diff --git a/doc-checking-app-api/src/test/java/uk/gov/di/authentication/app/lambda/DocAppCallbackHandlerTest.java b/doc-checking-app-api/src/test/java/uk/gov/di/authentication/app/lambda/DocAppCallbackHandlerTest.java index bcb011c84d..89b93e73d3 100644 --- a/doc-checking-app-api/src/test/java/uk/gov/di/authentication/app/lambda/DocAppCallbackHandlerTest.java +++ b/doc-checking-app-api/src/test/java/uk/gov/di/authentication/app/lambda/DocAppCallbackHandlerTest.java @@ -145,7 +145,7 @@ void setUp() { cloudwatchMetricsService, noSessionOrchestrationService); when(configService.getLoginURI()).thenReturn(LOGIN_URL); - when(configService.getOidcApiBaseURL()).thenReturn(Optional.of(OIDC_BASE_URL)); + when(configService.getOidcApiBaseURL()).thenReturn(Optional.of(URI.create(OIDC_BASE_URL))); when(configService.getDocAppBackendURI()).thenReturn(CRI_URI); when(context.getAwsRequestId()).thenReturn(REQUEST_ID); when(cookieHelper.parseSessionCookie(anyMap())).thenCallRealMethod(); diff --git a/doc-checking-app-api/src/test/java/uk/gov/di/authentication/app/services/DocAppCriServiceTest.java b/doc-checking-app-api/src/test/java/uk/gov/di/authentication/app/services/DocAppCriServiceTest.java index 5c16014808..146b0ecb3e 100644 --- a/doc-checking-app-api/src/test/java/uk/gov/di/authentication/app/services/DocAppCriServiceTest.java +++ b/doc-checking-app-api/src/test/java/uk/gov/di/authentication/app/services/DocAppCriServiceTest.java @@ -80,7 +80,7 @@ void setUp() { when(configService.getAccessTokenExpiry()).thenReturn(300L); when(configService.getDocAppAuthorisationCallbackURI()).thenReturn(REDIRECT_URI); when(configService.getEnvironment()).thenReturn("test"); - when(configService.getDocAppJwksUri()).thenReturn(DOC_APP_JWKS_URI); + when(configService.getDocAppJwksURI()).thenReturn(DOC_APP_JWKS_URI); } @Nested diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/AuthenticationCallbackHandlerIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/AuthenticationCallbackHandlerIntegrationTest.java index d4ac21cdd2..18973bd5ac 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/AuthenticationCallbackHandlerIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/AuthenticationCallbackHandlerIntegrationTest.java @@ -975,6 +975,21 @@ public boolean isAccountInterventionServiceActionEnabled() { public boolean abortOnAccountInterventionsErrorResponse() { return this.abortOnAisErrorResponse; } + + @Override + public URI getBackChannelLogoutQueueUri() { + return URI.create("back-channel-logout-queue-uri"); + } + + @Override + public URI getIPVAudience() { + return URI.create("ipv-audience"); + } + + @Override + public URI getIPVAuthorisationCallbackURI() { + return URI.create("ipv-authorisation-callback-uri"); + } } private void setUpClientSession() throws Json.JsonException { diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/AuthorisationIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/AuthorisationIntegrationTest.java index 2f41efa906..d7009527d2 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/AuthorisationIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/AuthorisationIntegrationTest.java @@ -37,7 +37,6 @@ import uk.gov.di.orchestration.shared.entity.ValidScopes; import uk.gov.di.orchestration.shared.entity.VectorOfTrust; import uk.gov.di.orchestration.shared.helpers.IdGenerator; -import uk.gov.di.orchestration.shared.helpers.LocaleHelper; import uk.gov.di.orchestration.sharedtest.basetest.ApiGatewayHandlerIntegrationTest; import uk.gov.di.orchestration.sharedtest.extensions.DocAppJwksExtension; import uk.gov.di.orchestration.sharedtest.extensions.KmsKeyExtension; @@ -132,13 +131,7 @@ public String getTxmaAuditQueueUrl() { } @Override - public boolean isLanguageEnabled(LocaleHelper.SupportedLanguage supportedLanguage) { - return supportedLanguage.equals(LocaleHelper.SupportedLanguage.EN) - || supportedLanguage.equals(LocaleHelper.SupportedLanguage.CY); - } - - @Override - public URI getDocAppJwksUri() { + public URI getDocAppJwksURI() { try { return new URIBuilder() .setHost("localhost") diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/ClientRegistrationIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/ClientRegistrationIntegrationTest.java index 423989da7b..c7f829a47c 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/ClientRegistrationIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/ClientRegistrationIntegrationTest.java @@ -10,8 +10,10 @@ import uk.gov.di.orchestration.shared.entity.ClientType; import uk.gov.di.orchestration.shared.entity.ValidClaims; import uk.gov.di.orchestration.shared.serialization.Json; +import uk.gov.di.orchestration.shared.services.ConfigurationService; import uk.gov.di.orchestration.sharedtest.basetest.ApiGatewayHandlerIntegrationTest; +import java.net.URI; import java.util.List; import java.util.Map; import java.util.Optional; @@ -33,9 +35,12 @@ public class ClientRegistrationIntegrationTest extends ApiGatewayHandlerIntegrat private static final String VALID_PUBLIC_CERT = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxt91w8GsMDdklOpS8ZXAsIM1ztQZd5QT/bRCQahZJeS1a6Os4hbuKwzHlz52zfTNp7BL4RB/KOcRIPhOQLgqeyM+bVngRa1EIfTkugJHS2/gu2Xv0aelwvXj8FZgAPRPD+ps2wiV4tUehrFIsRyHZM3yOp9g6qapCcxF7l0E1PlVkKPcPNmxn2oFiqnP6ZThGbE+N2avdXHcySIqt/v6Hbmk8cDHzSExazW7j/XvA+xnp0nQ5m2GisCZul5If5edCTXD0tKzx/I/gtEG4gkv9kENWOt4grP8/0zjNAl2ac6kpRny3tY5RkKBKCOB1VHwq2lUTSNKs32O1BsA5ByyYQIDAQAB"; + private static final ConfigurationService CONFIGURATION_SERVICE = + new ClientRegistrationIntegrationTest.TestConfigurationService(); + @BeforeEach void setup() { - handler = new ClientRegistrationHandler(TXMA_ENABLED_CONFIGURATION_SERVICE); + handler = new ClientRegistrationHandler(CONFIGURATION_SERVICE); txmaAuditQueue.clear(); } @@ -96,4 +101,27 @@ void shouldCallRegisterEndpointAndReturn200( assertTxmaAuditEventsReceived(txmaAuditQueue, List.of(REGISTER_CLIENT_REQUEST_RECEIVED)); } + + protected static class TestConfigurationService extends IntegrationTestConfigurationService { + + public TestConfigurationService() { + super( + externalTokenSigner, + storageTokenSigner, + ipvPrivateKeyJwtSigner, + spotQueue, + docAppPrivateKeyJwtSigner, + configurationParameters); + } + + @Override + public String getTxmaAuditQueueUrl() { + return txmaAuditQueue.getQueueUrl(); + } + + @Override + public URI getBackChannelLogoutQueueUri() { + return URI.create("back-channel-logout-queue-uri"); + } + } } diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/DocAppAuthorizeHandlerIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/DocAppAuthorizeHandlerIntegrationTest.java index 541dddada7..ed32e489f7 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/DocAppAuthorizeHandlerIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/DocAppAuthorizeHandlerIntegrationTest.java @@ -182,7 +182,7 @@ public URI getDocAppAuthorisationCallbackURI() { } @Override - public URI getDocAppJwksUri() { + public URI getDocAppJwksURI() { try { return new URIBuilder() .setHost("localhost") diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/DocAppCallbackHandlerIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/DocAppCallbackHandlerIntegrationTest.java index 479ab0f37f..2f2de27a2d 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/DocAppCallbackHandlerIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/DocAppCallbackHandlerIntegrationTest.java @@ -264,8 +264,7 @@ void shouldSendAuthenticationErrorResponseToRPWhenCRIRequestReturns404() assertThat(response, hasStatus(302)); assertThat( response.getHeaders().get(ResponseHeaders.LOCATION), - startsWith( - TEST_CONFIGURATION_SERVICE.getDocAppAuthorisationCallbackURI().toString())); + startsWith(configurationService.getDocAppAuthorisationCallbackURI().toString())); assertThat( response.getHeaders().get(ResponseHeaders.LOCATION), containsString("error=access_denied&error_description=Not+found&state=")); @@ -414,11 +413,6 @@ public URI getDocAppAuthorisationCallbackURI() { return URI.create("http://localhost/redirect"); } - @Override - public String getDocAppCriDataEndpoint() { - return "/userinfo/v2"; - } - @Override public String getTxmaAuditQueueUrl() { return txmaAuditQueue.getQueueUrl(); diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/IPVAuthorisationHandlerIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/IPVAuthorisationHandlerIntegrationTest.java index f9af13806f..c38876b5f0 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/IPVAuthorisationHandlerIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/IPVAuthorisationHandlerIntegrationTest.java @@ -48,7 +48,7 @@ class IPVAuthorisationHandlerIntegrationTest extends ApiGatewayHandlerIntegratio private static final String CLIENT_NAME = "some-client-name"; private static final URI REDIRECT_URI = URI.create("http://localhost/redirect"); - private static final String INTERNAl_SECTOR_URI = "https://ipv/redirect"; + private static final URI INTERNAl_SECTOR_URI = URI.create("https://ipv/redirect"); private static final String TEST_EMAIL_ADDRESS = "test@emailtest.com"; private static final String IPV_CLIENT_ID = "ipv-client-id"; @@ -195,7 +195,7 @@ public String getIPVAuthEncryptionPublicKey() { } @Override - public String getInternalSectorUri() { + public URI getInternalSectorURI() { return INTERNAl_SECTOR_URI; } diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/IPVCallbackHandlerIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/IPVCallbackHandlerIntegrationTest.java index ec1a2db36b..eded90a8f1 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/IPVCallbackHandlerIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/IPVCallbackHandlerIntegrationTest.java @@ -36,8 +36,6 @@ import uk.gov.di.orchestration.shared.services.ConfigurationService; import uk.gov.di.orchestration.sharedtest.basetest.ApiGatewayHandlerIntegrationTest; import uk.gov.di.orchestration.sharedtest.extensions.IPVStubExtension; -import uk.gov.di.orchestration.sharedtest.extensions.KmsKeyExtension; -import uk.gov.di.orchestration.sharedtest.extensions.SnsTopicExtension; import uk.gov.di.orchestration.sharedtest.extensions.SqsQueueExtension; import uk.gov.di.orchestration.sharedtest.extensions.TokenSigningExtension; @@ -76,13 +74,7 @@ class IPVCallbackHandlerIntegrationTest extends ApiGatewayHandlerIntegrationTest protected final ConfigurationService configurationService = new IPVCallbackHandlerIntegrationTest.TestConfigurationService( - ipvStub, - auditTopic, - notificationsQueue, - auditSigningKey, - externalTokenSigner, - ipvPrivateKeyJwtSigner, - spotQueue); + ipvStub, externalTokenSigner, ipvPrivateKeyJwtSigner, spotQueue); private static final String CLIENT_ID = "test-client-id"; private static final String EMAIL = "joe.bloggs@digital.cabinet-office.gov.uk"; @@ -537,9 +529,6 @@ protected static class TestConfigurationService extends IntegrationTestConfigura public TestConfigurationService( IPVStubExtension ipvStub, - SnsTopicExtension auditEventTopic, - SqsQueueExtension notificationQueue, - KmsKeyExtension auditSigningKey, TokenSigningExtension tokenSigningKey, TokenSigningExtension ipvPrivateKeyJwtSigner, SqsQueueExtension spotQueue) { @@ -567,14 +556,13 @@ public URI getIPVBackendURI() { } @Override - public String getIPVAudience() { + public URI getIPVAudience() { try { return new URIBuilder() .setHost("localhost") .setPort(ipvStubExtension.getHttpPort()) .setScheme("http") - .build() - .toString(); + .build(); } catch (URISyntaxException e) { throw new RuntimeException(e); } @@ -604,5 +592,15 @@ public String getTxmaAuditQueueUrl() { public boolean isIPVNoSessionResponseEnabled() { return true; } + + @Override + public URI getBackChannelLogoutQueueUri() { + return URI.create("back-channel-logout-queue-uri"); + } + + @Override + public URI getAccountInterventionServiceURI() { + return URI.create("account-interventions-service-uri"); + } } } diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/LogoutIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/LogoutIntegrationTest.java index 26813a62af..7f899f2f5d 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/LogoutIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/LogoutIntegrationTest.java @@ -24,6 +24,7 @@ import uk.gov.di.orchestration.shared.entity.ServiceType; import uk.gov.di.orchestration.shared.helpers.NowHelper; import uk.gov.di.orchestration.shared.serialization.Json; +import uk.gov.di.orchestration.shared.services.ConfigurationService; import uk.gov.di.orchestration.sharedtest.basetest.ApiGatewayHandlerIntegrationTest; import uk.gov.di.orchestration.sharedtest.helper.TokenGeneratorHelper; @@ -52,10 +53,12 @@ public class LogoutIntegrationTest extends ApiGatewayHandlerIntegrationTest { public static final String REDIRECT_URL = "https://rp-build.build.stubs.account.gov.uk/"; public static final String SESSION_ID = "session-id"; public static final String CLIENT_SESSION_ID = "client-session-id"; + private static final ConfigurationService CONFIGURATION_SERVICE = + new LogoutIntegrationTest.TestConfigurationService(); @BeforeEach void setup() { - handler = new LogoutHandler(TXMA_ENABLED_CONFIGURATION_SERVICE); + handler = new LogoutHandler(CONFIGURATION_SERVICE); txmaAuditQueue.clear(); } @@ -273,4 +276,27 @@ private AuthenticationRequest generateAuthRequest(Nonce nonce) { .nonce(nonce) .build(); } + + protected static class TestConfigurationService extends IntegrationTestConfigurationService { + + public TestConfigurationService() { + super( + externalTokenSigner, + storageTokenSigner, + ipvPrivateKeyJwtSigner, + spotQueue, + docAppPrivateKeyJwtSigner, + configurationParameters); + } + + @Override + public String getTxmaAuditQueueUrl() { + return txmaAuditQueue.getQueueUrl(); + } + + @Override + public URI getBackChannelLogoutQueueUri() { + return URI.create("back-channel-logout-queue-uri"); + } + } } diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/OrchestrationToAuthenticationAuthorizeIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/OrchestrationToAuthenticationAuthorizeIntegrationTest.java index 4c99e22fc9..426b55e419 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/OrchestrationToAuthenticationAuthorizeIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/OrchestrationToAuthenticationAuthorizeIntegrationTest.java @@ -18,7 +18,6 @@ import uk.gov.di.orchestration.shared.entity.ClientType; import uk.gov.di.orchestration.shared.entity.ResponseHeaders; import uk.gov.di.orchestration.shared.entity.ServiceType; -import uk.gov.di.orchestration.shared.helpers.LocaleHelper; import uk.gov.di.orchestration.shared.services.ConfigurationService; import uk.gov.di.orchestration.sharedtest.basetest.ApiGatewayHandlerIntegrationTest; import uk.gov.di.orchestration.sharedtest.helper.KeyPairHelper; @@ -57,7 +56,8 @@ class OrchestrationToAuthenticationAuthorizeIntegrationTest private static final String AUTH_INTERNAL_CLIENT_ID = "authentication-orch-client-id"; private static final String RP_SECTOR_URI = "https://rp-sector-uri.com"; private static final String RP_REDIRECT_URI = "https://rp-uri/redirect"; - private static final String ORCHESTRATION_REDIRECT_URI = "https://orchestration/redirect"; + private static final URI ORCHESTRATION_REDIRECT_URI = + URI.create("https://orchestration/redirect"); private static final KeyPair KEY_PAIR = KeyPairHelper.GENERATE_RSA_KEY_PAIR(); private final String publicKey = "-----BEGIN PUBLIC KEY-----\n" @@ -295,7 +295,7 @@ private void validateStandardClaimsInJar(SignedJWT signedJWT) throws java.text.P equalTo(ServiceType.MANDATORY.toString())); assertThat( signedJWT.getJWTClaimsSet().getClaim("redirect_uri"), - equalTo(ORCHESTRATION_REDIRECT_URI)); + equalTo(ORCHESTRATION_REDIRECT_URI.toString())); assertThat(signedJWT.getJWTClaimsSet().getClaim("rp_client_id"), equalTo(CLIENT_ID)); assertThat( signedJWT.getJWTClaimsSet().getClaim("rp_sector_host"), @@ -357,19 +357,13 @@ public String getTxmaAuditQueueUrl() { return txmaAuditQueue.getQueueUrl(); } - @Override - public boolean isLanguageEnabled(LocaleHelper.SupportedLanguage supportedLanguage) { - return supportedLanguage.equals(LocaleHelper.SupportedLanguage.EN) - || supportedLanguage.equals(LocaleHelper.SupportedLanguage.CY); - } - @Override public String getOrchestrationClientId() { return AUTH_INTERNAL_CLIENT_ID; } @Override - public String getOrchestrationRedirectUri() { + public URI getOrchestrationRedirectURI() { return ORCHESTRATION_REDIRECT_URI; } diff --git a/integration-tests/src/test/java/uk/gov/di/authentication/api/ProcessingIdentityIntegrationTest.java b/integration-tests/src/test/java/uk/gov/di/authentication/api/ProcessingIdentityIntegrationTest.java index 7e183afb44..2177351f86 100644 --- a/integration-tests/src/test/java/uk/gov/di/authentication/api/ProcessingIdentityIntegrationTest.java +++ b/integration-tests/src/test/java/uk/gov/di/authentication/api/ProcessingIdentityIntegrationTest.java @@ -19,6 +19,7 @@ import uk.gov.di.orchestration.shared.entity.ServiceType; import uk.gov.di.orchestration.shared.entity.VectorOfTrust; import uk.gov.di.orchestration.shared.serialization.Json; +import uk.gov.di.orchestration.shared.services.ConfigurationService; import uk.gov.di.orchestration.sharedtest.basetest.ApiGatewayHandlerIntegrationTest; import uk.gov.di.orchestration.sharedtest.helper.SignedCredentialHelper; @@ -51,10 +52,12 @@ public class ProcessingIdentityIntegrationTest extends ApiGatewayHandlerIntegrat private static final String TEST_EMAIL_ADDRESS = "test@emailtest.com"; public static final Scope SCOPE = new Scope(OIDCScopeValue.OPENID); public static final State STATE = new State(); + private static final ConfigurationService CONFIGURATION_SERVICE = + new ProcessingIdentityIntegrationTest.TestConfigurationService(); @BeforeEach void setup() { - handler = new ProcessingIdentityHandler(TXMA_AND_AIS_ENABLED_CONFIGURATION_SERVICE); + handler = new ProcessingIdentityHandler(CONFIGURATION_SERVICE); txmaAuditQueue.clear(); } @@ -218,4 +221,32 @@ private byte[] setupUser() { userStore.signUp(TEST_EMAIL_ADDRESS, "password-1", INTERNAL_SUBJECT); return userStore.addSalt(TEST_EMAIL_ADDRESS); } + + protected static class TestConfigurationService extends IntegrationTestConfigurationService { + + public TestConfigurationService() { + super( + externalTokenSigner, + storageTokenSigner, + ipvPrivateKeyJwtSigner, + spotQueue, + docAppPrivateKeyJwtSigner, + configurationParameters); + } + + @Override + public String getTxmaAuditQueueUrl() { + return txmaAuditQueue.getQueueUrl(); + } + + @Override + public URI getBackChannelLogoutQueueUri() { + return URI.create("back-channel-logout-queue-uri"); + } + + @Override + public URI getAccountInterventionServiceURI() { + return URI.create("account-interventions-service-uri"); + } + } } diff --git a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/helpers/IPVCallbackHelper.java b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/helpers/IPVCallbackHelper.java index 8cb17df601..bcf92a1164 100644 --- a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/helpers/IPVCallbackHelper.java +++ b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/helpers/IPVCallbackHelper.java @@ -38,6 +38,7 @@ import uk.gov.di.orchestration.shared.services.SerializationService; import uk.gov.di.orchestration.shared.services.SessionService; +import java.net.URI; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -78,8 +79,8 @@ public IPVCallbackHelper(ConfigurationService configurationService) { this.sqsClient = new AwsSqsClient( configurationService.getAwsRegion(), - configurationService.getSpotQueueUri(), - configurationService.getSqsEndpointUri()); + configurationService.getSpotQueueURI().toString(), + configurationService.getSqsEndpointURI().map(URI::toString)); this.authCodeResponseService = new AuthCodeResponseGenerationService(configurationService, dynamoService); } @@ -145,9 +146,10 @@ public Optional validateUserIdentityResponse( .getValue() .equals(userIdentityUserInfo.getClaim(VOT.getValue()))) { var trustmarkURL = - buildURI( - configurationService.getOidcApiBaseURL().orElseThrow(), - "/trustmark") + configurationService + .getOidcApiBaseURL() + .map(uri -> buildURI(uri, "trustmark")) + .orElseThrow() .toString(); if (!trustmarkURL.equals(userIdentityUserInfo.getClaim(VTM.getValue()))) { LOG.warn("VTM does not contain expected trustmark URL"); @@ -251,11 +253,10 @@ public void queueSPOTRequest( .toJSONObject() .get(IdentityClaims.CORE_IDENTITY.getValue())) .withVtm( - buildURI( - configurationService - .getOidcApiBaseURL() - .orElseThrow(), - "/trustmark") + configurationService + .getOidcApiBaseURL() + .map(uri -> buildURI(uri, "trustmark")) + .orElseThrow() .toString()); var spotRequest = diff --git a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/IPVAuthorisationHandler.java b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/IPVAuthorisationHandler.java index 0c86487558..8b9e2f53db 100644 --- a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/IPVAuthorisationHandler.java +++ b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/IPVAuthorisationHandler.java @@ -132,7 +132,7 @@ public APIGatewayProxyResponseEvent handleRequestWithUserContext( var pairwiseSubject = ClientSubjectHelper.getSubjectWithSectorIdentifier( userContext.getUserProfile().orElseThrow(), - configurationService.getInternalSectorUri(), + configurationService.getInternalSectorURI().toString(), authenticationService); var state = new State(); var claimsSetRequest = buildIpvClaimsRequest(authRequest).orElse(null); @@ -184,7 +184,7 @@ public APIGatewayProxyResponseEvent handleRequestWithUserContext( new ClientNotFoundException( userContext.getSession())), authenticationService, - configurationService.getInternalSectorUri()) + configurationService.getInternalSectorURI().toString()) .getValue(); var user = diff --git a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/IPVCallbackHandler.java b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/IPVCallbackHandler.java index c26e6b37fa..29173d84d7 100644 --- a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/IPVCallbackHandler.java +++ b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/IPVCallbackHandler.java @@ -229,12 +229,12 @@ public APIGatewayProxyResponseEvent handleRequest( userProfile, clientRegistry, dynamoService, - configurationService.getInternalSectorUri()); + configurationService.getInternalSectorURI().toString()); var internalPairwiseSubjectId = ClientSubjectHelper.calculatePairwiseIdentifier( userProfile.getSubjectID(), - URI.create(configurationService.getInternalSectorUri()), + URI.create(configurationService.getInternalSectorURI().toString()), dynamoService.getOrGenerateSalt(userProfile)); var ipAddress = IpAddressHelper.extractIpAddress(input); @@ -395,7 +395,7 @@ public APIGatewayProxyResponseEvent