Peer-at-Code/peer-at-code-framework
5
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refractor JWT, making it configurable

Browse source
This commit is contained in:
jeffcheasey88 2023-07-26 12:34:29 +02:00
parent 04b0d10330
commit bd89572dc5
2 changed files with 28 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/be/jeffcheasey88/peeratcode/framework/Client.java
View file

@ -41,14 +41,7 @@ public class Client extends Thread{
if(auth == null) return null; if(auth == null) return null;
auth = auth.substring(7); auth = auth.substring(7);
try{ try{
JwtConsumer jwtConsumer = new JwtConsumerBuilder() JwtClaims jwtClaims = this.router.getJwtConsumer().processToClaims(auth);
.setRequireExpirationTime()
.setAllowedClockSkewInSeconds(30)
.setExpectedIssuer(this.router.getTokenIssuer())
.setVerificationKey(this.router.getWebKey().getKey())
.setJwsAlgorithmConstraints(ConstraintType.PERMIT, AlgorithmIdentifiers.RSA_USING_SHA256).build();
JwtClaims jwtClaims = jwtConsumer.processToClaims(auth);
return new User(jwtClaims); return new User(jwtClaims);
}catch(Exception e){ }catch(Exception e){
writer.response(401, "Access-Control-Allow-Origin: *"); writer.response(401, "Access-Control-Allow-Origin: *");

44
src/be/jeffcheasey88/peeratcode/framework/Router.java
View file

@ -7,37 +7,52 @@ import java.security.MessageDigest;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Map.Entry; import java.util.Map.Entry;
import java.util.function.Consumer;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLServerSocketFactory;
import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
import org.jose4j.jwk.RsaJsonWebKey; import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwk.RsaJwkGenerator; import org.jose4j.jwk.RsaJwkGenerator;
import org.jose4j.jws.AlgorithmIdentifiers; import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature; import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims; import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.JwtConsumer;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.lang.JoseException; import org.jose4j.lang.JoseException;
public class Router{ public class Router{
public static void main(String[] args){}
private Map<RequestType, Map<Response, Route>> responses; private Map<RequestType, Map<Response, Route>> responses;
private Map<Response, Pattern> patterns; private Map<Response, Pattern> patterns;
private Response noFileFound; private Response noFileFound;
private RsaJsonWebKey rsaJsonWebKey; private RsaJsonWebKey rsaJsonWebKey;
private String token_issuer; private JwtConsumer jwtConsumer;
private int token_expiration; private Consumer<JwtClaims> claims;
public Router(String token_issuer, int token_expiration) throws Exception{ public Router() throws Exception{
this.token_issuer = token_issuer;
this.token_expiration = token_expiration;
this.responses = new HashMap<>(); this.responses = new HashMap<>();
for(RequestType type : RequestType.values()) this.responses.put(type, new HashMap<>()); for(RequestType type : RequestType.values()) this.responses.put(type, new HashMap<>());
this.patterns = new HashMap<>(); this.patterns = new HashMap<>();
this.rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048); this.rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);
}
public Router configureJwt(Consumer<JwtConsumerBuilder> consumer, Consumer<JwtClaims> claims){
JwtConsumerBuilder builder = new JwtConsumerBuilder()
.setRequireExpirationTime()
.setAllowedClockSkewInSeconds(30)
.setVerificationKey(rsaJsonWebKey.getKey())
.setJwsAlgorithmConstraints(ConstraintType.PERMIT, AlgorithmIdentifiers.RSA_USING_SHA256);
consumer.accept(builder);
this.jwtConsumer = builder.build();
this.claims = claims;
return this;
} }
public void listen(int port, boolean ssl) throws Exception{ public void listen(int port, boolean ssl) throws Exception{
@ -110,26 +125,21 @@ public class Router{
if(noFileFound != null) noFileFound.exec(null, user, reader, writer); if(noFileFound != null) noFileFound.exec(null, user, reader, writer);
} }
public RsaJsonWebKey getWebKey(){
return this.rsaJsonWebKey;
}
public String getTokenIssuer(){
return this.token_issuer;
}
public void configureSSL(String keyStore, String keyStorePassword){ public void configureSSL(String keyStore, String keyStorePassword){
System.setProperty("javax.net.ssl.keyStore", keyStore); System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword); System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
} }
public JwtConsumer getJwtConsumer(){
return this.jwtConsumer;
}
public String createAuthUser(int id) throws JoseException{ public String createAuthUser(int id) throws JoseException{
JwtClaims claims = new JwtClaims(); JwtClaims claims = new JwtClaims();
claims.setIssuer(token_issuer); // who creates the token and signs it
claims.setExpirationTimeMinutesInTheFuture(token_expiration);
claims.setGeneratedJwtId(); // a unique identifier for the token claims.setGeneratedJwtId(); // a unique identifier for the token
claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setIssuedAtToNow(); // when the token was issued/created (now)
claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago)
this.claims.accept(claims);
claims.setClaim("id", id); claims.setClaim("id", id);