@Override public String toString() { DateFormat df = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.LONG); StringBuilder sb = new StringBuilder(); Date date = new Date(getValueInMillis()); sb.append("NumericDate").append("{").append(getValue()).append(" -> ").append(df.format(date)).append('}'); return sb.toString(); }
@NotNull private static Link createToken( @NotNull SharedContext context, @NotNull URI baseLfsUrl, @NotNull User user, int tokenExpireSec, float tokenEnsureTime ) { int expireSec = tokenExpireSec <= 0 ? LfsConfig.DEFAULT_TOKEN_EXPIRE_SEC : tokenExpireSec; int ensureSec = (int) Math.ceil(expireSec * tokenEnsureTime); NumericDate now = NumericDate.now(); NumericDate expireAt = NumericDate.fromSeconds(now.getValue() + expireSec); NumericDate ensureAt = NumericDate.fromSeconds(now.getValue() + ensureSec); return new Link( baseLfsUrl, createTokenHeader(context, user, expireAt), new Date(ensureAt.getValueInMillis()) ); } }
expireTime = claims.getExpirationTime().getValueInMillis(); else expireTime = null; expireTime = claims.getExpirationTime().getValueInMillis(); else expireTime = null;
@Nullable public static User parseToken(@NotNull JsonWebEncryption jwe, @NotNull String token, int tokenEnsureTime) { try { jwe.setCompactSerialization(token); final JwtClaims claims = JwtClaims.parse(jwe.getPayload()); final NumericDate now = NumericDate.now(); final NumericDate expire = NumericDate.fromMilliseconds(now.getValueInMillis()); if (tokenEnsureTime > 0) { expire.addSeconds(tokenEnsureTime); } if (claims.getExpirationTime() == null || claims.getExpirationTime().isBefore(expire)) { return null; } if (claims.getNotBefore() == null || claims.getNotBefore().isAfter(now)) { return null; } if (claims.getSubject() == null) { return User.getAnonymous(); } return User.create( claims.getSubject(), claims.getClaimValue("name", String.class), claims.getClaimValue("email", String.class), claims.getClaimValue("external", String.class) ); } catch (JoseException | MalformedClaimException | InvalidJwtException e) { log.warn("Token parsing error: " + e.getMessage()); return null; } }
@Override public void setUser(DemoiselleUser user, String issuer, String audience) { long time = (org.jose4j.jwt.NumericDate.now().getValueInMillis() + (config.getTimetoLiveMilliseconds())); try { JwtClaims claims = new JwtClaims(); claims.setIssuer(issuer != null ? issuer : config.getIssuer()); claims.setExpirationTime(org.jose4j.jwt.NumericDate.fromMilliseconds(time)); claims.setAudience(audience != null ? audience : config.getAudience()); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(1); claims.setClaim("identity", (user.getIdentity())); claims.setClaim("name", (user.getName())); claims.setClaim("roles", (user.getRoles())); claims.setClaim("permissions", (user.getPermissions())); claims.setClaim("params", (user.getParams())); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(privateKey); jws.setKeyIdHeaderValue("demoiselle-security-jwt"); jws.setAlgorithmHeaderValue(config.getAlgorithmIdentifiers()); token.setKey(jws.getCompactSerialization()); token.setType(TokenType.JWT); } catch (JoseException ex) { throw new DemoiselleSecurityException(bundle.general(), Response.Status.UNAUTHORIZED.getStatusCode(), ex); } }
@Override public void setUser(DemoiselleUser user, String issuer, String audience) { long time = (org.jose4j.jwt.NumericDate.now().getValueInMillis() + (config.getTimetoLiveMilliseconds())); try { JwtClaims claims = new JwtClaims(); claims.setIssuer(issuer != null ? issuer : config.getIssuer()); claims.setExpirationTime(org.jose4j.jwt.NumericDate.fromMilliseconds(time)); claims.setAudience(audience != null ? audience : config.getAudience()); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(1); claims.setClaim("identity", (user.getIdentity())); claims.setClaim("name", (user.getName())); claims.setClaim("roles", (user.getRoles())); claims.setClaim("permissions", (user.getPermissions())); claims.setClaim("params", (user.getParams())); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(privateKey); jws.setKeyIdHeaderValue("demoiselle-security-jwt"); jws.setAlgorithmHeaderValue(config.getAlgorithmIdentifiers()); token.setKey(jws.getCompactSerialization()); token.setType(TokenType.JWT); } catch (JoseException ex) { throw new DemoiselleSecurityException(bundle.general(), Response.Status.UNAUTHORIZED.getStatusCode(), ex); } }