private static Optional<Consumer<JwtBuilder>> setupJwtSigner(File file, String password) { if (file == null) { return Optional.empty(); } try { PrivateKey key = PemReader.loadPrivateKey(file, Optional.ofNullable(password)); if (!(key instanceof RSAPrivateKey)) { throw new IOException("Only RSA private keys are supported"); } return Optional.of(jwt -> jwt.signWith(SignatureAlgorithm.RS256, key)); } catch (IOException e) { throw new RuntimeException("Failed to load key file: " + file, e); } catch (GeneralSecurityException ignored) { } try { byte[] base64Key = readAllBytes(file.toPath()); byte[] key = Base64.getMimeDecoder().decode(base64Key); return Optional.of(jwt -> jwt.signWith(SignatureAlgorithm.HS256, key)); } catch (IOException | IllegalArgumentException e) { throw new RuntimeException("Failed to load key file: " + file, e); } } }
/** * Create token * * @param authentication auth info * @return token */ public String createToken(Authentication authentication) { /** * Current time */ long now = (new Date()).getTime(); /** * Validity date */ Date validity; validity = new Date(now + this.tokenValidityInMilliseconds); /** * create token */ return Jwts.builder() .setSubject(authentication.getName()) .claim(AUTHORITIES_KEY, "") .setExpiration(validity) .signWith(SignatureAlgorithm.HS256, secretKey) .compact(); }
@Test(expectedExceptions = SQLException.class, expectedExceptionsMessageRegExp = "Authentication failed: JWT signature does not match.*") public void testFailedBadHmacSignature() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .signWith(SignatureAlgorithm.HS512, Base64.getEncoder().encodeToString("bad-key".getBytes(US_ASCII))) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { statement.execute("SELECT 123"); } } }
/** * 生成token */ private static String doGenerateToken(Map<String, Object> claims, String subject) { final Date createdDate = new Date(); final Date expirationDate = new Date(createdDate.getTime() + JwtConstants.EXPIRATION * 1000); return Jwts.builder() .setClaims(claims) .setSubject(subject) .setIssuedAt(createdDate) .setExpiration(expirationDate) .signWith(SignatureAlgorithm.HS512, JwtConstants.SECRET) .compact(); }
@Test public void testSuccessDefaultKey() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .signWith(SignatureAlgorithm.HS512, defaultKey) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { assertTrue(statement.execute("SELECT 123")); ResultSet rs = statement.getResultSet(); assertTrue(rs.next()); assertEquals(rs.getLong(1), 123); assertFalse(rs.next()); } } }
public String createJWT(String id, String subject, long ttlMillis) { SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; long nowMillis = System.currentTimeMillis(); Date now = new Date(nowMillis); SecretKey key = jwtConfig.generalKey(); JwtBuilder builder = Jwts.builder() .setId(id) .setIssuedAt(now) .setSubject(subject) .signWith(signatureAlgorithm, key); if (ttlMillis >= 0) { long expMillis = nowMillis + ttlMillis; Date exp = new Date(expMillis); builder.setExpiration(exp); } return builder.compact(); } }
@Test public void testSuccessPublicKey() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .setHeaderParam(KEY_ID, "33") .signWith(SignatureAlgorithm.RS256, privateKey33) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { assertTrue(statement.execute("SELECT 123")); ResultSet rs = statement.getResultSet(); assertTrue(rs.next()); assertEquals(rs.getLong(1), 123); assertFalse(rs.next()); } } }
@Test public void testSuccessHmac() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .setHeaderParam(KEY_ID, "222") .signWith(SignatureAlgorithm.HS512, hmac222) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { assertTrue(statement.execute("SELECT 123")); ResultSet rs = statement.getResultSet(); assertTrue(rs.next()); assertEquals(rs.getLong(1), 123); assertFalse(rs.next()); } } }
/** * 根据负责生成JWT的token */ private String generateToken(Map<String, Object> claims) { return Jwts.builder() .setClaims(claims) .setExpiration(generateExpirationDate()) .signWith(SignatureAlgorithm.HS512, secret) .compact(); }
String encode(JwtSession jwtSession) { checkIsStarted(); long now = system2.now(); JwtBuilder jwtBuilder = Jwts.builder() .setId(uuidFactory.create()) .setSubject(jwtSession.getUserLogin()) .setIssuedAt(new Date(now)) .setExpiration(new Date(now + jwtSession.getExpirationTimeInSeconds() * 1000)) .signWith(SIGNATURE_ALGORITHM, secretKey); for (Map.Entry<String, Object> entry : jwtSession.getProperties().entrySet()) { jwtBuilder.claim(entry.getKey(), entry.getValue()); } return jwtBuilder.compact(); }
@Test(expectedExceptions = SQLException.class, expectedExceptionsMessageRegExp = "Authentication failed: Unknown signing key ID") public void testFailedUnknownPublicKey() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .setHeaderParam(KEY_ID, "unknown") .signWith(SignatureAlgorithm.RS256, privateKey33) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { statement.execute("SELECT 123"); } } }
@Test(expectedExceptions = SQLException.class, expectedExceptionsMessageRegExp = "Authentication failed: JWT signature does not match.*") public void testFailedWrongPublicKey() throws Exception { String accessToken = Jwts.builder() .setSubject("test") .setHeaderParam(KEY_ID, "42") .signWith(SignatureAlgorithm.RS256, privateKey33) .compact(); try (Connection connection = createConnection(ImmutableMap.of("accessToken", accessToken))) { try (Statement statement = connection.createStatement()) { statement.execute("SELECT 123"); } } }
public String refreshToken(String token) { final Date createdDate = clock.now(); final Date expirationDate = calculateExpirationDate(createdDate); final Claims claims = getAllClaimsFromToken(token); claims.setIssuedAt(createdDate); claims.setExpiration(expirationDate); return Jwts.builder() .setClaims(claims) .signWith(SignatureAlgorithm.HS512, secret) .compact(); }
private String doGenerateToken(Map<String, Object> claims, String subject) { final Date createdDate = clock.now(); final Date expirationDate = calculateExpirationDate(createdDate); return Jwts.builder() .setClaims(claims) .setSubject(subject) .setIssuedAt(createdDate) .setExpiration(expirationDate) .signWith(SignatureAlgorithm.HS512, secret) .compact(); }
@Test public void return_no_token_when_expiration_date_is_reached() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now())) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); assertThat(underTest.decode(token)).isEmpty(); }
@Test public void return_no_token_when_secret_key_has_changed() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setSubject(USER_LOGIN) .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey("LyWgHktP0FuHB2K+kMs3KWMCJyFHVZDdDSqpIxAMVaQ=")) .compact(); assertThat(underTest.decode(token)).isEmpty(); }
@Test public void fail_to_decode_token_when_no_subject() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuer("sonarqube") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withoutLogin().andNoPublicMessage()); expectedException.expectMessage("Token subject hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_id() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setSubject(USER_LOGIN) .setIssuer("sonarqube") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token id hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_creation_date() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setSubject(USER_LOGIN) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token creation date hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_expiration_date() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuer("sonarqube") .setSubject(USER_LOGIN) .setIssuedAt(new Date(system2.now())) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token expiration date hasn't been found"); underTest.decode(token); }