use of io.hops.hopsworks.jwt.SignatureAlgorithm in project hopsworks by logicalclocks.
the class ElasticJWTController method createTokenForELK.
private String createTokenForELK(String project, Optional<Long> projectInodeId, String userRole) throws ElasticException {
SignatureAlgorithm alg = SignatureAlgorithm.valueOf(settings.getJWTSignatureAlg());
Date expiresAt = new Date(System.currentTimeMillis() + settings.getElasicJwtExpMs());
try {
Map<String, Object> claims = new HashMap<>();
claims.put(Constants.ROLES, userRole);
claims.put(Constants.ELK_VALID_PROJECT_NAME, ElasticUtils.getProjectNameWithNoSpecialCharacters(project));
if (projectInodeId.isPresent()) {
claims.put(Constants.ELK_PROJECT_INODE_ID, projectInodeId.get());
}
return jwtController.createTokenForELK(project, settings.getJWTIssuer(), claims, expiresAt, alg);
} catch (DuplicateSigningKeyException | NoSuchAlgorithmException | SigningKeyNotFoundException e) {
throw new ElasticException(RESTCodes.ElasticErrorCode.JWT_NOT_CREATED, Level.SEVERE, "Failed to create jwt token for elk", e.getMessage(), e);
}
}
use of io.hops.hopsworks.jwt.SignatureAlgorithm in project hopsworks by logicalclocks.
the class JWTHelper method createToken.
/**
* Create jwt with a new signing key. Fails if the keyName already exists.
*
* @param jWTRequestDTO
* @param issuer
* @return
* @throws NoSuchAlgorithmException
* @throws SigningKeyNotFoundException
* @throws DuplicateSigningKeyException
*/
public JWTResponseDTO createToken(JWTRequestDTO jWTRequestDTO, String issuer) throws NoSuchAlgorithmException, SigningKeyNotFoundException, DuplicateSigningKeyException {
if (jWTRequestDTO == null || jWTRequestDTO.getKeyName() == null || jWTRequestDTO.getKeyName().isEmpty() || jWTRequestDTO.getAudiences() == null || jWTRequestDTO.getAudiences().length == 0 || jWTRequestDTO.getSubject() == null || jWTRequestDTO.getSubject().isEmpty()) {
return null;
}
Date now = new Date();
Date nbf = jWTRequestDTO.getNbf() != null ? jWTRequestDTO.getNbf() : now;
Date expiresOn = jWTRequestDTO.getExpiresAt() != null ? jWTRequestDTO.getExpiresAt() : new Date(now.getTime() + settings.getJWTLifetimeMs());
SignatureAlgorithm alg = SignatureAlgorithm.valueOf(settings.getJWTSignatureAlg());
// What role should we give to users not in system
String[] roles = { "HOPS_USER" };
int expLeeway = jwtController.getExpLeewayOrDefault(jWTRequestDTO.getExpLeeway());
Map<String, Object> claims = new HashMap<>(3);
claims.put(RENEWABLE, jWTRequestDTO.isRenewable());
claims.put(EXPIRY_LEEWAY, expLeeway);
claims.put(ROLES, roles);
String token = jwtController.createToken(jWTRequestDTO.getKeyName(), true, issuer, jWTRequestDTO.getAudiences(), expiresOn, nbf, jWTRequestDTO.getSubject(), claims, alg);
return new JWTResponseDTO(token, expiresOn, nbf, expLeeway);
}
use of io.hops.hopsworks.jwt.SignatureAlgorithm in project hopsworks by logicalclocks.
the class JWTHelper method createToken.
/**
* Create a new jwt for the given user that can be used for the specified audience.
*
* @param user
* @param audience
* @param issuer
* @return
* @throws NoSuchAlgorithmException
* @throws SigningKeyNotFoundException
* @throws DuplicateSigningKeyException
*/
public String createToken(Users user, String[] audience, String issuer, Date expiresAt, Map<String, Object> claims) throws NoSuchAlgorithmException, SigningKeyNotFoundException, DuplicateSigningKeyException {
SignatureAlgorithm alg = SignatureAlgorithm.valueOf(settings.getJWTSignatureAlg());
String[] roles = userController.getUserRoles(user).toArray(new String[0]);
claims = jwtController.addDefaultClaimsIfMissing(claims, true, settings.getJWTExpLeewaySec(), roles);
return jwtController.createToken(settings.getJWTSigningKeyName(), false, issuer, audience, expiresAt, new Date(), user.getUsername(), claims, alg);
}
use of io.hops.hopsworks.jwt.SignatureAlgorithm in project hopsworks by logicalclocks.
the class JWTHelper method createOneTimeToken.
public String createOneTimeToken(Users user, String[] roles, String issuer, String[] audience, Date notBefore, Date expiresAt, String keyName, Map<String, Object> claims, boolean createNewKey) throws NoSuchAlgorithmException, SigningKeyNotFoundException, DuplicateSigningKeyException {
SignatureAlgorithm algorithm = SignatureAlgorithm.valueOf(Constants.ONE_TIME_JWT_SIGNATURE_ALGORITHM);
claims = jwtController.addDefaultClaimsIfMissing(claims, false, 0, roles);
return jwtController.createToken(keyName, createNewKey, issuer, audience, expiresAt, notBefore, user.getUsername(), claims, algorithm);
}
Aggregations