public String encodeJwt(HttpMethod httpMethod, URI targetPath, URI addonBaseUrl, Map<String, String[]> params, String issuerId, String secret, Optional<UserProfile> user) { checkArgument(null != httpMethod, "HttpMethod argument cannot be null"); checkArgument(null != targetPath, "URI argument cannot be null"); checkArgument(null != addonBaseUrl, "base URI argument cannot be null"); checkArgument(null != secret, "secret argument cannot be null"); final long currentTime = TimeUtil.currentTimeSeconds(); JwtJsonBuilder jsonBuilder = jwtBuilderFactory.jsonBuilder() .issuedAt(currentTime) .expirationTime(currentTime + JWT_EXPIRY_WINDOW_SECONDS) .issuer(issuerId); Map<String, String[]> completeParams = params; try { if (!StringUtils.isEmpty(targetPath.getQuery())) { completeParams = new HashMap<>(params); completeParams.putAll(constructParameterMap(targetPath)); } CanonicalHttpUriRequest request = new CanonicalHttpUriRequest(httpMethod.toString(), extractRelativePath(targetPath, addonBaseUrl), "", completeParams); log.debug("Canonical request is: " + HttpRequestCanonicalizer.canonicalize(request)); JwtClaimsBuilder.appendHttpRequestClaims(jsonBuilder, request); } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) { throw new RuntimeException(e); } JwtUserContextBuilder.addUserContextObject(jsonBuilder, user); return jwtService.issueJwt(jsonBuilder.build(), secret); }
public String encodeJwt(HttpMethod httpMethod, URI targetPath, URI addonBaseUrl, Map<String, String[]> params, String issuerId, String secret, Optional<UserProfile> user) { checkArgument(null != httpMethod, "HttpMethod argument cannot be null"); checkArgument(null != targetPath, "URI argument cannot be null"); checkArgument(null != addonBaseUrl, "base URI argument cannot be null"); checkArgument(null != secret, "secret argument cannot be null"); final long currentTime = TimeUtil.currentTimeSeconds(); JwtJsonBuilder jsonBuilder = jwtBuilderFactory.jsonBuilder() .issuedAt(currentTime) .expirationTime(currentTime + JWT_EXPIRY_WINDOW_SECONDS) .issuer(issuerId); Map<String, String[]> completeParams = params; try { if (!StringUtils.isEmpty(targetPath.getQuery())) { completeParams = new HashMap<>(params); completeParams.putAll(constructParameterMap(targetPath)); } CanonicalHttpUriRequest request = new CanonicalHttpUriRequest(httpMethod.toString(), extractRelativePath(targetPath, addonBaseUrl), "", completeParams); log.debug("Canonical request is: " + HttpRequestCanonicalizer.canonicalize(request)); JwtClaimsBuilder.appendHttpRequestClaims(jsonBuilder, request); } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) { throw new RuntimeException(e); } JwtUserContextBuilder.addUserContextObject(jsonBuilder, user); return jwtService.issueJwt(jsonBuilder.build(), secret); }
@Nonnull public static String generateJwtToken(TenantContext tenantContext, HttpMethod httpMethod, final URL url) throws UnsupportedEncodingException { final long issuedAt = System.currentTimeMillis() / 1000L; final long expiresAt = issuedAt + 180L; JwtJsonBuilder jwtBuilder = new JsonSmartJwtJsonBuilder() .issuedAt(issuedAt) .expirationTime(expiresAt) .issuer(tenantContext.getKey()); CanonicalHttpUriRequest canonical = new CanonicalHttpUriRequest(httpMethod.toString(), URLUtil.buildPath(url), "/", //Apparently no context is required so skip it. URLUtil.buildQueryValueMap(url)); try { JwtClaimsBuilder.appendHttpRequestClaims(jwtBuilder, canonical); } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) { log.error("Failed to append HTTP request claims", e); } JwtWriterFactory jwtWriterFactory = new NimbusJwtWriterFactory(); String jwtbuilt = jwtBuilder.build(); String jwtToken = jwtWriterFactory.macSigningWriter(SigningAlgorithm.HS256, tenantContext.getSharedSecret()).jsonToJwt(jwtbuilt); return jwtToken; } }