handleRequest( ipvCallbackHelper.queueSPOTRequest( logIds, getSectorIdentifierForClient( - clientRegistry, configurationService.getInternalSectorUri()), + clientRegistry, configurationService.getInternalSectorURI().toString()), userProfile, rpPairwiseSubject, userIdentityUserInfo, diff --git a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/ProcessingIdentityHandler.java b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/ProcessingIdentityHandler.java index d76b57c85e..d6ba989cd1 100644 --- a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/ProcessingIdentityHandler.java +++ b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/lambda/ProcessingIdentityHandler.java @@ -111,11 +111,11 @@ public APIGatewayProxyResponseEvent handleRequestWithUserContext( userProfile, client, authenticationService, - configurationService.getInternalSectorUri()); + configurationService.getInternalSectorURI().toString()); var internalPairwiseSubjectId = ClientSubjectHelper.calculatePairwiseIdentifier( userProfile.getSubjectID(), - URI.create(configurationService.getInternalSectorUri()), + URI.create(configurationService.getInternalSectorURI().toString()), authenticationService.getOrGenerateSalt(userProfile)); int processingAttempts = userContext.getSession().incrementProcessingIdentityAttempts(); LOG.info( diff --git a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/services/IPVAuthorisationService.java b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/services/IPVAuthorisationService.java index 3600ac38e1..ffdb0e5df5 100644 --- a/ipv-api/src/main/java/uk/gov/di/authentication/ipv/services/IPVAuthorisationService.java +++ b/ipv-api/src/main/java/uk/gov/di/authentication/ipv/services/IPVAuthorisationService.java @@ -167,7 +167,7 @@ public EncryptedJWT constructRequestJWT( var claimsBuilder = new JWTClaimsSet.Builder() .issuer(configurationService.getIPVAuthorisationClientId()) - .audience(configurationService.getIPVAudience()) + .audience(configurationService.getIPVAudience().toString()) .expirationTime(expiryDate) .subject(subject.getValue()) .issueTime(nowClock.now()) diff --git a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/contract/IpvTokenTest.java b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/contract/IpvTokenTest.java index 49db43bddb..de262c8f52 100644 --- a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/contract/IpvTokenTest.java +++ b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/contract/IpvTokenTest.java @@ -71,7 +71,7 @@ public class IpvTokenTest { void setUp() { ipvTokenService = new IPVTokenService(configService, kmsConnectionService); when(configService.getIPVAuthorisationClientId()).thenReturn(CLIENT_ID.getValue()); - when(configService.getIPVAudience()).thenReturn(IPV_URI.toString()); + when(configService.getIPVAudience()).thenReturn(IPV_URI); when(configService.getIPVTokenSigningKeyAlias()).thenReturn(KEY_ID); when(kmsConnectionService.sign(any(SignRequest.class))).thenReturn(mockKmsReturn()); } diff --git a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/helpers/IPVCallbackHelperTest.java b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/helpers/IPVCallbackHelperTest.java index 85bb57044b..74d13dba2b 100644 --- a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/helpers/IPVCallbackHelperTest.java +++ b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/helpers/IPVCallbackHelperTest.java @@ -87,8 +87,8 @@ class IPVCallbackHelperTest { private final SessionService sessionService = mock(SessionService.class); private final AwsSqsClient sqsClient = mock(AwsSqsClient.class); - private static final String OIDC_BASE_URL = "https://base-url.com"; - private static final String INTERNAL_SECTOR_URI = "https://test.account.gov.uk"; + private static final URI OIDC_BASE_URL = URI.create("https://base-url.com"); + private static final URI INTERNAL_SECTOR_URI = URI.create("https://test.account.gov.uk"); private static final URI REDIRECT_URI = URI.create("test-uri"); private static final String SESSION_ID = "a-session-id"; private static final String CLIENT_SESSION_ID = "a-client-session-id"; @@ -172,7 +172,7 @@ void setUp() { anyString(), anyString(), any(ClientSession.class))) .thenReturn(AUTH_CODE); when(configurationService.getOidcApiBaseURL()).thenReturn(Optional.of(OIDC_BASE_URL)); - when(configurationService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configurationService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); } @Test diff --git a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/IPVAuthorisationHandlerTest.java b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/IPVAuthorisationHandlerTest.java index 22f416c1fb..8a4b336f25 100644 --- a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/IPVAuthorisationHandlerTest.java +++ b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/IPVAuthorisationHandlerTest.java @@ -123,7 +123,7 @@ public class IPVAuthorisationHandlerTest { private static final URI IPV_CALLBACK_URI = URI.create("http://localhost/oidc/ipv/callback"); private static final URI IPV_AUTHORISATION_URI = URI.create("http://localhost/ipv/authorize"); private static final String EMAIL_ADDRESS = "test@test.com"; - private static final String INTERNAL_SECTOR_URI = "https://ipv.account.gov.uk"; + private static final URI INTERNAL_SECTOR_URI = URI.create("https://ipv.account.gov.uk"); private final String expectedCommonSubject = ClientSubjectHelper.calculatePairwiseIdentifier( SUBJECT_ID, "test.account.gov.uk", SaltHelper.generateNewSalt()); @@ -166,7 +166,7 @@ void setup() { when(authenticationService.getUserProfileFromEmail(EMAIL_ADDRESS)) .thenReturn(Optional.of(userProfile)); when(authenticationService.getOrGenerateSalt(userProfile)).thenReturn(SALT.array()); - when(configService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); when(configService.isIdentityEnabled()).thenReturn(true); when(configService.getEnvironment()).thenReturn(ENVIRONMENT); } diff --git a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/IPVCallbackHandlerTest.java b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/IPVCallbackHandlerTest.java index b512005bb2..90ee0ff435 100644 --- a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/IPVCallbackHandlerTest.java +++ b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/IPVCallbackHandlerTest.java @@ -131,8 +131,8 @@ class IPVCallbackHandlerTest { private final AuditService auditService = mock(AuditService.class); private final AwsSqsClient awsSqsClient = mock(AwsSqsClient.class); private static final URI LOGIN_URL = URI.create("https://example.com"); - private static final String OIDC_BASE_URL = "https://base-url.com"; - private static final String INTERNAL_SECTOR_URI = "https://test.account.gov.uk"; + private static final URI OIDC_BASE_URL = URI.create("https://base-url.com"); + private static final URI INTERNAL_SECTOR_URI = URI.create("https://test.account.gov.uk"); private static final AuthorizationCode AUTH_CODE = new AuthorizationCode(); private static final String COOKIE = "Cookie"; private static final String SESSION_ID = "a-session-id"; @@ -265,7 +265,7 @@ void setUp() { when(configService.getLoginURI()).thenReturn(LOGIN_URL); when(configService.getOidcApiBaseURL()).thenReturn(Optional.of(OIDC_BASE_URL)); when(configService.getIPVBackendURI()).thenReturn(IPV_URI); - when(configService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); when(configService.isIdentityEnabled()).thenReturn(true); when(configService.isAccountInterventionServiceActionEnabled()).thenReturn(true); when(context.getAwsRequestId()).thenReturn(REQUEST_ID); @@ -332,7 +332,9 @@ void shouldMakeAISCallAndReturnAccessDeniedErrorToRPWhenP0() assertEquals(expectedURI, response.getHeaders().get(ResponseHeaders.LOCATION)); var expectedInternalPairwiseSubjectId = ClientSubjectHelper.getSubjectWithSectorIdentifier( - userProfile, configService.getInternalSectorUri(), dynamoService) + userProfile, + configService.getInternalSectorURI().toString(), + dynamoService) .getValue(); verify(accountInterventionService) .getAccountIntervention( @@ -532,7 +534,7 @@ void shouldInvokeSPOTAndRedirectToFrontendCallbackForSuccessfulResponseAtP2( assertEquals(expectedRedirectURI.toString(), response.getHeaders().get("Location")); var expectedRpPairwiseSub = ClientSubjectHelper.getSubject( - userProfile, clientRegistry, dynamoService, INTERNAL_SECTOR_URI); + userProfile, clientRegistry, dynamoService, INTERNAL_SECTOR_URI.toString()); verify(ipvCallbackHelper) .queueSPOTRequest( any(), @@ -676,7 +678,9 @@ void shouldMakeAISCallBeforeRedirectingToRpWhenAuthResponseContainsError() { var expectedInternalPairwiseSubjectId = ClientSubjectHelper.getSubjectWithSectorIdentifier( - userProfile, configService.getInternalSectorUri(), dynamoService) + userProfile, + configService.getInternalSectorURI().toString(), + dynamoService) .getValue(); assertThat(response, hasStatus(302)); diff --git a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/ProcessingIdentityHandlerTest.java b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/ProcessingIdentityHandlerTest.java index 10ba087a99..abea156da3 100644 --- a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/ProcessingIdentityHandlerTest.java +++ b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/lambda/ProcessingIdentityHandlerTest.java @@ -83,12 +83,10 @@ class ProcessingIdentityHandlerTest { private static final String SUBJECT_ID = new Subject("subject-id-3").getValue(); private static final ByteBuffer SALT = ByteBuffer.wrap("a-test-salt".getBytes(StandardCharsets.UTF_8)); - private static final String INTERNAL_SECTOR_URI = "https://test.account.gov.uk"; + private static final URI INTERNAL_SECTOR_URI = URI.create("https://test.account.gov.uk"); private static final String PAIRWISE_SUBJECT = ClientSubjectHelper.calculatePairwiseIdentifier( - SUBJECT_ID, - URI.create(INTERNAL_SECTOR_URI), - SdkBytes.fromByteBuffer(SALT).asByteArray()); + SUBJECT_ID, INTERNAL_SECTOR_URI, SdkBytes.fromByteBuffer(SALT).asByteArray()); private static final URI REDIRECT_URI = URI.create("http://localhost/oidc/redirect"); private static final String ENVIRONMENT = "test-environment"; @@ -120,7 +118,7 @@ void setup() { .thenReturn(Optional.of(userProfile)); when(dynamoService.getOrGenerateSalt(userProfile)).thenReturn(SALT.array()); when(configurationService.getEnvironment()).thenReturn(ENVIRONMENT); - when(configurationService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configurationService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); Map headers = new HashMap<>(); headers.put(CLIENT_SESSION_ID_HEADER, CLIENT_SESSION_ID); headers.put(SESSION_ID_HEADER, SESSION_ID); diff --git a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/services/IPVAuthorisationServiceTest.java b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/services/IPVAuthorisationServiceTest.java index 2651a0d872..05d7cceb9e 100644 --- a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/services/IPVAuthorisationServiceTest.java +++ b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/services/IPVAuthorisationServiceTest.java @@ -96,7 +96,7 @@ void setUp() throws Json.JsonException { when(configurationService.getIPVAuthorisationClientId()).thenReturn(IPV_CLIENT_ID); when(configurationService.getIPVAuthorisationCallbackURI()).thenReturn(IPV_CALLBACK_URI); when(configurationService.getIPVAuthorisationURI()).thenReturn(IPV_AUTHORISATION_URI); - when(configurationService.getIPVAudience()).thenReturn(IPV_URI.toString()); + when(configurationService.getIPVAudience()).thenReturn(IPV_URI); var