public Principal getUserPrincipal()

in aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsHttpApiV2SecurityContext.java [44:74]

• 29 lines of code
• 8 McCabe index (conditional complexity)

    public Principal getUserPrincipal() {
        if (getAuthenticationScheme() == null || !event.getHeaders().containsKey(HttpHeaders.AUTHORIZATION)) {
            return null;
        }

        String authValue = event.getHeaders().get(HttpHeaders.AUTHORIZATION);
        if (authValue.startsWith("Bearer ")) {
            authValue = authValue.replace("Bearer ", "");
        }
        String[] parts = authValue.split("\\.");
        if (parts.length != 3) {
            log.warn("Could not parse JWT token for requestId: " + SecurityUtils.crlf(event.getRequestContext().getRequestId()));
            return null;
        }
        String decodedBody = new String(Base64.getMimeDecoder().decode(parts[1]), StandardCharsets.UTF_8);
        try {
            JsonNode parsedBody = LambdaContainerHandler.getObjectMapper().readTree(decodedBody);
            if (!parsedBody.isObject() && parsedBody.has("sub")) {
                log.debug("Could not find \"sub\" field in JWT body for requestId: " + SecurityUtils.crlf(event.getRequestContext().getRequestId()));
                return null;
            }
            String subject = parsedBody.get("sub").asText();
            return (() -> {
                return subject;
            });
        } catch (JsonProcessingException e) {
            log.error("Error while attempting to parse JWT body for requestId: " + SecurityUtils.crlf(event.getRequestContext().getRequestId()), e);
            return null;
        }

    }