import com.google.cloud.recaptchaenterprise.v1.RecaptchaEnterpriseServiceClient;
import com.google.protobuf.ByteString;
import com.google.recaptchaenterprise.v1.AccountDefenderAssessment.AccountDefenderLabel;
import com.google.recaptchaenterprise.v1.Assessment;
import com.google.recaptchaenterprise.v1.CreateAssessmentRequest;
import com.google.recaptchaenterprise.v1.Event;
import com.google.recaptchaenterprise.v1.ProjectName;
import com.google.recaptchaenterprise.v1.RiskAnalysis.ClassificationReason;
import com.google.recaptchaenterprise.v1.TokenProperties;
import com.google.recaptchaenterprise.v1.UserId;
import com.google.recaptchaenterprise.v1.UserInfo;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.UUID;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
public class AccountDefenderAssessment {
public static void main(String[] args)
throws IOException, NoSuchAlgorithmException, InvalidKeyException {
// TODO(developer): Replace these variables before running the sample.
// projectId: Google Cloud Project ID
String projectId = "project-id";
// recaptchaSiteKey: Site key obtained by registering a domain/app to use recaptcha
// services.
String recaptchaSiteKey = "recaptcha-site-key";
// token: The token obtained from the client on passing the recaptchaSiteKey.
// To get the token, integrate the recaptchaSiteKey with frontend. See,
// https://cloud.google.com/recaptcha-enterprise/docs/instrument-web-pages#frontend_integration_score
String token = "recaptcha-token";
// recaptchaAction: The action name corresponding to the token.
String recaptchaAction = "recaptcha-action";
// Unique ID of the user, such as email, customer ID, etc.
String accountId = "default" + UUID.randomUUID().toString().split("-")[0];
// User phone number
String phoneNumber = "555-987-XXXX";
// User email address
String emailAddress = "john.doe@example.com";
accountDefenderAssessment(projectId, recaptchaSiteKey, token, recaptchaAction, accountId, phoneNumber, emailAddress);
}
/**
* This assessment detects account takeovers. See,
* https://cloud.google.com/recaptcha-enterprise/docs/account-takeovers The input is the hashed
* account id. Result tells if the action represents an account takeover. You can optionally
* trigger a Multi-Factor Authentication based on the result.
*/
public static void accountDefenderAssessment(
String projectId,
String recaptchaSiteKey,
String token,
String recaptchaAction,
String accountId,
String phoneNumber,
String emailAddress)
throws IOException {
try (RecaptchaEnterpriseServiceClient client = RecaptchaEnterpriseServiceClient.create()) {
// Set the properties of the event to be tracked.
Event.Builder eventBuilder =
Event.newBuilder()
.setSiteKey(recaptchaSiteKey)
.setToken(token);
// Set the account id, email address and phone number (of the user).
eventBuilder.setUserInfo(
UserInfo.newBuilder()
.setAccountId(accountId)
.addUserIds(UserId.newBuilder().setEmail(emailAddress))
.addUserIds(UserId.newBuilder().setPhoneNumber(phoneNumber)));
Event event = eventBuilder.build();
// Build the assessment request.
CreateAssessmentRequest createAssessmentRequest =
CreateAssessmentRequest.newBuilder()
.setParent(ProjectName.of(projectId).toString())
.setAssessment(Assessment.newBuilder().setEvent(event).build())
.build();
Assessment response = client.createAssessment(createAssessmentRequest);
// Check integrity of the response token.
if (!checkTokenIntegrity(response.getTokenProperties(), recaptchaAction)) {
return;
}
// Get the reason(s) and the reCAPTCHA risk score.
// For more information on interpreting the assessment,
// see: https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment
for (ClassificationReason reason : response.getRiskAnalysis().getReasonsList()) {
System.out.println(reason);
}
float recaptchaScore = response.getRiskAnalysis().getScore();
System.out.println("The reCAPTCHA score is: " + recaptchaScore);
String assessmentName = response.getName();
System.out.println(
"Assessment name: " + assessmentName.substring(assessmentName.lastIndexOf("/") + 1));
// Get the Account Defender result.
com.google.recaptchaenterprise.v1.AccountDefenderAssessment accountDefenderAssessment =
response.getAccountDefenderAssessment();
System.out.println(accountDefenderAssessment);
// Get Account Defender label.
List<AccountDefenderLabel> defenderResult =
response.getAccountDefenderAssessment().getLabelsList();
// Based on the result, can you choose next steps.
// If the 'defenderResult' field is empty, it indicates that Account Defender did not have
// anything to add to the score.
// Few result labels: ACCOUNT_DEFENDER_LABEL_UNSPECIFIED, PROFILE_MATCH,
// SUSPICIOUS_LOGIN_ACTIVITY, SUSPICIOUS_ACCOUNT_CREATION, RELATED_ACCOUNTS_NUMBER_HIGH.
// For more information on interpreting the assessment, see:
// https://cloud.google.com/recaptcha-enterprise/docs/account-defender#interpret-assessment-details
System.out.println("Account Defender Assessment Result: " + defenderResult);
}
}
private static boolean checkTokenIntegrity(
TokenProperties tokenProperties, String recaptchaAction) {
// Check if the token is valid.
if (!tokenProperties.getValid()) {
System.out.println(
"The Account Defender Assessment call failed because the token was: "
+ tokenProperties.getInvalidReason().name());
return false;
}
// Check if the expected action was executed.
if (!tokenProperties.getAction().equals(recaptchaAction)) {
System.out.printf(
"The action attribute in the reCAPTCHA tag '%s' does not match "
+ "the action '%s' you are expecting to score",
tokenProperties.getAction(), recaptchaAction);
return false;
}
return true;
}
}
