javaOIDCMsg/lib/src/main/java/com/auth0/jwt/jwts/JWT.java at master · ewjay/javaOIDCMsg

History

474 lines (430 loc) · 18.7 KB

Raw

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

// Permission is hereby granted, free of charge, to any person obtaining a copy of

// this software and associated documentation files (the "Software"), to deal in

// the Software without restriction, including without limitation the rights to

// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of

// the Software, and to permit persons to whom the Software is furnished to do so,

// subject to the following conditions:

// The above copyright notice and this permission notice shall be included in all

// copies or substantial portions of the Software.

// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS

// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR

// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER

// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package com.auth0.jwt.jwts;

import com.auth0.jwt.ClockImpl;

import com.auth0.jwt.creators.EncodeType;

import com.auth0.jwt.creators.JWTCreator;

import com.auth0.jwt.JWTDecoder;

import com.auth0.jwt.algorithms.Algorithm;

import com.auth0.jwt.exceptions.*;

import com.auth0.jwt.impl.PublicClaims;

import com.auth0.jwt.interfaces.Clock;

import com.auth0.jwt.interfaces.DecodedJWT;

import com.auth0.jwt.interfaces.Verification;

import com.auth0.jwt.verification.VerificationAndAssertion;

import java.util.*;

@SuppressWarnings("WeakerAccess")

public class JWT {

private final Algorithm algorithm;

final Map<String, Object> claims;

private final Clock clock;

JWT(Algorithm algorithm, Map<String, Object> claims, Clock clock) {

this.algorithm = algorithm;

this.claims = Collections.unmodifiableMap(claims);

this.clock = clock;

}

/**

* Convert the given token to a DecodedJWT

*

* Note that this method doesn't verify the token's signature! Use it only if you trust the token or you already verified it.

* @param token with jwt format as string.

* @return a decoded JWT.

* @throws AlgorithmMismatchException if the algorithm stated in the token's header it's not equal to the one defined in the {@link JWT}.

* @throws SignatureVerificationException if the signature is invalid.

* @throws TokenExpiredException if the token has expired.

* @throws InvalidClaimException if a claim contained a different value than the expected one.

public DecodedJWT decode(String token) throws Exception {

DecodedJWT jwt = new JWTDecoder(token, EncodeType.Base64);

VerificationAndAssertion.verifyAlgorithm(jwt, algorithm);

algorithm.verify(jwt, EncodeType.Base64);

VerificationAndAssertion.verifyClaims(clock, jwt, claims);

return jwt;

}

/**

* Convert the given token to a DecodedJWT

*

* Note that this method doesn't verify the token's signature! Use it only if you trust the token or you already verified it.

* @param token with jwt format as string.

* @return a decoded JWT.

* @throws AlgorithmMismatchException if the algorithm stated in the token's header it's not equal to the one defined in the {@link JWT}.

* @throws SignatureVerificationException if the signature is invalid.

* @throws TokenExpiredException if the token has expired.

* @throws InvalidClaimException if a claim contained a different value than the expected one.

public DecodedJWT decode16Bytes(String token) throws Exception {

DecodedJWT jwt = new JWTDecoder(token, EncodeType.Base16);

VerificationAndAssertion.verifyAlgorithm(jwt, algorithm);

algorithm.verify(jwt, EncodeType.Base16);

VerificationAndAssertion.verifyClaims(clock, jwt, claims);

return jwt;

}

/**

* Convert the given token to a DecodedJWT

*

* Note that this method doesn't verify the token's signature! Use it only if you trust the token or you already verified it.

* @param token with jwt format as string.

* @return a decoded JWT.

* @throws AlgorithmMismatchException if the algorithm stated in the token's header it's not equal to the one defined in the {@link JWT}.

* @throws SignatureVerificationException if the signature is invalid.

* @throws TokenExpiredException if the token has expired.

* @throws InvalidClaimException if a claim contained a different value than the expected one.

public DecodedJWT decode32Bytes(String token) throws Exception {

DecodedJWT jwt = new JWTDecoder(token, EncodeType.Base32);

VerificationAndAssertion.verifyAlgorithm(jwt, algorithm);

algorithm.verify(jwt, EncodeType.Base32);

VerificationAndAssertion.verifyClaims(clock, jwt, claims);

return jwt;

}

/**

* Returns a {Verification} to be used to validate token signature.

* @param algorithm that will be used to verify the token's signature.

* @return Verification

* @throws IllegalArgumentException if the provided algorithm is null.

public static Verification require(Algorithm algorithm) {

return JWT.init(algorithm);

}

/**

* Returns a Json Web Token builder used to create and sign tokens

* @return a token builder.

public static JWTCreator.Builder create() {

return JWTCreator.init();

}

//----------------this is from JWTVerifier--------

/**

* Initialize a Verification instance using the given Algorithm.

