Class MyOtherJWTUtil2
- java.lang.Object
-
- org.oa4mp.delegation.server.jwt.MyOtherJWTUtil2
-
- Direct Known Subclasses:
JWTUtil
public class MyOtherJWTUtil2 extends Object
Creates JWT tokens from their serialized form H.P.S (Header, Payload and Signature), signs them or verifies them. This will create both signed and unsigned tokens if requested. The format is to have a header that describes the content, including algorithm (fixed at "none" here) and a payload of claims. Both of these are in JSON. The token then consists of based64 encoding both of these and
encoded header + "." + encoded payload + "." + signature
If the token is unsigned, the last period is still manadatory and must end this.Created by Jeff Gaynor
on 2/9/15 at 10:45 AM
-
-
Field Summary
Fields Modifier and Type Field Description static String
ALGORITHM
static String
DEFAULT_TYPE
static int
HEADER_INDEX
static String
KEY_ID
static String
NONE_JWT
static int
NONE_KEY
static int
PAYLOAD_INDEX
static String
RS256_JAVA
static String
RS256_JWT
static int
RS256_KEY
static String
RS384_JAVA
static String
RS384_JWT
static int
RS384_KEY
static String
RS512_JAVA
static String
RS512_JWT
static int
RS512_KEY
static int
SIGNATURE_INDEX
static String
TYPE
-
Constructor Summary
Constructors Constructor Description MyOtherJWTUtil2()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected static String
concat(net.sf.json.JSONObject header, net.sf.json.JSONObject payload)
static String
createJWT(net.sf.json.JSONObject payload)
Creates an unsigned token.static String
createJWT(net.sf.json.JSONObject payload, edu.uiuc.ncsa.security.util.jwk.JSONWebKey jsonWebKey)
static String
createJWT(net.sf.json.JSONObject payload, edu.uiuc.ncsa.security.util.jwk.JSONWebKey jsonWebKey, String type)
static String
createJWT(net.sf.json.JSONObject payload, String type)
static String[]
decat(String jwt)
This returns header, payload and signature as the three elements of an array.protected static String
getJavaSignatureName(String algorithm)
static edu.uiuc.ncsa.security.util.jwk.JSONWebKeys
getJsonWebKeys(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient, String wellKnown)
static edu.uiuc.ncsa.security.util.jwk.JSONWebKeys
getJsonWebKeys(String wellKnown)
Create a basicServiceClient
to get the keys from the well known page.static edu.uiuc.ncsa.security.util.jwk.JSONWebKeys
getJsonWebKeys(URI wellKnown)
edu.uiuc.ncsa.security.util.jwk.JWKUtil2
getJwkUtil2()
static net.sf.json.JSONObject[]
readJWT(String jwt)
This will only peel off the header and payload.void
setJwkUtil2(edu.uiuc.ncsa.security.util.jwk.JWKUtil2 jwkUtil2)
protected static String
sign(String x, edu.uiuc.ncsa.security.util.jwk.JSONWebKey webkey)
protected static String
sign(net.sf.json.JSONObject header, net.sf.json.JSONObject payload, edu.uiuc.ncsa.security.util.jwk.JSONWebKey webkey)
static boolean
verify(com.nimbusds.jose.util.Base64URL header, com.nimbusds.jose.util.Base64URL payload, com.nimbusds.jose.util.Base64URL signature, edu.uiuc.ncsa.security.util.jwk.JSONWebKey webKey)
static net.sf.json.JSONObject
verifyAndReadJWT(String jwt, edu.uiuc.ncsa.security.util.jwk.JSONWebKeys webKeys)
Verify and read a JWT.static net.sf.json.JSONObject
verifyAndReadJWT(String jwt, URI wellKnown)
-
-
-
Field Detail
-
TYPE
public static String TYPE
-
KEY_ID
public static String KEY_ID
-
ALGORITHM
public static String ALGORITHM
-
DEFAULT_TYPE
public static String DEFAULT_TYPE
-
NONE_JWT
public static final String NONE_JWT
- See Also:
- Constant Field Values
-
NONE_KEY
public static final int NONE_KEY
- See Also:
- Constant Field Values
-
RS256_JWT
public static final String RS256_JWT
- See Also:
- Constant Field Values
-
RS256_JAVA
public static final String RS256_JAVA
- See Also:
- Constant Field Values
-
RS256_KEY
public static final int RS256_KEY
- See Also:
- Constant Field Values
-
RS384_JWT
public static final String RS384_JWT
- See Also:
- Constant Field Values
-
RS384_JAVA
public static final String RS384_JAVA
- See Also:
- Constant Field Values
-
RS384_KEY
public static final int RS384_KEY
- See Also:
- Constant Field Values
-
RS512_JWT
public static final String RS512_JWT
- See Also:
