Fixed authentication time format in authentication controller.

Change-Id: I9fab076ba1dcd02ce6f8cb69c9e435b6234da371
diff --git a/full/Changes b/full/Changes
index 4b0dd20..f6f8688 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,5 +1,5 @@
 version 0.60.5
-09/07/2018
+11/07/2018
 	- Added service layer to the search controller (margaretha)
 	- Added OAuth2 scope checking in search and VC controllers (margaretha)
 	- Added handling OAuth2 bearer token for VC access and User group controllers (margaretha)
@@ -8,6 +8,7 @@
 	- Added store access token in openID token service (margaretha)
 	- Fixed empty scope in openID authorization and token service (margaretha)
 	- Implemented storing authorization code in cache (margaretha)
+	- Fixed authentication time in authentication controller (margaretha)
 	
 version 0.60.4
 05/07/2018
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java
index e984c11..77504a5 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java
@@ -1,11 +1,18 @@
 package de.ids_mannheim.korap.authentication;
 
 import java.text.ParseException;
+import java.time.ZoneId;
+import java.time.ZonedDateTime;
+import java.util.Date;
 import java.util.Map;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jwt.SignedJWT;
 
+import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.FullConfiguration;
 import de.ids_mannheim.korap.config.JWTSigner;
 import de.ids_mannheim.korap.constant.TokenType;
@@ -18,24 +25,31 @@
 import net.sf.ehcache.CacheManager;
 import net.sf.ehcache.Element;
 
-/** EM: there is no authentication here, just implementation for creating token context etc.
+/**
+ * EM: there is no authentication here, just implementation for
+ * creating token context etc.
  * 
  * Created by hanl on 5/23/14.
  */
 public class APIAuthentication implements AuthenticationIface {
 
+    private static Logger jlog = LogManager.getLogger(APIAuthentication.class);
+
     private JWTSigner signedToken;
     private Cache invalided =
             CacheManager.getInstance().getCache("id_tokens_inv");
-    //private Cache id_tokens = CacheManager.getInstance().getCache("id_tokens");
+    // private Cache id_tokens =
+    // CacheManager.getInstance().getCache("id_tokens");
 
 
     public APIAuthentication (FullConfiguration config) throws JOSEException {
         this.signedToken = new JWTSigner(config.getSharedSecret(),
                 config.getIssuer(), config.getTokenTTL());
     }
-    
-    /** EM: for testing
+
+    /**
+     * EM: for testing
+     * 
      * @param signedToken
      */
     public APIAuthentication (JWTSigner signedToken) {
@@ -46,7 +60,7 @@
     public TokenContext getTokenContext (String authToken)
             throws KustvaktException {
         TokenContext context;
-        //Element ein = invalided.get(authToken);
+        // Element ein = invalided.get(authToken);
         try {
             context = signedToken.getTokenContext(authToken);
             context.setTokenType(getTokenType());
@@ -54,8 +68,8 @@
         catch (JOSEException | ParseException ex) {
             throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
         }
-        //context = (TokenContext) e.getObjectValue();
-        //throw new KustvaktException(StatusCodes.EXPIRED);
+        // context = (TokenContext) e.getObjectValue();
+        // throw new KustvaktException(StatusCodes.EXPIRED);
         return context;
     }
 
@@ -67,20 +81,28 @@
         c.setUsername(user.getUsername());
         SignedJWT jwt = signedToken.createJWT(user, attr);
         try {
-            c.setExpirationTime(jwt.getJWTClaimsSet().getExpirationTime().getTime());
+            c.setExpirationTime(
+                    jwt.getJWTClaimsSet().getExpirationTime().getTime());
+            jlog.debug(jwt.getJWTClaimsSet().getClaim(Attributes.AUTHENTICATION_TIME));
+            Date authTime = jwt.getJWTClaimsSet()
+                    .getDateClaim(Attributes.AUTHENTICATION_TIME);
+            ZonedDateTime time = ZonedDateTime.ofInstant(authTime.toInstant(),
+                    ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
+            c.setAuthenticationTime(time);
         }
         catch (ParseException e) {
             throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
         }
         c.setTokenType(getTokenType());
         c.setToken(jwt.serialize());
-        //id_tokens.put(new Element(c.getToken(), c));
+        // id_tokens.put(new Element(c.getToken(), c));
         return c;
     }
 
 
-    // todo: cache and set expiration to token expiration. if token in that cache, it is not to be used anymore!
-    //    @CacheEvict(value = "id_tokens", key = "#token")
+    // todo: cache and set expiration to token expiration. if token in
+    // that cache, it is not to be used anymore!
+    // @CacheEvict(value = "id_tokens", key = "#token")
     @Override
     public void removeUserSession (String token) throws KustvaktException {
         // invalidate token!
@@ -93,7 +115,7 @@
             throws KustvaktException {
         return null;
     }
-    
+
 
