@Test public void shouldAcceptCustomArrayClaimOfTypeLong() throws Exception { String jwt = JWTCreator.init() .withArrayClaim("name", new Long[]{1L, 2L, 3L}) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjpbMSwyLDNdfQ")); } }
@Test public void shouldAcceptCustomArrayClaimOfTypeInteger() throws Exception { String jwt = JWTCreator.init() .withArrayClaim("name", new Integer[]{1, 2, 3}) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjpbMSwyLDNdfQ")); }
@Test public void shouldAcceptCustomArrayClaimOfTypeString() throws Exception { String jwt = JWTCreator.init() .withArrayClaim("name", new String[]{"text", "123", "true"}) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjpbInRleHQiLCIxMjMiLCJ0cnVlIl19")); }
@RolesAllowed({AuthenticatorConstants.ROLE_ADMIN}) public String generateApplicationTokenForAuthenticator(@NonNull Application application) throws NoSigningKeyException { RsaKeyPair keyForApplicationSecrets = signingKKeyPairsProvider.getActiveAuthenticatorKeyForApplicationSecrets(); Algorithm algorithm = getAlgorithm(keyForApplicationSecrets); Long applicationId = application.getId(); String[] audience = this.getMyAudience(); String[] applicationRoles = new String[]{ AuthenticatorConstants.ROLE_APPLICATION, AuthenticatorConstants.ROLE_APPLICATION_RESTRICTION + applicationId, AuthenticatorConstants.ROLE_APP_MANAGEMENT, AuthenticatorConstants.ROLE_ACTIVE }; Date expirationDate = this.getApplicationSecretTokenExpirationDate(); Date issuedDate = new Date(); String tokenId = this.generateNewTokenId(""); String principalName = callerQueryService.createApplicationPrincipalName(application); String token = JWT.create() .withIssuer(tokenIssuer) .withKeyId(keyForApplicationSecrets.getName()) .withSubject(principalName) .withExpiresAt(expirationDate) .withIssuedAt(issuedDate) .withJWTId(tokenId) .withAudience(audience) .withClaim(AuthenticatorConstants.MP_JWT_USER_PRINCIPAL_CLAIM_NAME, principalName) .withArrayClaim(AuthenticatorConstants.MP_JWT_GROUPS_CLAIM_NAME, applicationRoles) .withClaim(AuthenticatorConstants.APPLICATION_ID_CLAIM_NAME, applicationId) .sign(algorithm); return token; }
@PermitAll public String generateAuthenticatorTokenForApplication(@NonNull Application application) { RsaKeyPair activeApplicationKey = null; try { activeApplicationKey = signingKKeyPairsProvider.getApplicationSigningKey(application); } catch (NoSigningKeyException e) { throw new AuthenticatorRuntimeException("No signing key to create authenticator token for application " + application.getName(), e); } Algorithm algorithm = getAlgorithm(activeApplicationKey); String[] audience = this.getMyApplicationAudiences(application); String[] applicationRoles = new String[]{ AuthenticatorConstants.ROLE_APPLICATION }; Date expirationDate = this.getNewTokenExpirationDate(); Date issuedDate = new Date(); String applicationName = application.getName(); String tokenId = this.generateNewTokenId(applicationName); String token = JWT.create() .withIssuer(tokenIssuer) .withKeyId(activeApplicationKey.getName()) .withSubject(AuthenticatorConstants.AUTHENTICAOTOR_PRINCIPAL_NAME) .withExpiresAt(expirationDate) .withIssuedAt(issuedDate) .withJWTId(tokenId) .withAudience(audience) .withClaim(AuthenticatorConstants.MP_JWT_USER_PRINCIPAL_CLAIM_NAME, AuthenticatorConstants.AUTHENTICAOTOR_PRINCIPAL_NAME) .withArrayClaim(AuthenticatorConstants.MP_JWT_GROUPS_CLAIM_NAME, applicationRoles) .sign(algorithm); return token; }
