From 4f1e773a667ada725590455793e5f47ebd5ea748 Mon Sep 17 00:00:00 2001
From: sapessi <stefano.buliani@gmail.com>
Date: Thu, 20 Apr 2017 09:43:59 -0700
Subject: [PATCH] Bug fixes and comments

Fixed the principal id in the JaxRs security context to read the
subject property from the user pools authorizer claims. Fixed a bug in
the Claims object (private getSubject method). Added some comments to
the `ZonedDateTime` methods in the claims object. This should
completely address #24.
---
 .../internal/jaxrs/AwsProxySecurityContext.java    |  4 ++--
 .../internal/model/CognitoAuthorizerClaims.java    | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java b/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java
index cba3a79c4..8a61a95dd 100644
--- a/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java
+++ b/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.java
@@ -71,7 +71,7 @@ public Principal getUserPrincipal() {
             } else if (getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
                 return event.getRequestContext().getIdentity().getUserArn();
             } else if (getAuthenticationScheme().equals(AUTH_SCHEME_COGNITO_POOL)) {
-                return event.getRequestContext().getIdentity().getCognitoIdentityId();
+                return event.getRequestContext().getAuthorizer().getClaims().getSubject();
             }
 
             return null;
@@ -90,7 +90,7 @@ public boolean isSecure() {
 
 
     public String getAuthenticationScheme() {
-        if (event.getRequestContext().getIdentity().getCognitoAuthenticationType() != null) {
+        if (event.getRequestContext().getAuthorizer().getClaims() != null && event.getRequestContext().getAuthorizer().getClaims().getSubject() != null) {
             return AUTH_SCHEME_COGNITO_POOL;
         } else if (event.getRequestContext().getAuthorizer() != null) {
             return AUTH_SCHEME_CUSTOM;
diff --git a/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/model/CognitoAuthorizerClaims.java b/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/model/CognitoAuthorizerClaims.java
index dd380c137..d064db417 100644
--- a/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/model/CognitoAuthorizerClaims.java
+++ b/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/model/CognitoAuthorizerClaims.java
@@ -59,7 +59,7 @@ public class CognitoAuthorizerClaims {
     private String exp;
     private String iat;
 
-    private String getSubject() { return this.subject; }
+    public String getSubject() { return this.subject; }
 
     public void setSubject(String subject) {
         this.subject = subject;
@@ -145,6 +145,12 @@ public void setExp(String expiration) {
         this.exp = expiration;
     }
 
+
+    /**
+     * Returns the expiration time for the token as a <code>ZonedDateTime</code> from the <code>exp</code> property
+     * of the token.
+     * @return The parsed expiration time for the token.
+     */
     public ZonedDateTime getExpirationTime() {
         return ZonedDateTime.from(TOKEN_DATE_FORMATTER.parse(getExp()));
     }
@@ -159,6 +165,12 @@ public void setIat(String issuedAt) {
         this.iat = issuedAt;
     }
 
+
+    /**
+     * Returns the parsed issued time for the token as a <code>ZonedDateTime</code> object. This is taken from the <code>iat</code>
+     * property of the token.
+     * @return The parsed issue time of the token
+     */
     public ZonedDateTime getIssueTime() {
         return ZonedDateTime.from((TOKEN_DATE_FORMATTER.parse(getIat())));
     }