• Home
• io.soffa
• soffa-core-service
• 2.0.0
• source code
• JwtUtil.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.soffa.commons.jwt.JwtUtil Maven / Gradle / Ivy

package io.soffa.commons.jwt;

import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import io.soffa.commons.logging.Logger;
import io.soffa.commons.support.DateUtil;
import io.soffa.commons.support.IOUtil;
import io.soffa.commons.exceptions.TechnicalException;
import lombok.SneakyThrows;
import org.json.JSONObject;

import java.io.InputStream;
import java.io.Serializable;
import java.util.Date;
import java.util.Map;

public class JwtUtil {

    private static final Logger logger = Logger.create(JwtUtil.class);

    private JwtUtil() {
    }

    @SneakyThrows
    public static String create(final String issuer, final String secretKey, final String subject, final Map claims) {
        final Date issuedAt = new Date();
        JWTClaimsSet.Builder claimsSetBuilder = new JWTClaimsSet.Builder()
                .subject(subject)
                .issuer(issuer)
                .issueTime(issuedAt)
                .expirationTime(DateUtil.plusSeconds(issuedAt, 60));
        for (Map.Entry entry : claims.entrySet()) {
            claimsSetBuilder.claim(entry.getKey(), entry.getValue());
        }
        JWTClaimsSet claimsSet = claimsSetBuilder.build();

        try {
            Payload payload = new Payload(claimsSet.toJSONObject());
            JWEHeader header = new JWEHeader(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256);
            DirectEncrypter encrypter = new DirectEncrypter(secretKey.getBytes());
            JWEObject jweObject = new JWEObject(header, payload);
            jweObject.encrypt(encrypter);
            return jweObject.serialize();
        } catch (JOSEException e) {
            throw new TechnicalException("Unable to create JWT", e);
        }
    }


    @SneakyThrows
    public static String fromJwks(final InputStream jwkSource, final String issuer, final String subject, final Map claims) {
        String jwkString = IOUtil.toString(jwkSource).orElseThrow(() -> new TechnicalException("INVALID_JWK_SOURCE"));
        if (logger.isTraceEnabled()) {
            logger.trace("Using JWK: {}", jwkString);
        }
        JSONObject json = new JSONObject(jwkString);
        if (json.has("keys")) {
            json = json.getJSONArray("keys").getJSONObject(0);
        }
        JWK jwk = JWK.parse(new net.minidev.json.JSONObject(json.toMap()));
        RSAKey rsaJWK = jwk.toRSAKey();
        JWSSigner signer = new RSASSASigner(rsaJWK);
        Date issuedAt = new Date();
        JWTClaimsSet.Builder claimsSetBuilder = (new JWTClaimsSet.Builder()).subject(subject).issuer(issuer)
                .issueTime(issuedAt)
                .expirationTime(DateUtil.plusHours(issuedAt, 1));
        if (claims != null) {
            for (Map.Entry entry : claims.entrySet()) {
                claimsSetBuilder.claim(entry.getKey(), entry.getValue());
            }
        }
        JWTClaimsSet claimsSet = claimsSetBuilder.build();
        JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(rsaJWK.getKeyID()).build();
        SignedJWT signedJWT = new SignedJWT(header, claimsSet);
        signedJWT.sign(signer);
        return signedJWT.serialize();
    }

}