public IdentityProvider()

in server/src/main/java/com/epam/aidial/core/server/security/IdentityProvider.java [87:158]

• 62 lines of code
• 17 McCabe index (conditional complexity)

    public IdentityProvider(JsonObject settings, Vertx vertx, HttpClient client,
                            Function<String, JwkProvider> jwkProviderSupplier, GetUserRoleFunctionFactory factory) {
        if (settings == null) {
            throw new IllegalArgumentException("Identity provider settings are missed");
        }
        this.vertx = vertx;
        this.client = client;

        positiveCacheExpirationMs = settings.getLong("positiveCacheExpirationMs", TimeUnit.MINUTES.toMillis(10));
        negativeCacheExpirationMs = settings.getLong("negativeCacheExpirationMs", TimeUnit.SECONDS.toMillis(10));

        disableJwtVerification = settings.getBoolean("disableJwtVerification", false);
        String jwksUrl = settings.getString("jwksUrl");
        String userinfoEndpoint = settings.getString("userInfoEndpoint");
        boolean supportJwt = jwksUrl != null || disableJwtVerification;
        boolean supportUserInfo = userinfoEndpoint != null;

        if ((!supportJwt && !supportUserInfo) || (supportJwt && supportUserInfo)) {
            throw new IllegalArgumentException("Either jwksUrl or userinfoEndpoint must be provided or disableJwtVerification is set to true");
        } else if (supportJwt) {
            if (jwksUrl != null) {
                jwkProvider = jwkProviderSupplier.apply(jwksUrl);
            }
            String issuerPatternStr = settings.getString("issuerPattern");
            if (issuerPatternStr != null) {
                issuerPattern = Pattern.compile(issuerPatternStr);
            }
        } else {
            try {
                userInfoUrl = new URL(userinfoEndpoint);
            } catch (MalformedURLException e) {
                throw new IllegalArgumentException(e);
            }
        }

        Object rolePathObj = Objects.requireNonNull(settings.getValue("rolePath"), "rolePath is missed");
        List<String> rolePathList;

        if (rolePathObj instanceof String rolePathStr) {
            getUserRoleFn =  factory.getUserRoleFn(rolePathStr);
            rolePathList = List.of(rolePathStr);
        } else if (rolePathObj instanceof JsonArray rolePathArray) {
            getUserRoleFn = null;
            rolePathList = rolePathArray.stream().map(o -> (String) o).toList();
        } else {
            throw new IllegalArgumentException("rolePath should be either String or Array");
        }

        for (String rolePath : rolePathList) {
            rolePaths.add(rolePath.split("\\."));
        }

        projectPath = settings.containsKey("projectPath") ? settings.getString("projectPath").split("\\.") : null;
        rolesDelimiter = settings.getString("rolesDelimiter");

        loggingKey = settings.getString("loggingKey");
        if (loggingKey != null) {
            loggingSalt = Objects.requireNonNull(settings.getString("loggingSalt"), "loggingSalt is missed");
        } else {
            loggingSalt = null;
        }

        try {
            sha256Digest = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e);
        }
        obfuscateUserEmail = settings.getBoolean("obfuscateUserEmail", true);

        long period = Math.min(negativeCacheExpirationMs, positiveCacheExpirationMs);
        vertx.setPeriodic(0, period, event -> evictExpiredJwks());
    }