fixed sonar smells

server/src/main/java/org/cloudfoundry/identity/uaa/oauth/jwt/JwtHelper.java

@@ -149,6 +149,8 @@ public String toString() {
 }
 
 class JwtImpl implements Jwt {
+
+    private static final String INVALID_TOKEN = "Invalid token";
     private final String parsedJwtObject;
     private final JWT signedJwtObject;
     private final JwtHeader header;
@@ -179,7 +181,7 @@ class JwtImpl implements Jwt {
                 parsedJwtObject = null;
             }
         } catch (ParseException | JOSEException e) {
-            throw new InvalidTokenException("Invalid token", e);
+            throw new InvalidTokenException(INVALID_TOKEN, e);
         }
     }
 
@@ -199,7 +201,7 @@ class JwtImpl implements Jwt {
                 signedJwtObject = null;
             }
         } catch (ParseException | JOSEException e) {
-            throw new InvalidTokenException("Invalid token", e);
+            throw new InvalidTokenException(INVALID_TOKEN, e);
         }
     }
 
@@ -213,7 +215,7 @@ class JwtImpl implements Jwt {
             this.header = new JwtHeader(JsonUtils.convertValue(signedJwtObject.getHeader().toJSONObject(), HeaderParameters.class));
             this.parsedJwtObject = token;
         } catch (ParseException e) {
-            throw new InvalidTokenException("Invalid token", e);
+            throw new InvalidTokenException(INVALID_TOKEN, e);
         }
         this.content = null;
         this.signature = null;

server/src/main/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAA.java

@@ -157,15 +157,8 @@ public JwtTokenSignedByThisUAA checkIssuer(String issuer) {
     protected JwtTokenSignedByThisUAA checkExpiry(Instant asOf) {
         JWTClaimsSet jwtClaimsSet = getJwt().getClaimSet();
         Date expiry = jwtClaimsSet.getExpirationTime();
-        if (expiry == null) {
-            throw new InvalidTokenException("Token does not bear an EXP claim.", null);
-        }
-        try {
-            if (asOf.isAfter(expiry.toInstant())) {
-                throw new InvalidTokenException("Token expired at " + expiry, null);
-            }
-        } catch (ClassCastException ex) {
-            throw new InvalidTokenException("Token bears an invalid or unparseable EXP claim.", ex);
+        if (expiry == null || asOf == null || asOf.isAfter(expiry.toInstant())) {
+            throw new InvalidTokenException("Token does not bear a valid EXP claim.", null);
         }
         return this;
     }

server/src/test/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAATest.java

@@ -231,7 +231,7 @@ public void validate_KeyId_isPresent() {
 
         expectedException.expectMessage("kid claim not found in JWT token header");
 
-        JwtTokenSignedByThisUAA.buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost"));
+        assertThat(buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")), notNullValue());
     }
 
     @Test
@@ -247,9 +247,15 @@ public void validate_KeyId_actuallyExists() {
     @Test
     public void validation_succeeds_with_different_alg() {
         header.put("alg", "HS512");
-        buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost"))
+        JwtTokenSignedByThisUAA jwtTokenSignedByThisUAA = buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost"))
             .checkIssuer("http://localhost:8080/uaa/oauth/token")
             .checkSignature();
+        assertThat(jwtTokenSignedByThisUAA, notNullValue());
+        assertThat(jwtTokenSignedByThisUAA.toString(), notNullValue());
+        assertThat(jwtTokenSignedByThisUAA.getJwt().toString(), notNullValue());
+        assertThat(jwtTokenSignedByThisUAA.getJwt().getHeader().toString(), notNullValue());
+        assertThat(jwtTokenSignedByThisUAA.getJwt().getEncoded().toString(), notNullValue());
+        assertThat(jwtTokenSignedByThisUAA.getJwt().getHeader().getAlg(), containsString("HS512"));
     }
 
     @Test