Package com.symphony.bdk.core.auth.jwt

Class JwtHelper

java.lang.Object

com.symphony.bdk.core.auth.jwt.JwtHelper

@API(status=INTERNAL)
public class JwtHelper
extends Object

JWT helper class, used to :

• load a private key
• generated a signed JWT for a given user

Field Summary

Fields

Modifier and Type	Field	Description
static final Long	JWT_EXPIRATION_MILLIS

Constructor Summary

Constructors

Constructor	Description
JwtHelper()

Method Summary

Modifier and Type	Method	Description
static String	createSignedJwt(String user, long expiration, Key privateKey)	Creates a JWT with the provided user name and expiration date, signed with the provided private key.
static Long	extractExpirationDate(String jwt)	Extract the expiration date (in seconds) from the input jwt.
static PrivateKey	parseRsaPrivateKey(String pemPrivateKey)	Creates a RSA Private Key from a PEM String.
protected static Certificate	parseX509Certificate(String certificate)
static UserClaim	validateJwt(String jwt, String certificate)	Validates a jwt against a certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

JWT_EXPIRATION_MILLIS

public static final Long JWT_EXPIRATION_MILLIS

Constructor Details

JwtHelper

public JwtHelper()

Method Details

createSignedJwt

public static String createSignedJwt(String user,
 long expiration,
 Key privateKey)

Creates a JWT with the provided user name and expiration date, signed with the provided private key.

Parameters:

user - the username to authenticate; will be verified by the pod

expiration - of the authentication request in milliseconds; cannot be longer than the value defined on the pod

privateKey - the private RSA key to be used to sign the authentication request; will be checked on the pod against the public key stored for the user

Returns:

a signed JWT for a specific user (or subject)

parseRsaPrivateKey

public static PrivateKey parseRsaPrivateKey(String pemPrivateKey)
                                     throws GeneralSecurityException

Creates a RSA Private Key from a PEM String. It supports PKCS#1 and PKCS#8 string formats.

Parameters:

pemPrivateKey - RSA Private Key content

Returns:

a PrivateKey instance

Throws:

GeneralSecurityException - On invalid Private Key

validateJwt

public static UserClaim validateJwt(String jwt,
 String certificate)
                             throws AuthInitializationException

Validates a jwt against a certificate.

Parameters:

jwt -

certificate - string of the X.509 certificate content in pem format.

Returns:

the content of jwt clain "user" if jwt is successfully validated.

Throws:

AuthInitializationException - if certificate or jwt are invalid.

extractExpirationDate

public static Long extractExpirationDate(String jwt)
                                  throws com.fasterxml.jackson.core.JsonProcessingException,
AuthUnauthorizedException

Extract the expiration date (in seconds) from the input jwt. If the jwt uses the Beare prefix, it will be removed before parsing. This function is not validating the jwt signature.

Parameters:

jwt - to be parsed

Returns:

expiration date in seconds

Throws:

com.fasterxml.jackson.core.JsonProcessingException - if parsing fails

AuthUnauthorizedException

parseX509Certificate

protected static Certificate parseX509Certificate(String certificate)
                                           throws AuthInitializationException

Throws:

AuthInitializationException