Last active
November 9, 2015 12:35
-
-
Save cjmamo/37732487df6f59fc7177 to your computer and use it in GitHub Desktop.
Implementing a Replicated Token Service with JSON Web Tokens
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.jose4j.jwk.RsaJsonWebKey; | |
| import org.jose4j.jwk.RsaJwkGenerator; | |
| ... | |
| private void registerPublicKey() throws Exception { | |
| TokenServiceContext context = TokenServiceContext.getInstance(); | |
| RsaJsonWebKey rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048); | |
| rsaJsonWebKey.setKeyId(context.getNodeId()); | |
| ConfigurationDataMapper.insertConfiguration(context.getNodeId(), "PUBLIC_KEY", rsaJsonWebKey.toJson()); | |
| context.setKey(rsaJsonWebKey); | |
| } | |
| ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| public void onShutdown() throws Exception { | |
| ConfigurationDataMapper.deleteConfiguration(TokenServiceContext.getInstance().getNodeId()); | |
| } | |
| ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CREATE TABLE CONFIGURATION | |
| ( | |
| nodeId VARCHAR(36), | |
| name VARCHAR(255), | |
| value_ VARCHAR(1000) NOT NULL, | |
| PRIMARY KEY (nodeId, name) | |
| ); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.jose4j.jwt.JwtClaims; | |
| import org.jose4j.jwk.RsaJsonWebKey; | |
| import org.jose4j.jws.AlgorithmIdentifiers; | |
| import org.jose4j.jws.JsonWebSignature; | |
| ... | |
| public String createToken(RsaJsonWebKey rsaJsonWebKey) throws Exception { | |
| JwtClaims claims = new JwtClaims(); | |
| claims.setExpirationTimeMinutesInTheFuture(5); | |
| claims.setGeneratedJwtId(); | |
| claims.setIssuedAtToNow(); | |
| JsonWebSignature jwe = new JsonWebSignature(); | |
| jwe.setPayload(claims.toJson()); | |
| jwe.setKey(rsaJsonWebKey.getPrivateKey()); | |
| jwe.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId()); | |
| jwe.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); | |
| String jwt = jwe.getCompactSerialization(); | |
| return jwt; | |
| } | |
| ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.jose4j.keys.resolvers.JwksVerificationKeyResolver; | |
| import org.jose4j.jwt.consumer.JwtConsumer; | |
| import org.jose4j.jwt.consumer.JwtConsumerBuilder; | |
| import org.jose4j.jwt.consumer.InvalidJwtException; | |
| import org.jose4j.jwt.JwtClaims; | |
| import org.jose4j.jwk.RsaJsonWebKey; | |
| import org.jose4j.jwk.PublicJsonWebKey; | |
| import org.jose4j.jwk.JsonWebKey; | |
| ... | |
| public Boolean verifyToken(String token) throws Exception { | |
| List<JsonWebKey> jsonWebKeys = new ArrayList<>(); | |
| List<Configuration> publicKeys = ConfigurationDataMapper.getConfigurationsByName("PUBLIC_KEY"); | |
| for (Configuration publicKey : publicKeys) { | |
| PublicJsonWebKey jsonWebKey = PublicJsonWebKey.Factory.newPublicJwk(publicKey.getValue_()); | |
| RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey((RSAPublicKey) jsonWebKey.getPublicKey()); | |
| rsaJsonWebKey.setKeyId(publicKey.getNodeId()); | |
| jsonWebKeys.add(rsaJsonWebKey); | |
| } | |
| return isValid(token, jsonWebKeys); | |
| } | |
| ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.jose4j.keys.resolvers.JwksVerificationKeyResolver; | |
| import org.jose4j.jwt.consumer.JwtConsumer; | |
| import org.jose4j.jwt.consumer.JwtConsumerBuilder; | |
| import org.jose4j.jwt.consumer.InvalidJwtException; | |
| import org.jose4j.jwt.JwtClaims; | |
| import org.jose4j.jwk.RsaJsonWebKey; | |
| import org.jose4j.jwk.PublicJsonWebKey; | |
| import org.jose4j.jwk.JsonWebKey; | |
| ... | |
| public Boolean isValid(String token, ArrayList<JsonWebKey> jsonWebKeys) throws Exception { | |
| JwksVerificationKeyResolver jwksVerificationKeyResolver = new JwksVerificationKeyResolver(jsonWebKeys); | |
| JwtConsumer jwtConsumer = new JwtConsumerBuilder() | |
| .setRequireExpirationTime() | |
| .setRequireSubject() | |
| .setVerificationKeyResolver(jwksVerificationKeyResolver) | |
| .build(); | |
| try { | |
| jwtConsumer.processToClaims(token); | |
| return true; | |
| } catch (InvalidJwtException e) { | |
| return false; | |
| } | |
| } | |
| ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment