/** * Checks if a token is expired. * * @param token The token to check. * @param now The instant of time the token's expiration time should be checked against. * @return {@code true} if the token is expired according to the given instant of time. * @throws NullPointerException if the token is {@code null}. * @throws IllegalArgumentException if the given token contains no <em>exp</em> claim. */ public static final boolean isExpired(final String token, final Instant now) { if (token == null) { throw new NullPointerException("token must not be null"); } else { final Date exp = getExpiration(token); return exp.before(Date.from(now)); } }
/** * Creates a helper for creating/validating HmacSHA256 based registration assertions. * * @param sharedSecret The shared secret. * @param tokenExpiration The number of seconds after which tokens expire. * @return The helper. * @throws NullPointerException if sharedSecret is {@code null}. */ public static RegistrationAssertionHelper forSharedSecret(final String sharedSecret, final long tokenExpiration) { return JwtHelper.forSharedSecret(sharedSecret, tokenExpiration, RegistrationAssertionHelperImpl::new); }
protected static <T extends JwtHelper> T forSharedSecret(final String sharedSecret, final long tokenExpiration, final Supplier<T> instanceSupplier) { Objects.requireNonNull(sharedSecret); Objects.requireNonNull(instanceSupplier); final T result = instanceSupplier.get(); result.setSharedSecret(getBytes(sharedSecret)); result.tokenLifetime = Duration.ofSeconds(tokenExpiration); return result; }
protected static <T extends JwtHelper> T forValidating(final SignatureSupportingConfigProperties config, final Supplier<T> instanceSupplier) { Objects.requireNonNull(config); Objects.requireNonNull(instanceSupplier); if (!config.isAppropriateForValidating()) { throw new IllegalArgumentException( "configuration does not specify any key material for validating tokens"); } else { final T result = instanceSupplier.get(); if (config.getSharedSecret() != null) { final byte[] secret = getBytes(config.getSharedSecret()); result.setSharedSecret(secret); LOG.info("using shared secret [{} bytes] for validating tokens", secret.length); } else if (config.getCertPath() != null) { result.setPublicKey(config.getCertPath()); LOG.info("using public key from certificate [{}] for validating tokens", config.getCertPath()); } return result; } } }
protected static <T extends JwtHelper> T forSigning(final SignatureSupportingConfigProperties config, final Supplier<T> instanceSupplier) { Objects.requireNonNull(config); Objects.requireNonNull(instanceSupplier); if (!config.isAppropriateForCreating()) { throw new IllegalArgumentException("configuration does not specify any signing tokens"); } else { final T result = instanceSupplier.get(); result.tokenLifetime = Duration.ofSeconds(config.getTokenExpiration()); if (config.getSharedSecret() != null) { final byte[] secret = getBytes(config.getSharedSecret()); result.setSharedSecret(secret); LOG.info("using shared secret [{} bytes] for signing tokens", secret.length); } else if (config.getKeyPath() != null) { result.setPrivateKey(config.getKeyPath()); LOG.info("using private key [{}] for signing tokens", config.getKeyPath()); } return result; } }
/** * Creates a helper for creating registration assertions. * * @param vertx The vertx instance to use for accessing the file system. * @param config The configuration properties to determine the signing key material from. * @return The helper. * @throws NullPointerException if any of the params is {@code null}. * @throws IllegalArgumentException if the key material cannot be determined from config. */ public static RegistrationAssertionHelper forSigning(final Vertx vertx, final SignatureSupportingConfigProperties config) { return JwtHelper.forSigning(config, () -> new RegistrationAssertionHelperImpl(vertx)); }
/** * Creates a helper for validating registration assertions. * * @param vertx The vertx instance to use for accessing the file system. * @param config The configuration properties to determine the signing key material from. * @return The helper. * @throws NullPointerException if any of the params is {@code null}. * @throws IllegalArgumentException if the key material cannot be determined from config. */ public static AuthTokenHelper forValidating(final Vertx vertx, final SignatureSupportingConfigProperties config) { return JwtHelper.forValidating(config, () -> new AuthTokenHelperImpl(vertx)); }
/** * Checks if a token is expired. * * @param token The token to check. * @param allowedClockSkewSeconds The allowed clock skew in seconds. * @return {@code true} if the token is expired according to the current system time (including allowed skew). */ public static final boolean isExpired(final String token, final int allowedClockSkewSeconds) { final Instant now = Instant.now().minus(Duration.ofSeconds(allowedClockSkewSeconds)); return isExpired(token, now); }
protected static <T extends JwtHelper> T forValidating(final SignatureSupportingConfigProperties config, final Supplier<T> instanceSupplier) { Objects.requireNonNull(config); Objects.requireNonNull(instanceSupplier); if (!config.isAppropriateForValidating()) { throw new IllegalArgumentException( "configuration does not specify any key material for validating tokens"); } else { final T result = instanceSupplier.get(); if (config.getSharedSecret() != null) { final byte[] secret = getBytes(config.getSharedSecret()); result.setSharedSecret(secret); LOG.info("using shared secret [{} bytes] for validating tokens", secret.length); } else if (config.getCertPath() != null) { result.setPublicKey(config.getCertPath()); LOG.info("using public key from certificate [{}] for validating tokens", config.getCertPath()); } return result; } } }
