All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.github.hiwepy.jwt.token.SignedWithRsaJWTRepository Maven / Gradle / Ivy

/*
 * Copyright (c) 2018, hiwepy (https://github.com/hiwepy).
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package com.github.hiwepy.jwt.token;

import java.text.ParseException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

import com.github.hiwepy.jwt.JwtPayload;
import com.github.hiwepy.jwt.exception.IncorrectJwtException;
import com.github.hiwepy.jwt.exception.InvalidJwtToken;
import com.github.hiwepy.jwt.exception.JwtException;
import com.github.hiwepy.jwt.time.JwtTimeProvider;
import com.github.hiwepy.jwt.utils.NimbusdsUtils;
import com.github.hiwepy.jwt.verifier.ExtendedRSASSAVerifier;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;

/**
 *  JSON Web Token (JWT) with RSA signature 
 * https://www.connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-rsa-signature 
 */
public class SignedWithRsaJWTRepository implements JwtRepository {

	private JwtTimeProvider timeProvider = JwtTimeProvider.DEFAULT_TIME_PROVIDER;
	
	/**
	 * Issue JSON Web Token (JWT)
	 * @author :hiwepy
	 * @param signingKey	: Signing key
	 * @param jwtId			: Jwt Id
	 * @param subject		: Jwt Subject
	 * @param issuer 		: Jwt Issuer
	 * @param audience 		: Jwt Audience
	 * @param roles			: The Roles
	 * @param permissions	: The Perms
	 * @param algorithm		: Supported algorithms:
	 * 

RS256 - RSA PKCS#1 signature with SHA-256

*

RS384 - RSA PKCS#1 signature with SHA-384

*

RS512 - RSA PKCS#1 signature with SHA-512

*

PS256 - RSA PSS signature with SHA-256

*

PS384 - RSA PSS signature with SHA-384

*

PS512 - RSA PSS signature with SHA-512

* @param period : Jwt Expiration Cycle * @return JSON Web Token (JWT) * @throws JwtException When Authentication Exception */ @Override public String issueJwt(RSAKey signingKey, String jwtId, String subject, String issuer, String audience, String roles, String permissions, String algorithm, long period) throws JwtException { Map claims = new HashMap(); claims.put("roles", roles); claims.put("perms", permissions); return this.issueJwt(signingKey, jwtId, subject, issuer, audience, claims, algorithm, period); } /** * Issue JSON Web Token (JWT) * @author :hiwepy * @param signingKey : Signing key * @param jwtId : Jwt Id * @param subject : Jwt Subject * @param issuer : Jwt Issuer * @param audience : Jwt Audience * @param claims : Jwt Claims * @param algorithm : Supported algorithms: *

RS256 - RSA PKCS#1 signature with SHA-256

*

RS384 - RSA PKCS#1 signature with SHA-384

*

RS512 - RSA PKCS#1 signature with SHA-512

*

PS256 - RSA PSS signature with SHA-256

*

PS384 - RSA PSS signature with SHA-384

*

PS512 - RSA PSS signature with SHA-512

* @param period : Jwt Expiration Cycle * @return JSON Web Token (JWT) * @throws JwtException When Authentication Exception */ @Override public String issueJwt(RSAKey signingKey, String jwtId, String subject, String issuer, String audience, Map claims, String algorithm, long period) throws JwtException { try { //-------------------- Step 1:Get ClaimsSet -------------------- // Prepare JWT with claims set JWTClaimsSet.Builder builder = NimbusdsUtils.claimsSet(jwtId, subject, issuer, audience, claims, period); // 签发时间 long currentTimeMillis = this.getTimeProvider().now(); Date now = new Date(currentTimeMillis); builder.issueTime(now); // 有效期起始时间 builder.notBeforeTime(now); // Token过期时间 if (period >= 0) { // 有效时间 Date expiration = new Date(currentTimeMillis + period ); builder.expirationTime(expiration); } JWTClaimsSet claimsSet = builder.build(); //-------------------- Step 2:RSA Signature -------------------- // Create RSA-signer with the private key JWSSigner signer = new RSASSASigner(signingKey); // Request JWS Header with JWSAlgorithm JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.parse(algorithm)).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); // Compute the RSA signature signedJWT.sign(signer); // To serialize to compact form, produces something like // eyJhbGciOiJSUzI1NiJ9.SW4gUlNBIHdlIHRydXN0IQ.IRMQENi4nJyp4er2L // mZq3ivwoAjqa1uUkSBKFIX7ATndFF5ivnt-m8uApHO4kfIFOrW7w2Ezmlg3Qd // maXlS9DhN0nUk_hGI3amEjkKd0BWYCB8vfUbUv0XGjQip78AI4z1PrFRNidm7 // -jPDm5Iq0SZnjKjCNS5Q15fokXZc8u0A return signedJWT.serialize(); } catch (KeyLengthException e) { throw new IncorrectJwtException(e); } catch (JOSEException e) { throw new IncorrectJwtException(e); } } /** * Verify the validity of JWT * @author : hiwepy * @param signingKey : *

