All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.auth.AWSAbstractCognitoIdentityProvider Maven / Gradle / Ivy

/**
 * Copyright 2011-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *    http://aws.amazon.com/apache2.0
 *
 * This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
 * OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and
 * limitations under the License.
 */

package com.amazonaws.auth;

import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentity;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient;
import com.amazonaws.services.cognitoidentity.model.GetIdRequest;
import com.amazonaws.services.cognitoidentity.model.GetIdResult;
import com.amazonaws.services.cognitoidentity.model.GetOpenIdTokenRequest;
import com.amazonaws.services.cognitoidentity.model.GetOpenIdTokenResult;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

/**
 * This class utilizes Cognito as a means to get an identity and dispense an
 * identityId and token. It also handles the refreshing of the token and
 * identityId.
 */
public abstract class AWSAbstractCognitoIdentityProvider implements AWSCognitoIdentityProvider {

    /** The client for communication with Cognito */
    protected final AmazonCognitoIdentity cib;

    /**
     * The data structures that won't vary between cognito and developer
     * providers
     */
    protected String identityId;
    private final String accountId;
    private final String identityPoolId;
    protected String token;

    protected List listeners;
    protected Map loginsMap;

    /**
     * Sets up an AWSAbstractCognitoIdentityProvider, which will serve as the
     * baseline for both Cognito and developer trusted identity providers.
     * Custom providers should not extend this class, but should extend
     * AWSAbstractCognitoDeveloperIdentityProvider
     *
     * @param accountId the accountId of the developer
     * @param identityPoolId the identityPoolId to be used
     * @param cibClient the cib client which will communicate with cognito
     */
    public AWSAbstractCognitoIdentityProvider(String accountId, String identityPoolId,
            AmazonCognitoIdentity cibClient) {
        this.accountId = accountId;
        this.identityPoolId = identityPoolId;
        this.loginsMap = new HashMap();
        this.listeners = new ArrayList();
        this.cib = cibClient;
    }

    /**
     * Sets up an AWSAbstractCognitoIdentityProvider, which will serve as the
     * baseline for both Cognito and developer trusted identity providers.
     * Custom providers should not extend this class, but should extend
     * AWSAbstractCognitoDeveloperIdentityProvider
     *
     * @deprecated please use AWSAbstractCognitoIdentityProvider(String
     *             accountId, String identityPoolId, ClientConfiguration
     *             clientConfiguration, Regions region) instead.
     * @param accountId the accountId of the developer
     * @param identityPoolId the identityPoolId to be used
     * @param clientConfiguration the client configuration to be used by the
     *            client
     */
    @Deprecated
    public AWSAbstractCognitoIdentityProvider(String accountId, String identityPoolId,
            ClientConfiguration clientConfiguration) {
        this(accountId, identityPoolId, new AmazonCognitoIdentityClient
                (new AnonymousAWSCredentials(), clientConfiguration));
    }

    /**
     * Sets up an AWSAbstractCognitoIdentityProvider, which will serve as the
     * baseline for both Cognito and developer trusted identity providers.
     * Custom providers should not extend this class, but should extend
     * AWSAbstractCognitoDeveloperIdentityProvider
     *
     * @param accountId the accountId of the developer
     * @param identityPoolId the identityPoolId to be used
     * @param clientConfiguration the client configuration to be used by the
     *            client
     * @param region the region cognito will use
     */
    public AWSAbstractCognitoIdentityProvider(String accountId, String identityPoolId,
            ClientConfiguration clientConfiguration,
            Regions region) {
        this(accountId, identityPoolId, new AmazonCognitoIdentityClient
                (new AnonymousAWSCredentials(), clientConfiguration));
        this.cib.setRegion(Region.getRegion(region));
    }

    /**
     * Sets up an AWSAbstractCognitoIdentityProvider, which will serve as the
     * baseline for both Cognito and developer trusted identity providers.
     * Custom providers should not extend this class, but should extend
     * AWSAbstractCognitoDeveloperIdentityProvider
     *
     * @deprecated please use AWSAbstractCognitoIdentityProvider(String
     *             accountId, String identityPoolId, Regions region) instead.
     * @param accountId the accountId of the developer
     * @param identityPoolId the identityPoolId to be used
     */
    @Deprecated
    public AWSAbstractCognitoIdentityProvider(String accountId, String identityPoolId) {
        this(accountId, identityPoolId, new ClientConfiguration());
    }

    /**
     * Sets up an AWSAbstractCognitoIdentityProvider, which will serve as the
     * baseline for both Cognito and developer trusted identity providers.
     * Custom providers should not extend this class, but should extend
     * AWSAbstractCognitoDeveloperIdentityProvider
     *
     * @param accountId the accountId of the developer
     * @param identityPoolId the identityPoolId to be used
     * @param region the region cib will use
     */
    public AWSAbstractCognitoIdentityProvider(String accountId, String identityPoolId,
            Regions region) {
        this(accountId, identityPoolId, new ClientConfiguration(), region);
    }

