Example 41 with Algorithm
use of com.auth0.jwt.Algorithm in project goobi-workflow by intranda.
the class JwtHelper method createSigningAlgorithm.
/**
* creates a rotated token. Rotation is done by appending a timestamp
*
* @param secret
* @return
*/
private static Algorithm createSigningAlgorithm(String secret) {
long currentTime = System.currentTimeMillis();
long rotationTime = (currentTime / rotationDuration) * rotationDuration;
Algorithm algorithm = Algorithm.HMAC256(secret + rotationTime);
return algorithm;
}
Also used :
Algorithm(com.auth0.jwt.algorithms.Algorithm)
Example 42 with Algorithm
use of com.auth0.jwt.Algorithm in project spring-learning by moon-zhou.
the class JwtUtil method sign.
/**
* 生成签名,15分钟后过期
*
* @param username
* @param userId
* @return
*/
public static String sign(String username, String userId, String password) {
// 过期时间
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
// 私钥及加密算法
Algorithm algorithm = Algorithm.HMAC256(password);
// 设置头信息
HashMap<String, Object> header = new HashMap<>(2);
header.put("typ", "JWT");
header.put("alg", "HS256");
// 附带username和userID生成签名
return JWT.create().withHeader(header).withClaim("userId", userId).withClaim("username", username).withExpiresAt(date).sign(algorithm);
}Example 43 with Algorithm
use of com.auth0.jwt.Algorithm in project java-fleetengine-auth by googlemaps.
the class ImpersonatedSignerTest method sign_buildsJwtCorrectly.
@Test
public void sign_buildsJwtCorrectly() {
FleetEngineToken token = FleetEngineToken.builder().setTokenType(FleetEngineTokenType.SERVER).setCreationTimestamp(Date.from(creation.instant())).setExpirationTimestamp(Date.from(expiration.instant())).setAudience(TEST_AUDIENCE).setAuthorizationClaims(EmptyFleetEngineTokenClaims.INSTANCE).build();
// Mock impersonated credentials
ImpersonatedAccountSignerCredentials impersonatedCredentials = mock(ImpersonatedAccountSignerCredentials.class);
when(impersonatedCredentials.getAccount()).thenReturn(TEST_SERVICE_ACCOUNT);
when(impersonatedCredentials.sign(any(), any())).thenAnswer(invocation -> {
byte[] presignedHeaderJwt = invocation.getArgument(0, byte[].class);
byte[] presignedContentJwt = invocation.getArgument(0, byte[].class);
return Algorithm.none().sign(presignedHeaderJwt, presignedContentJwt);
});
ImpersonatedSigner signer = new ImpersonatedSigner(impersonatedCredentials);
// Sign the token with the "none" algorithm.
FleetEngineToken signedToken = signer.sign(token);
// Check that the payload matches what was expected
DecodedJWT decodedJWT = JWT.decode(signedToken.jwt());
String payload = new String(Base64.getDecoder().decode(decodedJWT.getPayload()), UTF_8);
Gson gson = new Gson();
JwtPayload jwtPayload = gson.fromJson(payload, JwtPayload.class);
assertThat(jwtPayload.audience).isEqualTo(TEST_AUDIENCE);
assertThat(jwtPayload.issuer).isEqualTo(TEST_SERVICE_ACCOUNT);
assertThat(jwtPayload.subject).isEqualTo(TEST_SERVICE_ACCOUNT);
assertThat(jwtPayload.issuedAt).isEqualTo(creation.instant().getEpochSecond());
assertThat(jwtPayload.expiredAt).isEqualTo(expiration.instant().getEpochSecond());
}
Also used :
Gson(com.google.gson.Gson)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
FleetEngineToken(com.google.fleetengine.auth.token.FleetEngineToken)
ImpersonatedAccountSignerCredentials(com.google.fleetengine.auth.token.factory.signer.ImpersonatedSigner.ImpersonatedAccountSignerCredentials)
Test(org.junit.Test)
Example 44 with Algorithm
use of com.auth0.jwt.Algorithm in project waynboot-mall by wayn111.
the class JwtUtil method sign.
/**
* 生成签名
*
* @param token 用户唯一标识
* @param secret 用户的密码
* @return 加密的token
*/
public static String sign(String token, String secret) {
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
Algorithm algorithm = Algorithm.HMAC256(secret);
return JWT.create().withClaim(SysConstants.SIGN_KEY, token).withIssuedAt(new Date()).withExpiresAt(date).sign(algorithm);
}Example 45 with Algorithm
use of com.auth0.jwt.Algorithm in project waynboot-mall by wayn111.
the class JwtUtil method verify.
/**
* 校验token是否正确
*
* @param token 密钥
* @param secret 用户的密码
* @return 是否正确
*/
public static boolean verify(String token, String userId, String secret) {
try {
Algorithm algorithm = Algorithm.HMAC256(secret);
JWTVerifier verifier = JWT.require(algorithm).withClaim("userId", userId).build();
verifier.verify(token);
return true;
} catch (Exception exception) {
return false;
}
}
Also used :
Algorithm(com.auth0.jwt.algorithms.Algorithm)
JWTVerifier(com.auth0.jwt.JWTVerifier)
JWTDecodeException(com.auth0.jwt.exceptions.JWTDecodeException)
Aggregations
Algorithm (com.auth0.jwt.algorithms.Algorithm)206
Test (org.junit.Test)160
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)90
JWTVerifier (com.auth0.jwt.JWTVerifier)79
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)79
ECDSAAlgorithmTest (com.auth0.jwt.algorithms.ECDSAAlgorithmTest)61
Date (java.util.Date)57
ECDSAKeyProvider (com.auth0.jwt.interfaces.ECDSAKeyProvider)51
RSAPublicKey (java.security.interfaces.RSAPublicKey)36
ECPublicKey (java.security.interfaces.ECPublicKey)34
RSAKeyProvider (com.auth0.jwt.interfaces.RSAKeyProvider)31
IOException (java.io.IOException)30
JWTCreator (com.auth0.jwt.JWTCreator)28
JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)25
ECPrivateKey (java.security.interfaces.ECPrivateKey)23
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)21
HashMap (java.util.HashMap)17
UnsupportedEncodingException (java.io.UnsupportedEncodingException)16
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)15
JsonObject (com.google.gson.JsonObject)15
