Package org.eclipse.hono.util
Class JwtHelper
- java.lang.Object
-
- org.eclipse.hono.util.JwtHelper
-
public abstract class JwtHelper extends Object
A utility class for generating JWT tokens asserting the registration status of devices.
-
-
Field Summary
Fields Modifier and Type Field Description protected io.jsonwebtoken.SignatureAlgorithm
algorithm
The signature algorithm used for signing.protected Key
key
The secret key used for signing.protected Duration
tokenLifetime
The lifetime of created tokens.
-
Constructor Summary
Constructors Modifier Constructor Description protected
JwtHelper(io.vertx.core.Vertx vertx)
Creates a new helper for a vertx instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected static <T extends JwtHelper>
TforSharedSecret(String sharedSecret, long tokenExpiration, Supplier<T> instanceSupplier)
Creates a helper that can be used for creating and verifying signatures of JWTs.protected static <T extends JwtHelper>
TforSigning(SignatureSupportingConfigProperties config, Supplier<T> instanceSupplier)
Creates a helper that can be used for creating signed JWTs.protected static <T extends JwtHelper>
TforValidating(SignatureSupportingConfigProperties config, Supplier<T> instanceSupplier)
Creates a helper that can be used for verifying signatures of JWTs.protected static byte[]
getBytes(String secret)
Gets the bytes representing the UTF8 encoding of a secret.static Date
getExpiration(String token)
Gets the value of the exp claim of a JWT.Duration
getTokenLifetime()
Gets the duration being used for calculating the exp claim of tokens created by this class.static boolean
isExpired(String token, int allowedClockSkewSeconds)
Checks if a token is expired.static boolean
isExpired(String token, Instant now)
Checks if a token is expired.protected void
setPrivateKey(String keyPath)
Sets the path to a PKCS8 PEM file containing the RSA private key to use for signing tokens asserting the registration status of devices.protected void
setPublicKey(String keyPath)
Sets the path to a PEM file containing a certificate holding a public key to use for validating the signature of tokens asserting the registration status of devices.protected void
setSharedSecret(byte[] secret)
Sets the secret to use for signing tokens asserting the registration status of devices.
-
-
-
Method Detail
-
getBytes
protected static final byte[] getBytes(String secret)
Gets the bytes representing the UTF8 encoding of a secret.- Parameters:
secret
- The string to get the bytes for.- Returns:
- The bytes.
-
setSharedSecret
protected final void setSharedSecret(byte[] secret)
Sets the secret to use for signing tokens asserting the registration status of devices.- Parameters:
secret
- The secret to use.- Throws:
NullPointerException
- if secret isnull
.IllegalArgumentException
- if the secret is < 32 bytes.
-
setPrivateKey
protected final void setPrivateKey(String keyPath)
Sets the path to a PKCS8 PEM file containing the RSA private key to use for signing tokens asserting the registration status of devices.- Parameters:
keyPath
- The absolute path to the file.- Throws:
NullPointerException
- if the path isnull
.IllegalArgumentException
- if the key cannot be read from the file.
-
setPublicKey
protected final void setPublicKey(String keyPath)
Sets the path to a PEM file containing a certificate holding a public key to use for validating the signature of tokens asserting the registration status of devices.- Parameters:
keyPath
- The absolute path to the file.- Throws:
NullPointerException
- if the path isnull
.IllegalArgumentException
- if the key cannot be read from the file.
-
getTokenLifetime
public final Duration getTokenLifetime()
Gets the duration being used for calculating the exp claim of tokens created by this class.Clients should always check if a token is expired before using any information contained in the token.
- Returns:
- The duration.
-
isExpired
public static final boolean isExpired(String token, int allowedClockSkewSeconds)
Checks if a token is expired.- Parameters:
token
- The token to check.allowedClockSkewSeconds
- The allowed clock skew in seconds.- Returns:
true
if the token is expired according to the current system time (including allowed skew).
-
isExpired
public static final boolean isExpired(String token, Instant now)
Checks if a token is expired.- Parameters:
token
- The token to check.now
- The instant of time the token's expiration time should be checked against.- Returns:
true
if the token is expired according to the given instant of time.- Throws:
NullPointerException
- if the token isnull
.IllegalArgumentException
- if the given token contains no exp claim.
-
getExpiration
public static final Date getExpiration(String token)
Gets the value of the exp claim of a JWT.- Parameters:
token
- The token.- Returns:
- The expiration.
- Throws:
NullPointerException
- if the token isnull
.IllegalArgumentException
- if the given token contains no exp claim.
-
forSharedSecret
protected static <T extends JwtHelper> T forSharedSecret(String sharedSecret, long tokenExpiration, Supplier<T> instanceSupplier)
Creates a helper that can be used for creating and verifying signatures of JWTs.- Type Parameters:
T
- The type of helper to create.- Parameters:
sharedSecret
- The shared secret to use for signatures.tokenExpiration
- The number of seconds after which the tokens created by this helper should be considered expired.instanceSupplier
- The supplier to invoke for creating the new helper instance.- Returns:
- The newly created helper.
-
forSigning
protected static <T extends JwtHelper> T forSigning(SignatureSupportingConfigProperties config, Supplier<T> instanceSupplier)
Creates a helper that can be used for creating signed JWTs.- Type Parameters:
T
- The type of helper to create.- Parameters:
config
- The key material to use for signing.instanceSupplier
- The supplier to invoke for creating the new helper instance.- Returns:
- The newly created helper.
-
forValidating
protected static <T extends JwtHelper> T forValidating(SignatureSupportingConfigProperties config, Supplier<T> instanceSupplier)
Creates a helper that can be used for verifying signatures of JWTs.- Type Parameters:
T
- The type of helper to create.- Parameters:
config
- The key material to use for verifying signatures.instanceSupplier
- The supplier to invoke for creating the new helper instance.- Returns:
- The newly created helper.
-
-