protected static <T extends JwtHelper> T forSigning(final SignatureSupportingConfigProperties config, final Supplier<T> instanceSupplier) { Objects.requireNonNull(config); Objects.requireNonNull(instanceSupplier); if (!config.isAppropriateForCreating()) { throw new IllegalArgumentException("configuration does not specify any signing tokens"); } else { final T result = instanceSupplier.get(); result.tokenLifetime = Duration.ofSeconds(config.getTokenExpiration()); LOG.info("using token lifetime of {} seconds", result.tokenLifetime.getSeconds()); if (config.getSharedSecret() != null) { final byte[] secret = getBytes(config.getSharedSecret()); result.setSharedSecret(secret); LOG.info("using shared secret [{} bytes] for signing tokens", secret.length); } else if (config.getKeyPath() != null) { result.setPrivateKey(config.getKeyPath()); LOG.info("using private key [{}] for signing tokens", config.getKeyPath()); } return result; } }
/** * Creates a helper for creating tokens. * * @param vertx The vertx instance to use for accessing the file system. * @param config The configuration properties to determine the signing key material from. * @return The helper. * @throws NullPointerException if any of the params is {@code null}. * @throws IllegalArgumentException if the key material cannot be determined from config. */ public static AuthTokenHelper forSigning(final Vertx vertx, final SignatureSupportingConfigProperties config) { return JwtHelper.forSigning(config, () -> new AuthTokenHelperImpl(vertx)); }
/** * Creates a helper for validating registration assertions. * * @param vertx The vertx instance to use for accessing the file system. * @param config The configuration properties to determine the signing key material from. * @return The helper. * @throws NullPointerException if any of the params is {@code null}. * @throws IllegalArgumentException if the key material cannot be determined from config. */ public static AuthTokenHelper forValidating(final Vertx vertx, final SignatureSupportingConfigProperties config) { return JwtHelper.forValidating(config, () -> new AuthTokenHelperImpl(vertx)); }
/** * Checks if a token is expired. * * @param token The token to check. * @param allowedClockSkewSeconds The allowed clock skew in seconds. * @return {@code true} if the token is expired according to the current system time (including allowed skew). */ public static final boolean isExpired(final String token, final int allowedClockSkewSeconds) { final Instant now = Instant.now().minus(Duration.ofSeconds(allowedClockSkewSeconds)); return isExpired(token, now); }
/** * Checks if a token is expired. * * @param token The token to check. * @param now The instant of time the token's expiration time should be checked against. * @return {@code true} if the token is expired according to the given instant of time. * @throws NullPointerException if the token is {@code null}. * @throws IllegalArgumentException if the given token contains no <em>exp</em> claim. */ public static final boolean isExpired(final String token, final Instant now) { if (token == null) { throw new NullPointerException("token must not be null"); } else { final Date exp = getExpiration(token); return exp.before(Date.from(now)); } }
protected static <T extends JwtHelper> T forSharedSecret(final String sharedSecret, final long tokenExpiration, final Supplier<T> instanceSupplier) { Objects.requireNonNull(sharedSecret); Objects.requireNonNull(instanceSupplier); final T result = instanceSupplier.get(); result.setSharedSecret(getBytes(sharedSecret)); result.tokenLifetime = Duration.ofSeconds(tokenExpiration); return result; }
/** * Creates a helper for creating/validating HmacSHA256 based registration assertions. * * @param sharedSecret The shared secret. * @param tokenExpirationSeconds The number of seconds after which tokens created expire. * @return The helper. * @throws NullPointerException if sharedSecret is {@code null}. */ public static AuthTokenHelper forSharedSecret(final String sharedSecret, final long tokenExpirationSeconds) { return JwtHelper.forSharedSecret(sharedSecret, tokenExpirationSeconds, AuthTokenHelperImpl::new); }
/** * Creates a helper for creating tokens. * * @param vertx The vertx instance to use for accessing the file system. * @param config The configuration properties to determine the signing key material from. * @return The helper. * @throws NullPointerException if any of the params is {@code null}. * @throws IllegalArgumentException if the key material cannot be determined from config. */ public static AuthTokenHelper forSigning(final Vertx vertx, final SignatureSupportingConfigProperties config) { return JwtHelper.forSigning(config, () -> new AuthTokenHelperImpl(vertx)); }
/** * Creates a helper for validating registration assertions. * * @param vertx The vertx instance to use for accessing the file system. * @param config The configuration properties to determine the signing key material from. * @return The helper. * @throws NullPointerException if any of the params is {@code null}. * @throws IllegalArgumentException if the key material cannot be determined from config. */ public static RegistrationAssertionHelper forValidating(final Vertx vertx, final SignatureSupportingConfigProperties config) { return JwtHelper.forValidating(config, () -> new RegistrationAssertionHelperImpl(vertx)); }
private Future<String> getRegistrationAssertion(final String tenant, final String deviceId) { final String registrationAssertion = sampler.getRegistrationAssertion(); if (registrationAssertion != null && registrationAssertion.length() > 0) { return Future.succeededFuture(registrationAssertion); } else if (assertion != null && Instant.now().isBefore(assertionExpiration)) { return Future.succeededFuture(assertion); } else { return getRegistrationClient(tenant) .compose(client -> client.assertRegistration(deviceId)) .map(regInfo -> { assertion = regInfo.getString(RegistrationConstants.FIELD_ASSERTION); assertionExpiration = JwtHelper.getExpiration(assertion).toInstant(); LOGGER.info("got registration assertion for device [{}], expires: {}", deviceId, assertionExpiration); return assertion; }); } }
/** * Creates a helper for creating/validating HmacSHA256 based registration assertions. * * @param sharedSecret The shared secret. * @param tokenExpirationSeconds The number of seconds after which tokens created expire. * @return The helper. * @throws NullPointerException if sharedSecret is {@code null}. */ public static AuthTokenHelper forSharedSecret(final String sharedSecret, final long tokenExpirationSeconds) { return JwtHelper.forSharedSecret(sharedSecret, tokenExpirationSeconds, AuthTokenHelperImpl::new); }