ACC-1512 Cleanup Exception handling, handling sonar remarks

src/main/java/com/contentgrid/gateway/security/jwt/issuer/JwtClaimsSigner.java

@@ -1,11 +1,10 @@
 package com.contentgrid.gateway.security.jwt.issuer;
 
-import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 
 public interface JwtClaimsSigner {
     JWKSet getSigningKeys();
-    SignedJWT sign(JWTClaimsSet jwtClaimsSet) throws JOSEException;
+    SignedJWT sign(JWTClaimsSet jwtClaimsSet);
 }

src/main/java/com/contentgrid/gateway/security/jwt/issuer/PropertiesBasedJwtClaimsSigner.java

@@ -6,41 +6,29 @@
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jose.JWSSigner;
 import com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory;
-import com.nimbusds.jose.jwk.ECKey;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKMatcher;
 import com.nimbusds.jose.jwk.JWKSelector;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.KeyUse;
-import com.nimbusds.jose.jwk.OctetKeyPair;
-import com.nimbusds.jose.jwk.RSAKey;
-import com.nimbusds.jose.jwk.source.CachingJWKSetSource;
-import com.nimbusds.jose.jwk.source.JWKSetSource;
 import com.nimbusds.jose.jwk.source.JWKSource;
-import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
-import com.nimbusds.jose.jwk.source.URLBasedJWKSetSource;
 import com.nimbusds.jose.proc.SecurityContext;
 import com.nimbusds.jose.proc.SimpleSecurityContext;
 import com.nimbusds.jose.produce.JWSSignerFactory;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
-import java.nio.charset.StandardCharsets;
-import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Random;
 import java.util.Set;
-import java.util.stream.Stream;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.support.ResourcePatternResolver;
 import org.springframework.util.ConcurrentLruCache;
 
+
 @RequiredArgsConstructor
 public class PropertiesBasedJwtClaimsSigner implements JwtClaimsSigner {
 
@@ -55,8 +43,11 @@ public PropertiesBasedJwtClaimsSigner(JWKSource<SecurityContext> jwkSource, Set<
     }
 
     public interface JwtClaimsSignerProperties {
+
         String getActiveKeys();
+
         String getRetiredKeys();
+
         Set<JWSAlgorithm> getAlgorithms();
     }
 
@@ -74,7 +65,8 @@ public JWKSet getSigningKeys() {
     }
 
     @Override
-    public SignedJWT sign(JWTClaimsSet jwtClaimsSet) throws JOSEException {
+    @SneakyThrows
+    public SignedJWT sign(JWTClaimsSet jwtClaimsSet) {
         var jwks = new ArrayList<>(getAllSigningKeys());
 
         Collections.shuffle(jwks, this.random); // Randomly shuffle our active keys, so we pick an arbitrary one first
@@ -93,7 +85,7 @@ public SignedJWT sign(JWTClaimsSet jwtClaimsSet) throws JOSEException {
                     .stream()
                     .filter(selectedSigner.supportedJWSAlgorithms()::contains)
                     .findFirst();
-            if(firstSupportedAlgorithm.isEmpty()) {
+            if (firstSupportedAlgorithm.isEmpty()) {
                 // Signer does not support any of the signing algorithms; continue to a next key
                 continue;
             }
@@ -106,15 +98,16 @@ public SignedJWT sign(JWTClaimsSet jwtClaimsSet) throws JOSEException {
             signedJwt.sign(selectedSigner);
             return signedJwt;
         }
-        throw new IllegalStateException("No active signing keys support any of the configured algorithms (%s); algorithms that can be used by these keys are %s".formatted(
-                algorithms,
-                algorithmsSupportedByKeys
-        ));
+        throw new IllegalStateException(
+                "No active signing keys support any of the configured algorithms (%s); algorithms that can be used by these keys are %s".formatted(
+                        algorithms,
+                        algorithmsSupportedByKeys
+                ));
     }
 
     private ConcurrentLruCache<JWK, JWSSigner> signerCache;
 
-    private JWSSigner getJwsSigner(JWK jwk) throws JOSEException {
+    private JWSSigner getJwsSigner(JWK jwk) {
         if (signerCache == null) {
             signerCache = new ConcurrentLruCache<>(100,
                     key -> {

src/main/java/com/contentgrid/gateway/security/jwt/issuer/SignedJwtIssuer.java

@@ -47,13 +47,7 @@ public Mono<OAuth2Token> issueSubstitutionToken(ServerWebExchange exchange) {
                     }
                     return Mono.empty();
                 })
-                .flatMap(claims -> {
-                    try {
-                        return Mono.just(claimsSigner.sign(claims));
-                    } catch (JOSEException e) {
-                        return Mono.error(e);
-                    }
-                })
+                .flatMap(claims -> Mono.just(claimsSigner.sign(claims)))
                 .flatMap(signedJwt -> {
                     try {
                         var signedJwtClaims = signedJwt.getJWTClaimsSet().getClaims();

src/main/java/com/contentgrid/gateway/security/jwt/issuer/jwk/source/FilebasedJWKSetSource.java

@@ -103,6 +103,6 @@ private static JWK createFromSigningKey(Resource resource, Date expirationTime)
 
     @Override
     public void close() throws IOException {
-
+        // Nothing to close
     }
 }

src/testFixtures/java/com/contentgrid/gateway/test/security/jwt/SingleKeyJwtClaimsSigner.java

@@ -46,7 +46,8 @@ public JWKSet getSigningKeys() {
     }
 
     @Override
-    public SignedJWT sign(JWTClaimsSet jwtClaimsSet) throws JOSEException {
+    @SneakyThrows
+    public SignedJWT sign(JWTClaimsSet jwtClaimsSet) {
         var jwt = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(key.getKeyID()).build(), jwtClaimsSet);
         jwt.sign(new DefaultJWSSignerFactory().createJWSSigner(key));
         return jwt;