keyPair = generateRsaKeyPair(); privateKey = keyPair.getPrivate(); var certpem = diff --git a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/services/IPVTokenServiceTest.java b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/services/IPVTokenServiceTest.java index 95aa18f280..b45f726dc0 100644 --- a/ipv-api/src/test/java/uk/gov/di/authentication/ipv/services/IPVTokenServiceTest.java +++ b/ipv-api/src/test/java/uk/gov/di/authentication/ipv/services/IPVTokenServiceTest.java @@ -92,7 +92,7 @@ void setUp() { when(configService.getIPVAuthorisationClientId()).thenReturn(CLIENT_ID.getValue()); when(configService.getAccessTokenExpiry()).thenReturn(300L); when(configService.getIPVAuthorisationCallbackURI()).thenReturn(REDIRECT_URI); - when(configService.getIPVAudience()).thenReturn(IPV_URI.toString()); + when(configService.getIPVAudience()).thenReturn(IPV_URI); } @Test diff --git a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandler.java b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandler.java index 59b300311a..e238c48b33 100644 --- a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandler.java +++ b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandler.java @@ -579,7 +579,7 @@ private APIGatewayProxyResponseEvent generateAuthRedirect( var expiryDate = NowHelper.nowPlus(3, ChronoUnit.MINUTES); var rpSectorIdentifierHost = ClientSubjectHelper.getSectorIdentifierForClient( - client, configurationService.getInternalSectorUri()); + client, configurationService.getInternalSectorURI().toString()); var state = new State(); orchestrationAuthorizationService.storeState(session.getSessionId(), state); String reauthenticateClaim; @@ -619,7 +619,7 @@ private APIGatewayProxyResponseEvent generateAuthRedirect( .claim("confidence", confidence) .claim("state", state.getValue()) .claim("client_id", configurationService.getOrchestrationClientId()) - .claim("redirect_uri", configurationService.getOrchestrationRedirectUri()) + .claim("redirect_uri", configurationService.getOrchestrationRedirectURI()) .claim("reauthenticate", reauthenticateClaim); var claimsSetRequest = @@ -757,14 +757,14 @@ private List handleCookies( session.getSessionId() + "." + clientSessionId, configurationService.getSessionCookieMaxAge(), configurationService.getSessionCookieAttributes(), - configurationService.getDomainName())); + configurationService.getDomainName().toString())); cookies.add( CookieHelper.buildCookieString( CookieHelper.PERSISTENT_COOKIE_NAME, persistentSessionId, configurationService.getPersistentCookieMaxAge(), configurationService.getSessionCookieAttributes(), - configurationService.getDomainName())); + configurationService.getDomainName().toString())); getPrimaryLanguageFromUILocales(authRequest, configurationService) .ifPresent( diff --git a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/BackChannelLogoutRequestHandler.java b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/BackChannelLogoutRequestHandler.java index 89b88839ac..5797cbd984 100644 --- a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/BackChannelLogoutRequestHandler.java +++ b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/BackChannelLogoutRequestHandler.java @@ -102,7 +102,7 @@ public JWTClaimsSet generateClaims(BackChannelLogoutMessage inputEvent) { .audience(inputEvent.getClientId()) .subject(inputEvent.getSubjectId()) .expirationTime(clock.nowPlus(2, ChronoUnit.MINUTES)) - .issuer(instance.getOidcApiBaseURL().orElseThrow()) + .issuer(instance.getOidcApiBaseURL().orElseThrow().toString()) .issueTime(clock.now()) .claim( "events", diff --git a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/TokenHandler.java b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/TokenHandler.java index 69435640ce..a346d12114 100644 --- a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/TokenHandler.java +++ b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/TokenHandler.java @@ -387,11 +387,11 @@ private OIDCTokenResponse getTokenResponse( userProfile, clientRegistry, dynamoService, - configurationService.getInternalSectorUri()); + configurationService.getInternalSectorURI().toString()); Subject internalPairwiseSubject = ClientSubjectHelper.getSubjectWithSectorIdentifier( userProfile, - configurationService.getInternalSectorUri(), + configurationService.getInternalSectorURI().toString(), dynamoService); tokenResponse = segmentedFunctionCall( diff --git a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/TrustMarkHandler.java b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/TrustMarkHandler.java index 5dadffc8ad..553b1dfb02 100644 --- a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/TrustMarkHandler.java +++ b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/TrustMarkHandler.java @@ -13,6 +13,7 @@ import uk.gov.di.orchestration.shared.serialization.Json.JsonException; import uk.gov.di.orchestration.shared.services.ConfigurationService; +import java.net.URI; import java.util.Arrays; import java.util.NoSuchElementException; @@ -55,8 +56,8 @@ public APIGatewayProxyResponseEvent trustmarkRequestHandler( private TrustMarkResponse createTrustMarkResponse() { return new TrustMarkResponse( - configurationService.getOidcApiBaseURL().orElseThrow(), - configurationService.getOidcApiBaseURL().orElseThrow(), + configurationService.getOidcApiBaseURL().map(URI::toString).orElseThrow(), + configurationService.getOidcApiBaseURL().map(URI::toString).orElseThrow(), Arrays.asList( CredentialTrustLevel.LOW_LEVEL.getValue(), CredentialTrustLevel.MEDIUM_LEVEL.getValue()), diff --git a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/WellknownHandler.java b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/WellknownHandler.java index d3e6a7a823..53a2fb99f6 100644 --- a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/WellknownHandler.java +++ b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/WellknownHandler.java @@ -100,7 +100,7 @@ private String constructProviderMetadata(ConfigurationService configService) { oidcMetadata.setCustomParameter( "trustmarks", buildURI(baseUrl, "/trustmark").toString()); - var frontendUrl = configService.getFrontendBaseUrl(); + var frontendUrl = configService.getFrontendBaseURL(); oidcMetadata.setPolicyURI(buildURI(frontendUrl, "privacy-notice")); oidcMetadata.setTermsOfServiceURI(buildURI(frontendUrl, "terms-and-conditions")); diff --git a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/services/InitiateIPVAuthorisationService.java b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/services/InitiateIPVAuthorisationService.java index 5f91927178..240cfac888 100644 --- a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/services/InitiateIPVAuthorisationService.java +++ b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/services/InitiateIPVAuthorisationService.java @@ -148,7 +148,8 @@ private ClaimsSetRequest buildIpvClaimsRequest( AccessToken storageToken = tokenService.generateStorageToken(internalPairwiseSubject); claimsSetRequest.add( - new ClaimsSetRequest.Entry(configurationService.getStorageTokenClaimName()) + new ClaimsSetRequest.Entry( + configurationService.getStorageTokenClaimName().toString()) .withValues(List.of(storageToken.getValue()))); } diff --git a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/services/UserInfoService.java b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/services/UserInfoService.java index 1994153c83..cd40f2906b 100644 --- a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/services/UserInfoService.java +++ b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/services/UserInfoService.java @@ -69,7 +69,7 @@ public String calculateSubjectForAudit(AccessTokenInfo accessTokenInfo) { accessTokenInfo.getAccessTokenStore().getInternalSubjectId()); return ClientSubjectHelper.getSubjectWithSectorIdentifier( userProfile, - configurationService.getInternalSectorUri(), + configurationService.getInternalSectorURI().toString(), authenticationService) .getValue(); } @@ -219,7 +219,7 @@ private String calculateWalletSubjectID(AccessTokenInfo accessTokenInfo) () -> new ClientNotFoundException(accessTokenInfo.getClientID())); var sectorID = ClientSubjectHelper.getSectorIdentifierForClient( - client, configurationService.getInternalSectorUri()); + client, configurationService.getInternalSectorURI().toString()); var commonSubjectID = accessTokenInfo.getAccessTokenStore().getInternalPairwiseSubjectId(); return ClientSubjectHelper.calculateWalletSubjectIdentifier(sectorID, commonSubjectID); } diff --git a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/validators/RequestObjectAuthorizeValidator.java b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/validators/RequestObjectAuthorizeValidator.java index 5b8f324fb7..0f77110d8b 100644 --- a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/validators/RequestObjectAuthorizeValidator.java +++ b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/validators/RequestObjectAuthorizeValidator.java @@ -135,6 +135,7 @@ public Optional validate(AuthenticationRequest authRequest) { buildURI( configurationService .getOidcApiBaseURL() + .map(URI::toString) .orElseThrow(), "/authorize") .toString())) { diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/AuthCodeHandlerTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/AuthCodeHandlerTest.java index 15d047a8a6..8ee4cd477a 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/AuthCodeHandlerTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/AuthCodeHandlerTest.java @@ -123,7 +123,7 @@ class AuthCodeHandlerTest { private static final String PERSISTENT_SESSION_ID = IdGenerator.generate(); private static final String EMAIL = "joe.bloggs@digital.cabinet-office.gov.uk"; private static final URI REDIRECT_URI = URI.create("http://localhost/redirect"); - private static final String INTERNAL_SECTOR_URI = "https://test.account.gov.uk"; + private static final URI INTERNAL_SECTOR_URI = URI.create("https://test.account.gov.uk"); private static final Subject SUBJECT = new Subject(); private static final String DOC_APP_SUBJECT_ID = "docAppSubjectId"; private static final ClientID CLIENT_ID = new ClientID(); @@ -171,7 +171,7 @@ void setUp() throws UserNotFoundException, ClientNotFoundException { dynamoClientService); when(context.getAwsRequestId()).thenReturn("aws-session-id"); when(configurationService.getEnvironment()).thenReturn("unit-test"); - when(configurationService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configurationService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); when(authCodeResponseService.getSubjectId(session)).thenReturn(SUBJECT.getValue()); when(authCodeResponseService.getRpPairwiseId(session, CLIENT_ID, dynamoClientService)) .thenReturn( diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandlerTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandlerTest.java index 015f13df57..56c97c3547 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandlerTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandlerTest.java @@ -163,6 +163,8 @@ class AuthorisationHandlerTest { private static final String EXPECTED_LANGUAGE_COOKIE_STRING = "lng=en; Max-Age=31536000; Domain=auth.ida.digital.cabinet-office.gov.uk; Secure; HttpOnly;"; private static final URI LOGIN_URL = URI.create("https://example.com"); + private static final URI INTERNAL_SECTORD_URI = + URI.create("https://https://identity.example.gov.uk"); private static final String ERROR_PAGE_REDIRECT_PATH = "error"; private static final String AWS_REQUEST_ID = "aws-request-id"; private static final ClientID CLIENT_ID = new ClientID("test-id"); @@ -223,6 +225,7 @@ public void setUp() { when(configService.getSessionCookieAttributes()).thenReturn("Secure; HttpOnly;"); when(configService.getSessionCookieMaxAge()).thenReturn(3600); when(configService.getPersistentCookieMaxAge()).thenReturn(34190000); + when(configService.getInternalSectorURI()).thenReturn(INTERNAL_SECTORD_URI); when(configService.isIdentityEnabled()).thenReturn(true); when(queryParamsAuthorizeValidator.validate(any(AuthenticationRequest.class))) .thenReturn(Optional.empty()); diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/BackChannelLogoutRequestHandlerTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/BackChannelLogoutRequestHandlerTest.java index 109127d4a3..0b4994a81f 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/BackChannelLogoutRequestHandlerTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/BackChannelLogoutRequestHandlerTest.java @@ -72,7 +72,7 @@ void shouldSendRequestToRelyingPartyEndpoint() { when(jwt.serialize()).thenReturn("serialized-payload"); when(configuration.getOidcApiBaseURL()) - .thenReturn(Optional.of("https://base-url.account.gov.uk")); + .thenReturn(Optional.of(URI.create("https://base-url.account.gov.uk"))); when(tokenService.generateSignedJwtUsingExternalKey( any(JWTClaimsSet.class), eq(Optional.of("logout+jwt")), eq(ES256))) .thenReturn(jwt); @@ -86,7 +86,7 @@ void shouldSendRequestToRelyingPartyEndpoint() { @Test void shouldCreateClaimsForBackChannelLogoutMessage() throws ParseException { when(configuration.getOidcApiBaseURL()) - .thenReturn(Optional.of("https://base-url.account.gov.uk")); + .thenReturn(Optional.of(URI.create("https://base-url.account.gov.uk"))); var jwt = handler.generateClaims( diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/LogoutHandlerTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/LogoutHandlerTest.java index 7a45d37e86..46606942c5 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/LogoutHandlerTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/LogoutHandlerTest.java @@ -67,7 +67,7 @@ class LogoutHandlerTest { private static final State STATE = new State(); private static final String COOKIE = "Cookie"; - private static final String INTERNAL_SECTOR_URI = "https://test.account.gov.uk"; + private static final URI INTERNAL_SECTOR_URI = URI.create("https://test.account.gov.uk"); private static final String SESSION_ID = IdGenerator.generate(); private static final String CLIENT_SESSION_ID = IdGenerator.generate(); private static final String ARBITRARY_UNIX_TIMESTAMP = "1700558480962"; @@ -109,7 +109,7 @@ void setUp() throws JOSEException, ParseException { cloudwatchMetricsService, logoutService); when(configurationService.getDefaultLogoutURI()).thenReturn(DEFAULT_LOGOUT_URI); - when(configurationService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configurationService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); when(logoutService.generateLogoutResponse(any(), any(), any(), any(), any())) .thenReturn(new APIGatewayProxyResponseEvent()); when(logoutService.generateErrorLogoutResponse(any(), any(), any(), any())) diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/TokenHandlerTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/TokenHandlerTest.java index ae4b9c8381..77a4773dce 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/TokenHandlerTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/TokenHandlerTest.java @@ -111,7 +111,7 @@ public class TokenHandlerTest { private static final String RP_SECTOR_URI = "https://test.com"; private static final String RP_SECTOR_HOST = "test.com"; - private static final String INTERNAL_SECTOR_URI = "https://test.account.gov.uk"; + private static final URI INTERNAL_SECTOR_URI = URI.create("https://test.account.gov.uk"); private static final String INTERNAL_SECTOR_HOST = "test.account.gov.uk"; private static final Subject INTERNAL_SUBJECT = new Subject(); private static final Subject RP_PAIRWISE_SUBJECT = @@ -159,8 +159,9 @@ public class TokenHandlerTest { @BeforeEach void setUp() { - when(configurationService.getOidcApiBaseURL()).thenReturn(Optional.of(BASE_URI)); - when(configurationService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configurationService.getOidcApiBaseURL()) + .thenReturn(Optional.of(URI.create(BASE_URI))); + when(configurationService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); when(configurationService.getSessionExpiry()).thenReturn(1234L); when(dynamoService.getOrGenerateSalt(any())).thenCallRealMethod(); handler = diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/TrustMarkHandlerTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/TrustMarkHandlerTest.java index 6172bf7f9e..a0bc3156e0 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/TrustMarkHandlerTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/TrustMarkHandlerTest.java @@ -12,6 +12,7 @@ import uk.gov.di.orchestration.shared.services.ConfigurationService; import uk.gov.di.orchestration.shared.services.SerializationService; +import java.net.URI; import java.util.List; import java.util.Optional; @@ -25,14 +26,14 @@ class TrustMarkHandlerTest { private final ConfigurationService configurationService = mock(ConfigurationService.class); private final Context context = mock(Context.class); - private static final String BASE_URL = "https://example.com"; + private static final URI BASE_URL = URI.create("https://example.com"); private TrustMarkHandler handler; private final Json objectMapper = SerializationService.getInstance(); @BeforeEach public void setUp() { handler = new TrustMarkHandler(configurationService); - Optional baseUrl = Optional.of(BASE_URL); + var baseUrl = Optional.of(BASE_URL); when(configurationService.getOidcApiBaseURL()).thenReturn(baseUrl); } @@ -40,8 +41,8 @@ public void setUp() { void shouldReturn200WhenRequestIsSuccessful() throws Json.JsonException { TrustMarkResponse trustMarkResponse = new TrustMarkResponse( - configurationService.getOidcApiBaseURL().orElseThrow(), - configurationService.getOidcApiBaseURL().orElseThrow(), + configurationService.getOidcApiBaseURL().map(URI::toString).orElseThrow(), + configurationService.getOidcApiBaseURL().map(URI::toString).orElseThrow(), List.of( CredentialTrustLevel.LOW_LEVEL.getValue(), CredentialTrustLevel.MEDIUM_LEVEL.getValue()), diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/WellknownHandlerTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/WellknownHandlerTest.java index 8785a8c003..278ca23cb9 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/WellknownHandlerTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/lambda/WellknownHandlerTest.java @@ -12,6 +12,7 @@ import uk.gov.di.orchestration.shared.entity.ValidClaims; import uk.gov.di.orchestration.shared.services.ConfigurationService; +import java.net.URI; import java.util.List; import java.util.Optional; @@ -76,8 +77,9 @@ void shouldThrowExceptionWhenBaseUrlIsMissing() { } private APIGatewayProxyResponseEvent getWellKnown() { - when(configService.getOidcApiBaseURL()).thenReturn(Optional.of("http://localhost:8080")); - when(configService.getFrontendBaseUrl()).thenReturn("http://localhost:8081"); + when(configService.getOidcApiBaseURL()) + .thenReturn(Optional.of(URI.create("http://localhost:8080"))); + when(configService.getFrontendBaseURL()).thenReturn(URI.create("http://localhost:8081")); WellknownHandler handler = new WellknownHandler(configService); APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent(); diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/InitiateIPVAuthorisationServiceTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/InitiateIPVAuthorisationServiceTest.java index b9cb6d1d1f..2dbc7f4726 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/InitiateIPVAuthorisationServiceTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/InitiateIPVAuthorisationServiceTest.java @@ -73,7 +73,7 @@ public class InitiateIPVAuthorisationServiceTest { private static final String PERSISTENT_SESSION_ID = "a-persistent-session-id"; private static final String CLIENT_ID = "test-client-id"; private static final List LEVELS_OF_CONFIDENCE = List.of("P0", "P2"); - private static final String INTERNAL_SECTOR_URI = "https://ipv.account.gov.uk"; + private static final URI INTERNAL_SECTOR_URI = URI.create("https://ipv.account.gov.uk"); private static final String SESSION_ID = "a-session-id"; private static final String IPV_CLIENT_ID = "ipv-client-id"; private static final URI REDIRECT_URI = URI.create("http://localhost/oidc/redirect"); @@ -134,13 +134,13 @@ void setup() { event.setRequestContext(contextWithSourceIp(IP_ADDRESS)); when(configService.getIPVAuthorisationClientId()).thenReturn(IPV_CLIENT_ID); - when(configService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); when(configService.isIdentityEnabled()).thenReturn(true); when(configService.getIPVAuthorisationURI()).thenReturn(IPV_AUTHORISATION_URI); when(configService.getEnvironment()).thenReturn(ENVIRONMENT); when(configService.sendStorageTokenToIpvEnabled()).thenReturn(true); when(configService.getStorageTokenClaimName()) - .thenReturn("https://vocab.account.gov.uk/v1/storageAccessToken"); + .thenReturn(URI.create("https://vocab.account.gov.uk/v1/storageAccessToken")); AccessToken storageToken = new BearerAccessToken(SERIALIZED_JWT, 180, null); when(tokenService.generateStorageToken(any())).thenReturn(storageToken); } diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/RequestObjectAuthorizeValidatorTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/RequestObjectAuthorizeValidatorTest.java index f62713b8e4..40a92d93e1 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/RequestObjectAuthorizeValidatorTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/RequestObjectAuthorizeValidatorTest.java @@ -52,7 +52,7 @@ class RequestObjectAuthorizeValidatorTest { private static final State STATE = new State(); private static final Nonce NONCE = new Nonce(); private static final ClientID CLIENT_ID = new ClientID("test-id"); - private static final String OIDC_BASE_URI = "https://localhost"; + private static final URI OIDC_BASE_URI = URI.create("https://localhost"); private static final String AUDIENCE = "https://localhost/authorize"; private RequestObjectAuthorizeValidator service; diff --git a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/UserInfoServiceTest.java b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/UserInfoServiceTest.java index 2178fbf952..349a714b3b 100644 --- a/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/UserInfoServiceTest.java +++ b/oidc-api/src/test/java/uk/gov/di/authentication/oidc/services/UserInfoServiceTest.java @@ -44,6 +44,7 @@ import uk.gov.di.orchestration.sharedtest.helper.TokenGeneratorHelper; import uk.gov.di.orchestration.sharedtest.logging.CaptureLoggingExtension; +import java.net.URI; import java.time.LocalDateTime; import java.time.temporal.ChronoUnit; import java.util.List; @@ -74,7 +75,7 @@ class UserInfoServiceTest { private final ConfigurationService configurationService = mock(ConfigurationService.class); private final CloudwatchMetricsService cloudwatchMetricsService = mock(CloudwatchMetricsService.class); - private