All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.quarkus.amazon.lambda.http.CognitoPrincipal Maven / Gradle / Ivy

package io.quarkus.amazon.lambda.http;

import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Matcher;

import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.JsonWebToken;

import com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent;

/**
 * Represents a Cognito JWT used to authenticate request
 *
 * Will only be allocated if requestContext.authorizer.jwt.claims.cognito:username is set
 * in the http event sent by API Gateway
 */
public class CognitoPrincipal implements JsonWebToken {
    private APIGatewayV2HTTPEvent.RequestContext.Authorizer.JWT jwt;
    private String name;
    private Set groups;

    public CognitoPrincipal(APIGatewayV2HTTPEvent.RequestContext.Authorizer.JWT jwt) {
        this.jwt = jwt;
        this.name = jwt.getClaims().get("cognito:username");
    }

    @Override
    public String getName() {
        return name;
    }

    @Override
    public Set getClaimNames() {
        return getClaims().getClaims().keySet();
    }

    @Override
    public  T getClaim(String claimName) {
        if (claimName.equals(Claims.groups)) {
            return (T) getGroups();
        } else if (claimName.equals(Claims.groups)) {
            return (T) getAudience();
        } else if (claimName.equals(Claims.exp)) {
            return (T) Long.valueOf(getExpirationTime());
        } else if (claimName.equals(Claims.iat)) {
            return (T) Long.valueOf(getIssuedAtTime());
        } else if (claimName.equals(Claims.aud)) {
            return (T) getAudience();
        }
        return (T) getClaims().getClaims().get(claimName);
    }

    @Override
    public Set getAudience() {
        return Collections.EMPTY_SET;
    }

    @Override
    public long getExpirationTime() {
        String val = jwt.getClaims().get(Claims.exp);
        if (val == null)
            return 0;
        return Long.parseLong(val);
    }

    @Override
    public long getIssuedAtTime() {
        String val = jwt.getClaims().get(Claims.iat);
        if (val == null)
            return 0;
        return Long.parseLong(val);
    }

    @Override
    public Set getGroups() {
        if (groups == null) {
            if (jwt.getClaims().containsKey(LambdaHttpRecorder.config.cognitoRoleClaim)) {
                String claim = jwt.getClaims().get(LambdaHttpRecorder.config.cognitoRoleClaim);
                Matcher matcher = LambdaHttpRecorder.groupPattern.matcher(claim);
                groups = new HashSet<>();
                while (matcher.find()) {
                    groups.add(matcher.group(matcher.groupCount()));
                }
            } else {
                groups = Collections.EMPTY_SET;
            }
        }
        return groups;
    }

    public APIGatewayV2HTTPEvent.RequestContext.Authorizer.JWT getClaims() {
        return jwt;
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy