Package org.eclipse.hono.util

Class JwtHelper

  • public abstract class JwtHelper
extends Object
    A utility class for generating JWT tokens asserting the registration status of devices.

    • Field Detail

      • algorithm

        protected io.jsonwebtoken.SignatureAlgorithm algorithm
        The signature algorithm used for signing.

      • key

        protected Key key
        The secret key used for signing.

      • tokenLifetime

        protected Duration tokenLifetime
        The lifetime of created tokens.

    • Constructor Detail

      • JwtHelper

        protected JwtHelper​(io.vertx.core.Vertx vertx)
        Creates a new helper for a vertx instance.
        Parameters:
        vertx - The vertx instance to use for loading key material from the file system.

    • Method Detail

      • getBytes

        protected static final byte[] getBytes​(String secret)
        Gets the bytes representing the UTF8 encoding of a secret.
        Parameters:
        secret - The string to get the bytes for.
        Returns:
        The bytes.

      • setSharedSecret

        protected final void setSharedSecret​(byte[] secret)
        Sets the secret to use for signing tokens asserting the registration status of devices.
        Parameters:
        secret - The secret to use.
        Throws:
        NullPointerException - if secret is null.
        IllegalArgumentException - if the secret is < 32 bytes.

      • setPrivateKey

        protected final void setPrivateKey​(String keyPath)
        Sets the path to a PKCS8 PEM file containing the RSA private key to use for signing tokens asserting the registration status of devices.
        Parameters:
        keyPath - The absolute path to the file.
        Throws:
        NullPointerException - if the path is null.
        IllegalArgumentException - if the key cannot be read from the file.

      • setPublicKey

        protected final void setPublicKey​(String keyPath)
        Sets the path to a PEM file containing a certificate holding a public key to use for validating the signature of tokens asserting the registration status of devices.
        Parameters:
        keyPath - The absolute path to the file.
        Throws:
        NullPointerException - if the path is null.
        IllegalArgumentException - if the key cannot be read from the file.

      • getTokenLifetime

        public final Duration getTokenLifetime()
        Gets the duration being used for calculating the exp claim of tokens created by this class.

        Clients should always check if a token is expired before using any information contained in the token.

        Returns:
        The duration.

      • isExpired

        public static final boolean isExpired​(String token,
                                      int allowedClockSkewSeconds)
        Checks if a token is expired.
        Parameters:
        token - The token to check.
        allowedClockSkewSeconds - The allowed clock skew in seconds.
        Returns:
        true if the token is expired according to the current system time (including allowed skew).

      • isExpired

        public static final boolean isExpired​(String token,
                                      Instant now)
        Checks if a token is expired.
        Parameters:
        token - The token to check.
        now - The instant of time the token's expiration time should be checked against.
        Returns:
        true if the token is expired according to the given instant of time.
        Throws:
        NullPointerException - if the token is null.
        IllegalArgumentException - if the given token contains no exp claim.

      • getExpiration

        public static final Date getExpiration​(String token)
        Gets the value of the exp claim of a JWT.
        Parameters:
        token - The token.
        Returns:
        The expiration.
        Throws:
        NullPointerException - if the token is null.
        IllegalArgumentException - if the given token contains no exp claim.

      • forSharedSecret

        protected static <T extends JwtHelper> T forSharedSecret​(String sharedSecret,
                                                         long tokenExpiration,
                                                         Supplier<T> instanceSupplier)
        Creates a helper that can be used for creating and verifying signatures of JWTs.
        Type Parameters:
        T - The type of helper to create.
        Parameters:
        sharedSecret - The shared secret to use for signatures.
        tokenExpiration - The number of seconds after which the tokens created by this helper should be considered expired.
        instanceSupplier - The supplier to invoke for creating the new helper instance.
        Returns:
        The newly created helper.

      • forSigning

        protected static <T extends JwtHelper> T forSigning​(SignatureSupportingConfigProperties config,
                                                    Supplier<T> instanceSupplier)
        Creates a helper that can be used for creating signed JWTs.
        Type Parameters:
        T - The type of helper to create.
        Parameters:
        config - The key material to use for signing.
        instanceSupplier - The supplier to invoke for creating the new helper instance.
        Returns:
        The newly created helper.

      • forValidating

        protected static <T extends JwtHelper> T forValidating​(SignatureSupportingConfigProperties config,
                                                       Supplier<T> instanceSupplier)
        Creates a helper that can be used for verifying signatures of JWTs.
        Type Parameters:
        T - The type of helper to create.
        Parameters:
        config - The key material to use for verifying signatures.
        instanceSupplier - The supplier to invoke for creating the new helper instance.
        Returns:
        The newly created helper.