Package edu.uiuc.ncsa.oa4mp.delegation.oa2.jwt

Class MyOtherJWTUtil2

  • Direct Known Subclasses:
    JWTUtil
    public class MyOtherJWTUtil2
extends Object
    Creates JWT tokens from their serialized form H.P.S (Header, Payload and Signature), signs them or verifies them. This will create both signed and unsigned tokens if requested. The format is to have a header that describes the content, including algorithm (fixed at "none" here) and a payload of claims. Both of these are in JSON. The token then consists of based64 encoding both of these and

    encoded header + "." + encoded payload + "." + signature

    If the token is unsigned, the last period is still manadatory and must end this.

    Created by Jeff Gaynor
    on 2/9/15 at 10:45 AM

    • Constructor Detail

      • MyOtherJWTUtil2

        public MyOtherJWTUtil2()

    • Method Detail

      • getJwkUtil2

        public edu.uiuc.ncsa.security.util.jwk.JWKUtil2 getJwkUtil2()

      • setJwkUtil2

        public void setJwkUtil2​(edu.uiuc.ncsa.security.util.jwk.JWKUtil2 jwkUtil2)

      • createJWT

        public static String createJWT​(net.sf.json.JSONObject payload)
        Creates an unsigned token.
        Parameters:
        payload -
        Returns:

      • createJWT

        public static String createJWT​(net.sf.json.JSONObject payload,
                               String type)

      • createJWT

        public static String createJWT​(net.sf.json.JSONObject payload,
                               edu.uiuc.ncsa.security.util.jwk.JSONWebKey jsonWebKey)
                        throws ParseException,
                               com.nimbusds.jose.JOSEException
        Throws:
        ParseException
        com.nimbusds.jose.JOSEException

      • createJWT

        public static String createJWT​(net.sf.json.JSONObject payload,
                               edu.uiuc.ncsa.security.util.jwk.JSONWebKey jsonWebKey,
                               String type)
                        throws ParseException,
                               com.nimbusds.jose.JOSEException
        Throws:
        ParseException
        com.nimbusds.jose.JOSEException

      • concat

        protected static String concat​(net.sf.json.JSONObject header,
                               net.sf.json.JSONObject payload)

      • sign

        protected static String sign​(net.sf.json.JSONObject header,
                             net.sf.json.JSONObject payload,
                             edu.uiuc.ncsa.security.util.jwk.JSONWebKey webkey)
                      throws com.nimbusds.jose.JOSEException,
                             ParseException
        Throws:
        com.nimbusds.jose.JOSEException
        ParseException

      • getJavaSignatureName

        protected static String getJavaSignatureName​(String algorithm)

      • verify

        public static boolean verify​(com.nimbusds.jose.util.Base64URL header,
                             com.nimbusds.jose.util.Base64URL payload,
                             com.nimbusds.jose.util.Base64URL signature,
                             edu.uiuc.ncsa.security.util.jwk.JSONWebKey webKey)
                      throws ParseException,
                             com.nimbusds.jose.JOSEException
        Throws:
        ParseException
        com.nimbusds.jose.JOSEException

      • decat

        public static String[] decat​(String jwt)
        This returns header, payload and signature as the three elements of an array.
        Parameters:
        jwt -
        Returns:
        Throws:
        IllegalArgumentException - if this is not parsable as a token of the form A.B[.C]

      • readJWT

        public static net.sf.json.JSONObject[] readJWT​(String jwt)
        This will only peel off the header and payload. No verification of any sort is done!!
        Parameters:
        jwt -
        Returns:
        Throws:
        IllegalArgumentException - if this is not JWT or the argument is null

      • verifyAndReadJWT

        public static net.sf.json.JSONObject verifyAndReadJWT​(String jwt,
                                                      edu.uiuc.ncsa.security.util.jwk.JSONWebKeys webKeys)
        Verify and read a JWT. Note that this returns any of several exceptions which you should check for as needed. An IllegalArgumentException means that this is not in fact a JWT, all other exceptions relate to whether the internal structure passes muster.
        Parameters:
        jwt -
        webKeys -
        Returns:
        Throws:
        IllegalArgumentException - if this is not a JWT or the argument is null
        edu.uiuc.ncsa.security.core.exceptions.InvalidAlgorithmException - if there is no algorithm or the algorith is not supported
        edu.uiuc.ncsa.security.core.exceptions.InvalidSignatureException - if the signature fails to verify
        edu.uiuc.ncsa.security.core.exceptions.UnsupportedJWTTypeException - if the internal type of the token is not supported

      • getJsonWebKeys

        public static edu.uiuc.ncsa.security.util.jwk.JSONWebKeys getJsonWebKeys​(String wellKnown)
        Create a basic ServiceClient to get the keys from the well known page. If you require a special setup (e.g. your own SSL certs), you will need to create your own ServiceClient and supply that in the related call getJSONWebKeys(ServiceClient, String wellKnown).
        Parameters:
        wellKnown -
        Returns:

      • getJsonWebKeys

        public static edu.uiuc.ncsa.security.util.jwk.JSONWebKeys getJsonWebKeys​(URI wellKnown)

      • verifyAndReadJWT

        public static net.sf.json.JSONObject verifyAndReadJWT​(String jwt,
                                                      URI wellKnown)

      • getJsonWebKeys

        public static edu.uiuc.ncsa.security.util.jwk.JSONWebKeys getJsonWebKeys​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient,
                                                                         String wellKnown)