     @Override
     public TokenType getTokenType () {
diff --git a/full/src/main/java/de/ids_mannheim/korap/config/JWTSigner.java b/full/src/main/java/de/ids_mannheim/korap/config/JWTSigner.java
index 49f8183..dee393f 100644
--- a/full/src/main/java/de/ids_mannheim/korap/config/JWTSigner.java
+++ b/full/src/main/java/de/ids_mannheim/korap/config/JWTSigner.java
@@ -3,10 +3,14 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.text.ParseException;
+import java.time.Instant;
+import java.time.ZoneId;
 import java.time.ZonedDateTime;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.joda.time.DateTime;
 
 import com.nimbusds.jose.JOSEException;
@@ -34,6 +38,8 @@
  */
 public class JWTSigner {
 
+    private static Logger jlog = LogManager.getLogger(JWTSigner.class);
+    
     private URL issuer;
     private JWSSigner signer;
     private JWSVerifier verifier;
@@ -84,8 +90,11 @@
         csBuilder.expirationTime(TimeUtils.getNow().plusSeconds(ttl).toDate());
         csBuilder.claim(Attributes.AUTHENTICATION_TIME,
                 attr.get(Attributes.AUTHENTICATION_TIME));
-        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256),
-                csBuilder.build());
+        
+        JWTClaimsSet jwtClaimsSet = csBuilder.build();
+        jlog.debug(jwtClaimsSet.getClaim(Attributes.AUTHENTICATION_TIME));
+        SignedJWT signedJWT =
+                new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), jwtClaimsSet);
         try {
             signedJWT.sign(signer);
         }
@@ -191,8 +200,12 @@
                     signedJWT.getJWTClaimsSet().getAudience().get(0));
         c.setExpirationTime(
                 signedJWT.getJWTClaimsSet().getExpirationTime().getTime());
-        c.setAuthenticationTime((ZonedDateTime) signedJWT.getJWTClaimsSet()
+
+        Instant instant = Instant.ofEpochMilli((long) signedJWT.getJWTClaimsSet()
                 .getClaim(Attributes.AUTHENTICATION_TIME));
+        ZonedDateTime zonedAuthTime = ZonedDateTime.ofInstant(
+                instant, ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
+        c.setAuthenticationTime(zonedAuthTime);
         c.setToken(idtoken);
         c.addParams(signedJWT.getJWTClaimsSet().getClaims());
         return c;
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuAuthorizationService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuAuthorizationService.java
index f1bb28c..3a7a294 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuAuthorizationService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuAuthorizationService.java
@@ -53,9 +53,6 @@
             ZonedDateTime authenticationTime)
             throws OAuthSystemException, KustvaktException {
 
-        String code = oauthIssuer.authorizationCode();
-        checkResponseType(authzRequest.getResponseType());
-
         String clientId = authzRequest.getClientId();
         OAuth2Client client = clientService.authenticateClientId(clientId);
 
@@ -71,8 +68,10 @@
                     "Invalid redirect URI", OAuth2Error.INVALID_REQUEST);
         }
 
-        String scope;
+        String scope, code;
         try {
+            code = oauthIssuer.authorizationCode();
+            checkResponseType(authzRequest.getResponseType());
             scope = createAuthorization(username, authzRequest.getClientId(),
                     redirectUri, authzRequest.getScopes(), code,
                     authenticationTime, null);
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
index 0371c9e..0545cf0 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
@@ -1,7 +1,6 @@
 package de.ids_mannheim.korap.web.controller;
 
-import java.time.ZoneId;
-import java.time.ZonedDateTime;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator; // 07.02.17/FB
 import java.util.List;
@@ -44,6 +43,7 @@
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.utils.ServiceInfo;
+import de.ids_mannheim.korap.utils.TimeUtils;
 import de.ids_mannheim.korap.web.KustvaktResponseHandler;
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
 import de.ids_mannheim.korap.web.filter.BlockingFilter;
@@ -259,8 +259,7 @@
             //            attr.putAll(data.fields());
             
             // EM: add authentication time
-            ZonedDateTime authenticationTime =
-                    ZonedDateTime.now(ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
+            Date authenticationTime = TimeUtils.getNow().toDate();
             attr.put(Attributes.AUTHENTICATION_TIME, authenticationTime);
             // -- EM
             
diff --git a/full/src/main/resources/ehcache.xml b/full/src/main/resources/ehcache.xml
index be4e71e..d2be647 100644
--- a/full/src/main/resources/ehcache.xml
+++ b/full/src/main/resources/ehcache.xml
@@ -11,6 +11,13 @@
            maxEntriesLocalHeap="50"
            overflowToDisk='true'/>
 
+	<cache name='id_tokens_inv'
+           eternal='true'
+           maxElementsOnDisk="10000000"
+           memoryStoreEvictionPolicy="LRU"
+           maxEntriesLocalHeap="50"
+           overflowToDisk='true'/>
+           
     <cache name='auth_codes'
            timeToIdleSeconds="600"
            eternal='false'
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 99c295c..cc53e79 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -79,6 +79,7 @@
 security.jwt.issuer=https://korap.ids-mannheim.de
 
 ## JWK
+## must be set for openid
 rsa.private = kustvakt_rsa.key
 rsa.public = kustvakt_rsa_public.key
 rsa.key.id = 74caa3a9-217c-49e6-94e9-2368fdd02c35