SUPPORT-8593: Fix
This commit is contained in:
Eduard Tihomirov
parent
bb29b09aee
commit
ed46ad8a0d
1 changed files with 38 additions and 22 deletions
|
|
@ -204,9 +204,9 @@ public class EsiaAuthService {
|
|||
throw new RuntimeException(tokenResponse.getError_description());
|
||||
}
|
||||
String accessToken = tokenResponse.getAccess_token();
|
||||
boolean verifyResult = verifyToken(accessToken);
|
||||
if (!verifyResult) {
|
||||
throw new RuntimeException("Token not valid");
|
||||
String verifyResult = verifyToken(accessToken);
|
||||
if (verifyResult != null) {
|
||||
throw new RuntimeException(verifyResult);
|
||||
}
|
||||
String refreshToken = tokenResponse.getRefresh_token();
|
||||
EsiaAccessToken esiaAccessToken = personalDataService.readToken(accessToken);
|
||||
|
|
@ -288,9 +288,9 @@ public class EsiaAuthService {
|
|||
throw new RuntimeException(tokenResponse.getError_description());
|
||||
}
|
||||
String accessToken = tokenResponse.getAccess_token();
|
||||
boolean verifyResult = verifyToken(accessToken);
|
||||
if (!verifyResult) {
|
||||
throw new RuntimeException("Token not valid");
|
||||
String verifyResult = verifyToken(accessToken);
|
||||
if (verifyResult != null) {
|
||||
throw new RuntimeException(verifyResult);
|
||||
}
|
||||
String newRefreshToken = tokenResponse.getRefresh_token();
|
||||
EsiaAccessToken esiaAccessToken = personalDataService.readToken(accessToken);
|
||||
|
|
@ -398,24 +398,42 @@ public class EsiaAuthService {
|
|||
return person;
|
||||
}
|
||||
|
||||
private boolean verifyToken(String accessToken) {
|
||||
EsiaAccessToken esiaAccessToken = personalDataService.readToken(accessToken);
|
||||
EsiaHeader esiaHeader = personalDataService.readHeader(accessToken);
|
||||
if (!esiaHeader.getSbt().equals("access") || !esiaHeader.getTyp().equals("JWT")) {
|
||||
return false;
|
||||
private String verifyToken(String accessToken) {
|
||||
EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken);
|
||||
EsiaHeader esiaHeader = ulDataService.readHeader(accessToken);
|
||||
if (!esiaHeader.getSbt().equals("access")) {
|
||||
return "Token invalid. Token sbt: " + esiaHeader.getSbt() + " invalid";
|
||||
}
|
||||
if (esiaAccessToken.getClient_id().equals(esiaConfig.getClientId()) && esiaAccessToken.getIss().equals(esiaConfig.getEsiaBaseUri())) {
|
||||
LocalDateTime iatTime = LocalDateTime.ofInstant(Instant.ofEpochSecond(esiaAccessToken.getIat()), ZoneId.systemDefault());
|
||||
LocalDateTime expTime = LocalDateTime.ofInstant(Instant.ofEpochSecond(esiaAccessToken.getExp()), ZoneId.systemDefault());
|
||||
LocalDateTime currentTime = LocalDateTime.now();
|
||||
if (currentTime.isAfter(iatTime) && expTime.isAfter(iatTime)) {
|
||||
return signVerify(accessToken);
|
||||
if (!esiaHeader.getTyp().equals("JWT")) {
|
||||
return "Token invalid. Token type: " + esiaHeader.getTyp() + " invalid";
|
||||
}
|
||||
if (!esiaAccessToken.getClient_id().equals(esiaConfig.getClientId())) {
|
||||
return "Token invalid. Token clientId: " + esiaAccessToken.getClient_id() + " invalid";
|
||||
}
|
||||
if (!esiaAccessToken.getIss().equals(esiaConfig.getEsiaBaseUri())) {
|
||||
return "Token invalid. The token publisher does not comply with the standard accepted in the ESIA";
|
||||
}
|
||||
LocalDateTime iatTime = LocalDateTime.ofInstant(Instant.ofEpochSecond(esiaAccessToken.getIat()),
|
||||
ZoneId.systemDefault()
|
||||
);
|
||||
LocalDateTime expTime = LocalDateTime.ofInstant(Instant.ofEpochSecond(esiaAccessToken.getExp()),
|
||||
ZoneId.systemDefault()
|
||||
);
|
||||
LocalDateTime currentTime = LocalDateTime.now();
|
||||
if (!currentTime.isAfter(iatTime) || !expTime.isAfter(iatTime)) {
|
||||
return "Token invalid. Token expired";
|
||||
}
|
||||
HttpResponse<String> response = signVerify(accessToken);
|
||||
if (response.statusCode() != 200) {
|
||||
if (response.statusCode() == 401) {
|
||||
return "Token invalid. " + response.body();
|
||||
}
|
||||
return "Error in verify module. Error status " + response.statusCode();
|
||||
}
|
||||
return false;
|
||||
return null;
|
||||
}
|
||||
|
||||
private boolean signVerify(String accessToken) {
|
||||
private HttpResponse<String> signVerify(String accessToken) {
|
||||
try {
|
||||
HttpRequest request = HttpRequest.newBuilder()
|
||||
.uri(URI.create(esiaConfig.getSignVerifyUrl()))
|
||||
|
|
@ -426,9 +444,7 @@ public class EsiaAuthService {
|
|||
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
|
||||
.build()
|
||||
.send(request, HttpResponse.BodyHandlers.ofString());
|
||||
errorHandler(response);
|
||||
return true;
|
||||
|
||||
return response;
|
||||
}
|
||||
catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue