NimbusJwtWriter makeRsJwtWriter(SigningAlgorithm algorithm, RSASSASigner rsaSigner) { return new NimbusJwtWriter(algorithm, rsaSigner); } }
public NimbusJwtWriterFactory() { this(new NimbusJwtWriterFactoryHelper()); }
@Nonnull @Override public JwtWriter macSigningWriter(@Nonnull SigningAlgorithm algorithm, @Nonnull String sharedSecret) { return new NimbusJwtWriter(algorithm, createMACSigner(sharedSecret)); }
@Nonnull public static String generateJwtToken(TenantContext tenantContext, HttpMethod httpMethod, final URL url) throws UnsupportedEncodingException { final long issuedAt = System.currentTimeMillis() / 1000L; final long expiresAt = issuedAt + 180L; JwtJsonBuilder jwtBuilder = new JsonSmartJwtJsonBuilder() .issuedAt(issuedAt) .expirationTime(expiresAt) .issuer(tenantContext.getKey()); CanonicalHttpUriRequest canonical = new CanonicalHttpUriRequest(httpMethod.toString(), URLUtil.buildPath(url), "/", //Apparently no context is required so skip it. URLUtil.buildQueryValueMap(url)); try { JwtClaimsBuilder.appendHttpRequestClaims(jwtBuilder, canonical); } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) { log.error("Failed to append HTTP request claims", e); } JwtWriterFactory jwtWriterFactory = new NimbusJwtWriterFactory(); String jwtbuilt = jwtBuilder.build(); String jwtToken = jwtWriterFactory.macSigningWriter(SigningAlgorithm.HS256, tenantContext.getSharedSecret()).jsonToJwt(jwtbuilt); return jwtToken; } }
public static String generateJwtSignature(HttpMethod httpMethod, URI uri, String addonKey, String secret, String contextPath, String subject) throws UnsupportedEncodingException, NoSuchAlgorithmException { JwtWriterFactory jwtWriterFactory = new NimbusJwtWriterFactory(); JwtWriter jwtWriter = jwtWriterFactory.macSigningWriter(SigningAlgorithm.HS256, secret); // Parse param values and build a map final List<NameValuePair> rawParams = URLEncodedUtils.parse(uri, "UTF-8"); final ImmutableMultimap.Builder<String, String> builder = ImmutableMultimap.builder(); for (NameValuePair rawParam : rawParams) { builder.put(rawParam.getName(), rawParam.getValue()); } final ImmutableMap.Builder<String, String[]> paramsMap = ImmutableMap.builder(); for (Map.Entry<String, Collection<String>> stringCollectionEntry : builder.build().asMap().entrySet()) { final Collection<String> collection = stringCollectionEntry.getValue(); paramsMap.put(stringCollectionEntry.getKey(), collection.toArray(new String[collection.size()])); } final JwtJsonBuilder jsonBuilder = new JsonSmartJwtJsonBuilder() .issuer(addonKey) .queryHash(HttpRequestCanonicalizer.computeCanonicalRequestHash(new CanonicalHttpUriRequest(httpMethod.name(), uri.getPath(), URI.create(contextPath).getPath(), paramsMap.build()))); if (null != subject) { jsonBuilder.subject(subject); } return jwtWriter.jsonToJwt(jsonBuilder.build()); } }
@Nonnull @Override public JwtJsonBuilder jsonBuilder() { return new JsonSmartJwtJsonBuilder(); } }
public String encodeJwt(HttpMethod httpMethod, URI targetPath, URI addonBaseUrl, Map<String, String[]> params, String issuerId, String secret, Optional<UserProfile> user) { checkArgument(null != httpMethod, "HttpMethod argument cannot be null"); checkArgument(null != targetPath, "URI argument cannot be null"); checkArgument(null != addonBaseUrl, "base URI argument cannot be null"); checkArgument(null != secret, "secret argument cannot be null"); final long currentTime = TimeUtil.currentTimeSeconds(); JwtJsonBuilder jsonBuilder = jwtBuilderFactory.jsonBuilder() .issuedAt(currentTime) .expirationTime(currentTime + JWT_EXPIRY_WINDOW_SECONDS) .issuer(issuerId); Map<String, String[]> completeParams = params; try { if (!StringUtils.isEmpty(targetPath.getQuery())) { completeParams = new HashMap<>(params); completeParams.putAll(constructParameterMap(targetPath)); } CanonicalHttpUriRequest request = new CanonicalHttpUriRequest(httpMethod.toString(), extractRelativePath(targetPath, addonBaseUrl), "", completeParams); log.debug("Canonical request is: " + HttpRequestCanonicalizer.canonicalize(request)); JwtClaimsBuilder.appendHttpRequestClaims(jsonBuilder, request); } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) { throw new RuntimeException(e); } JwtUserContextBuilder.addUserContextObject(jsonBuilder, user); return jwtService.issueJwt(jsonBuilder.build(), secret); }
public JsonSmartJwtJsonBuilder() { issuedAt(TimeUtil.currentTimeSeconds()); expirationTime(TimeUtil.currentTimePlusNSeconds(180)); // default JWT lifetime is 3 minutes }
