Remove deprecated code

dpc-aggregation/src/main/java/gov/cms/dpc/aggregation/DPCAggregationConfiguration.java

@@ -147,5 +147,6 @@ public void setLookBackExemptOrgs(List<String> lookBackExemptOrgs) {
         this.lookBackExemptOrgs = lookBackExemptOrgs;
     }
 
+    @Override
     public DPCAwsQueueConfiguration getDpcAwsQueueConfiguration() { return this.dpcAwsQueueConfiguration; }
 }

dpc-aggregation/src/main/java/gov/cms/dpc/aggregation/engine/JobBatchProcessor.java

@@ -130,7 +130,7 @@ public List<JobQueueBatchFile> processJobBatchPartial(UUID aggregatorID, IJobQue
         final String resourcesRequested = job.getResourceTypes().stream().map(DPCResourceType::getPath).filter(Objects::nonNull).collect(Collectors.joining(";"));
         final String failReasonLabel = failReason.map(Enum::name).orElse("NA");
         stopWatch.stop();
-        logger.info("dpcMetric=DataExportResult,dataRetrieved={},failReason={},resourcesRequested={},duration={}", failReason.isEmpty(), failReasonLabel, resourcesRequested, stopWatch.getTime());
+        logger.info("dpcMetric=DataExportResult,dataRetrieved={},failReason={},resourcesRequested={},duration={}", failReason.isEmpty(), failReasonLabel, resourcesRequested, stopWatch.getDuration());
         return results;
     }
 
@@ -356,7 +356,7 @@ private boolean isOptedOut(Optional<List<ConsentResult>> consentResultsOptional)
             if (consentResults.isEmpty()) {
                 return false;
             }
-            final ConsentResult latestConsent = Collections.max(consentResults, Comparator.comparing(consent -> consent.getConsentDate()));
+            final ConsentResult latestConsent = Collections.max(consentResults, Comparator.comparing(ConsentResult::getConsentDate));
             final boolean isActive = latestConsent.isActive();
             final boolean isOptOut = ConsentResult.PolicyType.OPT_OUT.equals(latestConsent.getPolicyType());
             final boolean isFutureConsent = latestConsent.getConsentDate().after(new Date());

dpc-aggregation/src/main/java/gov/cms/dpc/aggregation/engine/ResourceFetcher.java

@@ -153,7 +153,7 @@ protected Bundle fetchFirst(Patient patient, Map<String, String> headers) {
     private void addResources(ArrayList<Resource> resources, Bundle bundle) {
         bundle.getEntry().forEach((entry) -> {
             final var resource = entry.getResource();
-            if (resource.getResourceType().getPath() != resourceType.getPath()) {
+            if (!resource.getResourceType().getPath().equals(resourceType.getPath())) {
                 throw new DataFormatException(String.format("Unexpected resource type: got %s expected: %s", resource.getResourceType().toString(), resourceType.toString()));
             }
             resources.add(resource);

dpc-aggregation/src/main/java/gov/cms/dpc/aggregation/service/ConsentResult.java

@@ -45,7 +45,7 @@ public enum PolicyType {
         OPT_OUT("http://hl7.org/fhir/ConsentPolicy/opt-out");
 
 
-        private String policyUrl;
+        private final String policyUrl;
 
         PolicyType(String policyUrl) {
             this.policyUrl = policyUrl;

dpc-aggregation/src/test/java/gov/cms/dpc/aggregation/engine/ResourceFetcherUnitTest.java

@@ -13,7 +13,6 @@
 import org.mockito.Mockito;
 
 import java.time.OffsetDateTime;
-import java.time.temporal.ChronoUnit;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
@@ -42,7 +41,7 @@ public static void setup() {
     public void testHappyPath_Patient() {
         ResourceFetcher fetcher = getResourceFetcher(
                 DPCResourceType.Patient,
-                MockBlueButtonClient.TEST_LAST_UPDATED.minus(1, ChronoUnit.DAYS),
+                MockBlueButtonClient.TEST_LAST_UPDATED.minusDays(1),
                 MockBlueButtonClient.BFD_TRANSACTION_TIME
         );
 
