use of io.hops.hopsworks.jwt.exception.VerificationException in project hopsworks by logicalclocks.
the class JWTController method verifyToken.
/**
* Verify a token
*
* @param token
* @param issuer
* @param audiences
* @param roles
* @return
* @throws SigningKeyNotFoundException
* @throws VerificationException
*/
public DecodedJWT verifyToken(String token, String issuer, Set<String> audiences, Set<String> roles) throws SigningKeyNotFoundException, VerificationException {
JsonWebToken jwt = new JsonWebToken(JWT.decode(token));
issuer = issuer == null || issuer.isEmpty() ? jwt.getIssuer() : issuer;
DecodedJWT djwt = verifyToken(token, issuer, jwt.getExpLeeway(), algorithmFactory.getAlgorithm(jwt));
if (isTokenInvalidated(djwt)) {
throw new VerificationException("Invalidated token.");
}
Set<String> rolesSet = new HashSet<>(jwt.getRole());
if (roles != null && !roles.isEmpty()) {
if (!intersect(roles, rolesSet)) {
throw new AccessLocalException("Client not authorized for this invocation.");
}
}
Set<String> audiencesSet = new HashSet<>(jwt.getAudience());
if (audiences != null && !audiences.isEmpty()) {
if (!intersect(audiences, audiencesSet)) {
throw new AccessLocalException("Token not issued for this recipient.");
}
}
return djwt;
}
use of io.hops.hopsworks.jwt.exception.VerificationException in project hopsworks by logicalclocks.
the class JWTController method verifyToken.
private DecodedJWT verifyToken(String token, String issuer, int expLeeway, Algorithm algorithm) throws VerificationException {
DecodedJWT jwt = null;
try {
JWTVerifier verifier = JWT.require(algorithm).withIssuer(issuer).acceptExpiresAt(expLeeway).build();
jwt = verifier.verify(token);
} catch (Exception e) {
throw new VerificationException(e.getMessage());
}
return jwt;
}
use of io.hops.hopsworks.jwt.exception.VerificationException in project hopsworks by logicalclocks.
the class JWTController method verifyToken.
/**
* Verify a token
*
* @param token
* @param issuer
* @return
* @throws SigningKeyNotFoundException
* @throws VerificationException
*/
public DecodedJWT verifyToken(String token, String issuer) throws SigningKeyNotFoundException, VerificationException {
DecodedJWT jwt = JWT.decode(token);
issuer = issuer == null || issuer.isEmpty() ? jwt.getIssuer() : issuer;
int expLeeway = getExpLeewayClaim(jwt);
jwt = verifyToken(token, issuer, expLeeway, algorithmFactory.getAlgorithm(jwt));
if (isTokenInvalidated(jwt)) {
throw new VerificationException("Invalidated token.");
}
return jwt;
}
use of io.hops.hopsworks.jwt.exception.VerificationException in project hopsworks by logicalclocks.
the class JWTHelper method renewServiceToken.
/**
* Helper method to generate one-time tokens for service JWT renewal and renew the
* master service JWT
* @param token2renew Service JWT to renew
* @param oneTimeRenewalToken Valid one-time token associated with the master token to be renewed.
* One time tokens are generated once a service is logged-in and every time
* it renews its master token
* @param user Logged in user
* @param remoteHostname Hostname of the machine the service runs
* @return Renewed master service JWT and five one-time tokens used to renew it
* @throws JWTException
* @throws NoSuchAlgorithmException
*/
public ServiceJWTDTO renewServiceToken(JsonWebTokenDTO token2renew, String oneTimeRenewalToken, Users user, String remoteHostname) throws JWTException, NoSuchAlgorithmException {
if (Strings.isNullOrEmpty(oneTimeRenewalToken)) {
throw new VerificationException("Service renewal token cannot be null or empty");
}
if (user == null) {
DecodedJWT decodedJWT = jwtController.decodeToken(oneTimeRenewalToken);
throw new VerificationException("Could not find user associated with JWT with ID: " + decodedJWT.getId());
}
LocalDateTime now = DateUtils.getNow();
Date expiresAt = token2renew.getExpiresAt() != null ? token2renew.getExpiresAt() : DateUtils.localDateTime2Date(now.plus(settings.getServiceJWTLifetimeMS(), ChronoUnit.MILLIS));
Date notBefore = token2renew.getNbf() != null ? token2renew.getNbf() : DateUtils.localDateTime2Date(now);
List<String> userRoles = userController.getUserRoles(user);
Pair<String, String[]> renewedTokens = jwtController.renewServiceToken(oneTimeRenewalToken, token2renew.getToken(), expiresAt, notBefore, settings.getServiceJWTLifetimeMS(), user.getUsername(), userRoles, SERVICE_RENEW_JWT_AUDIENCE, remoteHostname, settings.getJWTIssuer(), settings.getJWTSigningKeyName(), false);
int expLeeway = jwtController.getExpLeewayClaim(jwtController.decodeToken(renewedTokens.getLeft()));
JWTResponseDTO renewedServiceToken = new JWTResponseDTO(renewedTokens.getLeft(), expiresAt, notBefore, expLeeway);
return new ServiceJWTDTO(renewedServiceToken, renewedTokens.getRight());
}
Aggregations