com.fivefaces.structureclient.config.security.patient.PatientJwtTokenServiceImpl Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of common-structure-client Show documentation
structure Client for Five Faces
There is a newer version: 1.0.62
Show newest version
package com.fivefaces.structureclient.config.security.patient;

import com.fivefaces.setting.service.SettingService;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;

import java.text.ParseException;
import java.time.Instant;
import java.util.Date;
import java.util.Map;

@Component
@Slf4j
@RequiredArgsConstructor
public class PatientJwtTokenServiceImpl implements PatientJwtTokenService {

    public static final long JWT_TOKEN_VALIDITY = 5 * 60 * 60;

    private final SettingService settingService;

    @Override
    public String generateToken(Map claims, String subject) {
        try {
            ECKey ecJWK = getJwtPrivateKey();
            SignedJWT signedJWT = new SignedJWT(createHeader(ecJWK), createClaimsSet(subject, claims));
            signedJWT.sign(new ECDSASigner(ecJWK));
            return signedJWT.serialize();
        } catch (JOSEException | ParseException e) {
            log.error("Could not generate JWT token", e);
            throw new IllegalStateException("Could not generate JWT", e);
        }
    }

    @Override
    public JWT validateToken(String jwt) {
        try {
            SignedJWT parsedJwt = SignedJWT.parse(jwt);
            if (!parsedJwt.verify(new ECDSAVerifier(getJwtPrivateKey()))) {
                throw new BadCredentialsException("Invalid JWT");
            }
            return parsedJwt;
        } catch (JOSEException | ParseException e) {
            log.error("Could not validate JWT token", e);
            throw new IllegalStateException("Could not validate JWT", e);
        }
    }

    @Override
    public String getJwtPublicKey() {
        return settingService.getSettingByName("JWT Public Key").getValue();
    }

    @Override
    public String getIssuer() {
        return settingService.getSettingByName("JWT Issuer").getValue();
    }

    private JWSHeader createHeader(ECKey ecJWK) {
        return new JWSHeader.Builder(JWSAlgorithm.ES256)
                .type(JOSEObjectType.JWT)
                .keyID(ecJWK.getKeyID())
                .build();
    }

    private JWTClaimsSet createClaimsSet(String subject, Map claims) {
        Instant now = Instant.now();
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder()
                .issuer(getIssuer())
                .subject(subject)
                .audience("ff-structure")
                .notBeforeTime(Date.from(now))
                .issueTime(Date.from(now))
                .expirationTime(Date.from(now.plusSeconds(JWT_TOKEN_VALIDITY)));
        for (String key : claims.keySet()) {
            builder.claim(key, claims.get(key));
        }
        return builder.build();
    }

    private ECKey getJwtPrivateKey() throws ParseException {
        return ECKey.parse(settingService.getSettingByName("JWT Private Key").getValue());
    }

}