static final String INTERNAL_SECTOR_URI = "https://test.account.gov.uk"; + private static final URI INTERNAL_SECTOR_URI = URI.create("https://test.account.gov.uk"); private static final Subject INTERNAL_SUBJECT = new Subject("internal-subject"); private static final Subject INTERNAL_PAIRWISE_SUBJECT = new Subject("test-subject"); private static final Subject SUBJECT = new Subject("some-subject"); @@ -119,7 +120,7 @@ void setUp() { cloudwatchMetricsService, configurationService, userInfoStorageService); - when(configurationService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configurationService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); when(configurationService.getEnvironment()).thenReturn("test"); } diff --git a/orchestration-shared-test/src/main/java/uk/gov/di/orchestration/sharedtest/basetest/DynamoTestConfiguration.java b/orchestration-shared-test/src/main/java/uk/gov/di/orchestration/sharedtest/basetest/DynamoTestConfiguration.java index fa175d48d6..86fca16e73 100644 --- a/orchestration-shared-test/src/main/java/uk/gov/di/orchestration/sharedtest/basetest/DynamoTestConfiguration.java +++ b/orchestration-shared-test/src/main/java/uk/gov/di/orchestration/sharedtest/basetest/DynamoTestConfiguration.java @@ -2,6 +2,7 @@ import uk.gov.di.orchestration.shared.services.ConfigurationService; +import java.net.URI; import java.util.Optional; public class DynamoTestConfiguration extends ConfigurationService { @@ -27,7 +28,7 @@ public String getEnvironment() { } @Override - public Optional getDynamoEndpointUri() { - return Optional.of(dynamoDbUri); + public Optional getDynamoEndpointURI() { + return Optional.of(URI.create(dynamoDbUri)); } } diff --git a/orchestration-shared-test/src/main/java/uk/gov/di/orchestration/sharedtest/basetest/IntegrationTest.java b/orchestration-shared-test/src/main/java/uk/gov/di/orchestration/sharedtest/basetest/IntegrationTest.java index bbe16ffb47..cd352099f6 100644 --- a/orchestration-shared-test/src/main/java/uk/gov/di/orchestration/sharedtest/basetest/IntegrationTest.java +++ b/orchestration-shared-test/src/main/java/uk/gov/di/orchestration/sharedtest/basetest/IntegrationTest.java @@ -298,13 +298,13 @@ public String getDocAppTokenSigningKeyAlias() { } @Override - public String getFrontendBaseUrl() { - return "http://localhost:3000/reset-password?code="; + public URI getFrontendBaseURL() { + return URI.create("http://localhost:3000/reset-password?code="); } @Override - public String getSpotQueueUri() { - return spotQueue.getQueueUrl(); + public URI getSpotQueueURI() { + return URI.create(spotQueue.getQueueUrl()); } @Override diff --git a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/dynamodb/DynamoClientHelper.java b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/dynamodb/DynamoClientHelper.java index 97cadf411f..dcd59f6fb3 100644 --- a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/dynamodb/DynamoClientHelper.java +++ b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/dynamodb/DynamoClientHelper.java @@ -6,8 +6,6 @@ import software.amazon.awssdk.services.dynamodb.DynamoDbClient; import uk.gov.di.orchestration.shared.services.ConfigurationService; -import java.net.URI; - public class DynamoClientHelper { public static DynamoDbClient createDynamoClient(ConfigurationService configurationService) { @@ -16,9 +14,8 @@ public static DynamoDbClient createDynamoClient(ConfigurationService configurati .credentialsProvider(DefaultCredentialsProvider.create()) .region(Region.of(configurationService.getAwsRegion())); configurationService - .getDynamoEndpointUri() - .ifPresent( - endpoint -> dynamoDbClientBuilder.endpointOverride(URI.create(endpoint))); + .getDynamoEndpointURI() + .ifPresent(endpoint -> dynamoDbClientBuilder.endpointOverride(endpoint)); return dynamoDbClientBuilder.build(); } diff --git a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/helpers/ConstructUriHelper.java b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/helpers/ConstructUriHelper.java index 4633ea82a0..ba95098c08 100644 --- a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/helpers/ConstructUriHelper.java +++ b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/helpers/ConstructUriHelper.java @@ -30,10 +30,18 @@ public static URI buildURI(String baseUrl, String path, Map quer } } + public static URI buildURI(URI baseUrl, String path, Map queryParams) { + return buildURI(baseUrl.toString(), path, queryParams); + } + public static URI buildURI(String baseUrl, String path) { return buildURI(baseUrl, path, null); } + public static URI buildURI(URI baseUrl, String path) { + return buildURI(baseUrl.toString(), path, null); + } + public static URI buildURI(String baseUrl) { return buildURI(baseUrl, null, null); } diff --git a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/AuditService.java b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/AuditService.java index 5a936b66a9..7e9638495d 100644 --- a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/AuditService.java +++ b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/AuditService.java @@ -69,7 +69,7 @@ public void submitAuditEvent( .withComponentId( configurationService .getOidcApiBaseURL() - .map(url -> StringUtils.removeEnd(url, "/")) + .map(url -> StringUtils.removeEnd(url.toString(), "/")) .orElse("UNKNOWN")) .withUser(user); diff --git a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/AuthCodeResponseGenerationService.java b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/AuthCodeResponseGenerationService.java index 990920ac52..9980b52969 100644 --- a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/AuthCodeResponseGenerationService.java +++ b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/AuthCodeResponseGenerationService.java @@ -111,7 +111,7 @@ public String getRpPairwiseId( userProfile, client, dynamoService, - configurationService.getInternalSectorUri()) + configurationService.getInternalSectorURI().toString()) .getValue(); } diff --git a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/BackChannelLogoutService.java b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/BackChannelLogoutService.java index 4ea4eb98e3..30a1f51ea3 100644 --- a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/BackChannelLogoutService.java +++ b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/BackChannelLogoutService.java @@ -5,6 +5,8 @@ import uk.gov.di.orchestration.shared.entity.BackChannelLogoutMessage; import uk.gov.di.orchestration.shared.entity.ClientRegistry; +import java.net.URI; + import static org.apache.logging.log4j.util.Strings.isBlank; import static uk.gov.di.orchestration.shared.helpers.ClientSubjectHelper.getSubject; import static uk.gov.di.orchestration.shared.helpers.LogLineHelper.LogFieldName.CLIENT_ID; @@ -20,8 +22,8 @@ public BackChannelLogoutService(ConfigurationService configurationService) { this( new AwsSqsClient( configurationService.getAwsRegion(), - configurationService.getBackChannelLogoutQueueUri(), - configurationService.getSqsEndpointUri()), + configurationService.getBackChannelLogoutQueueUri().toString(), + configurationService.getSqsEndpointURI().map(URI::toString)), new DynamoService(configurationService)); } diff --git a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/ConfigurationService.java b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/ConfigurationService.java index fbef499ad8..6d4c686270 100644 --- a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/ConfigurationService.java +++ b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/ConfigurationService.java @@ -14,7 +14,6 @@ import uk.gov.di.orchestration.shared.configuration.AuditPublisherConfiguration; import uk.gov.di.orchestration.shared.configuration.BaseLambdaConfiguration; import uk.gov.di.orchestration.shared.exceptions.SSMParameterNotFoundException; -import uk.gov.di.orchestration.shared.helpers.LocaleHelper.SupportedLanguage; import java.net.URI; import java.time.Clock; @@ -25,6 +24,7 @@ import java.util.stream.Collectors; import static java.text.MessageFormat.format; +import static uk.gov.di.orchestration.shared.helpers.ConstructUriHelper.buildURI; public class ConfigurationService implements BaseLambdaConfiguration, AuditPublisherConfiguration { @@ -44,71 +44,85 @@ public static ConfigurationService getInstance() { private String notifyCallbackBearerToken; protected SystemService systemService; - public ConfigurationService() {} + private Map env; + + public ConfigurationService() { + this(System.getenv()); + } + + protected ConfigurationService(Map env) { + this.env = env; + } protected ConfigurationService(SsmClient ssmClient) { + this(); this.ssmClient = ssmClient; } - public void setSystemService(SystemService systemService) { + protected ConfigurationService(SystemService systemService) { + this(); this.systemService = systemService; } + private boolean getFlagOrFalse(String envVar) { + return env.containsKey(envVar) ? Boolean.parseBoolean(env.get(envVar)) : false; + } + + private URI getURIOrDefault(String envVar, String defaultUri) { + return getOptionalURI(envVar).orElseGet(() -> URI.create(defaultUri)); + } + + private URI getURIOrThrow(String envVar) { + return getOptionalURI(envVar).orElseThrow(); + } + + private Optional getOptionalURI(String envVar) { + return env.containsKey(envVar) + ? Optional.of(URI.create(env.get(envVar))) + : Optional.empty(); + } + // Please keep the method names in alphabetical order so we can find stuff more easily. public long getAccessTokenExpiry() { - return Long.parseLong(System.getenv().getOrDefault("ACCESS_TOKEN_EXPIRY", "180")); + return Long.parseLong(env.getOrDefault("ACCESS_TOKEN_EXPIRY", "180")); } public boolean isAccountInterventionServiceActionEnabled() { return isAccountInterventionServiceCallEnabled() - && System.getenv() - .getOrDefault("ACCOUNT_INTERVENTION_SERVICE_ACTION_ENABLED", "false") - .equals("true"); + && getFlagOrFalse("ACCOUNT_INTERVENTION_SERVICE_ACTION_ENABLED"); } public boolean isAccountInterventionServiceCallEnabled() { - return System.getenv() - .getOrDefault("ACCOUNT_INTERVENTION_SERVICE_CALL_ENABLED", "false") - .equals("true"); + return getFlagOrFalse("ACCOUNT_INTERVENTION_SERVICE_CALL_ENABLED"); } public boolean abortOnAccountInterventionsErrorResponse() { - return System.getenv() - .getOrDefault("ACCOUNT_INTERVENTION_SERVICE_ABORT_ON_ERROR", "false") - .equals("true"); + return getFlagOrFalse("ACCOUNT_INTERVENTION_SERVICE_ABORT_ON_ERROR"); } public URI getAccountInterventionServiceURI() { - return URI.create(System.getenv().getOrDefault("ACCOUNT_INTERVENTION_SERVICE_URI", "")); + return getURIOrThrow("ACCOUNT_INTERVENTION_SERVICE_URI"); } public long getAccountInterventionServiceCallTimeout() { return Long.parseLong( - System.getenv().getOrDefault("ACCOUNT_INTERVENTION_SERVICE_CALL_TIMEOUT", "3000")); + env.getOrDefault("ACCOUNT_INTERVENTION_SERVICE_CALL_TIMEOUT", "3000")); } public String getAccountInterventionsErrorMetricName() { - return System.getenv().getOrDefault("ACCOUNT_INTERVENTIONS_ERROR_METRIC_NAME", ""); + return env.getOrDefault("ACCOUNT_INTERVENTIONS_ERROR_METRIC_NAME", ""); } public URI getAccountStatusBlockedURI() { - return URI.create( - System.getenv() - .getOrDefault( - "ACCOUNT_STATUS_BLOCKED_URI", - getFrontendBaseUrl() + "unavailable-permanent")); + return buildURI(getFrontendBaseURL(), "unavailable-permanent"); } public URI getAccountStatusSuspendedURI() { - return URI.create( - System.getenv() - .getOrDefault( - "ACCOUNT_STATUS_SUSPENDED_URI", - getFrontendBaseUrl() + "unavailable-temporary")); + return buildURI(getFrontendBaseURL(), "unavailable-temporary"); } public long getAuthCodeExpiry() { - return Long.parseLong(System.getenv().getOrDefault("AUTH_CODE_EXPIRY", "300")); + return Long.parseLong(env.getOrDefault("AUTH_CODE_EXPIRY", "300")); } public List getBulkUserEmailIncludedTermsAndConditions() { @@ -125,74 +139,60 @@ public Clock getClock() { return Clock.systemDefaultZone(); } - public String getBulkEmailLoaderLambdaName() { - return System.getenv().getOrDefault("BULK_USER_EMAIL_AUDIENCE_LOADER_LAMBDA_NAME", ""); - } - public URI getAuthenticationAuthCallbackURI() { - return URI.create( - System.getenv().getOrDefault("AUTHENTICATION_AUTHORIZATION_CALLBACK_URI", "")); + return getURIOrThrow("AUTHENTICATION_AUTHORIZATION_CALLBACK_URI"); } public URI getAuthenticationBackendURI() { - return URI.create(System.getenv().getOrDefault("AUTHENTICATION_BACKEND_URI", "")); + return getURIOrThrow("AUTHENTICATION_BACKEND_URI"); } public URI getCredentialStoreURI() { - return URI.create( - System.getenv() - .getOrDefault( - "CREDENTIAL_STORE_URI", "https://credential-store.account.gov.uk")); + return getURIOrDefault("CREDENTIAL_STORE_URI", "https://credential-store.account.gov.uk"); } public boolean isCustomDocAppClaimEnabled() { - return System.getenv().getOrDefault("CUSTOM_DOC_APP_CLAIM_ENABLED", "false").equals("true"); + return getFlagOrFalse("CUSTOM_DOC_APP_CLAIM_ENABLED"); } public URI getDefaultLogoutURI() { - return URI.create(System.getenv("DEFAULT_LOGOUT_URI")); + return getURIOrThrow("DEFAULT_LOGOUT_URI"); } public URI getDocAppAuthorisationURI() { - return URI.create(System.getenv().getOrDefault("DOC_APP_AUTHORISATION_URI", "")); + return getURIOrThrow("DOC_APP_AUTHORISATION_URI"); } public URI getDocAppBackendURI() { - return URI.create(System.getenv().getOrDefault("DOC_APP_BACKEND_URI", "")); + return getURIOrThrow("DOC_APP_BACKEND_URI"); } public URI getDocAppAuthorisationCallbackURI() { - return URI.create(System.getenv().getOrDefault("DOC_APP_AUTHORISATION_CALLBACK_URI", "")); + return getURIOrThrow("DOC_APP_AUTHORISATION_CALLBACK_URI"); } public String getDocAppAuthorisationClientId() { - return System.getenv().getOrDefault("DOC_APP_AUTHORISATION_CLIENT_ID", ""); + return env.getOrDefault("DOC_APP_AUTHORISATION_CLIENT_ID", ""); } public String getDocAppEncryptionKeyID() { - return System.getenv().getOrDefault("DOC_APP_ENCRYPTION_KEY_ID", ""); + return env.getOrDefault("DOC_APP_ENCRYPTION_KEY_ID", ""); } - public URI getDocAppJwksUri() { - return URI.create(System.getenv().getOrDefault("DOC_APP_JWKS_URL", "")); + public URI getDocAppJwksURI() { + return getURIOrThrow("DOC_APP_JWKS_URL"); } public String getDocAppTokenSigningKeyAlias() { - return System.getenv("DOC_APP_TOKEN_SIGNING_KEY_ALIAS"); - } - - public String getDocAppCriDataEndpoint() { - return System.getenv("DOC_APP_CRI_DATA_ENDPOINT"); + return env.get("DOC_APP_TOKEN_SIGNING_KEY_ALIAS"); } public String getDocAppCriV2DataEndpoint() { - return System.getenv("DOC_APP_CRI_DATA_V2_ENDPOINT"); + return env.get("DOC_APP_CRI_DATA_V2_ENDPOINT"); } public boolean isDocAppNewAudClaimEnabled() { - return System.getenv() - .getOrDefault("DOC_APP_NEW_AUD_CLAIM_ENABLED", "false") - .equals("true"); + return getFlagOrFalse("DOC_APP_NEW_AUD_CLAIM_ENABLED"); } public Audience getDocAppAudClaim() { @@ -200,27 +200,31 @@ public Audience getDocAppAudClaim() { } public URI getDocAppDomain() { - return URI.create(System.getenv("DOC_APP_DOMAIN")); + return getURIOrThrow("DOC_APP_DOMAIN"); } public String getDomainName() { - return System.getenv("DOMAIN_NAME"); + return env.get("DOMAIN_NAME"); } public Optional getDynamoArnPrefix() { - return Optional.ofNullable(System.getenv("DYNAMO_ARN_PREFIX")); + return Optional.ofNullable(env.get("DYNAMO_ARN_PREFIX")); } - public Optional getDynamoEndpointUri() { - return Optional.ofNullable(System.getenv("DYNAMO_ENDPOINT")); + public Optional getDynamoEndpointURI() { + return getOptionalURI("DYNAMO_ENDPOINT"); } - public String getSpotQueueUri() { - return System.getenv("SPOT_QUEUE_URL"); + public URI getSpotQueueURI() { + return getURIOrThrow("SPOT_QUEUE_URL"); } - public String getFrontendBaseUrl() { - return System.getenv().getOrDefault("FRONTEND_BASE_URL", ""); + public URI getFrontendBaseURL() { + return getURIOrThrow("FRONTEND_BASE_URL"); + } + + public URI getOrchestrationRedirectURI() { + return getURIOrDefault("ORCH_REDIRECT_URI", "orchestration-redirect"); } public String getOrchestrationToAuthenticationTokenSigningKeyAlias() { @@ -240,10 +244,6 @@ public String getOrchestrationToAuthenticationEncryptionPublicKey() { } } - public String getOrchestrationRedirectUri() { - return System.getenv().getOrDefault("ORCH_REDIRECT_URI", "orchestration-redirect"); - } - public String getOrchestrationClientId() { return System.getenv().getOrDefault("ORCH_CLIENT_ID", "UNKNOWN"); } @@ -262,29 +262,24 @@ public boolean isIPVNoSessionResponseEnabled() { .equals("true"); } - public boolean isLanguageEnabled(SupportedLanguage supportedLanguage) { - return supportedLanguage.equals(SupportedLanguage.EN) - || supportedLanguage.equals(SupportedLanguage.CY); - } - public long getIDTokenExpiry() { return Long.parseLong(System.getenv().getOrDefault("ID_TOKEN_EXPIRY", "120")); } public URI getIPVAuthorisationURI() { - return URI.create(System.getenv().getOrDefault("IPV_AUTHORISATION_URI", "")); + return getURIOrThrow("IPV_AUTHORISATION_URI"); } public URI getIPVBackendURI() { - return URI.create(System.getenv().getOrDefault("IPV_BACKEND_URI", "")); + return getURIOrThrow("IPV_BACKEND_URI"); } - public String getIPVAudience() { - return System.getenv().getOrDefault("IPV_AUDIENCE", ""); + public URI getIPVAudience() { + return getURIOrThrow("IPV_AUDIENCE"); } public URI getIPVAuthorisationCallbackURI() { - return URI.create(System.getenv().getOrDefault("IPV_AUTHORISATION_CALLBACK_URI", "")); + return getURIOrThrow("IPV_AUTHORISATION_CALLBACK_URI"); } public String getIPVAuthorisationClientId() { @@ -307,12 +302,12 @@ public String getIPVAuthEncryptionPublicKey() { } } - public String getInternalSectorUri() { - return System.getenv("INTERNAl_SECTOR_URI"); + public URI getInternalSectorURI() { + return getURIOrThrow("INTERNAl_SECTOR_URI"); } public URI getLoginURI() { - return URI.create(System.getenv("LOGIN_URI")); + return getURIOrThrow("LOGIN_URI"); } public String getNotifyCallbackBearerToken() { @@ -338,8 +333,8 @@ boolean commaSeparatedListContains(String searchTerm, String stringToSearch) { && Arrays.stream(stringToSearch.split(",")).anyMatch(id -> id.equals(searchTerm))); } - public Optional getOidcApiBaseURL() { - return Optional.ofNullable(System.getenv("OIDC_API_BASE_URL")); + public Optional getOidcApiBaseURL() { + return getOptionalURI("OIDC_API_BASE_URL"); } public String getRedisHost() { @@ -388,11 +383,9 @@ public long getSessionExpiry() { return Long.parseLong(System.getenv().getOrDefault("SESSION_EXPIRY", "3600")); } - public String getStorageTokenClaimName() { - return System.getenv() - .getOrDefault( - "STORAGE_TOKEN_CLAIM_NAME", - "https://vocab.account.gov.uk/v1/storageAccessToken"); + public URI getStorageTokenClaimName() { + return getURIOrDefault( + "STORAGE_TOKEN_CLAIM_NAME", "https://vocab.account.gov.uk/v1/storageAccessToken"); } public boolean sendStorageTokenToIpvEnabled() { @@ -401,12 +394,12 @@ public boolean sendStorageTokenToIpvEnabled() { .equals("true"); } - public Optional getSqsEndpointUri() { - return Optional.ofNullable(System.getenv("SQS_ENDPOINT")); + public Optional getSqsEndpointURI() { + return getOptionalURI("SQS_ENDPOINT"); } public boolean isTestClientsEnabled() { - return System.getenv().getOrDefault("TEST_CLIENTS_ENABLED", "false").equals("true"); + return getFlagOrFalse("TEST_CLIENTS_ENABLED"); } public String getExternalTokenSigningKeyAlias() { @@ -491,8 +484,8 @@ private String getRedisKey() { return System.getenv("REDIS_KEY"); } - public String getBackChannelLogoutQueueUri() { - return System.getenv("BACK_CHANNEL_LOGOUT_QUEUE_URI"); + public URI getBackChannelLogoutQueueUri() { + return getURIOrThrow("BACK_CHANNEL_LOGOUT_QUEUE_URI"); } public String getNotifyTemplateId(String templateName) { diff --git a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/DocAppAuthorisationService.java b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/DocAppAuthorisationService.java index a2627a7a11..8738ce50f7 100644 --- a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/DocAppAuthorisationService.java +++ b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/DocAppAuthorisationService.java @@ -241,7 +241,7 @@ private RSAPublicKey getPublicEncryptionKey() { LOG.info("Getting Doc App Auth Encryption Public Key via JWKS endpoint"); var encryptionJWK = jwksService.retrieveJwkFromURLWithKeyId( - configurationService.getDocAppJwksUri().toURL(), + configurationService.getDocAppJwksURI().toURL(), configurationService.getDocAppEncryptionKeyID()); return new RSAKey.Builder((RSAKey) encryptionJWK).build().toRSAPublicKey(); } catch (JOSEException e) { diff --git a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/LogoutService.java b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/LogoutService.java index 6c617aa1ee..3c09db9f73 100644 --- a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/LogoutService.java +++ b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/LogoutService.java @@ -100,7 +100,9 @@ public void destroySessions(Session session) { backChannelLogoutService.sendLogoutMessage( clientRegistry, session.getEmailAddress(), - configurationService.getInternalSectorUri())); + configurationService + .getInternalSectorURI() + .toString())); LOG.info("Deleting Client Session"); clientSessionService.deleteStoredClientSession(clientSessionId); } @@ -199,7 +201,7 @@ public Optional getRpPairwiseId(String subject, String clientId) { userProfile, client.get(), dynamoService, - configurationService.getInternalSectorUri()) + configurationService.getInternalSectorURI().toString()) .getValue()); } catch (Exception e) { LOG.warn("Exception caught while getting RP pairwise ID for audit event"); diff --git a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/TokenService.java b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/TokenService.java index 6d6483c3a3..18c2d52995 100644 --- a/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/TokenService.java +++ b/orchestration-shared/src/main/java/uk/gov/di/orchestration/shared/services/TokenService.java @@ -258,7 +258,8 @@ private SignedJWT generateIDToken( String journeyId) { LOG.info("Generating IdToken"); - URI trustMarkUri = buildURI(configService.getOidcApiBaseURL().get(), "/trustmark"); + URI trustMarkUri = + buildURI(configService.getOidcApiBaseURL().map(URI::toString).get(), "/trustmark"); Date expiryDate = NowHelper.nowPlus(configService.getIDTokenExpiry(), ChronoUnit.SECONDS); IDTokenClaimsSet idTokenClaims = new IDTokenClaimsSet( @@ -297,11 +298,11 @@ public AccessToken generateStorageToken(Subject internalPairwiseSubject) { List aud = List.of( configService.getCredentialStoreURI().toString(), - configService.getIPVAudience()); + configService.getIPVAudience().toString()); JWTClaimsSet.Builder claimSetBuilder = new JWTClaimsSet.Builder() - .issuer(configService.getOidcApiBaseURL().get()) + .issuer(configService.getOidcApiBaseURL().map(URI::toString).get()) .audience(aud) .expirationTime(expiryDate) .issueTime(NowHelper.now()) @@ -334,7 +335,7 @@ private AccessToken generateAndStoreAccessToken( JWTClaimsSet.Builder claimSetBuilder = new JWTClaimsSet.Builder() .claim("scope", scopes) - .issuer(configService.getOidcApiBaseURL().get()) + .issuer(configService.getOidcApiBaseURL().map(URI::toString).get()) .expirationTime(expiryDate) .issueTime(NowHelper.now()) .claim("client_id", clientId) @@ -388,7 +389,7 @@ private RefreshToken generateAndStoreRefreshToken( JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .claim("scope", scopes) - .issuer(configService.getOidcApiBaseURL().get()) + .issuer(configService.getOidcApiBaseURL().map(URI::toString).get()) .expirationTime(expiryDate) .issueTime(NowHelper.now()) .claim("client_id", clientId) diff --git a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/AuditServiceTest.java b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/AuditServiceTest.java index 8b6b6cc6e1..6333597ea6 100644 --- a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/AuditServiceTest.java +++ b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/AuditServiceTest.java @@ -8,6 +8,7 @@ import uk.gov.di.orchestration.shared.domain.AuditableEvent; import uk.gov.di.orchestration.shared.exceptions.InvalidEncodingException; +import java.net.URI; import java.time.Clock; import java.time.Instant; import java.time.ZoneId; @@ -49,7 +50,8 @@ public AuditableEvent parseFromName(String name) { @BeforeEach void beforeEach() { - when(configurationService.getOidcApiBaseURL()).thenReturn(Optional.of("oidc-base-url/")); + when(configurationService.getOidcApiBaseURL()) + .thenReturn(Optional.of(URI.create("oidc-base-url/"))); } @Test diff --git a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/ConfigurationServiceTest.java b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/ConfigurationServiceTest.java index 2d72b846ee..b2e125ba65 100644 --- a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/ConfigurationServiceTest.java +++ b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/ConfigurationServiceTest.java @@ -8,7 +8,6 @@ import software.amazon.awssdk.services.ssm.model.GetParameterRequest; import software.amazon.awssdk.services.ssm.model.GetParameterResponse; -import java.net.URI; import java.util.Collections; import java.util.List; import java.util.stream.Stream; @@ -73,8 +72,7 @@ void shouldReadTermsAndConditionsVersionCSVList() { when(systemService.getOrDefault("BULK_USER_EMAIL_INCLUDED_TERMS_AND_CONDITIONS", "")) .thenReturn("1.1,1.3,1.5"); - ConfigurationService configurationService = new ConfigurationService(); - configurationService.setSystemService(systemService); + ConfigurationService configurationService = new ConfigurationService(systemService); assertEquals( List.of("1.1", "1.3", "1.5"), @@ -86,8 +84,7 @@ void shouldReadEmptyTermsAndConditionsVersionCSVList() { when(systemService.getOrDefault("BULK_USER_EMAIL_INCLUDED_TERMS_AND_CONDITIONS", "")) .thenReturn(""); - ConfigurationService configurationService = new ConfigurationService(); - configurationService.setSystemService(systemService); + ConfigurationService configurationService = new ConfigurationService(systemService); assertEquals( Collections.EMPTY_LIST, @@ -112,16 +109,6 @@ void shoulCacheTheNotifyBearerTokenAfterTheFirstCall() { verify(mock, times(1)).getParameter(request); } - @Test - void shouldHandleMissingAISUrl() { - when(systemService.getOrDefault("ACCOUNT_INTERVENTION_SERVICE_URI", "")).thenReturn(""); - - ConfigurationService configurationService = new ConfigurationService(); - configurationService.setSystemService(systemService); - - assertEquals(configurationService.getAccountInterventionServiceURI(), URI.create("")); - } - private GetParameterRequest parameterRequest(String name) { return GetParameterRequest.builder().withDecryption(true).name(name).build(); } diff --git a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/DocAppAuthorisationServiceTest.java b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/DocAppAuthorisationServiceTest.java index 8f14f25ea0..f15240d3ce 100644 --- a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/DocAppAuthorisationServiceTest.java +++ b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/DocAppAuthorisationServiceTest.java @@ -93,7 +93,7 @@ class DocAppAuthorisationServiceTest { @BeforeEach void setUp() throws Json.JsonException, MalformedURLException { - when(configurationService.getDocAppJwksUri()).thenReturn(JWKS_URL); + when(configurationService.getDocAppJwksURI()).thenReturn(JWKS_URL); when(configurationService.getSessionExpiry()).thenReturn(SESSION_EXPIRY); when(redisConnectionService.getValue(STATE_STORAGE_PREFIX + SESSION_ID)) .thenReturn(objectMapper.writeValueAsString(STATE)); diff --git a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/LogoutServiceTest.java b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/LogoutServiceTest.java index b5524a846a..34bcac1780 100644 --- a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/LogoutServiceTest.java +++ b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/LogoutServiceTest.java @@ -82,7 +82,7 @@ public class LogoutServiceTest { private static MockedStatic clientSubjectHelper; private static final State STATE = new State(); - private static final String INTERNAL_SECTOR_URI = "https://test.account.gov.uk"; + private static final URI INTERNAL_SECTOR_URI = URI.create("https://test.account.gov.uk"); private static final String SESSION_ID = IdGenerator.generate(); private static final String CLIENT_SESSION_ID = IdGenerator.generate(); private static final String ARBITRARY_UNIX_TIMESTAMP = "1700558480962"; @@ -98,8 +98,8 @@ public class LogoutServiceTest { private static final Subject SUBJECT = new Subject(); private static final String EMAIL = "joe.bloggs@test.com"; - private static final String OIDC_API_BASE_URL = "https://oidc.test.account.gov.uk/"; - private static final String FRONTEND_BASE_URL = "https://signin.test.account.gov.uk/"; + private static final URI OIDC_API_BASE_URL = URI.create("https://oidc.test.account.gov.uk/"); + private static final URI FRONTEND_BASE_URL = URI.create("https://signin.test.account.gov.uk/"); private static final String ENVIRONMENT = "test"; @@ -133,10 +133,10 @@ void setup() throws JOSEException, ParseException { .thenReturn(PERSISTENT_SESSION_ID); when(configurationService.getDefaultLogoutURI()).thenReturn(DEFAULT_LOGOUT_URI); - when(configurationService.getInternalSectorUri()).thenReturn(INTERNAL_SECTOR_URI); + when(configurationService.getInternalSectorURI()).thenReturn(INTERNAL_SECTOR_URI); when(configurationService.getOidcApiBaseURL()).thenReturn(Optional.of(OIDC_API_BASE_URL)); when(configurationService.getEnvironment()).thenReturn(ENVIRONMENT); - when(configurationService.getFrontendBaseUrl()).thenReturn(FRONTEND_BASE_URL); + when(configurationService.getFrontendBaseURL()).thenReturn(FRONTEND_BASE_URL); when(configurationService.getAccountStatusBlockedURI()).thenCallRealMethod(); when(configurationService.getAccountStatusSuspendedURI()).thenCallRealMethod(); logoutService = @@ -317,13 +317,19 @@ void sessionsAreDeletedWhenDestroySessionsIsCalled() { verify(backChannelLogoutService) .sendLogoutMessage( - argThat(withClientId("client-id-1")), eq(EMAIL), eq(INTERNAL_SECTOR_URI)); + argThat(withClientId("client-id-1")), + eq(EMAIL), + eq(INTERNAL_SECTOR_URI.toString())); verify(backChannelLogoutService) .sendLogoutMessage( - argThat(withClientId("client-id-2")), eq(EMAIL), eq(INTERNAL_SECTOR_URI)); + argThat(withClientId("client-id-2")), + eq(EMAIL), + eq(INTERNAL_SECTOR_URI.toString())); verify(backChannelLogoutService) .sendLogoutMessage( - argThat(withClientId("client-id-3")), eq(EMAIL), eq(INTERNAL_SECTOR_URI)); + argThat(withClientId("client-id-3")), + eq(EMAIL), + eq(INTERNAL_SECTOR_URI.toString())); verify(clientSessionService).deleteStoredClientSession("client-session-id-1"); verify(clientSessionService).deleteStoredClientSession("client-session-id-2"); diff --git a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/TokenServiceTest.java b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/TokenServiceTest.java index fe854281ed..32a25cb0b0 100644 --- a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/TokenServiceTest.java +++ b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/services/TokenServiceTest.java @@ -111,8 +111,9 @@ class TokenServiceTest { private static final String ACCESS_TOKEN_PREFIX = "ACCESS_TOKEN:"; private static final String STORAGE_TOKEN_PREFIX = "eyJraWQiOiIxZDUwNGFlY2UyOThhMTRkNzRlZTBhMDJiNjc0MGI0MzcyYTFmYWI0MjA2Nzc4ZTQ4NmJhNzI3NzBmZjRiZWI4IiwiYWxnIjoiRVMyNTYifQ."; - private static final String CREDENTIAL_STORE_URI = "https://credential-store.account.gov.uk"; - private static final String IPV_AUDIENCE = "https://identity.test.account.gov.uk"; + private static final URI CREDENTIAL_STORE_URI = + URI.create("https://credential-store.account.gov.uk"); + private static final URI IPV_AUDIENCE = URI.create("https://identity.test.account.gov.uk"); private static final Json objectMapper = SerializationService.getInstance(); @@ -121,7 +122,8 @@ class TokenServiceTest { @BeforeEach void setUp() { - when(configurationService.getOidcApiBaseURL()).thenReturn(Optional.of(BASE_URL)); + when(configurationService.getOidcApiBaseURL()) + .thenReturn(Optional.of(URI.create(BASE_URL))); when(configurationService.getAccessTokenExpiry()).thenReturn(300L); when(configurationService.getIDTokenExpiry()).thenReturn(120L); when(configurationService.getSessionExpiry()).thenReturn(300L); @@ -192,8 +194,7 @@ void shouldGenerateTokenResponseWithRefreshToken() @Test void shouldGenerateWellFormedStorageToken() throws JOSEException { - when(configurationService.getCredentialStoreURI()) - .thenReturn(URI.create(CREDENTIAL_STORE_URI)); + when(configurationService.getCredentialStoreURI()).thenReturn(CREDENTIAL_STORE_URI); when(configurationService.getIPVAudience()).thenReturn(IPV_AUDIENCE); createSignedStorageToken(); diff --git a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/validation/PrivateKeyJwtClientAuthValidatorTest.java b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/validation/PrivateKeyJwtClientAuthValidatorTest.java index c37ca733eb..7ca2504e7d 100644 --- a/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/validation/PrivateKeyJwtClientAuthValidatorTest.java +++ b/orchestration-shared/src/test/java/uk/gov/di/orchestration/shared/validation/PrivateKeyJwtClientAuthValidatorTest.java @@ -21,6 +21,7 @@ import uk.gov.di.orchestration.shared.services.DynamoClientService; import uk.gov.di.orchestration.sharedtest.helper.KeyPairHelper; +import java.net.URI; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; @@ -42,7 +43,7 @@ class PrivateKeyJwtClientAuthValidatorTest { private final DynamoClientService dynamoClientService = mock(DynamoClientService.class); private final ConfigurationService configurationService = mock(ConfigurationService.class); - private static final String OIDC_BASE_URL = "https://example.com"; + private static final URI OIDC_BASE_URL = URI.create("https://example.com"); private static final ClientID CLIENT_ID = new ClientID(); private static final KeyPair RSA_KEY_PAIR = KeyPairHelper.GENERATE_RSA_KEY_PAIR(); private PrivateKeyJwtClientAuthValidator privateKeyJwtClientAuthValidator;