Search in sources :

Example 1 with CerberusJwtKeySpec

use of com.nike.cerberus.jwt.CerberusJwtKeySpec in project cerberus by Nike-Inc.

the class JwtService method generateJwtToken.

/**
 * Generate JWT token
 *
 * @param cerberusJwtClaims Cerberus JWT claims
 * @return JWT token
 */
public String generateJwtToken(CerberusJwtClaims cerberusJwtClaims) throws AuthTokenTooLongException {
    CerberusJwtKeySpec cerberusJwtKeySpec = signingKeyResolver.resolveSigningKey();
    String principal = cerberusJwtClaims.getPrincipal();
    String jwtToken = Jwts.builder().setHeaderParam(JwsHeader.KEY_ID, cerberusJwtKeySpec.getKid()).setId(cerberusJwtClaims.getId()).setIssuer(environmentName).setSubject(principal).claim(PRINCIPAL_TYPE_CLAIM_NAME, cerberusJwtClaims.getPrincipalType()).claim(GROUP_CLAIM_NAME, cerberusJwtClaims.getGroups()).claim(IS_ADMIN_CLAIM_NAME, cerberusJwtClaims.getIsAdmin()).claim(REFRESH_COUNT_CLAIM_NAME, cerberusJwtClaims.getRefreshCount()).setExpiration(Date.from(cerberusJwtClaims.getExpiresTs().toInstant())).setIssuedAt(Date.from(cerberusJwtClaims.getCreatedTs().toInstant())).signWith(cerberusJwtKeySpec).compressWith(CompressionCodecs.GZIP).compact();
    int tokenLength = jwtToken.length();
    log.info("{}: JWT length: {}", principal, tokenLength);
    if (tokenLength > maxTokenLength) {
        String msg = String.format("Token for %s is %d characters long. The max is %d bytes.", principal, tokenLength, maxTokenLength);
        throw new AuthTokenTooLongException(msg);
    }
    return jwtToken;
}
Also used : AuthTokenTooLongException(com.nike.cerberus.error.AuthTokenTooLongException) CerberusJwtKeySpec(com.nike.cerberus.jwt.CerberusJwtKeySpec)

Example 2 with CerberusJwtKeySpec

use of com.nike.cerberus.jwt.CerberusJwtKeySpec in project cerberus by Nike-Inc.

the class JwtServiceTest method setUp.

@Before
public void setUp() throws Exception {
    initMocks(this);
    jwtService = new JwtService(signingKeyResolver, "local", jwtBlocklistDao);
    ReflectionTestUtils.setField(jwtService, "maxTokenLength", 1600);
    cerberusJwtKeySpec = new CerberusJwtKeySpec(new byte[64], "HmacSHA512", "key id");
    cerberusJwtClaims = new CerberusJwtClaims();
    cerberusJwtClaims.setId("id");
    cerberusJwtClaims.setPrincipal("principal");
    cerberusJwtClaims.setGroups("groups");
    cerberusJwtClaims.setIsAdmin(true);
    cerberusJwtClaims.setPrincipalType("type");
    cerberusJwtClaims.setRefreshCount(1);
    cerberusJwtClaims.setCreatedTs(OffsetDateTime.of(2000, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC));
    cerberusJwtClaims.setExpiresTs(// should be good for a while
    OffsetDateTime.of(3000, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC));
    when(signingKeyResolver.resolveSigningKey()).thenReturn(cerberusJwtKeySpec);
    when(signingKeyResolver.resolveSigningKey(any(JwsHeader.class), any(Claims.class))).thenReturn(cerberusJwtKeySpec);
}
Also used : Claims(io.jsonwebtoken.Claims) CerberusJwtClaims(com.nike.cerberus.jwt.CerberusJwtClaims) CerberusJwtClaims(com.nike.cerberus.jwt.CerberusJwtClaims) JwsHeader(io.jsonwebtoken.JwsHeader) CerberusJwtKeySpec(com.nike.cerberus.jwt.CerberusJwtKeySpec) Before(org.junit.Before)

Aggregations

CerberusJwtKeySpec (com.nike.cerberus.jwt.CerberusJwtKeySpec)2 AuthTokenTooLongException (com.nike.cerberus.error.AuthTokenTooLongException)1 CerberusJwtClaims (com.nike.cerberus.jwt.CerberusJwtClaims)1 Claims (io.jsonwebtoken.Claims)1 JwsHeader (io.jsonwebtoken.JwsHeader)1 Before (org.junit.Before)1