* @param algorithm the Algorithm to use on the JWT verification.

* @return a JWT.BaseVerification instance to configure.

* @throws IllegalArgumentException if the provided algorithm is null.

static Verification init(Algorithm algorithm) throws IllegalArgumentException {

return new JWT.BaseVerification(algorithm);

}

/**

* The Verification class holds the Claims required by a JWT to be valid.

public static class BaseVerification implements Verification {

protected final Algorithm algorithm;

protected final Map<String, Object> claims;

private long defaultLeeway;

BaseVerification(Algorithm algorithm) throws IllegalArgumentException {

if (algorithm == null) {

throw new IllegalArgumentException("The Algorithm cannot be null.");

}

this.algorithm = algorithm;

this.claims = new HashMap<>();

this.defaultLeeway = 0;

}

@Override

public Verification withNbf(long nbf) {

throw new UnsupportedOperationException("you shouldn't be calling this method");

}

@Override

public Verification createVerifierForRisc(String jti, List<String> issuer,

List<String> audience, long iatLeeway, long expLeeway, long nbf) {

throw new UnsupportedOperationException("you shouldn't be calling this method");

}

@Override

public Verification createVerifierForScoped(String scope, List<String> issuer, List<String> audience, long expLeeway, long iatLeeway) {

throw new UnsupportedOperationException("you shouldn't be calling this method");

}

@Override

public Verification createVerifierForImplicit(List<String> issuer, List<String> audience, long iatLeeway) {

throw new UnsupportedOperationException("you shouldn't be calling this method");

}

@Override

public Verification createVerifierForFb(String userId, String appId) {

throw new UnsupportedOperationException("you shouldn't be calling this method");

}

@Override

public Verification withUserId(String userId) {

throw new UnsupportedOperationException("you shouldn't be calling this method");

}

@Override

public Verification withAppId(String appId) {

throw new UnsupportedOperationException("you shouldn't be calling this method");

}

@Override

public Verification createVerifierForAccess(List<String> issuer, List<String> audience, long expLeeway, long iatLeeway) {

throw new UnsupportedOperationException("you shouldn't be calling this method");

}

/**

* Require a specific Issuer ("iss") claim.

* Allows for multiple issuers

* @param issuer the required Issuer value

* @return this same Verification instance.

@Override

public Verification withIssuer(String... issuer) {

requireClaim(PublicClaims.ISSUER, Arrays.asList(issuer));

return this;

}

/**

* Require a specific Subject ("sub") claim.

* Allows for multiple subjects

* @param subject the required Subject value

* @return this same Verification instance.

@Override

public Verification withSubject(String... subject) {

requireClaim(PublicClaims.SUBJECT, Arrays.asList(subject));

return this;

}

/**

* Require a specific Audience ("aud") claim.

* Allows for multiple audience

* @param audience the required Audience value

* @return this same Verification instance.

@Override

public Verification withAudience(String... audience) {

requireClaim(PublicClaims.AUDIENCE, Arrays.asList(audience));

return this;

}

/**

* Define the default window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.

* Setting a specific leeway value on a given Claim will override this value for that Claim.

* @param leeway the window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.

* @return this same Verification instance.

* @throws IllegalArgumentException if leeway is negative.

@Override

public Verification acceptLeeway(long leeway) throws IllegalArgumentException {

VerificationAndAssertion.assertPositive(leeway);

this.defaultLeeway = leeway;

return this;

}

/**

* Set a specific leeway window in seconds in which the Expires At ("exp") Claim will still be valid.

* Expiration Date is always verified when the value is present. This method overrides the value set with acceptLeeway

* @param leeway the window in seconds in which the Expires At Claim will still be valid.

* @return this same Verification instance.

* @throws IllegalArgumentException if leeway is negative.

@Override

public Verification acceptExpiresAt(long leeway) throws IllegalArgumentException {

VerificationAndAssertion.assertPositive(leeway);

requireClaim(PublicClaims.EXPIRES_AT, leeway);

return this;

}

/**

* Set a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid.

* Not Before Date is always verified when the value is present. This method overrides the value set with acceptLeeway

* @param leeway the window in seconds in which the Not Before Claim will still be valid.

* @return this same Verification instance.

* @throws IllegalArgumentException if leeway is negative.

@Override

public Verification acceptNotBefore(long leeway) throws IllegalArgumentException {

VerificationAndAssertion.assertPositive(leeway);

requireClaim(PublicClaims.NOT_BEFORE, leeway);

return this;

}

/**

* Set a specific leeway window in seconds in which the Issued At ("iat") Claim will still be valid.

* Issued At Date is always verified when the value is present. This method overrides the value set with acceptLeeway

* @param leeway the window in seconds in which the Issued At Claim will still be valid.

* @return this same Verification instance.