    /**
     * Gets a string with the name of the provider being used. For example,
     * Cognito would return "Cognito"
     *
     * @return the name of the provider in a string
     */
    public abstract String getProviderName();

    /**
     * Gets a reference to the identityId of the user (sending a new request if
     * it isn't yet set), using the dev accountId, identityPoolId, and the
     * user's loginsMap to identify.
     */
    @Override
    public String getIdentityId() {
        if (identityId == null) {
            GetIdRequest getIdRequest = new GetIdRequest()
                    .withAccountId(getAccountId())
                    .withIdentityPoolId(getIdentityPoolId())
                    .withLogins(loginsMap);

            appendUserAgent(getIdRequest, getUserAgent());

            GetIdResult getIdResult = cib.getId(getIdRequest);

            if (getIdResult.getIdentityId() != null) {
                identityChanged(getIdResult.getIdentityId());
            }
        }
        return identityId;
    }

    protected void setIdentityId(String identityId) {
        this.identityId = identityId;
    }

    /**
     * With the logins and identityId to mark the user, it builds a request to
     * the cognito back end, and returns the token cib hands back
     */
    @Override
    public String getToken() {
        if (this.token == null) {
            GetOpenIdTokenRequest getTokenRequest = new GetOpenIdTokenRequest()
                    .withIdentityId(getIdentityId()).withLogins(loginsMap);

            appendUserAgent(getTokenRequest, getUserAgent());

            GetOpenIdTokenResult getTokenResult = cib
                    .getOpenIdToken(getTokenRequest);

            if (!getTokenResult.getIdentityId().equals(getIdentityId())) {
                identityChanged(getTokenResult.getIdentityId());
            }
            this.token = getTokenResult.getToken();
        }
        return token;
    }

    protected void setToken(String token) {
        this.token = token;
    }

    @Override
    public String getIdentityPoolId() {
        return identityPoolId;
    }

    public String getAccountId() {
        return accountId;
    }

    @Override
    public Map getLogins() {
        return loginsMap;
    }

    @Override
    public void setLogins(Map logins) {
        loginsMap = logins;
    }

    @Override
    public boolean isAuthenticated() {
        return ((loginsMap != null) && (loginsMap.size() > 0));
    }

    @Override
    public void unregisterIdentityChangedListener(IdentityChangedListener listener) {
        listeners.remove(listener);
    }

    @Override
    public void registerIdentityChangedListener(IdentityChangedListener listener) {
        listeners.add(listener);
    }

    /**
     * Updates the listeners and establishes the new identityId as the stored
     * identityId
     *
     * @param newIdentityId the identityId to be saved
     */
    @Override
    public void identityChanged(String newIdentityId) {
        if (identityId != null && identityId.equals(newIdentityId)) {
            return;
        }
        String oldIdentityId = identityId;
        identityId = newIdentityId;
        for (IdentityChangedListener listener: listeners) {
            listener.identityChanged(oldIdentityId, identityId);
        }
    }

    /**
     * Append user agent string to the request. The final string is what is set
     * in the ClientCofniguration concatenated with the given userAgent string.
     *
     * @param request the request object to be appended
     * @param userAgent additional user agent string to append
     */
    protected void appendUserAgent(AmazonWebServiceRequest request, String userAgent) {
        request.getRequestClientOptions().appendUserAgent(userAgent);
    }

    @Override
    public void clearListeners() {
        listeners.clear();
    }

    /**
     * Gets the user agent string to append to all requests made by this
     * provider. Default is an empty string.
     */
    protected String getUserAgent() {
        return "";
    }

    /**
     * To be used to update the identityId and token after a call to refresh
     * from an identityProvider. Note, this is the only call that is needed
     * after the refresh call terminates, and it is explicitly necessary. Do not
     * call setIdentity and/or setToken in addition to this, or it could cause
     * unexpected behavior.
     *
     * @param identityId the new identityId to be used for the user
     * @param token the new token to be used with STS
     */
    protected void update(String identityId, String token) {
        if (this.identityId == null || !this.identityId.equals(identityId)) {
            identityChanged(identityId);
        }
        if (this.token == null || !this.token.equals(token)) {
            this.token = token;
        }
    }

    /*
     * (non-Javadoc)
     * @see com.amazonaws.auth.AWSIdentityProvider#refresh()
     */
    @Override
    public String refresh() {
        getIdentityId();
        String token = getToken();
        update(getIdentityId(), token);
        return token;
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy