public JwtClaims mockClaims() { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("user_id", "steve"); claims.setClaim("user_type", "EMPLOYEE"); claims.setClaim("client_id", "aaaaaaaa-1234-1234-1234-bbbbbbbb"); List<String> scope = Arrays.asList("api.r", "api.w"); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array return claims; } }
/** * Construct a default JwtClaims * @param expiresIn expires in * @return JwtClaims */ public static JwtClaims getJwtClaimsWithExpiresIn(int expiresIn) { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(expiresIn/60); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setMaxFutureValidityInMinutes(confService.getMaxTokenValidity()) .setAllowedClockSkewInSeconds(confService.getAllowedClockSkew()) .setRequireSubject() .setExpectedIssuer(confService.getIssuer()) .setExpectedAudience(confService.getClientID()) .setVerificationKeyResolver(resolver) .build(); JwtClaims claims = jwtConsumer.processToClaims(token); String nonce = claims.getStringClaimValue("nonce"); if (nonce == null) { logger.info("Rejected OpenID token without nonce."); String username = claims.getStringClaimValue(usernameClaim); if (username != null) return username; logger.info("Rejected invalid OpenID token: {}", e.getMessage()); logger.debug("Invalid JWT received.", e); logger.info("Rejected OpenID token with malformed claim: {}", e.getMessage()); logger.debug("Malformed claim within received JWT.", e);
if ((NumericDate.now().getValue() - secondsOfAllowedClockSkew) >= claims.getExpirationTime().getValue()) JwtConsumer consumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); JwtContext jwtContext = consumer.process(jwt); claims = jwtContext.getJwtClaims(); JsonWebStructure structure = jwtContext.getJoseObjects().get(0); if ((NumericDate.now().getValue() - secondsOfAllowedClockSkew) >= claims.getExpirationTime().getValue()) throw new InvalidJwtException("MalformedClaimException", new ErrorCodeValidator.Error(ErrorCodes.MALFORMED_CLAIM, "Invalid ExpirationTime Format"), e, jwtContext); consumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setAllowedClockSkewInSeconds(315360000) // use seconds of 10 years to skip expiration validation as we need skip it in some cases. .setSkipDefaultAudienceValidation() .setVerificationKeyResolver(x509VerificationKeyResolver) .build(); jwtContext = consumer.process(jwt); claims = jwtContext.getJwtClaims(); if(Boolean.TRUE.equals(enableJwtCache)) { cache.put(jwt, claims);
public String getIssuer() throws MalformedClaimException { return getClaimValue(ReservedClaimNames.ISSUER, String.class); }
jws.setPayload(claims.toJson());
public static JwtClaims parse(String jsonClaims, JwtContext jwtContext) throws InvalidJwtException { return new JwtClaims(jsonClaims, jwtContext); }
public NumericDate getNumericDateClaimValue(String claimName) throws MalformedClaimException { Number number = getClaimValue(claimName, Number.class); return number != null ? NumericDate.fromSeconds(number.longValue()) : null; }
private NumericDate offsetFromNow(float offsetMinutes) { NumericDate numericDate = NumericDate.now(); float secondsOffset = offsetMinutes * 60; numericDate.addSeconds((long)secondsOffset); return numericDate; }
public void setIssuedAtToNow() { setIssuedAt(NumericDate.now()); }
/** * Gets the value of the claim as a List of Strings, which assumes that it is a JSON array of strings. * @param claimName the name of the claim * @return a {@code List<String>} with the values of the claim. Empty list, if the claim is not present. * @throws MalformedClaimException if the claim value is not an array or is an array that contains non string values */ public List<String> getStringListClaimValue(String claimName) throws MalformedClaimException { List listClaimValue = getClaimValue(claimName, List.class); return toStringList(listClaimValue, claimName); }
public JsonWebToken setSubject(String subject) { claims.setSubject(subject); return this; } }
public void setExpirationTimeMinutesInTheFuture(float minutes) { setExpirationTime(offsetFromNow(minutes)); }
/** * Is there an "aud" (Audience) Claim in this claim set? * @return true, if the claims have an "aud" claim, false otherwise */ public boolean hasAudience() { return hasClaim(ReservedClaimNames.AUDIENCE); }
public long getValueInMillis() { return getValue() * CONVERSION; }
public long getValueInMillis() { return getValue() * CONVERSION; }
/** * Construct a default JwtClaims * * @return JwtClaims */ public static JwtClaims getDefaultJwtClaims() { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(jwtConfig.getExpiredInMinutes()); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }
public String getJwtId() throws MalformedClaimException { return getClaimValue(ReservedClaimNames.JWT_ID, String.class); }
public boolean after(IntDate when) { return value > when.getValue(); }
public boolean hasClaim(String claimName) { return getClaimValue(claimName) != null; }