All Downloads are FREE. Search and download functionalities are using the official Maven repository.

yakworks.security.spring.token.TokenUtils.groovy Maven / Gradle / Ivy

/*
* Copyright 2022 Yak.Works - Licensed under the Apache License, Version 2.0 (the "License")
* You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
*/
package yakworks.security.spring.token

import java.security.KeyPair
import java.security.KeyPairGenerator
import java.security.spec.ECGenParameterSpec
import java.time.Instant
import java.time.temporal.ChronoUnit
import javax.servlet.http.Cookie
import javax.servlet.http.HttpServletRequest

import groovy.transform.CompileStatic

import org.springframework.security.oauth2.core.AbstractOAuth2Token

/**
 * helpers to generate key pairs for RSA and EC ES256
 */
@CompileStatic
class TokenUtils {
    public static String COOKIE_NAME = "TOK"

    /**
     * Generates a keypair for RSA 2048
     */
    static KeyPair generateRsaKey() {
        KeyPair keyPair;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            keyPair = keyPairGenerator.generateKeyPair();
        }
        catch (Exception ex) {
            throw new IllegalStateException(ex);
        }
        return keyPair;
    }

    /**
     * Generates a keypair for RSA 2048
     */
    static KeyPair generateES256Key() {
        KeyPair keyPair;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC")
            keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"))
            keyPair = keyPairGenerator.generateKeyPair()
        }
        catch (Exception ex) {
            throw new IllegalStateException(ex)
        }
        return keyPair
    }

    /**
     * creates a cookie for the JWT token
     */
    static Cookie tokenCookie(HttpServletRequest request, AbstractOAuth2Token token) {
        Cookie tCookie = new Cookie( COOKIE_NAME, token.tokenValue )
        //FIXME some hard coded values to get it working
        tCookie.maxAge = getExpiresIn(token)
        tCookie.path = '/'
        //only works if its https, her for dev as its normal http most of time.
        if ( isHttps(request) ) {
            tCookie.setHttpOnly(true)
            tCookie.setSecure(true)
        }
        return tCookie
    }

    /**
     * Checks to see if base Uri starts with https. if its http then true
     */
    static boolean isHttps(HttpServletRequest request) {
        request.getRequestURL().toString().startsWith('https')
    }

    /**
     * gets the expires in int value from token
     */
    static int getExpiresIn(AbstractOAuth2Token token) {
        if (token.expiresAt != null) {
            return ChronoUnit.SECONDS.between(Instant.now(), token.expiresAt).toInteger()
        }
        return -1
    }

    /**
     * converts token to map so can easily be sent to json
     */
    static Map tokenToMap(AbstractOAuth2Token token) {
        Map body = [
            token_type: 'Bearer',
            access_token: token.tokenValue,
            "expires_in": getExpiresIn(token)
        ]
        return body
    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy