7 @@ public class Token {
 
     public enum TokenType {
         OIDC,
+        AZURE_JWT,
         TOKENX,
         SAML;
     }
@@ -28,8 +29,7 @@ private Token(String token, TokenType tokenType, OpenIDToken openIDToken) {
     }
 
     public static Token withOidcToken(OpenIDToken token) {
-        var tokenType = OpenIDProvider.TOKENX.equals(token.provider()) ? TokenType.TOKENX : TokenType.OIDC;
-        return new Token(null, tokenType, token);
+        return new Token(null, utledTokenType(token), token);
     }
 
     public static Token withSamlToken(String token) {
@@ -40,9 +40,18 @@ public TokenType getTokenType() {
         return tokenType;
     }
 
+    private static TokenType utledTokenType(OpenIDToken token) {
+        return switch (token.provider()) {
+            case AZUREAD -> TokenType.AZURE_JWT;
+            case ISSO, STS -> TokenType.OIDC;
+            case TOKENX -> TokenType.TOKENX;
+            case IDPORTEN -> throw new IllegalStateException("IdPorten token støttes ikke.");
+        };
+    }
+
     public String getTokenBody() {
         return switch (tokenType) {
-            case OIDC, TOKENX -> tokenPayloadBase64(openIDToken);
+            case OIDC, TOKENX, AZURE_JWT -> tokenPayloadBase64(openIDToken);
             case SAML -> Base64.getEncoder().encodeToString(token.getBytes(StandardCharsets.UTF_8));
         };
     }

diff --git a/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/pdp/XacmlRequestMapper.java b/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/pdp/XacmlRequestMapper.java
@@ -71,6 +71,7 @@ private static List<XacmlRequest.AttributeAssignment> getTokenEnvironmentAttrs(f
             case OIDC -> NavFellesAttributter.ENVIRONMENT_FELLES_OIDC_TOKEN_BODY;
             case TOKENX -> NavFellesAttributter.ENVIRONMENT_FELLES_TOKENX_TOKEN_BODY;
             case SAML -> NavFellesAttributter.ENVIRONMENT_FELLES_SAML_TOKEN;
+            case AZURE_JWT -> NavFellesAttributter.ENVIRONMENT_FELLES_AZURE_JWT_TOKEN_BODY;
         };
         var assignement = new XacmlRequest.AttributeAssignment(envTokenBodyAttributt, beskyttetRessursAttributter.getToken().getTokenBody());
         return List.of(assignement);

diff --git a/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/pdp/xacml/NavFellesAttributter.java b/felles/abac/src/main/java/no/nav/vedtak/sikkerhet/pdp/xacml/NavFellesAttributter.java
@@ -13,6 +13,9 @@ public class NavFellesAttributter {
     public static final String ENVIRONMENT_FELLES_TOKENX_TOKEN_BODY = "no.nav.abac.attributter.environment.felles.tokenx_token_body";
     public static final String ENVIRONMENT_FELLES_SAML_TOKEN = "no.nav.abac.attributter.environment.felles.saml_token";
     public static final String ENVIRONMENT_FELLES_OIDC_TOKEN_BODY = "no.nav.abac.attributter.environment.felles.oidc_token_body";
+
+    public static final String ENVIRONMENT_FELLES_AZURE_JWT_TOKEN_BODY = "no.nav.abac.attributter.environment.felles.azure_jwt_token_body";
+
     public static final String ENVIRONMENT_FELLES_PEP_ID = "no.nav.abac.attributter.environment.felles.pep_id";
 
     public static final String RESOURCE_FELLES_RESOURCE_TYPE = "no.nav.abac.attributter.resource.felles.resource_type";