@@ -57,7 +56,7 @@ public void testHappyPath_Patient() {
     public void testHappyPath_Eob() {
         ResourceFetcher fetcher = getResourceFetcher(
                 DPCResourceType.ExplanationOfBenefit,
-                MockBlueButtonClient.TEST_LAST_UPDATED.minus(1, ChronoUnit.DAYS),
+                MockBlueButtonClient.TEST_LAST_UPDATED.minusDays(1),
                 MockBlueButtonClient.BFD_TRANSACTION_TIME
         );
 
@@ -72,7 +71,7 @@ public void testHappyPath_Eob() {
     public void testHappyPath_coverage() {
         ResourceFetcher fetcher = getResourceFetcher(
                 DPCResourceType.Coverage,
-                MockBlueButtonClient.TEST_LAST_UPDATED.minus(1, ChronoUnit.DAYS),
+                MockBlueButtonClient.TEST_LAST_UPDATED.minusDays(1),
                 MockBlueButtonClient.BFD_TRANSACTION_TIME
         );
 
@@ -102,8 +101,8 @@ public void testHappyPath_NoSince() {
     public void testBadTransactionTime() {
         ResourceFetcher fetcher = getResourceFetcher(
                 DPCResourceType.Patient,
-                MockBlueButtonClient.TEST_LAST_UPDATED.minus(1, ChronoUnit.DAYS),
-                MockBlueButtonClient.BFD_TRANSACTION_TIME.plus(1, ChronoUnit.DAYS)
+                MockBlueButtonClient.TEST_LAST_UPDATED.minusDays(1),
+                MockBlueButtonClient.BFD_TRANSACTION_TIME.plusDays(1)
         );
 
         Flowable<List<Resource>> results = fetcher.fetchResources(testPatient, Map.of());
@@ -117,7 +116,7 @@ public void testResourceNotFound() {
         ResourceFetcher fetcher = Mockito.spy(
                 getResourceFetcher(
                     DPCResourceType.Patient,
-                    MockBlueButtonClient.TEST_LAST_UPDATED.minus(1, ChronoUnit.DAYS),
+                    MockBlueButtonClient.TEST_LAST_UPDATED.minusDays(1),
                     MockBlueButtonClient.BFD_TRANSACTION_TIME,
                     bbClient
                 )
@@ -138,7 +137,7 @@ public void testBaseServerErrorFetchingResources() {
         ResourceFetcher fetcher = Mockito.spy(
                 getResourceFetcher(
                     DPCResourceType.Patient,
-                    MockBlueButtonClient.TEST_LAST_UPDATED.minus(1, ChronoUnit.DAYS),
+                    MockBlueButtonClient.TEST_LAST_UPDATED.minusDays(1),
                     MockBlueButtonClient.BFD_TRANSACTION_TIME,
                     bbClient
             )
@@ -159,7 +158,7 @@ public void testUnknownErrorFetchingResources() {
         ResourceFetcher fetcher = Mockito.spy(
                 getResourceFetcher(
                     DPCResourceType.Patient,
-                    MockBlueButtonClient.TEST_LAST_UPDATED.minus(1, ChronoUnit.DAYS),
+                    MockBlueButtonClient.TEST_LAST_UPDATED.minusDays(1),
                     MockBlueButtonClient.BFD_TRANSACTION_TIME,
                     bbClient
             )
@@ -188,7 +187,7 @@ public void testWrongResourceTypeReturned() {
         ResourceFetcher fetcher = Mockito.spy(
                 getResourceFetcher(
                     DPCResourceType.Patient,
-                    MockBlueButtonClient.TEST_LAST_UPDATED.minus(1, ChronoUnit.DAYS),
+                    MockBlueButtonClient.TEST_LAST_UPDATED.minusDays(1),
                     MockBlueButtonClient.BFD_TRANSACTION_TIME,
                     bbClient
                 )
@@ -207,7 +206,7 @@ public void testWrongResourceTypeReturned() {
     public void testSearchForUnsupportedResourceType() {
         ResourceFetcher fetcher = getResourceFetcher(
                 DPCResourceType.Practitioner,
-                MockBlueButtonClient.TEST_LAST_UPDATED.minus(1, ChronoUnit.DAYS),
+                MockBlueButtonClient.TEST_LAST_UPDATED.minusDays(1),
                 MockBlueButtonClient.BFD_TRANSACTION_TIME
         );
 

dpc-api/pom.xml

@@ -14,7 +14,7 @@
 
     <properties>
         <mainClass>gov.cms.dpc.api.DPCAPIService</mainClass>
-        <jjwt.version>0.11.4</jjwt.version>
+        <jjwt.version>0.12.6</jjwt.version>
         <mockserverVersion>5.15.0</mockserverVersion>
     </properties>
 

dpc-api/src/main/java/gov/cms/dpc/api/DPCAPIConfiguration.java

@@ -22,7 +22,7 @@
 import javax.validation.constraints.Min;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
-import java.util.LinkedList;
+import java.util.ArrayList;
 import java.util.List;
 
 public class DPCAPIConfiguration extends Configuration implements IDPCDatabase, IDPCQueueDatabase, DPCQueueConfig, IDPCAuthDatabase, IDPCFHIRConfiguration, BlueButtonBundleConfiguration {
@@ -181,7 +181,7 @@ public int getJobTimeoutInSeconds() {
 
     public List<String> getLookBackExemptOrgs() {
         if(lookBackExemptOrgs == null){
-            return new LinkedList<>();
+            return new ArrayList<>();
         }
         return lookBackExemptOrgs; }
 

dpc-api/src/main/java/gov/cms/dpc/api/DPCAPIModule.java

@@ -8,6 +8,7 @@
 import com.google.inject.Provides;
 import com.google.inject.name.Named;
 import gov.cms.dpc.api.auth.jwt.IJTICache;
+import gov.cms.dpc.api.auth.jwt.KeyResolverAdapter;
 import gov.cms.dpc.api.converters.ChecksumConverterProvider;
 import gov.cms.dpc.api.converters.HttpRangeHeaderParamConverterProvider;
 import gov.cms.dpc.api.core.FileManager;
@@ -36,7 +37,6 @@
 import gov.cms.dpc.macaroons.thirdparty.MemoryThirdPartyKeyStore;
 import gov.cms.dpc.queue.service.DataService;
 import io.dropwizard.hibernate.UnitOfWorkAwareProxyFactory;
-import io.jsonwebtoken.SigningKeyResolverAdapter;
 import org.hibernate.SessionFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -103,13 +103,13 @@ public KeyResource provideKeyResource(PublicKeyDAO dao) {
     }
 
     @Provides
-    public TokenResource provideTokenResource(TokenDAO dao, MacaroonBakery bakery, SigningKeyResolverAdapter resolver, IJTICache cache, @APIV1 String publicURL) {
+    public TokenResource provideTokenResource(TokenDAO dao, MacaroonBakery bakery, KeyResolverAdapter resolver, IJTICache cache, @APIV1 String publicURL) {
         return new UnitOfWorkAwareProxyFactory(authHibernateBundle)
                 .create(TokenResource.class,
                         new Class<?>[]{TokenDAO.class,
                                 MacaroonBakery.class,
                                 TokenPolicy.class,
-                                SigningKeyResolverAdapter.class,
+                                KeyResolverAdapter.class,
                                 IJTICache.class,
                                 String.class},
                         new Object[]{dao,

dpc-api/src/main/java/gov/cms/dpc/api/auth/AuthModule.java

@@ -7,14 +7,14 @@
 import gov.cms.dpc.api.auth.jwt.CaffeineJTICache;
 import gov.cms.dpc.api.auth.jwt.IJTICache;
 import gov.cms.dpc.api.auth.jwt.JwtKeyResolver;
+import gov.cms.dpc.api.auth.jwt.KeyResolverAdapter;
 import gov.cms.dpc.api.auth.macaroonauth.MacaroonsAuthenticator;
 import gov.cms.dpc.api.auth.staticauth.StaticAuthFactory;
 import gov.cms.dpc.api.auth.staticauth.StaticAuthFilter;
 import gov.cms.dpc.api.auth.staticauth.StaticAuthenticator;
 import gov.cms.dpc.macaroons.thirdparty.BakeryKeyPair;
 import io.dropwizard.auth.Authenticator;
 import io.dropwizard.auth.UnauthorizedHandler;
-import io.jsonwebtoken.SigningKeyResolverAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import ru.vyarus.dropwizard.guice.module.support.DropwizardAwareModule;
@@ -49,7 +49,7 @@ public void configure() {
             binder.bind(authenticatorTypeLiteral).to(MacaroonsAuthenticator.class);
         }
         binder.bind(DPCAuthDynamicFeature.class);
-        binder.bind(SigningKeyResolverAdapter.class).to(JwtKeyResolver.class);
+        binder.bind(KeyResolverAdapter.class).to(JwtKeyResolver.class);
         binder.bind(IJTICache.class).to(CaffeineJTICache.class);
         binder.bind(BakeryKeyPair.class).toProvider(new BakeryKeyPairProvider(this.configuration()));
     }

dpc-api/src/main/java/gov/cms/dpc/api/auth/jwt/JwtKeyResolver.java

@@ -9,7 +9,6 @@
 import gov.cms.dpc.macaroons.MacaroonCaveat;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.JwsHeader;
-import io.jsonwebtoken.SigningKeyResolverAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
@@ -23,7 +22,7 @@
 
 import static gov.cms.dpc.api.auth.MacaroonHelpers.ORGANIZATION_CAVEAT_KEY;
 
-public class JwtKeyResolver extends SigningKeyResolverAdapter {
+public class JwtKeyResolver extends KeyResolverAdapter {
 
     private static final Logger logger = LoggerFactory.getLogger(JwtKeyResolver.class);
 
@@ -35,7 +34,6 @@ public JwtKeyResolver(PublicKeyDAO dao) {
     }
 
     @Override
-    @SuppressWarnings("rawtypes") // We need to suppress this because the Raw type is part of the signature we inherit
     public Key resolveSigningKey(JwsHeader header, Claims claims) {
         final String keyId = header.getKeyId();
         if (keyId == null) {
@@ -65,7 +63,7 @@ public Key resolveSigningKey(JwsHeader header, Claims claims) {
     }
 
     protected UUID getOrganizationID(String macaroon) {
-        if (macaroon == null || macaroon.equals("")) {
+        if (macaroon == null || macaroon.isEmpty()) {
             throw new WebApplicationException("JWT must have client_id", Response.Status.UNAUTHORIZED);
         }
         final List<Macaroon> macaroons = MacaroonBakery.deserializeMacaroon(macaroon);

dpc-api/src/main/java/gov/cms/dpc/api/auth/jwt/KeyResolverAdapter.java

@@ -0,0 +1,13 @@
+package gov.cms.dpc.api.auth.jwt;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwsHeader;
+import io.jsonwebtoken.LocatorAdapter;
+
+import java.security.Key;
+
+public abstract class KeyResolverAdapter extends LocatorAdapter<Key> {
+    // Abstract class for LocatorAdapter<Key> after deprecation of SigningKeyResolverAdapter
+    // See: https://javadoc.io/doc/io.jsonwebtoken/jjwt-api/0.12.2/io/jsonwebtoken/SigningKeyResolverAdapter.html
+    public abstract Key resolveSigningKey(JwsHeader header, Claims claims);
+}

dpc-api/src/main/java/gov/cms/dpc/api/auth/jwt/ValidatingKeyResolver.java

@@ -11,23 +11,22 @@
 import java.time.Instant;
 import java.time.OffsetDateTime;
 import java.time.ZoneOffset;
-import java.time.temporal.ChronoUnit;
+import java.util.Set;
 import java.util.UUID;
 
 /**
- * Implementation of {@link SigningKeyResolverAdapter} that simply verifies whether or not the required claims and values are present.
+ * Implementation of {@link LocatorAdapter} that simply verifies whether the required claims and values are present.
  * As far as I can tell, this is the only way to get access to the JWS claims without actually verifying the signature.
- * See: https://github.com/jwtk/jjwt/issues/205
+ * See: <a href="https://github.com/jwtk/jjwt/issues/205"></a>
  * <p>
  * The downside is that this method will always return a null {@link Key}, which means the {@link Jwts#parser()} method will always throw an {@link IllegalArgumentException}, which we need to catch.
  */
-@SuppressWarnings("rawtypes") // The JwsHeader comes as a generic, which bothers ErrorProne
-public class ValidatingKeyResolver extends SigningKeyResolverAdapter {
+public class ValidatingKeyResolver extends KeyResolverAdapter {
 
     private final IJTICache cache;
-    private final String audClaim;
+    private final Set<String> audClaim;
 
-    public ValidatingKeyResolver(IJTICache cache, String audClaim) {
+    public ValidatingKeyResolver(IJTICache cache, Set<String> audClaim) {
         this.cache = cache;
         this.audClaim = audClaim;
     }
@@ -50,17 +49,15 @@ void validateHeader(JwsHeader header) {
 
         // Make sure it's a UUID
         try {
-            //noinspection ResultOfMethodCallIgnored
             UUID.fromString(keyId);
         } catch (IllegalArgumentException e) {
             throw new WebApplicationException("`kid` value must be a UUID", Response.Status.BAD_REQUEST);
         }
     }
 
     void validateTokenFormat(String issuer) {
-        // Make sure the client token is actually a macaroon and not something else, like a a UUID
+        // Make sure the client token is actually a macaroon and not something else, like a UUID
         try {
-            //noinspection ResultOfMethodCallIgnored
             UUID.fromString(issuer);
             throw new WebApplicationException("Cannot use Token ID as `client_token`, must use actual token value", Response.Status.BAD_REQUEST);
         } catch (IllegalArgumentException e) {
@@ -91,7 +88,7 @@ void validateExpiration(Claims claims) {
         }
 
         // Not more than 5 minutes in the future
-        if (now.plus(5, ChronoUnit.MINUTES).isBefore(expiration.toInstant().atOffset(ZoneOffset.UTC))) {
+        if (now.plusMinutes(5).isBefore(expiration.toInstant().atOffset(ZoneOffset.UTC))) {
             throw new WebApplicationException("Token expiration cannot be more than 5 minutes in the future", Response.Status.BAD_REQUEST);
         }
     }
@@ -110,7 +107,7 @@ void validateClaims(String issuer, Claims claims) {
         }
 
         // Test correct aud claim
-        final String audience = getClaimIfPresent("audience", claims.getAudience());
+        final Set<String> audience = getClaimIfPresent("audience", claims.getAudience());
         if (!audience.equals(this.audClaim)) {
             throw new WebApplicationException("Audience claim value is incorrect", Response.Status.BAD_REQUEST);
         }

dpc-api/src/main/java/gov/cms/dpc/api/resources/v1/AdminResource.java

@@ -32,6 +32,7 @@ public AdminResource(@Named("attribution") IGenericClient client) {
         this.client = client;
     }
 
+    @Override
     @GET
     @Path("Organization")
     @FHIR
@@ -46,13 +47,12 @@ public AdminResource(@Named("attribution") IGenericClient client) {
     public Bundle getOrganizations(@NotNull @QueryParam(value="npis") String npis) {
         Map<String, List<String>> searchParams = new HashMap<>();
         searchParams.put("identifier", Collections.singletonList(npis));
-        Bundle bundle = this.client
+        return this.client
                     .search()
                     .forResource(Organization.class)
                     .whereMap(searchParams)
                     .encodedJson()
                     .returnBundle(Bundle.class)
                     .execute();
-        return bundle;
     }
 }

dpc-api/src/main/java/gov/cms/dpc/api/resources/v1/IpAddressResource.java

@@ -75,7 +75,7 @@ public IpAddressEntity submitIpAddress(@ApiParam(hidden = true) @Auth Organizati
         }
 
 
-        CollectionResponse currentIps = getOrganizationIpAddresses(organizationPrincipal);
+        CollectionResponse<IpAddressEntity> currentIps = getOrganizationIpAddresses(organizationPrincipal);
 
         if(currentIps.getCount() >= MAX_IPS) {
             logger.debug(String.format("Cannot add Ip for org: %s.  They are already at the max of %d.", organizationPrincipal.getID(), MAX_IPS));
@@ -105,11 +105,11 @@ public Response deleteIpAddress(
             @ApiParam(hidden = true) @Auth OrganizationPrincipal organizationPrincipal,
             @ApiParam @NotNull @PathParam(value = "ipAddressId") UUID ipAddressId
     ) {
-        CollectionResponse currentIps = getOrganizationIpAddresses(organizationPrincipal);
+        CollectionResponse<IpAddressEntity> currentIps = getOrganizationIpAddresses(organizationPrincipal);
         Optional<IpAddressEntity> optionalIp = currentIps.getEntities().stream().filter(ip ->
-            ((IpAddressEntity)ip).getId().equals(ipAddressId)).findFirst();
+            ip.getId().equals(ipAddressId)).findFirst();
 
-        if(!optionalIp.isEmpty()) {
+        if(optionalIp.isPresent()) {
             this.dao.deleteIpAddress(optionalIp.get());
             return Response.noContent().build();
         } else {