/*
* Copyright 2017-2020, Strimzi authors.
* License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
*/
package io.strimzi.kafka.oauth.common;
import com.fasterxml.jackson.databind.JsonNode;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.representations.AccessToken;
import static io.strimzi.kafka.oauth.common.JSONUtil.getClaimFromJWT;
public class PrincipalExtractor {
private String usernameClaim;
private String fallbackUsernameClaim;
private String fallbackUsernamePrefix;
public PrincipalExtractor() {}
public PrincipalExtractor(String usernameClaim, String fallbackUsernameClaim, String fallbackUsernamePrefix) {
this.usernameClaim = usernameClaim;
this.fallbackUsernameClaim = fallbackUsernameClaim;
this.fallbackUsernamePrefix = fallbackUsernamePrefix;
}
public String getPrincipal(AccessToken token, JWSInput jws) {
if (usernameClaim != null) {
try {
return getPrincipal(jws.readJsonContent(JsonNode.class));
} catch (Exception e) {
throw new RuntimeException("Failed to parse access token", e);
}
}
return null;
}
public String getPrincipal(JsonNode json) {
String result;
if (usernameClaim != null) {
result = getClaimFromJWT(json, usernameClaim);
if (result != null) {
return result;
}
if (fallbackUsernameClaim != null) {
result = getClaimFromJWT(json, fallbackUsernameClaim);
if (result != null) {
return fallbackUsernamePrefix == null ? result : fallbackUsernamePrefix + result;
}
}
}
return null;
}
public String getSub(AccessToken token) {
return token.getSubject();
}
public String getSub(JsonNode json) {
return getClaimFromJWT(json, "sub");
}
@Override
public String toString() {
return "PrincipalExtractor {usernameClaim: " + usernameClaim + ", fallbackUsernameClaim: " + fallbackUsernameClaim + ", fallbackUsernamePrefix: " + fallbackUsernamePrefix + "}";
}
public boolean isConfigured() {
return usernameClaim != null || fallbackUsernameClaim != null || fallbackUsernamePrefix != null;
}
}
