Examples with DuplicateSigningKeyException io.hops.hopsworks.jwt.exception.DuplicateSigningKeyException used on opensource projects

Example 1 with DuplicateSigningKeyException

use of io.hops.hopsworks.jwt.exception.DuplicateSigningKeyException in project hopsworks by logicalclocks.

the class GitJWTManager method createTokenForGitContainer.

private String createTokenForGitContainer(String username, String[] userRoles, LocalDateTime expirationDate) throws GitOpException {
    try {
        Map<String, Object> claims = new HashMap<>();
        claims.put(Constants.ROLES, userRoles);
        claims.put(Constants.RENEWABLE, false);
        return jwtController.createToken(settings.getJWTSigningKeyName(), false, settings.getJWTIssuer(), new String[] { "api", "git" }, DateUtils.localDateTime2Date(expirationDate), DateUtils.localDateTime2Date(DateUtils.getNow()), username, claims, SignatureAlgorithm.valueOf(settings.getJWTSignatureAlg()));
    } catch (DuplicateSigningKeyException | NoSuchAlgorithmException | SigningKeyNotFoundException e) {
        throw new GitOpException(RESTCodes.GitOpErrorCode.JWT_NOT_CREATED, Level.SEVERE, "Failed to create jwt token " + "for git", e.getMessage(), e);
    }
}

Example 2 with DuplicateSigningKeyException

use of io.hops.hopsworks.jwt.exception.DuplicateSigningKeyException in project hopsworks by logicalclocks.

the class ElasticJWTController method createTokenForELK.

private String createTokenForELK(String project, Optional<Long> projectInodeId, String userRole) throws ElasticException {
    SignatureAlgorithm alg = SignatureAlgorithm.valueOf(settings.getJWTSignatureAlg());
    Date expiresAt = new Date(System.currentTimeMillis() + settings.getElasicJwtExpMs());
    try {
        Map<String, Object> claims = new HashMap<>();
        claims.put(Constants.ROLES, userRole);
        claims.put(Constants.ELK_VALID_PROJECT_NAME, ElasticUtils.getProjectNameWithNoSpecialCharacters(project));
        if (projectInodeId.isPresent()) {
            claims.put(Constants.ELK_PROJECT_INODE_ID, projectInodeId.get());
        }
        return jwtController.createTokenForELK(project, settings.getJWTIssuer(), claims, expiresAt, alg);
    } catch (DuplicateSigningKeyException | NoSuchAlgorithmException | SigningKeyNotFoundException e) {
        throw new ElasticException(RESTCodes.ElasticErrorCode.JWT_NOT_CREATED, Level.SEVERE, "Failed to create jwt token for elk", e.getMessage(), e);
    }
}

Example 3 with DuplicateSigningKeyException

use of io.hops.hopsworks.jwt.exception.DuplicateSigningKeyException in project hopsworks by logicalclocks.

the class JWTHelper method createOneTimeToken.

/**
 * One time token 60 sec life
 * @param user
 * @param issuer
 * @param claims
 * @return
 */
public String createOneTimeToken(Users user, String issuer, Map<String, Object> claims) {
    String[] audience = {};
    Date now = new Date();
    Date expiresAt = new Date(now.getTime() + Constants.ONE_TIME_JWT_LIFETIME_MS);
    String[] roles = {};
    String token = null;
    try {
        token = createOneTimeToken(user, roles, issuer, audience, now, expiresAt, Constants.ONE_TIME_JWT_SIGNING_KEY_NAME, claims, false);
    } catch (NoSuchAlgorithmException | SigningKeyNotFoundException | DuplicateSigningKeyException ex) {
        Logger.getLogger(JWTHelper.class.getName()).log(Level.SEVERE, null, ex);
    }
    return token;
}

Example 4 with DuplicateSigningKeyException

use of io.hops.hopsworks.jwt.exception.DuplicateSigningKeyException in project hopsworks by logicalclocks.

the class AuthService method serviceLogin.