@Nonnull @Override public JwtWriter signingWriter(@Nonnull SymmetricSigningInfo signingInfo) { return factoryHelper.makeMacJwtWriter(signingInfo.getSigningAlgorithm(), createMACSigner(signingInfo.getSharedSecret())); }
@SuppressWarnings("unchecked") @Nonnull @Override public JwtJsonBuilder claim(@Nonnull String name, @Nonnull Object obj) { Object current = json.get(name); json.put(name, merge(name, current, obj)); return this; }
@Nonnull @Override public String jsonToJwt(@Nonnull String json) throws JwtSigningException { // Serialise JWS object to compact format return generateJwsObject(json).serialize(); }
@Nonnull @Override public JwtWriter signingWriter(@Nonnull AsymmetricSigningInfo signingInfo) { return factoryHelper.makeRsJwtWriter(signingInfo.getSigningAlgorithm(), new RSASSASigner(signingInfo.getPrivateKey())); }
public static String generateJwtSignature(HttpMethod httpMethod, URI uri, String addonKey, String secret, String contextPath, String subject) throws UnsupportedEncodingException, NoSuchAlgorithmException { JwtWriterFactory jwtWriterFactory = new NimbusJwtWriterFactory(); JwtWriter jwtWriter = jwtWriterFactory.macSigningWriter(SigningAlgorithm.HS256, secret); // Parse param values and build a map final List<NameValuePair> rawParams = URLEncodedUtils.parse(uri, "UTF-8"); final ImmutableMultimap.Builder<String, String> builder = ImmutableMultimap.builder(); for (NameValuePair rawParam : rawParams) { builder.put(rawParam.getName(), rawParam.getValue()); } final ImmutableMap.Builder<String, String[]> paramsMap = ImmutableMap.builder(); for (Map.Entry<String, Collection<String>> stringCollectionEntry : builder.build().asMap().entrySet()) { final Collection<String> collection = stringCollectionEntry.getValue(); paramsMap.put(stringCollectionEntry.getKey(), collection.toArray(new String[collection.size()])); } final JwtJsonBuilder jsonBuilder = new JsonSmartJwtJsonBuilder() .issuer(addonKey) .queryHash(HttpRequestCanonicalizer.computeCanonicalRequestHash(new CanonicalHttpUriRequest(httpMethod.name(), uri.getPath(), URI.create(contextPath).getPath(), paramsMap.build()))); if (null != subject) { jsonBuilder.subject(subject); } return jwtWriter.jsonToJwt(jsonBuilder.build()); } }
public String encodeJwt(HttpMethod httpMethod, URI targetPath, URI addonBaseUrl, Map<String, String[]> params, String issuerId, String secret, Optional<UserProfile> user) { checkArgument(null != httpMethod, "HttpMethod argument cannot be null"); checkArgument(null != targetPath, "URI argument cannot be null"); checkArgument(null != addonBaseUrl, "base URI argument cannot be null"); checkArgument(null != secret, "secret argument cannot be null"); final long currentTime = TimeUtil.currentTimeSeconds(); JwtJsonBuilder jsonBuilder = jwtBuilderFactory.jsonBuilder() .issuedAt(currentTime) .expirationTime(currentTime + JWT_EXPIRY_WINDOW_SECONDS) .issuer(issuerId); Map<String, String[]> completeParams = params; try { if (!StringUtils.isEmpty(targetPath.getQuery())) { completeParams = new HashMap<>(params); completeParams.putAll(constructParameterMap(targetPath)); } CanonicalHttpUriRequest request = new CanonicalHttpUriRequest(httpMethod.toString(), extractRelativePath(targetPath, addonBaseUrl), "", completeParams); log.debug("Canonical request is: " + HttpRequestCanonicalizer.canonicalize(request)); JwtClaimsBuilder.appendHttpRequestClaims(jsonBuilder, request); } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) { throw new RuntimeException(e); } JwtUserContextBuilder.addUserContextObject(jsonBuilder, user); return jwtService.issueJwt(jsonBuilder.build(), secret); }
NimbusJwtWriter makeMacJwtWriter(SigningAlgorithm algorithm, MACSigner macSigner) { return new NimbusJwtWriter(algorithm, macSigner); }
@SuppressWarnings("unchecked") private Object merge(String name, Object first, Object second) { if (first instanceof List && second instanceof List) { List merged = new ArrayList((List) first); merged.addAll((List) second); return merged; } else if (first instanceof Map && second instanceof Map) { Map merged = new HashMap((Map) first); // merge each of the entries in second recursively Set<Map.Entry> entries = ((Map) second).entrySet(); for (Map.Entry entry : entries) { merged.put(entry.getKey(), merge(name + "." + entry.getKey(), merged.get(entry.getKey()), entry.getValue())); } return merged; } if (first != null && second != null && !com.google.common.base.Objects.equal(first, second)) { throw new IllegalStateException("Cannot set claim '" + name + "' to '" + second + "'; it's already set as '" + first + "'"); } return second == null ? first : second; } }