Examples with JwtValidator com.google.crypto.tink.jwt.JwtValidator used on opensource projects

Search in sources :

Example 1 with JwtValidator

use of com.google.crypto.tink.jwt.JwtValidator in project tink by google.

the class JwtServiceImpl method convertProtoValidatorToValidator.

private JwtValidator convertProtoValidatorToValidator(com.google.crypto.tink.proto.testing.JwtValidator validator) throws JwtInvalidException {
    JwtValidator.Builder validatorBuilder = JwtValidator.newBuilder();
    if (validator.hasExpectedTypeHeader()) {
        validatorBuilder.expectTypeHeader(validator.getExpectedTypeHeader().getValue());
    }
    if (validator.hasExpectedIssuer()) {
        validatorBuilder.expectIssuer(validator.getExpectedIssuer().getValue());
    }
    if (validator.hasExpectedAudience()) {
        validatorBuilder.expectAudience(validator.getExpectedAudience().getValue());
    }
    if (validator.getIgnoreTypeHeader()) {
        validatorBuilder.ignoreTypeHeader();
    }
    if (validator.getIgnoreIssuer()) {
        validatorBuilder.ignoreIssuer();
    }
    if (validator.getIgnoreAudience()) {
        validatorBuilder.ignoreAudiences();
    }
    if (validator.getAllowMissingExpiration()) {
        validatorBuilder.allowMissingExpiration();
    }
    if (validator.getExpectIssuedInThePast()) {
        validatorBuilder.expectIssuedInThePast();
    }
    if (validator.hasNow()) {
        Instant now = timestampToInstant(validator.getNow());
        validatorBuilder.setClock(Clock.fixed(now, ZoneOffset.UTC));
    }
    if (validator.hasClockSkew()) {
        validatorBuilder.setClockSkew(Duration.ofSeconds(validator.getClockSkew().getSeconds()));
    }
    return validatorBuilder.build();
}
Also used : JwtValidator(com.google.crypto.tink.jwt.JwtValidator) Instant(java.time.Instant)

Example 2 with JwtValidator

use of com.google.crypto.tink.jwt.JwtValidator in project tink by google.

the class JwtServiceImpl method publicKeyVerifyAndDecode.

/**
 * Decodes and verifies a signed, compact JWT.
 */
@Override
public void publicKeyVerifyAndDecode(JwtVerifyRequest request, StreamObserver<JwtVerifyResponse> responseObserver) {
    JwtVerifyResponse response;
    try {
        KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
        JwtValidator validator = convertProtoValidatorToValidator(request.getValidator());
        JwtPublicKeyVerify verifier = keysetHandle.getPrimitive(JwtPublicKeyVerify.class);
        VerifiedJwt verifiedJwt = verifier.verifyAndDecode(request.getSignedCompactJwt(), validator);
        JwtToken token = convertVerifiedJwtToJwtToken(verifiedJwt);
        response = JwtVerifyResponse.newBuilder().setVerifiedJwt(token).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = JwtVerifyResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) JwtToken(com.google.crypto.tink.proto.testing.JwtToken) JwtValidator(com.google.crypto.tink.jwt.JwtValidator) VerifiedJwt(com.google.crypto.tink.jwt.VerifiedJwt) GeneralSecurityException(java.security.GeneralSecurityException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) JwtPublicKeyVerify(com.google.crypto.tink.jwt.JwtPublicKeyVerify) IOException(java.io.IOException) JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse)

Example 3 with JwtValidator

use of com.google.crypto.tink.jwt.JwtValidator in project tink by google.

the class JwtServiceImpl method verifyMacAndDecode.

