private AuthorizationResponse innerHandleRequest()

in serverless-ui/jwt-stack/src/main/java/com/awssamples/server/Authorizer.java [156:226]

• 47 lines of code
• 5 McCabe index (conditional complexity)

    private AuthorizationResponse innerHandleRequest(AuthorizationRequest authorizationRequest, Context context) {
        LambdaLogger log = context.getLogger();

        String token;
        Try<DecodedJWT> decodedJWTTry;

        Option<String> unverifiedTokenOption = getUnverifiedToken(authorizationRequest);
        Option<String> verifiedTokenOption = getVerifiedToken(authorizationRequest);

        if (verifiedTokenOption.isDefined()) {
            // Verified by IoT Core already
            token = verifiedTokenOption.get();

            decodedJWTTry = extractDataWithOnlyIssuedTimeVerification(token);
        } else if (unverifiedTokenOption.isDefined()) {
            // Unverified token is present, verify it manually
            token = unverifiedTokenOption.get();

            decodedJWTTry = extractDataWithFullVerification(getTokenVerifier(), token);
        } else {
            // JWT wasn't found
            throw new RuntimeException("Couldn't find a verified or unverified token");
        }

        if (decodedJWTTry.isFailure()) {
            log.log("JWT decoding/validation failure cause: " + decodedJWTTry.getCause().getMessage());

            // Decoded JWT probably expired
            AuthorizationResponse authorizationResponse = new AuthorizationResponse();

            authorizationResponse.isAuthenticated = false;

            return authorizationResponse;
        }

        DecodedJWT decodedJWT = decodedJWTTry.get();

        Claim iccidClaim = decodedJWT.getClaim("iccid");

        if (iccidClaim.isNull()) {
            // No ICCID found
            log.log("No ICCID found in claims");
            return null;
        }

        String iccid = iccidClaim.asString();
        String clientId = iccid;

        String allowedTopic = String.join("/", SharedWithServer.topicPrefix, clientId);

        List<Statement> statement = List.of(
                Statement.allowIamAction(IotActions.publish(IotResources.topic(allowedTopic))),
                Statement.allowIamAction(IotActions.connect(IotResources.clientId(clientId))),
                Statement.allowIamAction(IotActions.subscribe(IotResources.topicFilter(allowedTopic))),
                Statement.allowIamAction(IotActions.receive(IotResources.topic(allowedTopic))));

        PolicyDocument policyDocument = new PolicyDocument();
        policyDocument.Version = "2012-10-17";
        policyDocument.Statement = statement.asJava();

        List<PolicyDocument> policyDocuments = List.of(policyDocument);

        AuthorizationResponse authorizationResponse = new AuthorizationResponse();
        authorizationResponse.isAuthenticated = true;
        authorizationResponse.principalId = clientId;
        authorizationResponse.disconnectAfterInSeconds = 86400;
        authorizationResponse.refreshAfterInSeconds = 300;
        authorizationResponse.policyDocuments = policyDocuments.asJava();

        return authorizationResponse;
    }