If the jws was signed with a SecretKey, the same SecretKey should be specified on the JwtParser.

*

If the jws was signed with a PrivateKey, that key's corresponding PublicKey (not the PrivateKey) should be specified on the JwtParser.

* @param token : JSON Web Token (JWT) * @param checkExpiry : If Check validity. * @return If Validity * @throws JwtException When Authentication Exception */ @Override public boolean verify(RSAKey signingKey, String token, boolean checkExpiry) throws JwtException { try { //-------------------- Step 1:JWT Parse -------------------- // On the consumer side, parse the JWS SignedJWT signedJWT = SignedJWT.parse(token); //-------------------- Step 2:RSA Verify -------------------- // Create RSA verifier JWSVerifier verifier = checkExpiry ? new ExtendedRSASSAVerifier(signingKey, signedJWT.getJWTClaimsSet(), this.getTimeProvider()) : new RSASSAVerifier(signingKey) ; // Retrieve / verify the JWT claims according to the app requirements return signedJWT.verify(verifier); } catch (IllegalStateException e) { throw new IncorrectJwtException(e); } catch (NumberFormatException e) { throw new IncorrectJwtException(e); } catch (ParseException e) { throw new IncorrectJwtException(e); } catch (JOSEException e) { throw new InvalidJwtToken(e); } } /** * Parser JSON Web Token (JWT) * @author :hiwepy * @param signingKey : *

If the jws was signed with a SecretKey, the same SecretKey should be specified on the JwtParser.

*

If the jws was signed with a PrivateKey, that key's corresponding PublicKey (not the PrivateKey) should be specified on the JwtParser.

* @param token : JSON Web Token (JWT) * @param checkExpiry : If Check validity. * @return JwtPlayload {@link JwtPayload} * @throws JwtException When Authentication Exception */ @Override public JwtPayload getPlayload(RSAKey signingKey, String token, boolean checkExpiry) throws JwtException { try { //-------------------- Step 1:JWT Parse -------------------- // On the consumer side, parse the JWS SignedJWT signedJWT = SignedJWT.parse(token); //-------------------- Step 2:RSA Verify -------------------- // Create RSA verifier JWSVerifier verifier = checkExpiry ? new ExtendedRSASSAVerifier(signingKey, signedJWT.getJWTClaimsSet(), this.getTimeProvider()) : new RSASSAVerifier(signingKey) ; // Retrieve / verify the JWT claims according to the app requirements if(!signedJWT.verify(verifier)) { throw new JwtException(String.format("Invalid JSON Web Token (JWT) : %s", token)); } //-------------------- Step 3:Gets The Claims --------------- // Retrieve JWT claims return NimbusdsUtils.payload(signedJWT.getJWTClaimsSet()); } catch (IllegalStateException e) { throw new IncorrectJwtException(e); } catch (NumberFormatException e) { throw new IncorrectJwtException(e); } catch (ParseException e) { throw new IncorrectJwtException(e); } catch (JOSEException e) { throw new InvalidJwtToken(e); } } public JwtTimeProvider getTimeProvider() { return timeProvider; } public void setTimeProvider(JwtTimeProvider timeProvider) { this.timeProvider = timeProvider; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy