From 0d9ffd4cf37d8eb8c8ad131e5b451059fa828ed2 Mon Sep 17 00:00:00 2001
From: Nils Ove Tendenes <nils.ove@tendenes.com>
Date: Wed, 20 Nov 2024 13:52:20 +0100
Subject: [PATCH] chore: accept list of issuers

---
 .../catalog_view_api/config/SecurityConfig.kt | 25 +++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/main/kotlin/no/digdir/catalog_view_api/config/SecurityConfig.kt b/src/main/kotlin/no/digdir/catalog_view_api/config/SecurityConfig.kt
index db35aa0..901a998 100644
--- a/src/main/kotlin/no/digdir/catalog_view_api/config/SecurityConfig.kt
+++ b/src/main/kotlin/no/digdir/catalog_view_api/config/SecurityConfig.kt
@@ -5,10 +5,13 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator
+import org.springframework.security.oauth2.core.OAuth2TokenValidator
+import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
 import org.springframework.security.oauth2.jwt.*
 import org.springframework.security.web.SecurityFilterChain
-import org.springframework.security.config.annotation.web.invoke
+import java.util.function.Predicate
 
 @Configuration
 open class SecurityConfig {
@@ -32,10 +35,28 @@ open class SecurityConfig {
         jwtDecoder.setJwtValidator(
             DelegatingOAuth2TokenValidator(
                 JwtTimestampValidator(),
-                JwtIssuerValidator(properties.jwt.issuerUri)
+                CustomJwtIssuerValidator(properties.jwt.issuerUri)
             )
         )
         return jwtDecoder
     }
 
 }
+
+class CustomJwtIssuerValidator(issuer: String) : OAuth2TokenValidator<Jwt> {
+    private val validator: JwtClaimValidator<String>
+
+    /**
+     * Constructs a validator using the provided issuers
+     * @param issuer - A comma seperated list of accepted issuers.
+     */
+    init {
+        val testClaimValue =
+            Predicate { claimValue: String -> issuer.split(",").contains(claimValue) }
+        this.validator = JwtClaimValidator(JwtClaimNames.ISS, testClaimValue)
+    }
+
+    override fun validate(token: Jwt): OAuth2TokenValidatorResult {
+        return validator.validate(token)
+    }
+}