com.fivefaces.structureclient.config.security.patient.PatientJwtTokenServiceImpl Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of common-structure-client Show documentation
Show all versions of common-structure-client Show documentation
structure Client for Five Faces
package com.fivefaces.structureclient.config.security.patient;
import com.fivefaces.setting.service.SettingService;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;
import java.text.ParseException;
import java.time.Instant;
import java.util.Date;
import java.util.Map;
@Component
@Slf4j
@RequiredArgsConstructor
public class PatientJwtTokenServiceImpl implements PatientJwtTokenService {
public static final long JWT_TOKEN_VALIDITY = 5 * 60 * 60;
private final SettingService settingService;
@Override
public String generateToken(Map claims, String subject) {
try {
ECKey ecJWK = getJwtPrivateKey();
SignedJWT signedJWT = new SignedJWT(createHeader(ecJWK), createClaimsSet(subject, claims));
signedJWT.sign(new ECDSASigner(ecJWK));
return signedJWT.serialize();
} catch (JOSEException | ParseException e) {
log.error("Could not generate JWT token", e);
throw new IllegalStateException("Could not generate JWT", e);
}
}
@Override
public JWT validateToken(String jwt) {
try {
SignedJWT parsedJwt = SignedJWT.parse(jwt);
if (!parsedJwt.verify(new ECDSAVerifier(getJwtPrivateKey()))) {
throw new BadCredentialsException("Invalid JWT");
}
return parsedJwt;
} catch (JOSEException | ParseException e) {
log.error("Could not validate JWT token", e);
throw new IllegalStateException("Could not validate JWT", e);
}
}
@Override
public String getJwtPublicKey() {
return settingService.getSettingByName("JWT Public Key").getValue();
}
@Override
public String getIssuer() {
return settingService.getSettingByName("JWT Issuer").getValue();
}
private JWSHeader createHeader(ECKey ecJWK) {
return new JWSHeader.Builder(JWSAlgorithm.ES256)
.type(JOSEObjectType.JWT)
.keyID(ecJWK.getKeyID())
.build();
}
private JWTClaimsSet createClaimsSet(String subject, Map claims) {
Instant now = Instant.now();
JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder()
.issuer(getIssuer())
.subject(subject)
.audience("ff-structure")
.notBeforeTime(Date.from(now))
.issueTime(Date.from(now))
.expirationTime(Date.from(now.plusSeconds(JWT_TOKEN_VALIDITY)));
for (String key : claims.keySet()) {
builder.claim(key, claims.get(key));
}
return builder.build();
}
private ECKey getJwtPrivateKey() throws ParseException {
return ECKey.parse(settingService.getSettingByName("JWT Private Key").getValue());
}
}