• Home
• com.atlassian.usercontext
• atlassian-user-context
• 0.0.4
• source code
• UserContextTokenValidatorImpl.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.atlassian.usercontext.impl.UserContextTokenValidatorImpl Maven / Gradle / Ivy

package com.atlassian.usercontext.impl;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.api.exception.InvalidTokenException;
import com.atlassian.asap.core.keys.KeyProvider;
import com.atlassian.asap.core.server.AuthenticationContext;
import com.atlassian.asap.core.validator.JwtValidator;
import com.atlassian.asap.core.validator.JwtValidatorImpl;
import com.atlassian.usercontext.api.UserContext;
import com.atlassian.usercontext.api.UserContextTokenValidator;
import com.google.common.collect.ImmutableSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.security.PublicKey;
import java.util.Optional;
import java.util.Set;

import static java.util.Objects.requireNonNull;

/**
 * Implementation for {@link UserContextTokenValidator} which only needs a publicKeyProvider, and configures
 * defaults that meet specification.
 */
public class UserContextTokenValidatorImpl implements UserContextTokenValidator {

    private static final Logger LOG = LoggerFactory.getLogger(UserContextTokenValidatorImpl.class);

    private static final Set AUTHORIZED_USER_CONTEXT_ISSUERS = ImmutableSet.of("micros/edge-authenticator");

    static final String USER_CONTEXT_AUDIENCE = "atlassian-internal";

    private final JwtValidator jwtValidator;

    private UserContextTokenValidatorImpl(JwtValidator tokenValidator) {
        this.jwtValidator = requireNonNull(tokenValidator);
    }

    public static UserContextTokenValidatorImpl create(KeyProvider publicKeyProvider) {
        JwtValidator jwtValidator = JwtValidatorImpl.createDefault(new AuthenticationContext(USER_CONTEXT_AUDIENCE, publicKeyProvider));
        return new UserContextTokenValidatorImpl(jwtValidator);
    }

    @Override
    public Optional validate(String signedJwt) {
        requireNonNull(signedJwt);
        try {
            Jwt userContextJwt = jwtValidator.readAndValidate(signedJwt);
            String userContextIssuer = userContextJwt.getClaims().getIssuer();
            if (!AUTHORIZED_USER_CONTEXT_ISSUERS.contains(userContextIssuer)) {
                LOG.warn("Unauthorized user context issuer: {}", userContextIssuer);
                return Optional.empty();
            }
            return Optional.of(new UserContextImpl(userContextJwt, signedJwt));
        } catch (InvalidTokenException | CannotRetrieveKeyException ex) {
            LOG.warn("Unable to validate user context token due to: {}", ex.getMessage(), ex);
            return Optional.empty();
        }
    }
}