Remove dead code from TokenService

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java

@@ -173,8 +173,6 @@ public final class TokenService {
     private static final String ENCRYPTION_CIPHER = "AES/GCM/NoPadding";
     private static final String EXPIRED_TOKEN_WWW_AUTH_VALUE = String.format(Locale.ROOT, """
         Bearer realm="%s", error="invalid_token", error_description="The access token expired\"""", XPackField.SECURITY);
-    private static final String MALFORMED_TOKEN_WWW_AUTH_VALUE = String.format(Locale.ROOT, """
-        Bearer realm="%s", error="invalid_token", error_description="The access token is malformed\"""", XPackField.SECURITY);
     private static final BackoffPolicy DEFAULT_BACKOFF = BackoffPolicy.exponentialBackoff();
 
     public static final String THREAD_POOL_NAME = XPackField.SECURITY + "-token-key";
@@ -435,25 +433,6 @@ void tryAuthenticateToken(SecureString token, ActionListener<UserToken> listener
         }
     }
 
-    /**
-     * Decodes the provided token, and validates it (for format, expiry and invalidation).
-     * If valid, the token's {@link Authentication} (see {@link UserToken#getAuthentication()} is provided to the listener.
-     * If the token is invalid (expired etc), then {@link ActionListener#onFailure(Exception)} will be called.
-     * If tokens are not enabled, or the token does not exist, {@link ActionListener#onResponse} will be called with a
-     * {@code null} authentication object.
-     */
-    public void authenticateToken(SecureString tokenString, ActionListener<Authentication> listener) {
-        decodeAndValidateToken(tokenString, listener.map(token -> {
-            if (token == null) {
-                // Typically this means that the index is unavailable, so _probably_ the token is invalid but the only
-                // this we can say for certain is that we couldn't validate it. The logs will be more explicit.
-                throw new IllegalArgumentException("Cannot validate access token");
-            } else {
-                return token.getAuthentication();
-            }
-        }));
-    }
-
     /**
      * Reads the authentication and metadata from the given token.
      * This method does not validate whether the token is expired or not.
@@ -1251,7 +1230,7 @@ private void innerRefresh(
                         if (cause instanceof VersionConflictEngineException) {
                             // The document has been updated by another thread, get it again.
                             logger.debug("version conflict while updating document [{}], attempting to get it again", tokenDocId);
-                            getTokenDocAsync(tokenDocId, refreshedTokenIndex, true, new ActionListener<GetResponse>() {
+                            getTokenDocAsync(tokenDocId, refreshedTokenIndex, true, new ActionListener<>() {
                                 @Override
                                 public void onResponse(GetResponse response) {
                                     if (response.isExists()) {
@@ -1947,8 +1926,9 @@ private void checkIfTokenIsValid(UserToken userToken, ActionListener<UserToken>
         } else {
             final GetRequest getRequest = client.prepareGet(tokensIndex.aliasName(), getTokenDocumentId(userToken)).request();
             Consumer<Exception> onFailure = ex -> listener.onFailure(traceLog("check token state", userToken.getId(), ex));
-            tokensIndex.checkIndexVersionThenExecute(listener::onFailure, () -> {
-                executeAsyncWithOrigin(
+            tokensIndex.checkIndexVersionThenExecute(
+                listener::onFailure,
+                () -> executeAsyncWithOrigin(
                     client.threadPool().getThreadContext(),
                     SECURITY_ORIGIN,
                     getRequest,
@@ -2001,8 +1981,8 @@ private void checkIfTokenIsValid(UserToken userToken, ActionListener<UserToken>
                         }
                     }),
                     client::get
-                );
-            });
+                )
+            );
         }
     }
 
@@ -2086,7 +2066,7 @@ public static Tuple<Version, String> unpackVersionAndPayload(String encodedPack)
             final Version version = Version.readVersion(in);
             in.setVersion(version);
             final String payload = in.readString();
-            return new Tuple<Version, String>(version, payload);
+            return new Tuple<>(version, payload);
         }
     }
 
@@ -2485,7 +2465,7 @@ public SecretKey getOrComputeKey(BytesKey decodedSalt) throws ExecutionException
         }
 
         @Override
-        public void close() throws IOException {
+        public void close() {
             keyAndTimestamp.getKey().close();
         }
 

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/TokenServiceTests.java

@@ -240,7 +240,7 @@ public static void startThreadPool() throws IOException {
     }
 
     @AfterClass
-    public static void shutdownThreadpool() throws InterruptedException {
+    public static void shutdownThreadpool() {
         terminate(threadPool);
         threadPool = null;
     }
@@ -475,7 +475,7 @@ private RefreshTokenStatus newRefreshTokenStatus(
         }
     }
 
-    private void storeTokenHeader(ThreadContext requestContext, String tokenString) throws IOException, GeneralSecurityException {
+    private void storeTokenHeader(ThreadContext requestContext, String tokenString) {
         requestContext.putHeader("Authorization", "Bearer " + tokenString);
     }
 
@@ -938,14 +938,7 @@ protected static UserToken buildUserToken(
         }
 
         final Authentication tokenAuth = authentication.token().maybeRewriteForOlderVersion(tokenVersion);
-        final UserToken userToken = new UserToken(
-            possiblyHashedUserTokenId,
-            tokenVersion,
-            tokenAuth,
-            tokenService.getExpirationTime(),
-            metadata
-        );
-        return userToken;
+        return new UserToken(possiblyHashedUserTokenId, tokenVersion, tokenAuth, tokenService.getExpirationTime(), metadata);
     }
 
     private void mockGetTokenFromId(UserToken userToken, boolean isExpired) {