/**
 * Decodes and verifies a signed, compact JWT.
 */
@Override
public void verifyMacAndDecode(JwtVerifyRequest request, StreamObserver<JwtVerifyResponse> responseObserver) {
    JwtVerifyResponse response;
    try {
        KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
        JwtValidator validator = convertProtoValidatorToValidator(request.getValidator());
        JwtMac jwtMac = keysetHandle.getPrimitive(JwtMac.class);
        VerifiedJwt verifiedJwt = jwtMac.verifyMacAndDecode(request.getSignedCompactJwt(), validator);
        JwtToken token = convertVerifiedJwtToJwtToken(verifiedJwt);
        response = JwtVerifyResponse.newBuilder().setVerifiedJwt(token).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = JwtVerifyResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) JwtToken(com.google.crypto.tink.proto.testing.JwtToken) JwtMac(com.google.crypto.tink.jwt.JwtMac) JwtValidator(com.google.crypto.tink.jwt.JwtValidator) VerifiedJwt(com.google.crypto.tink.jwt.VerifiedJwt) GeneralSecurityException(java.security.GeneralSecurityException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) IOException(java.io.IOException) JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse)

Example 4 with JwtValidator

use of com.google.crypto.tink.jwt.JwtValidator in project tink by google.

the class JwtVerify method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.printf("Expected 3 parameters, got %d\n", args.length);
        System.err.println("Usage: java JwtVerify public-jwk-set-file audience token-file");
        System.exit(1);
    }
    File publicJwkSetFile = new File(args[0]);
    String audience = args[1];
    File tokenFile = new File(args[2]);
    // Register all JWT signature key types with the Tink runtime.
    JwtSignatureConfig.register();
    // Read the public keyset in JWK set format into a KeysetHandle.
    KeysetHandle publicKeysetHandle = null;
    try {
        String publicJwkSet = new String(Files.readAllBytes(publicJwkSetFile.toPath()), UTF_8);
        publicKeysetHandle = JwkSetConverter.toKeysetHandle(publicJwkSet, KeyAccess.publicAccess());
    } catch (GeneralSecurityException | IOException ex) {
        System.err.println("Cannot read keyset, got error: " + ex);
        System.exit(1);
    }
    List<String> lines = Files.readAllLines(tokenFile.toPath());
    if (lines.size() != 1) {
        System.err.printf("The signature file should contain only one line,  got %d", lines.size());
        System.exit(1);
    }
    String signedToken = lines.get(0).trim();
    // Get the primitive.
    JwtPublicKeyVerify verifier = null;
    try {
        verifier = publicKeysetHandle.getPrimitive(JwtPublicKeyVerify.class);
    } catch (GeneralSecurityException ex) {
        System.err.println("Cannot create primitive, got error: " + ex);
        System.exit(1);
    }
    // Use the primitive to verify a token.
    try {
        JwtValidator validator = JwtValidator.newBuilder().expectAudience(audience).build();
        VerifiedJwt verifiedJwt = verifier.verifyAndDecode(signedToken, validator);
        long seconds = ChronoUnit.SECONDS.between(Instant.now(), verifiedJwt.getExpiration());
        System.out.println("Token is valid and expires in " + seconds + " seconds.");
    } catch (GeneralSecurityException ex) {
        System.err.println("JWT verification failed.");
        System.exit(1);
    }
    System.exit(0);
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) JwtValidator(com.google.crypto.tink.jwt.JwtValidator) VerifiedJwt(com.google.crypto.tink.jwt.VerifiedJwt) JwtPublicKeyVerify(com.google.crypto.tink.jwt.JwtPublicKeyVerify) IOException(java.io.IOException) File(java.io.File)

Aggregations

JwtValidator (com.google.crypto.tink.jwt.JwtValidator)4 KeysetHandle (com.google.crypto.tink.KeysetHandle)3 VerifiedJwt (com.google.crypto.tink.jwt.VerifiedJwt)3 IOException (java.io.IOException)3 GeneralSecurityException (java.security.GeneralSecurityException)3 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)2 JwtPublicKeyVerify (com.google.crypto.tink.jwt.JwtPublicKeyVerify)2 JwtToken (com.google.crypto.tink.proto.testing.JwtToken)2 JwtVerifyResponse (com.google.crypto.tink.proto.testing.JwtVerifyResponse)2 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2 JwtMac (com.google.crypto.tink.jwt.JwtMac)1 File (java.io.File)1 Instant (java.time.Instant)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial