Package com.symphony.bdk.core.auth.jwt
Class JwtHelper
java.lang.Object
com.symphony.bdk.core.auth.jwt.JwtHelper
JWT helper class, used to :
- load a private key
- generated a signed JWT for a given user
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
createSignedJwt
(String user, long expiration, Key privateKey) Creates a JWT with the provided user name and expiration date, signed with the provided private key.static Long
Extract the expiration date (in seconds) from the input jwt.static PrivateKey
parseRsaPrivateKey
(String pemPrivateKey) Creates a RSA Private Key from a PEM String.protected static Certificate
parseX509Certificate
(String certificate) static UserClaim
validateJwt
(String jwt, String certificate) Validates a jwt against a certificate.
-
Field Details
-
JWT_EXPIRATION_MILLIS
-
-
Constructor Details
-
JwtHelper
public JwtHelper()
-
-
Method Details
-
createSignedJwt
Creates a JWT with the provided user name and expiration date, signed with the provided private key.- Parameters:
user
- the username to authenticate; will be verified by the podexpiration
- of the authentication request in milliseconds; cannot be longer than the value defined on the podprivateKey
- the private RSA key to be used to sign the authentication request; will be checked on the pod against the public key stored for the user- Returns:
- a signed JWT for a specific user (or subject)
-
parseRsaPrivateKey
Creates a RSA Private Key from a PEM String. It supports PKCS#1 and PKCS#8 string formats.- Parameters:
pemPrivateKey
- RSA Private Key content- Returns:
- a
PrivateKey
instance - Throws:
GeneralSecurityException
- On invalid Private Key
-
validateJwt
public static UserClaim validateJwt(String jwt, String certificate) throws AuthInitializationException Validates a jwt against a certificate.- Parameters:
jwt
-certificate
- string of the X.509 certificate content in pem format.- Returns:
- the content of jwt clain "user" if jwt is successfully validated.
- Throws:
AuthInitializationException
- if certificate or jwt are invalid.
-
extractExpirationDate
public static Long extractExpirationDate(String jwt) throws com.fasterxml.jackson.core.JsonProcessingException, AuthUnauthorizedException Extract the expiration date (in seconds) from the input jwt. If the jwt uses the Beare prefix, it will be removed before parsing. This function is not validating the jwt signature.- Parameters:
jwt
- to be parsed- Returns:
- expiration date in seconds
- Throws:
com.fasterxml.jackson.core.JsonProcessingException
- if parsing failsAuthUnauthorizedException
-
parseX509Certificate
protected static Certificate parseX509Certificate(String certificate) throws AuthInitializationException - Throws:
AuthInitializationException
-