@RolesAllowed({AuthenticatorConstants.ROLE_USER}) public String generateUserTokenForApplication(@NonNull UserApplication userApplication) throws NoSigningKeyException, UnauthorizedOperationException { User user = userApplication.getUser(); Application application = userApplication.getApplication(); RsaKeyPair activeApplicationKey = signingKKeyPairsProvider.getApplicationSigningKey(application); Algorithm algorithm = getAlgorithm(activeApplicationKey); String[] audience = this.getApplicationAudience(application); String[] userRoles = findUserApplicationRoles(application, user); Date expirationDate = this.getNewTokenExpirationDate(); Date issuedDate = new Date(); String tokenId = this.generateNewTokenId(application.getName()); Long userId = user.getId(); String userName = user.getName(); String token = JWT.create() .withIssuer(tokenIssuer) .withKeyId(activeApplicationKey.getName()) .withSubject(userName) .withExpiresAt(expirationDate) .withIssuedAt(issuedDate) .withJWTId(tokenId) .withAudience(audience) .withClaim(AuthenticatorConstants.MP_JWT_USER_PRINCIPAL_CLAIM_NAME, userName) .withArrayClaim(AuthenticatorConstants.MP_JWT_GROUPS_CLAIM_NAME, userRoles) .withClaim(AuthenticatorConstants.USER_ID_CLAIM_NAME, userId) .sign(algorithm); return token; }
protected void builderWithClaim(Builder builder, String name, Object value) { if (value instanceof Boolean) { builder.withClaim(name, (Boolean) value); } else if (value instanceof Date) { builder.withClaim(name, (Date) value); } else if (value instanceof Double) { builder.withClaim(name, (Double) value); } else if (value instanceof Integer) { builder.withClaim(name, (Integer) value); } else if (value instanceof Long) { builder.withClaim(name, (Long) value); } else if (value instanceof String) { builder.withClaim(name, (String) value); } else if (value instanceof Integer[]) { builder.withArrayClaim(name, (Integer[]) value); } else if (value instanceof Long[]) { builder.withArrayClaim(name, (Long[]) value); } else if (value instanceof String[]) { builder.withArrayClaim(name, (String[]) value); } else { throw new NuxeoException("Unknown claim type: " + value); } }
@Override public JWTBuilderImpl withClaim(String name, Object value) { if (value instanceof Boolean) { builder.withClaim(name, (Boolean) value); } else if (value instanceof Date) { builder.withClaim(name, (Date) value); } else if (value instanceof Double) { builder.withClaim(name, (Double) value); } else if (value instanceof Integer) { builder.withClaim(name, (Integer) value); } else if (value instanceof Long) { builder.withClaim(name, (Long) value); } else if (value instanceof String) { builder.withClaim(name, (String) value); } else if (value instanceof Integer[]) { builder.withArrayClaim(name, (Integer[]) value); } else if (value instanceof Long[]) { builder.withArrayClaim(name, (Long[]) value); } else if (value instanceof String[]) { builder.withArrayClaim(name, (String[]) value); } else { throw new NuxeoException("Unknown claim type: " + value); } return this; }
@RolesAllowed({AuthenticatorConstants.ROLE_USER}) public String generateUserTokenForAuthenticator(@NonNull User user) throws NoSigningKeyException { RsaKeyPair activeProviderKey = signingKKeyPairsProvider.getAuthenticatorSigningKey(); Algorithm algorithm = getAlgorithm(activeProviderKey); String[] audience = this.getMyAudience(); String[] userRoles = findUserProviderRoles(user); Date expirationDate = this.getNewTokenExpirationDate(); Date issuedDate = new Date(); String tokenId = this.generateNewTokenId(""); Long userId = user.getId(); String userName = user.getName(); String token = JWT.create() .withIssuer(tokenIssuer) .withKeyId(activeProviderKey.getName()) .withSubject(userName) .withExpiresAt(expirationDate) .withIssuedAt(issuedDate) .withJWTId(tokenId) .withAudience(audience) .withClaim(AuthenticatorConstants.MP_JWT_USER_PRINCIPAL_CLAIM_NAME, userName) .withArrayClaim(AuthenticatorConstants.MP_JWT_GROUPS_CLAIM_NAME, userRoles) .withClaim(AuthenticatorConstants.USER_ID_CLAIM_NAME, userId) .sign(algorithm); return token; }