* @throws IllegalArgumentException if leeway is negative.

@Override

public Verification acceptIssuedAt(long leeway) throws IllegalArgumentException {

VerificationAndAssertion.assertPositive(leeway);

requireClaim(PublicClaims.ISSUED_AT, leeway);

return this;

}

/**

* Require a specific JWT Id ("jti") claim.

* @param jwtId the required Id value

* @return this same Verification instance.

@Override

public Verification withJWTId(String jwtId) {

requireClaim(PublicClaims.JWT_ID, jwtId);

return this;

}

/**

* Require a specific Claim value.

* @param name the Claim's name.

* @param value the Claim's value.

* @return this same Verification instance.

* @throws IllegalArgumentException if the name is null.

@Override

public Verification withNonStandardClaim(String name, Boolean value) throws IllegalArgumentException {

VerificationAndAssertion.assertNonNull(name);

requireClaim(name, value);

return this;

}

/**

* Require a specific Claim value.

* @param name the Claim's name.

* @param value the Claim's value.

* @return this same Verification instance.

* @throws IllegalArgumentException if the name is null.

@Override

public Verification withNonStandardClaim(String name, Integer value) throws IllegalArgumentException {

VerificationAndAssertion.assertNonNull(name);

requireClaim(name, value);

return this;

}

/**

* Require a specific Claim value.

* @param name the Claim's name.

* @param value the Claim's value.

* @return this same Verification instance.

* @throws IllegalArgumentException if the name is null.

@Override

public Verification withNonStandardClaim(String name, Long value) throws IllegalArgumentException {

VerificationAndAssertion.assertNonNull(name);

requireClaim(name, value);

return this;

}

/**

* Require a specific Claim value.

* @param name the Claim's name.

* @param value the Claim's value.

* @return this same Verification instance.

* @throws IllegalArgumentException if the name is null.

@Override

public Verification withNonStandardClaim(String name, Double value) throws IllegalArgumentException {

VerificationAndAssertion.assertNonNull(name);

requireClaim(name, value);

return this;

}

/**

* Require a specific Claim value.

* @param name the Claim's name.

* @param value the Claim's value.

* @return this same Verification instance.

* @throws IllegalArgumentException if the name is null.

@Override

public Verification withNonStandardClaim(String name, String value) throws IllegalArgumentException {

VerificationAndAssertion.assertNonNull(name);

requireClaim(name, value);

return this;

}

/**

* Require a specific Claim value.

* @param name the Claim's name.

* @param value the Claim's value.

* @return this same Verification instance.

* @throws IllegalArgumentException if the name is null.

@Override

public Verification withNonStandardClaim(String name, Date value) throws IllegalArgumentException {

VerificationAndAssertion.assertNonNull(name);

requireClaim(name, value);

return this;

}

/**

* Require a specific Array Claim to contain at least the given items.

* @param name the Claim's name.

* @param items the items the Claim must contain.

* @return this same Verification instance.

* @throws IllegalArgumentException if the name is null.

@Override

public Verification withArrayClaim(String name, String... items) throws IllegalArgumentException {

VerificationAndAssertion.assertNonNull(name);

requireClaim(name, items);

return this;

}

/**

* Require a specific Array Claim to contain at least the given items.

* @param name the Claim's name.

* @param items the items the Claim must contain.

* @return this same Verification instance.

* @throws IllegalArgumentException if the name is null.

@Override

public Verification withArrayClaim(String name, Integer... items) throws IllegalArgumentException {

VerificationAndAssertion.assertNonNull(name);

requireClaim(name, items);

return this;

}

/**

* Creates a new and reusable instance of the JWT with the configuration already provided.

* @return a new JWT instance.

@Override

public JWT build() {

return this.build(new ClockImpl());

}

/**

* Creates a new and reusable instance of the JWT the configuration already provided.

* ONLY FOR TEST PURPOSES.

* @param clock the instance that will handle the current time.

* @return a new JWT instance with a custom Clock.

public JWT build(Clock clock) {

addLeewayToDateClaims();

return new JWT(algorithm, claims, clock);

}

protected void addLeewayToDateClaims() {

if (!claims.containsKey(PublicClaims.EXPIRES_AT)) {

claims.put(PublicClaims.EXPIRES_AT, defaultLeeway);

}

if (!claims.containsKey(PublicClaims.NOT_BEFORE)) {

claims.put(PublicClaims.NOT_BEFORE, defaultLeeway);

}

if (!claims.containsKey(PublicClaims.ISSUED_AT)) {

claims.put(PublicClaims.ISSUED_AT, defaultLeeway);

}

protected void requireClaim(String name, Object value) {

if (value == null) {

claims.remove(name);

return;

}

claims.put(name, value);

}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

JWT.java

Latest commit

History

JWT.java

File metadata and controls