• Home
• com.atlassian.usercontext
• atlassian-user-context
• 0.0.4
• source code
• UserContextAuthenticatorImpl.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.atlassian.usercontext.impl.UserContextAuthenticatorImpl Maven / Gradle / Ivy

package com.atlassian.usercontext.impl;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.JwtBuilder;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.core.exception.InvalidHeaderException;
import com.atlassian.asap.core.exception.UnsupportedAlgorithmException;
import com.atlassian.asap.core.keys.DataUriKeyReader;
import com.atlassian.asap.core.keys.KeyProvider;
import com.atlassian.asap.core.keys.privatekey.DataUriKeyProvider;
import com.atlassian.asap.core.serializer.JwtSerializer;
import com.atlassian.asap.core.validator.ValidatedKeyId;
import com.atlassian.asap.nimbus.serializer.NimbusJwtSerializer;
import com.atlassian.usercontext.api.UserContext;
import com.atlassian.usercontext.api.UserContextAuthenticator;
import com.atlassian.usercontext.api.UserContextClaims.UserContextRegisteredClaim;
import com.atlassian.usercontext.api.AuthenticationRequest;

import javax.json.Json;
import javax.json.JsonObjectBuilder;
import java.net.URI;
import java.security.PrivateKey;
import java.util.Optional;
import java.util.UUID;

public class UserContextAuthenticatorImpl implements UserContextAuthenticator {

    private final JwtSerializer jwtSerializer;
    private final KeyProvider privateKeyProvider;
    private final String issuer;
    private final ValidatedKeyId keyId;

    @VisibleForTesting
    UserContextAuthenticatorImpl(JwtSerializer jwtSerializer, KeyProvider privateKeyProvider, String issuer, ValidatedKeyId keyId) {
        this.jwtSerializer = jwtSerializer;
        this.privateKeyProvider = privateKeyProvider;
        this.issuer = issuer;
        this.keyId = keyId;
    }

    public static UserContextAuthenticatorImpl createDefault() {
        URI privateKeyDataUri = URI.create(System.getenv("ASAP_PRIVATE_KEY"));
        String issuer = System.getenv("ASAP_ISSUER");
        ValidatedKeyId keyId;
        try {
            keyId = ValidatedKeyId.validate(System.getenv("ASAP_KEY_ID"));
        } catch (InvalidHeaderException e) {
            throw new IllegalStateException(e);
        }
        DataUriKeyProvider privateKeyProvider = new DataUriKeyProvider(privateKeyDataUri, new DataUriKeyReader());
        return create(privateKeyProvider, issuer, keyId);
    }

    public static UserContextAuthenticatorImpl create(KeyProvider privateKeyProvider, String issuer, ValidatedKeyId keyId) {
        JwtSerializer jwtSerializer = new NimbusJwtSerializer();
        return new UserContextAuthenticatorImpl(jwtSerializer, privateKeyProvider, issuer, keyId);
    }

    @Override
    public Optional authenticate(AuthenticationRequest request) {
        JsonObjectBuilder claimsBuilder = Json.createObjectBuilder()
                .add(UserContextRegisteredClaim.ACCOUNT_ID_CLAIM.key(), request.getAuthenticatedAccountId().value());
        if (request.getAuthenticatedContextRestriction().isPresent()) {
            claimsBuilder.add(UserContextRegisteredClaim.IMPERSONATION_CONTEXT_RESTRICTION_CLAIM.key(), Json.createArrayBuilder()
                    .add(request.getAuthenticatedContextRestriction().get())
                    .build());
        }
        if (request.getImpersonatedAccountId().isPresent() && request.getImpersonatedContextRestriction().isPresent()) {
            claimsBuilder.add(UserContextRegisteredClaim.IMPERSONATION_CLAIM.key(), Json.createArrayBuilder()
                    .add(Json.createObjectBuilder()
                            .add(ImpersonationImpl.IMPERSONATION_ID_FIELD, UUID.randomUUID().toString())
                            .add(ImpersonationImpl.ACCOUNT_ID_FIELD, request.getImpersonatedAccountId().get().value())
                            .add(ImpersonationImpl.CONTEXT_RESTRICTION_FIELD, request.getImpersonatedContextRestriction().get())
                            .build())
                    .build());
        }
        Jwt jwt = JwtBuilder.newJwt()
                .keyId(keyId.getKeyId())
                .issuer(issuer)
                .audience(UserContextTokenValidatorImpl.USER_CONTEXT_AUDIENCE)
                .customClaims(claimsBuilder.build())
                .build();
        try {
            PrivateKey privateKey = privateKeyProvider.getKey(keyId);
            String serializeJwt = jwtSerializer.serialize(jwt, privateKey);
            return Optional.of(new UserContextImpl(jwt, serializeJwt));
        } catch (CannotRetrieveKeyException | UnsupportedAlgorithmException e) {
            return Optional.empty();
        }
    }

}