All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.soulwing.jwt.api.BiPredicateAssertions Maven / Gradle / Ivy

/*
 * File created on Mar 8, 2019
 *
 * Copyright (c) 2019 Carl Harris, Jr
 * and others as noted
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.soulwing.jwt.api;

import java.security.cert.X509Certificate;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.function.BiPredicate;
import java.util.function.Function;
import java.util.function.Predicate;

/**
 * An {@link Assertions} implementation that evaluates a list of
 * {@link BiPredicate} lambdas.
 *
 * @author Carl Harris
 */
public final class BiPredicateAssertions implements Assertions {

  private final List> assertions = new ArrayList<>();

  private  void addClaimAssertion(Function> accessor,
      Predicate condition) {
     assertions.add((claims, context) ->
        accessor.apply(claims).map(condition::test).orElse(false));
  }

  private  void addClaimAssertion(Function> accessor,
      BiPredicate condition) {
    assertions.add((claims, context) ->
        accessor.apply(claims)
            .map(v -> condition.test(v, context))
            .orElse(false));
  }

  private void addClaimAssertion(Predicate condition) {
    assertions.add((claims, context) -> condition.test(context));
  }

  public static final class Builder implements Assertions.Builder {

    private final BiPredicateAssertions assertions;

    Builder(BiPredicateAssertions assertions) {
      this.assertions = assertions;
    }

    @Override
    public Assertions.Builder requireId() {
      return requireIdSatisfies(v -> v != null && !v.trim().isEmpty());
    }

    @Override
    public Assertions.Builder requireIdSatisfies(Predicate condition) {
      return requireSatisfies(Claims.JTI, String.class, condition);
    }

    @Override
    public Assertions.Builder requireLifetimeNotExceeded(Duration lifetime) {
      return requireIssuedAtSatisfies((t, clock) ->
          clock.instant().minus(lifetime).isBefore(t));
    }

    @Override
    public Assertions.Builder requireIssuedAtSatisfies(
        BiPredicate condition) {
      return requireInstantSatisfies(Claims.IAT, condition);
    }

    @Override
    public Assertions.Builder requireNotExpired(Duration tolerance) {
      return requireExpirationSatisfies((t, clock) ->
          clock.instant().minus(tolerance).isBefore(t));
    }

    @Override
    public Assertions.Builder requireExpirationSatisfies(
        BiPredicate condition) {
      return requireInstantSatisfies(Claims.EXP, condition);
    }

    @Override
    public Assertions.Builder requireIssuer(String issuer, String... otherIssuers) {
      return requireEquals(Claims.ISS, issuer, (Object[]) otherIssuers);
    }

    @Override
    public Assertions.Builder requireIssuerSatisfies(Predicate condition) {
      return requireSatisfies(Claims.ISS, String.class, condition);
    }

    @Override
    public Assertions.Builder requireCertificateSubjectMatchesIssuer() {
      return requirePublicKeyInfoSatisfies(Claims.ISS,
          (issuer, publicKeyInfo) -> {
            final List certificates =
                publicKeyInfo.getCertificates();
            return certificates.isEmpty()
                || CertificateNameMatcher.hasSubjectName(issuer,
                        certificates.get(0));
          });
    }

    @Override
    public Assertions.Builder requireCertificateSubjectMatches(String subjectName) {
      return requirePublicKeyInfoSatisfies(
          (publicKeyInfo) -> {
            final List certificates =
                publicKeyInfo.getCertificates();
            return certificates.isEmpty()
                || CertificateNameMatcher.hasSubjectName(subjectName,
                certificates.get(0));
          });
    }

    @Override
    public Assertions.Builder requireAudience(String audience,
        String... otherAudiences) {
      return requireContains(Claims.AUD, audience, (Object[]) otherAudiences);
    }

    @Override
    public Assertions.Builder requireAudienceSatisfies(Predicate condition) {
      assertions.addClaimAssertion(listAccessor(Claims.AUD), condition);
      return this;
    }

    @Override
    public Assertions.Builder requireSubject(String subject, String... otherSubjects) {
      return requireEquals(Claims.SUB, subject, (Object[]) otherSubjects);
    }

    @Override
    public Assertions.Builder requireSubjectSatisfies(Predicate condition) {
      return requireSatisfies(Claims.SUB, String.class, condition);
    }

    @Override
    public Assertions.Builder requireEquals(
        String name, Object value, Object... otherValues) {
      return requireSatisfies(name, Object.class,
          v -> v.equals(value) || Arrays.asList(otherValues).contains(v));
    }

    @Override
    public Assertions.Builder requireContains(
        String name, Object value, Object... otherValues) {
      assertions.addClaimAssertion(listAccessor(name),
          v -> v != null
              && (v.contains(value)
                  || Arrays.stream(otherValues).anyMatch(v::contains)));
      return this;
    }

    @Override
    @SuppressWarnings("unchecked")
    public final  Assertions.Builder requireSatisfies(
        String name, Class type, Predicate condition) {
      assertions.addClaimAssertion(valueAccessor(name),
          (v) -> type.isInstance(v) && condition.test((T) v));
      return this;
    }

    @Override
    public final Assertions.Builder requireInstantSatisfies(
        String name, BiPredicate condition) {
      assertions.addClaimAssertion(valueAccessor(name),
          (v, context) -> v instanceof Number
              && condition.test(
                    Instant.ofEpochSecond(((Number) v).longValue()),
                    context.getClock()));
      return this;
    }

    @Override
    public Assertions.Builder requirePublicKeyInfoSatisfies(
        String name, BiPredicate condition) {
      assertions.addClaimAssertion(valueAccessor(name),
          (v, context) -> v instanceof String
              && condition.test((String) v, context.getPublicKeyInfo()));
      return this;
    }

    @Override
    public Assertions.Builder requirePublicKeyInfoSatisfies(
        Predicate condition) {
      assertions.addClaimAssertion(
          (context) -> condition.test(context.getPublicKeyInfo()));
      return this;
    }

    private Function> valueAccessor(String name) {
      return (claims) -> claims.claim(name, Object.class);
    }

    private Function> listAccessor(String name) {
      return (claims) ->
          claims.claim(name, Object.class)
              .map(v -> v instanceof List ?
                  (List) v : Collections.singletonList(v));
    }

    @Override
    public BiPredicateAssertions build() {
      return assertions;
    }

  }

  /**
   * Gets a builder for a new instance.
   * @return builder
   */
  public static Builder builder() {
    return new Builder(new BiPredicateAssertions());
  }

  @Override
  public boolean test(Claims claims, Context context) {
    return assertions.stream()
        .allMatch(assertion -> assertion.test(claims, context));
  }


}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy