private boolean verifyLocal(GoogleIdToken.Payload payload) { Long issueTime = payload.getIssuedAtTimeSeconds(); Long expiryTime = payload.getExpirationTimeSeconds(); long currentTime = TimeUnit.SECONDS.convert(System.currentTimeMillis(), TimeUnit.MILLISECONDS); if (null != issueTime) { // lowest allowed time long checkTime = currentTime + TIME_SKEW_SECONDS; if (issueTime > checkTime) { LOGGER.log(Level.FINEST, () -> "Token pre-validation failed, issue time too late: " + issueTime + " for " + payload); return false; } } if (null != expiryTime) { long checkTime = currentTime - TIME_SKEW_SECONDS; if (expiryTime < checkTime) { LOGGER.log(Level.FINEST, () -> "Token pre-validation failed, expiration time too early: " + expiryTime + " for " + payload); return false; } } return true; }
private Subject buildSubject(String accessToken, GoogleIdToken.Payload payload) { TokenCredential.Builder builder = TokenCredential.builder(); builder.issueTime(toInstant(payload.getIssuedAtTimeSeconds())); builder.expTime(toInstant(payload.getExpirationTimeSeconds())); builder.issuer(payload.getIssuer()); builder.token(accessToken); builder.addToken(GoogleIdToken.Payload.class, payload); String email = payload.getEmail(); String userId = payload.getSubject(); Principal principal = Principal.builder() .id(userId) .name((null == email) ? userId : email) .addAttribute("fullName", payload.get("name")) .addAttribute("emailVerified", payload.getEmailVerified()) .addAttribute("locale", payload.get("locale")) .addAttribute("familyName", payload.get("family_name")) .addAttribute("givenName", payload.get("given_name")) .addAttribute("pictureUrl", payload.get("picture")) .build(); return Subject.builder() .principal(principal) .addPublicCredential(TokenCredential.class, builder.build()) .build(); }