Examples with ServiceJWTDTO io.hops.hopsworks.api.user.ServiceJWTDTO used on opensource projects

Example 1 with ServiceJWTDTO

use of io.hops.hopsworks.api.user.ServiceJWTDTO in project hopsworks by logicalclocks.

the class JWTHelper method renewServiceToken.

/**
 * Helper method to generate one-time tokens for service JWT renewal and renew the
 * master service JWT
 * @param token2renew Service JWT to renew
 * @param oneTimeRenewalToken Valid one-time token associated with the master token to be renewed.
 *                            One time tokens are generated once a service is logged-in and every time
 *                            it renews its master token
 * @param user Logged in user
 * @param remoteHostname Hostname of the machine the service runs
 * @return Renewed master service JWT and five one-time tokens used to renew it
 * @throws JWTException
 * @throws NoSuchAlgorithmException
 */
public ServiceJWTDTO renewServiceToken(JsonWebTokenDTO token2renew, String oneTimeRenewalToken, Users user, String remoteHostname) throws JWTException, NoSuchAlgorithmException {
    if (Strings.isNullOrEmpty(oneTimeRenewalToken)) {
        throw new VerificationException("Service renewal token cannot be null or empty");
    }
    if (user == null) {
        DecodedJWT decodedJWT = jwtController.decodeToken(oneTimeRenewalToken);
        throw new VerificationException("Could not find user associated with JWT with ID: " + decodedJWT.getId());
    }
    LocalDateTime now = DateUtils.getNow();
    Date expiresAt = token2renew.getExpiresAt() != null ? token2renew.getExpiresAt() : DateUtils.localDateTime2Date(now.plus(settings.getServiceJWTLifetimeMS(), ChronoUnit.MILLIS));
    Date notBefore = token2renew.getNbf() != null ? token2renew.getNbf() : DateUtils.localDateTime2Date(now);
    List<String> userRoles = userController.getUserRoles(user);
    Pair<String, String[]> renewedTokens = jwtController.renewServiceToken(oneTimeRenewalToken, token2renew.getToken(), expiresAt, notBefore, settings.getServiceJWTLifetimeMS(), user.getUsername(), userRoles, SERVICE_RENEW_JWT_AUDIENCE, remoteHostname, settings.getJWTIssuer(), settings.getJWTSigningKeyName(), false);
    int expLeeway = jwtController.getExpLeewayClaim(jwtController.decodeToken(renewedTokens.getLeft()));
    JWTResponseDTO renewedServiceToken = new JWTResponseDTO(renewedTokens.getLeft(), expiresAt, notBefore, expLeeway);
    return new ServiceJWTDTO(renewedServiceToken, renewedTokens.getRight());
}

Example 2 with ServiceJWTDTO

use of io.hops.hopsworks.api.user.ServiceJWTDTO in project hopsworks by logicalclocks.

the class JWTResource method renewServiceToken.

@PUT
@Path("/service")
@ApiOperation(value = "Renew a service JWT without invalidating the previous token", response = ServiceJWTDTO.class)
public Response renewServiceToken(JsonWebTokenDTO jwt, @Context HttpServletRequest request) throws HopsSecurityException {
    // This token should be the one-time renewal token
    String token = jWTHelper.getAuthToken(request);
    Users user = jWTHelper.getUserPrincipal(request);
    if (user == null) {
        DecodedJWT decodedJWT = JWT.decode(token);
        throw new HopsSecurityException(RESTCodes.SecurityErrorCode.NOT_RENEWABLE_TOKEN, Level.FINE, "User not found associated with that JWT", "Could not find user in the database associated with JWT " + decodedJWT.getId());
    }
    try {
        ServiceJWTDTO renewedTokens = jWTHelper.renewServiceToken(jwt, token, user, request.getRemoteHost());
        return Response.ok().entity(renewedTokens).build();
    } catch (JWTException | NoSuchAlgorithmException ex) {
        throw new HopsSecurityException(RESTCodes.SecurityErrorCode.NOT_RENEWABLE_TOKEN, Level.WARNING, "Could not renew service JWT", "Could not renew service JWT for " + request.getRemoteHost());
    }
}