@POST
@Path("/service")
@Produces(MediaType.APPLICATION_JSON)
@JWTNotRequired
public Response serviceLogin(@FormParam("email") String email, @FormParam("password") String password, @Context HttpServletRequest request) throws UserException, GeneralSecurityException, SigningKeyNotFoundException, DuplicateSigningKeyException, HopsSecurityException {
    if (Strings.isNullOrEmpty(email)) {
        throw new IllegalArgumentException("Email cannot be null or empty");
    }
    if (Strings.isNullOrEmpty(password)) {
        throw new IllegalArgumentException("Password cannot be null or empty");
    }
    Users user = userFacade.findByEmail(email);
    if (user == null) {
        throw new LoginException("Could not find registered user with email " + email);
    }
    if (!needLogin(request, user)) {
        return Response.ok().build();
    }
    if (!userController.isUserInRole(user, "AGENT")) {
        throw new HopsSecurityException(RESTCodes.SecurityErrorCode.REST_ACCESS_CONTROL, Level.FINE, "Users are not allowed to access this endpoint, use auth/login instead", "User " + user.getUsername() + " tried to login but they don't have AGENT role");
    }
    request.getSession();
    Collection roles = user.getBbcGroupCollection();
    if (roles == null || roles.isEmpty()) {
        throw new UserException(RESTCodes.UserErrorCode.NO_ROLE_FOUND, Level.FINE);
    }
    statusValidator.checkStatus(user.getStatus());
    String saltedPassword = authController.preCustomRealmLoginCheck(user, password, null);
    try {
        request.login(user.getEmail(), saltedPassword);
    } catch (ServletException ex) {
        authController.registerAuthenticationFailure(user);
        throw new UserException(RESTCodes.UserErrorCode.AUTHENTICATION_FAILURE, Level.FINE, null, ex.getMessage(), ex);
    }
    // First generate the one-time tokens for renewal of master token
    String renewalKeyName = jwtController.getServiceOneTimeJWTSigningKeyname(user.getUsername(), request.getRemoteHost());
    LocalDateTime masterExpiration = DateUtils.getNow().plus(settings.getServiceJWTLifetimeMS(), ChronoUnit.MILLIS);
    LocalDateTime notBefore = jwtController.computeNotBefore4ServiceRenewalTokens(masterExpiration);
    LocalDateTime expiresAt = notBefore.plus(settings.getServiceJWTLifetimeMS(), ChronoUnit.MILLIS);
    List<String> userRoles = userController.getUserRoles(user);
    JsonWebToken renewalJWTSpec = new JsonWebToken();
    renewalJWTSpec.setSubject(user.getUsername());
    renewalJWTSpec.setIssuer(settings.getJWTIssuer());
    renewalJWTSpec.setAudience(JWTHelper.SERVICE_RENEW_JWT_AUDIENCE);
    renewalJWTSpec.setKeyId(renewalKeyName);
    renewalJWTSpec.setNotBefore(DateUtils.localDateTime2Date(notBefore));
    renewalJWTSpec.setExpiresAt(DateUtils.localDateTime2Date(expiresAt));
    Map<String, Object> claims = new HashMap<>(4);
    claims.put(Constants.RENEWABLE, false);
    claims.put(Constants.EXPIRY_LEEWAY, 3600);
    claims.put(Constants.ROLES, userRoles.toArray(new String[1]));
    String[] oneTimeRenewalTokens = jwtController.generateOneTimeTokens4ServiceJWTRenewal(renewalJWTSpec, claims, settings.getJWTSigningKeyName());
    // Then generate the master service token
    try {
        String signingKeyID = jwtController.getSignKeyID(oneTimeRenewalTokens[0]);
        claims.clear();
        // The rest of JWT claims will be added by JWTHelper
        claims.put(Constants.RENEWABLE, false);
        claims.put(Constants.SERVICE_JWT_RENEWAL_KEY_ID, signingKeyID);
        String token = jWTHelper.createToken(user, settings.getJWTIssuer(), claims);
        ServiceJWTDTO renewTokensResponse = new ServiceJWTDTO();
        renewTokensResponse.setRenewTokens(oneTimeRenewalTokens);
        return Response.ok().header(AUTHORIZATION, Constants.BEARER + token).entity(renewTokensResponse).build();
    } catch (Exception ex) {
        jwtController.deleteSigningKey(renewalKeyName);
        throw ex;
    }
}