io.nats.client.support

Class JwtUtils

java.lang.Object

io.nats.client.support.JwtUtils

public abstract class JwtUtils
extends java.lang.Object

Implements ADR-14

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	JwtUtils.Permission
static class	JwtUtils.ResponsePermission
static class	JwtUtils.TimeRange
static class	JwtUtils.UserClaim

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	NATS_USER_JWT_FORMAT Format string with `%s` placeholder for the JWT token followed by the user NKey seed.

Method Summary

Modifier and Type	Method and Description
static long	currentTimeSeconds() Get the current time in seconds since epoch.
static java.lang.String	getClaimBody(java.lang.String jwt) Get the claim body from a JWT
static java.lang.String	issueJWT(NKey signingKey, java.lang.String publicUserKey, java.lang.String name, java.time.Duration expiration, long issuedAt, java.lang.String accSigningKeyPub, JsonSerializable nats) Issue a JWT
static java.lang.String	issueJWT(NKey signingKey, java.lang.String publicUserKey, java.lang.String name, java.time.Duration expiration, long issuedAt, java.lang.String accSigningKeyPub, java.lang.String audience, JsonSerializable nats) Issue a JWT
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String accountId, java.lang.String publicUserKey) Issue a user JWT from a scoped signing key.
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String publicUserKey, java.lang.String name, java.time.Duration expiration, long issuedAt, JwtUtils.UserClaim nats) Issue a user JWT from a scoped signing key.
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String publicUserKey, java.lang.String name, java.time.Duration expiration, long issuedAt, java.lang.String audience, JwtUtils.UserClaim nats) Issue a user JWT from a scoped signing key.
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String accountId, java.lang.String publicUserKey, java.lang.String name) Issue a user JWT from a scoped signing key.
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String accountId, java.lang.String publicUserKey, java.lang.String name, java.time.Duration expiration, java.lang.String... tags) Issue a user JWT from a scoped signing key.
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String accountId, java.lang.String publicUserKey, java.lang.String name, java.time.Duration expiration, java.lang.String[] tags, long issuedAt) Issue a user JWT from a scoped signing key.
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String accountId, java.lang.String publicUserKey, java.lang.String name, java.time.Duration expiration, java.lang.String[] tags, long issuedAt, java.lang.String audience)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NATS_USER_JWT_FORMAT

public static final java.lang.String NATS_USER_JWT_FORMAT

Format string with `%s` placeholder for the JWT token followed by the user NKey seed. This can be directly used as such:

 NKey userKey = NKey.createUser(new SecureRandom());
 NKey signingKey = loadFromSecretStore();
 String jwt = issueUserJWT(signingKey, accountId, new String(userKey.getPublicKey()));
 String.format(JwtUtils.NATS_USER_JWT_FORMAT, jwt, new String(userKey.getSeed()));
 

See Also:

Constant Field Values

Method Detail

currentTimeSeconds

public static long currentTimeSeconds()

Get the current time in seconds since epoch. Used for issue time.

Returns:

the time

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String accountId,
                                            java.lang.String publicUserKey)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Issue a user JWT from a scoped signing key. See Signing Keys

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

accountId - a mandatory public account nkey. Will throw error when not set or not account nkey.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String accountId,
                                            java.lang.String publicUserKey,
                                            java.lang.String name)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Issue a user JWT from a scoped signing key. See Signing Keys

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

accountId - a mandatory public account nkey. Will throw error when not set or not account nkey.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

name - optional human-readable name. When absent, default to publicUserKey.

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String accountId,
                                            java.lang.String publicUserKey,
                                            java.lang.String name,
                                            java.time.Duration expiration,
                                            java.lang.String... tags)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Issue a user JWT from a scoped signing key. See Signing Keys

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

accountId - a mandatory public account nkey. Will throw error when not set or not account nkey.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

name - optional human-readable name. When absent, default to publicUserKey.

expiration - optional but recommended duration, when the generated jwt needs to expire. If not set, JWT will not expire.

tags - optional list of tags to be included in the JWT.

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String accountId,
                                            java.lang.String publicUserKey,
                                            java.lang.String name,
                                            java.time.Duration expiration,
                                            java.lang.String[] tags,
                                            long issuedAt)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Issue a user JWT from a scoped signing key. See Signing Keys

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

accountId - a mandatory public account nkey. Will throw error when not set or not account nkey.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

name - optional human-readable name. When absent, default to publicUserKey.

expiration - optional but recommended duration, when the generated jwt needs to expire. If not set, JWT will not expire.

tags - optional list of tags to be included in the JWT.

issuedAt - the current epoch seconds.

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String accountId,
                                            java.lang.String publicUserKey,
                                            java.lang.String name,
                                            java.time.Duration expiration,
                                            java.lang.String[] tags,
                                            long issuedAt,
                                            java.lang.String audience)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Throws:

java.security.GeneralSecurityException

java.io.IOException

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String publicUserKey,
                                            java.lang.String name,
                                            java.time.Duration expiration,
                                            long issuedAt,
                                            JwtUtils.UserClaim nats)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Issue a user JWT from a scoped signing key. See Signing Keys

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

name - optional human-readable name. When absent, default to publicUserKey.

expiration - optional but recommended duration, when the generated jwt needs to expire. If not set, JWT will not expire.

issuedAt - the current epoch seconds.

nats - the user claim

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String publicUserKey,
                                            java.lang.String name,
                                            java.time.Duration expiration,
                                            long issuedAt,
                                            java.lang.String audience,
                                            JwtUtils.UserClaim nats)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Issue a user JWT from a scoped signing key. See Signing Keys

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

name - optional human-readable name. When absent, default to publicUserKey.

expiration - optional but recommended duration, when the generated jwt needs to expire. If not set, JWT will not expire.

issuedAt - the current epoch seconds.

audience - the optional audience

nats - the user claim

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueJWT

public static java.lang.String issueJWT(NKey signingKey,
                                        java.lang.String publicUserKey,
                                        java.lang.String name,
                                        java.time.Duration expiration,
                                        long issuedAt,
                                        java.lang.String accSigningKeyPub,
                                        JsonSerializable nats)
                                 throws java.security.GeneralSecurityException,
                                        java.io.IOException

Issue a JWT

Parameters:

signingKey - account nkey pair to sign the generated jwt.

publicUserKey - a mandatory public user nkey.

name - optional human-readable name.

expiration - optional but recommended duration, when the generated jwt needs to expire. If not set, JWT will not expire.

issuedAt - the current epoch seconds.

accSigningKeyPub - the account signing key

nats - the generic nats claim

Returns:

a JWT

Throws:

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueJWT

public static java.lang.String issueJWT(NKey signingKey,
                                        java.lang.String publicUserKey,
                                        java.lang.String name,
                                        java.time.Duration expiration,
                                        long issuedAt,
                                        java.lang.String accSigningKeyPub,
                                        java.lang.String audience,
                                        JsonSerializable nats)
                                 throws java.security.GeneralSecurityException,
                                        java.io.IOException

Issue a JWT

Parameters:

signingKey - account nkey pair to sign the generated jwt.

publicUserKey - a mandatory public user nkey.

name - optional human-readable name.

expiration - optional but recommended duration, when the generated jwt needs to expire. If not set, JWT will not expire.

issuedAt - the current epoch seconds.

accSigningKeyPub - the account signing key

audience - the optional audience

nats - the generic nats claim

Returns:

a JWT

Throws:

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

getClaimBody

public static java.lang.String getClaimBody(java.lang.String jwt)

Get the claim body from a JWT

Parameters:

jwt - the encoded jwt

Returns:

the claim body json