-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
aa3f35a
commit c582f38
Showing
7 changed files
with
358 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
eidpsam/src/main/java/uk/ac/ucl/eidp/auth/jwt/CallerClaims.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
package uk.ac.ucl.eidp.auth.jwt; | ||
|
||
import java.util.Date; | ||
import java.util.UUID; | ||
|
||
/** | ||
* JWT Claims for processing in JASPIC modules. | ||
* @author David Guzman {@literal d.guzman at ucl.ac.uk} | ||
*/ | ||
public class CallerClaims { | ||
|
||
private final UUID uid = UUID.randomUUID(); | ||
private final String sub; | ||
private final String iss; | ||
private Date exp; | ||
|
||
public CallerClaims(String sub, String iss) { | ||
this.sub = sub; | ||
this.iss = iss; | ||
} | ||
|
||
public String getSub() { | ||
return sub; | ||
} | ||
|
||
public String getIss() { | ||
return iss; | ||
} | ||
|
||
public String getJti() { | ||
return uid.toString(); | ||
} | ||
|
||
public Date getExp() { | ||
return exp; | ||
} | ||
|
||
public void setExp(Date exp) { | ||
this.exp = exp; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
package uk.ac.ucl.eidp.auth.jwt; | ||
|
||
import io.jsonwebtoken.Claims; | ||
import io.jsonwebtoken.JwtBuilder; | ||
import io.jsonwebtoken.Jwts; | ||
import io.jsonwebtoken.SignatureAlgorithm; | ||
import io.jsonwebtoken.SignatureException; | ||
|
||
import java.security.Key; | ||
import java.util.Date; | ||
|
||
|
||
/** | ||
* Utility class for the generation and validation of JWT tokens. | ||
* @author David Guzman {@literal d.guzman at ucl.ac.uk} | ||
*/ | ||
public class Jwt { | ||
|
||
/** | ||
* Generates a JSON Web Token using HS256 signature algorithm. | ||
* @param callerClaims The JWT claims. | ||
* @param apiKey The API key. | ||
* @param validForMs Validity in milliseconds of the token to be generated. | ||
* @return The JSON Web Token. | ||
*/ | ||
public static String createJwtToken(CallerClaims callerClaims, Key apiKey, long validForMs) { | ||
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; | ||
|
||
long nowMs = System.currentTimeMillis(); | ||
Date now = new Date(nowMs); | ||
|
||
JwtBuilder builder = Jwts.builder().setId(callerClaims.getJti()) | ||
.setIssuedAt(now) | ||
.setSubject(callerClaims.getSub()) | ||
.setIssuer(callerClaims.getIss()) | ||
.signWith(signatureAlgorithm, apiKey); | ||
|
||
if (validForMs > 0) { | ||
builder.setExpiration(new Date(nowMs + validForMs)); | ||
} | ||
|
||
return builder.compact(); | ||
} | ||
|
||
/** | ||
* Extract the subject information from the JWT. | ||
* @param jwt the JSON web token | ||
* @param apiKey the API key | ||
* @return a Subject with JWT claims added as Principals | ||
*/ | ||
public static CallerClaims toCallerClaims(String jwt, Key apiKey) { | ||
try { | ||
Claims claim = Jwts.parser().setSigningKey(apiKey).parseClaimsJws(jwt).getBody(); | ||
CallerClaims callerClaims = new CallerClaims(claim.getSubject(), claim.getIssuer()); | ||
callerClaims.setExp(claim.getExpiration()); | ||
return callerClaims; | ||
} catch (SignatureException ex) { | ||
return (null); | ||
} | ||
} | ||
} |
Oops, something went wrong.