EPA-158: Compatibiliy: also accept wrong content-type

ehealthid/src/main/java/com/oviva/ehealthid/fedclient/api/FederationApiClientImpl.java

@@ -15,6 +15,7 @@ public class FederationApiClientImpl implements FederationApiClient {
 
   public static final String ENTITY_STATEMENT_MEDIA_TYPE = "application/entity-statement+jwt";
   public static final String SIGNED_JWKS_MEDIA_TYPE = "application/jwk-set+jwt";
+  public static final String ALT_SIGNED_JWKS_MEDIA_TYPE = "application/jwk-set+json";
   public static final String WELLKNOWN_FEDERATION_DOCUMENT = "openid-federation";
   public static final String WELLKNOWN_PATH = ".well-known";
 
@@ -59,7 +60,11 @@ public IdpListJWS fetchIdpList(URI idpListUrl) {
   @NonNull
   @Override
   public ExtendedJWKSetJWS fetchSignedJwks(URI signedJwksUrl) {
-    var body = doGetRequest(signedJwksUrl, SIGNED_JWKS_MEDIA_TYPE, null);
+
+    // the Gematik IdP lies about the content-type, hence also requesting 'application/jwk-set+json'
+    var body =
+        doGetRequest(
+            signedJwksUrl, SIGNED_JWKS_MEDIA_TYPE + ", " + ALT_SIGNED_JWKS_MEDIA_TYPE, null);
     return ExtendedJWKSetJWS.parse(body);
   }
 

ehealthid/src/main/java/com/oviva/ehealthid/util/ExtendedJWKSetDeserializer.java

@@ -37,16 +37,28 @@ public ExtendedJWKSet deserialize(
   private String parseStringField(JsonParser jsonParser, TreeNode node, String fieldName)
       throws IOException {
 
-    return jsonParser
-        .getCodec()
-        .readValue(node.get(fieldName).traverse(jsonParser.getCodec()), String.class);
+    return parseField(jsonParser, node, fieldName, String.class);
   }
 
   private long parseLongField(JsonParser jsonParser, TreeNode node, String fieldName)
       throws IOException {
 
-    return jsonParser
-        .getCodec()
-        .readValue(node.get(fieldName).traverse(jsonParser.getCodec()), Long.class);
+    var v = parseField(jsonParser, node, fieldName, Long.class);
+    if (v == null) {
+      return 0;
+    }
+
+    return v;
+  }
+
+  private <T> T parseField(JsonParser jsonParser, TreeNode node, String fieldName, Class<T> clazz)
+      throws IOException {
+
+    var n = node.get(fieldName);
+    if (n == null) {
+      return null;
+    }
+
+    return jsonParser.getCodec().readValue(n.traverse(jsonParser.getCodec()), clazz);
   }
 }

ehealthid/src/test/java/com/oviva/ehealthid/fedclient/api/FederationApiClientTest.java

@@ -6,10 +6,7 @@
 import static com.github.tomakehurst.wiremock.client.WireMock.stubFor;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.hasSize;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
 import com.github.tomakehurst.wiremock.http.ContentTypeHeader;
 import com.github.tomakehurst.wiremock.http.Fault;
@@ -81,6 +78,23 @@ void fetchTuGematikIdp() {
     assertEquals(gematikIdp, masterEntityStatement.sub());
   }
 
+  @Test
+  @Disabled("e2e")
+  void fetchReferenceEnvironment_signedJwks() {
+
+    var apiClient = new FederationApiClientImpl(javaHttpClient);
+
+    var gematikSekIdp = URI.create("https://gsi-ref.dev.gematik.solutions");
+
+    var entityStatement = apiClient.fetchEntityConfiguration(gematikSekIdp);
+
+    var signedJwksUri = entityStatement.body().metadata().openidProvider().signedJwksUri();
+
+    var jwksJws = apiClient.fetchSignedJwks(URI.create(signedJwksUri));
+
+    assertFalse(jwksJws.body().toJWKSet().isEmpty());
+  }
+
   @Test
   void fetchFederationStatement(WireMockRuntimeInfo wm) {
 
@@ -220,4 +234,27 @@ void fetchEntityStatement(WireMockRuntimeInfo wm) {
 
     assertTrue(jws.verifySelfSigned());
   }
+
+  @Test
+  void fetchSignedJwks(WireMockRuntimeInfo wm) {
+
+    var apiClient = new FederationApiClientImpl(javaHttpClient);
+
+    var path = "/jwks.jose";
+
+    stubFor(
+        get(path)
+            .willReturn(
+                aResponse()
+                    .withBody(
+                        """
+                        eyJhbGciOiJFUzI1NiIsInR5cCI6Imp3ay1zZXQranNvbiIsImtpZCI6InB1a19pZHBfc2lnIn0.eyJpc3MiOiJodHRwczovL2dzaS1yZWYuZGV2LmdlbWF0aWsuc29sdXRpb25zIiwiaWF0IjoxNzI5MjQ0OTg2LCJrZXlzIjpbeyJ1c2UiOiJzaWciLCJraWQiOiJwdWtfaWRwX3NpZyIsImt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiQWJ0MlV5cms2S2hjemV4bEJPd0pPVHNfZUIwRHNGYmNOeGF4YTBaMHZkNCIsInkiOiJZWktCSnRPVVlFV1RNa256RndCZGwtNnRWS3lXblVEdHhmMnEwcFNUNVg0IiwiYWxnIjoiRVMyNTYifSx7InVzZSI6InNpZyIsImtpZCI6InB1a19mZWRfaWRwX3Rva2VuIiwia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJZekVQRnZwaHU0VDNHZ1dtalBYeFBUMC1QZG1fUTA0T0xFTkFIOTh6bi1NIiwieSI6IkFIUEhnZ3NxNll3RmZXMmZTSUp0YXdNTEFoOVpvS1BGVFpxUEZnUVcwdDQiLCJhbGciOiJFUzI1NiJ9XX0.MNtQWVD0COFK_3fIADcaqP6AaDltI2qr73_j6N5qSjd6Os_WZpK4Qp7z3ZKmZo42UqPpE1Lxt7mEGry_Rmg8gQ""")));
+
+    var signedJwksUri = URI.create(wm.getHttpBaseUrl() + path);
+
+    var signedJwks = apiClient.fetchSignedJwks(signedJwksUri);
+
+    assertEquals("https://gsi-ref.dev.gematik.solutions", signedJwks.body().iss());
+    assertFalse(signedJwks.body().keys().isEmpty());
+  }
 }