- Constant Field Values
-
RS512_JAVA
public static final String RS512_JAVA
- See Also:
- Constant Field Values
-
RS512_KEY
public static final int RS512_KEY
- See Also:
- Constant Field Values
-
HEADER_INDEX
public static final int HEADER_INDEX
- See Also:
- Constant Field Values
-
PAYLOAD_INDEX
public static final int PAYLOAD_INDEX
- See Also:
- Constant Field Values
-
SIGNATURE_INDEX
public static final int SIGNATURE_INDEX
- See Also:
- Constant Field Values
-
-
Method Detail
-
getJwkUtil2
public edu.uiuc.ncsa.security.util.jwk.JWKUtil2 getJwkUtil2()
-
setJwkUtil2
public void setJwkUtil2(edu.uiuc.ncsa.security.util.jwk.JWKUtil2 jwkUtil2)
-
createJWT
public static String createJWT(net.sf.json.JSONObject payload)
Creates an unsigned token.- Parameters:
payload
-- Returns:
-
createJWT
public static String createJWT(net.sf.json.JSONObject payload, edu.uiuc.ncsa.security.util.jwk.JSONWebKey jsonWebKey) throws ParseException, com.nimbusds.jose.JOSEException
- Throws:
ParseException
com.nimbusds.jose.JOSEException
-
createJWT
public static String createJWT(net.sf.json.JSONObject payload, edu.uiuc.ncsa.security.util.jwk.JSONWebKey jsonWebKey, String type) throws ParseException, com.nimbusds.jose.JOSEException
- Throws:
ParseException
com.nimbusds.jose.JOSEException
-
concat
protected static String concat(net.sf.json.JSONObject header, net.sf.json.JSONObject payload)
-
sign
protected static String sign(net.sf.json.JSONObject header, net.sf.json.JSONObject payload, edu.uiuc.ncsa.security.util.jwk.JSONWebKey webkey) throws com.nimbusds.jose.JOSEException, ParseException
- Throws:
com.nimbusds.jose.JOSEException
ParseException
-
sign
protected static String sign(String x, edu.uiuc.ncsa.security.util.jwk.JSONWebKey webkey) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException
-
verify
public static boolean verify(com.nimbusds.jose.util.Base64URL header, com.nimbusds.jose.util.Base64URL payload, com.nimbusds.jose.util.Base64URL signature, edu.uiuc.ncsa.security.util.jwk.JSONWebKey webKey) throws ParseException, com.nimbusds.jose.JOSEException
- Throws:
ParseException
com.nimbusds.jose.JOSEException
-
decat
public static String[] decat(String jwt)
This returns header, payload and signature as the three elements of an array.- Parameters:
jwt
-- Returns:
- Throws:
IllegalArgumentException
- if this is not parsable as a token of the form A.B[.C]
-
readJWT
public static net.sf.json.JSONObject[] readJWT(String jwt)
This will only peel off the header and payload. No verification of any sort is done!!- Parameters:
jwt
-- Returns:
- Throws:
IllegalArgumentException
- if this is not JWT or the argument is null
-
verifyAndReadJWT
public static net.sf.json.JSONObject verifyAndReadJWT(String jwt, edu.uiuc.ncsa.security.util.jwk.JSONWebKeys webKeys)
Verify and read a JWT. Note that this returns any of several exceptions which you should check for as needed. AnIllegalArgumentException
means that this is not in fact a JWT, all other exceptions relate to whether the internal structure passes muster.- Parameters:
jwt
-webKeys
-- Returns:
- Throws:
IllegalArgumentException
- if this is not a JWT or the argument is nulledu.uiuc.ncsa.security.core.exceptions.InvalidAlgorithmException
- if there is no algorithm or the algorith is not supportededu.uiuc.ncsa.security.core.exceptions.InvalidSignatureException
- if the signature fails to verifyedu.uiuc.ncsa.security.core.exceptions.UnsupportedJWTTypeException
- if the internal type of the token is not supported
-
getJsonWebKeys
public static edu.uiuc.ncsa.security.util.jwk.JSONWebKeys getJsonWebKeys(String wellKnown)
Create a basicServiceClient
to get the keys from the well known page. If you require a special setup (e.g. your own SSL certs), you will need to create your own ServiceClient and supply that in the related call getJSONWebKeys(ServiceClient, String wellKnown).- Parameters:
wellKnown
-- Returns:
-
getJsonWebKeys
public static edu.uiuc.ncsa.security.util.jwk.JSONWebKeys getJsonWebKeys(URI wellKnown)
-
getJsonWebKeys
public static edu.uiuc.ncsa.security.util.jwk.JSONWebKeys getJsonWebKeys(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient, String wellKnown)
-
-