/** * Returns the most recently-generated authentication token created by this provider. Generates a new token with the * given "issued at" timestamp if the most recent token has been invalidated (or if no token has ever been generated * by this provider). * * @param issuedAt the "issued at" time for newly-generated tokens; ignored if an existing token is available * * @return a signed, base64url-encoded JWT authentication token * * @throws SignatureException if the authentication token could not be signed for any reason */ protected String getToken(final Date issuedAt) throws SignatureException { if (this.token == null) { final String header = gson.toJson(new AuthenticationTokenHeader(this.keyId)); final String claims = gson.toJson(new AuthenticationTokenClaims(this.issuer, issuedAt)); final StringBuilder payloadBuilder = new StringBuilder(); payloadBuilder.append(base64UrlEncodeWithoutPadding(header.getBytes(StandardCharsets.US_ASCII))); payloadBuilder.append('.'); payloadBuilder.append(base64UrlEncodeWithoutPadding(claims.getBytes(StandardCharsets.US_ASCII))); final byte[] signatureBytes; { this.signature.update(payloadBuilder.toString().getBytes(StandardCharsets.US_ASCII)); signatureBytes = this.signature.sign(); } payloadBuilder.append('.'); payloadBuilder.append(base64UrlEncodeWithoutPadding(signatureBytes)); this.token = payloadBuilder.toString(); } return this.token; }