public String getBearerToken(String subject) { checkState(jwtSigner.isPresent(), "not configured"); JwtBuilder jwt = Jwts.builder() .setSubject(subject) .setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant())); jwtSigner.get().accept(jwt); jwtKeyId.ifPresent(keyId -> jwt.setHeaderParam(KEY_ID, keyId)); jwtIssuer.ifPresent(jwt::setIssuer); jwtAudience.ifPresent(jwt::setAudience); return jwt.compact(); }
@Test(expectedExceptions = SQLException.class, expectedExceptionsMessageRegExp = "Authentication failed: Unsigned Claims JWTs are not supported.") public void testFailedUnsigned() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { statement.execute("SELECT 123"); } } }
@Test(expectedExceptions = SQLException.class, expectedExceptionsMessageRegExp = "Authentication failed: JWT signature does not match.*") public void testFailedBadHmacSignature() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .signWith(SignatureAlgorithm.HS512, Base64.getEncoder().encodeToString("bad-key".getBytes(US_ASCII))) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { statement.execute("SELECT 123"); } } }
/** * 生成token */ private static String doGenerateToken(Map<String, Object> claims, String subject) { final Date createdDate = new Date(); final Date expirationDate = new Date(createdDate.getTime() + JwtConstants.EXPIRATION * 1000); return Jwts.builder() .setClaims(claims) .setSubject(subject) .setIssuedAt(createdDate) .setExpiration(expirationDate) .signWith(SignatureAlgorithm.HS512, JwtConstants.SECRET) .compact(); }
@Test public void testSuccessDefaultKey() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .signWith(SignatureAlgorithm.HS512, defaultKey) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { assertTrue(statement.execute("SELECT 123")); ResultSet rs = statement.getResultSet(); assertTrue(rs.next()); assertEquals(rs.getLong(1), 123); assertFalse(rs.next()); } } }
public String createJWT(String id, String subject, long ttlMillis) { SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; long nowMillis = System.currentTimeMillis(); Date now = new Date(nowMillis); SecretKey key = jwtConfig.generalKey(); JwtBuilder builder = Jwts.builder() .setId(id) .setIssuedAt(now) .setSubject(subject) .signWith(signatureAlgorithm, key); if (ttlMillis >= 0) { long expMillis = nowMillis + ttlMillis; Date exp = new Date(expMillis); builder.setExpiration(exp); } return builder.compact(); } }
@Test public void testSuccessPublicKey() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .setHeaderParam(KEY_ID, "33") .signWith(SignatureAlgorithm.RS256, privateKey33) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { assertTrue(statement.execute("SELECT 123")); ResultSet rs = statement.getResultSet(); assertTrue(rs.next()); assertEquals(rs.getLong(1), 123); assertFalse(rs.next()); } } }
@Test public void testSuccessHmac() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .setHeaderParam(KEY_ID, "222") .signWith(SignatureAlgorithm.HS512, hmac222) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { assertTrue(statement.execute("SELECT 123")); ResultSet rs = statement.getResultSet(); assertTrue(rs.next()); assertEquals(rs.getLong(1), 123); assertFalse(rs.next()); } } }
/** * 根据负责生成JWT的token */ private String generateToken(Map<String, Object> claims) { return Jwts.builder() .setClaims(claims) .setExpiration(generateExpirationDate()) .signWith(SignatureAlgorithm.HS512, secret) .compact(); }
String encode(JwtSession jwtSession) { checkIsStarted(); long now = system2.now(); JwtBuilder jwtBuilder = Jwts.builder() .setId(uuidFactory.create()) .setSubject(jwtSession.getUserLogin()) .setIssuedAt(new Date(now)) .setExpiration(new Date(now + jwtSession.getExpirationTimeInSeconds() * 1000)) .signWith(SIGNATURE_ALGORITHM, secretKey); for (Map.Entry<String, Object> entry : jwtSession.getProperties().entrySet()) { jwtBuilder.claim(entry.getKey(), entry.getValue()); } return jwtBuilder.compact(); }
@Test(expectedExceptions = SQLException.class, expectedExceptionsMessageRegExp = "Authentication failed: Unknown signing key ID") public void testFailedUnknownPublicKey() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .setHeaderParam(KEY_ID, "unknown") .signWith(SignatureAlgorithm.RS256, privateKey33) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { statement.execute("SELECT 123"); } } }
@Test(expectedExceptions = SQLException.class, expectedExceptionsMessageRegExp = "Authentication failed: JWT signature does not match.*") public void testFailedWrongPublicKey() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .setHeaderParam(KEY_ID, "42") .signWith(SignatureAlgorithm.RS256, privateKey33) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { statement.execute("SELECT 123"); } } }
public String refreshToken(String token) { final Date createdDate = clock.now(); final Date expirationDate = calculateExpirationDate(createdDate); final Claims claims = getAllClaimsFromToken(token); claims.setIssuedAt(createdDate); claims.setExpiration(expirationDate); return Jwts.builder() .setClaims(claims) .signWith(SignatureAlgorithm.HS512, secret) .compact(); }
private String doGenerateToken(Map<String, Object> claims, String subject) { final Date createdDate = clock.now(); final Date expirationDate = calculateExpirationDate(createdDate); return Jwts.builder() .setClaims(claims) .setSubject(subject) .setIssuedAt(createdDate) .setExpiration(expirationDate) .signWith(SignatureAlgorithm.HS512, secret) .compact(); }
@Test public void return_no_token_when_expiration_date_is_reached() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now())) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); assertThat(underTest.decode(token)).isEmpty(); }
@Test public void return_no_token_when_secret_key_has_changed() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setSubject(USER_LOGIN) .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey("LyWgHktP0FuHB2K+kMs3KWMCJyFHVZDdDSqpIxAMVaQ=")) .compact(); assertThat(underTest.decode(token)).isEmpty(); }
@Test public void fail_to_decode_token_when_no_subject() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuer("sonarqube") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withoutLogin().andNoPublicMessage()); expectedException.expectMessage("Token subject hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_id() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setSubject(USER_LOGIN) .setIssuer("sonarqube") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token id hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_creation_date() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setSubject(USER_LOGIN) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token creation date hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_expiration_date() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuer("sonarqube") .setSubject(USER_LOGIN) .setIssuedAt(new Date(system2.now())) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token expiration date hasn't been found"); underTest.decode(token); }