public static NumericDate now() { return fromMilliseconds(System.currentTimeMillis()); }
@Test public void expiredToken() { final User expected = User.create("foo", "bar", "foo@example.com", null); final String token = TokenHelper.createToken(createToken("secret"), expected, NumericDate.fromMilliseconds(System.currentTimeMillis() - 2000)); final User actual = TokenHelper.parseToken(createToken("secret"), token, 0); Assert.assertNull(actual); }
@Test public void anonymous() { final User expected = User.getAnonymous(); final String token = TokenHelper.createToken(createToken("secret"), expected, NumericDate.fromMilliseconds(System.currentTimeMillis() + 2000)); final User actual = TokenHelper.parseToken(createToken("secret"), token, 0); Assert.assertEquals(actual, expected); }
@Test public void invalidToken() { final User expected = User.create("foo", "bar", "foo@example.com", null); final String token = TokenHelper.createToken(createToken("big secret"), expected, NumericDate.fromMilliseconds(System.currentTimeMillis() + 2000)); final User actual = TokenHelper.parseToken(createToken("small secret"), token, 0); Assert.assertNull(actual); }
@Test public void simpleWithoutExternal() { final User expected = User.create("foo", "bar", "foo@example.com", null); final String token = TokenHelper.createToken(createToken("secret"), expected, NumericDate.fromMilliseconds(System.currentTimeMillis() + 2000)); final User actual = TokenHelper.parseToken(createToken("secret"), token, 0); Assert.assertEquals(actual, expected); }
@Test public void simpleWithExternal() { final User expected = User.create("foo", "bar", "foo@example.com", "user-1"); final String token = TokenHelper.createToken(createToken("secret"), expected, NumericDate.fromMilliseconds(System.currentTimeMillis() + 2000)); final User actual = TokenHelper.parseToken(createToken("secret"), token, 0); Assert.assertEquals(actual, expected); }
@Nullable public static User parseToken(@NotNull JsonWebEncryption jwe, @NotNull String token, int tokenEnsureTime) { try { jwe.setCompactSerialization(token); final JwtClaims claims = JwtClaims.parse(jwe.getPayload()); final NumericDate now = NumericDate.now(); final NumericDate expire = NumericDate.fromMilliseconds(now.getValueInMillis()); if (tokenEnsureTime > 0) { expire.addSeconds(tokenEnsureTime); } if (claims.getExpirationTime() == null || claims.getExpirationTime().isBefore(expire)) { return null; } if (claims.getNotBefore() == null || claims.getNotBefore().isAfter(now)) { return null; } if (claims.getSubject() == null) { return User.getAnonymous(); } return User.create( claims.getSubject(), claims.getClaimValue("name", String.class), claims.getClaimValue("email", String.class), claims.getClaimValue("external", String.class) ); } catch (JoseException | MalformedClaimException | InvalidJwtException e) { log.warn("Token parsing error: " + e.getMessage()); return null; } }
try { Date date = dateFormat.parse(responseDate); currentTime = NumericDate.fromMilliseconds(date.getTime()); } catch (ParseException e) { currentTime = NumericDate.now();
claims.setIssuedAt(NumericDate.fromMilliseconds(issuedAtDate.getTime())); claims.setExpirationTime(NumericDate.fromMilliseconds(expiresOnDate.getTime()));
claims.setIssuedAt(NumericDate.fromMilliseconds(issuedAtDate.getTime())); claims.setExpirationTime(NumericDate.fromMilliseconds(expiresOnDate.getTime()));
@Override public void setUser(DemoiselleUser user, String issuer, String audience) { long time = (org.jose4j.jwt.NumericDate.now().getValueInMillis() + (config.getTimetoLiveMilliseconds())); try { JwtClaims claims = new JwtClaims(); claims.setIssuer(issuer != null ? issuer : config.getIssuer()); claims.setExpirationTime(org.jose4j.jwt.NumericDate.fromMilliseconds(time)); claims.setAudience(audience != null ? audience : config.getAudience()); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(1); claims.setClaim("identity", (user.getIdentity())); claims.setClaim("name", (user.getName())); claims.setClaim("roles", (user.getRoles())); claims.setClaim("permissions", (user.getPermissions())); claims.setClaim("params", (user.getParams())); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(privateKey); jws.setKeyIdHeaderValue("demoiselle-security-jwt"); jws.setAlgorithmHeaderValue(config.getAlgorithmIdentifiers()); token.setKey(jws.getCompactSerialization()); token.setType(TokenType.JWT); } catch (JoseException ex) { throw new DemoiselleSecurityException(bundle.general(), Response.Status.UNAUTHORIZED.getStatusCode(), ex); } }
@Override public void setUser(DemoiselleUser user, String issuer, String audience) { long time = (org.jose4j.jwt.NumericDate.now().getValueInMillis() + (config.getTimetoLiveMilliseconds())); try { JwtClaims claims = new JwtClaims(); claims.setIssuer(issuer != null ? issuer : config.getIssuer()); claims.setExpirationTime(org.jose4j.jwt.NumericDate.fromMilliseconds(time)); claims.setAudience(audience != null ? audience : config.getAudience()); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(1); claims.setClaim("identity", (user.getIdentity())); claims.setClaim("name", (user.getName())); claims.setClaim("roles", (user.getRoles())); claims.setClaim("permissions", (user.getPermissions())); claims.setClaim("params", (user.getParams())); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(privateKey); jws.setKeyIdHeaderValue("demoiselle-security-jwt"); jws.setAlgorithmHeaderValue(config.getAlgorithmIdentifiers()); token.setKey(jws.getCompactSerialization()); token.setType(TokenType.JWT); } catch (JoseException ex) { throw new DemoiselleSecurityException(bundle.general(), Response.Status.UNAUTHORIZED.getStatusCode(), ex); } }