1 |
46632
|
katerina.i
|
package eu.dnetlib.openaire.user.security;
|
2 |
|
|
|
3 |
47620
|
sofia.balt
|
import com.google.common.base.Charsets;
|
4 |
46632
|
katerina.i
|
import eu.dnetlib.openaire.user.MigrationUser;
|
5 |
|
|
import io.jsonwebtoken.Claims;
|
6 |
|
|
import io.jsonwebtoken.Jwts;
|
7 |
|
|
import io.jsonwebtoken.SignatureAlgorithm;
|
8 |
47620
|
sofia.balt
|
import org.apache.log4j.Logger;
|
9 |
|
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
10 |
|
|
import org.mitre.openid.connect.model.UserInfo;
|
11 |
46632
|
katerina.i
|
|
12 |
47620
|
sofia.balt
|
import java.io.UnsupportedEncodingException;
|
13 |
|
|
import java.net.URLEncoder;
|
14 |
|
|
import java.nio.charset.Charset;
|
15 |
|
|
import java.nio.charset.StandardCharsets;
|
16 |
|
|
import java.text.ParseException;
|
17 |
46756
|
sofia.balt
|
import java.util.Date;
|
18 |
|
|
|
19 |
46632
|
katerina.i
|
/**
|
20 |
|
|
* Created by kiatrop on 03/04/17.
|
21 |
|
|
*/
|
22 |
|
|
public class JWTGenerator {
|
23 |
|
|
|
24 |
47620
|
sofia.balt
|
private static final Logger logger = Logger.getLogger(JWTGenerator.class);
|
25 |
|
|
|
26 |
46632
|
katerina.i
|
public static String generateToken(MigrationUser u, String secret) {
|
27 |
|
|
Claims claims = Jwts.claims().setSubject(u.getUsername());
|
28 |
46754
|
sofia.balt
|
claims.put("fullname", u.getFullname() + "");
|
29 |
46632
|
katerina.i
|
claims.put("userId", u.getId() + "");
|
30 |
46754
|
sofia.balt
|
claims.put("email", u.getEmail() + "");
|
31 |
46632
|
katerina.i
|
claims.put("role", u.getRoleId());
|
32 |
|
|
|
33 |
46756
|
sofia.balt
|
//expiration
|
34 |
|
|
long nowMillis = System.currentTimeMillis();
|
35 |
|
|
Date now = new Date(nowMillis);
|
36 |
46759
|
sofia.balt
|
long ttlMillis = 1800000;
|
37 |
46756
|
sofia.balt
|
long expMillis = nowMillis + ttlMillis;
|
38 |
|
|
Date exp = new Date(expMillis);
|
39 |
|
|
|
40 |
46632
|
katerina.i
|
return Jwts.builder()
|
41 |
|
|
.setClaims(claims)
|
42 |
46756
|
sofia.balt
|
.setExpiration(exp)
|
43 |
46632
|
katerina.i
|
.signWith(SignatureAlgorithm.HS512, secret)
|
44 |
|
|
.compact();
|
45 |
|
|
}
|
46 |
47620
|
sofia.balt
|
|
47 |
|
|
public static String generateToken(OIDCAuthenticationToken authOIDC, String secret) {
|
48 |
|
|
|
49 |
|
|
try {
|
50 |
|
|
|
51 |
|
|
Claims claims = Jwts.claims().setSubject(authOIDC.getUserInfo().getSub());
|
52 |
|
|
claims.put("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8") + "");
|
53 |
|
|
claims.put("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");
|
54 |
|
|
claims.put("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");
|
55 |
|
|
claims.put("email", authOIDC.getUserInfo().getEmail() + "");
|
56 |
|
|
//TODO change to edu_person_scoped_affiliations
|
57 |
|
|
//TODO THIS IS TEST
|
58 |
|
|
claims.put("edu_person_scoped_affiliations", "faculty");
|
59 |
|
|
//TODO change to correct role
|
60 |
|
|
//TODO THIS IS TEST
|
61 |
|
|
claims.put("role", "2");
|
62 |
|
|
|
63 |
|
|
//TODO remove
|
64 |
|
|
//TODO THIS IS TEST
|
65 |
|
|
// claims.put("fullname", URLEncoder.encode("Σοφία Μπαλτζή", "UTF-8") + "");
|
66 |
|
|
// claims.put("firstname", URLEncoder.encode("Σοφία", "UTF-8") + "");
|
67 |
|
|
// claims.put("lastname", URLEncoder.encode("Μπαλτζή", "UTF-8") + "");
|
68 |
|
|
// claims.put("email", "sofie.mpl@gmail.com" + "");
|
69 |
|
|
// claims.put("edu_person_scoped_affiliations", "faculty");
|
70 |
|
|
|
71 |
|
|
Date exp = new Date(authOIDC.getIdToken().getJWTClaimsSet().getExpirationTime().getTime());
|
72 |
|
|
|
73 |
|
|
//TODO DELETE LOGS
|
74 |
|
|
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
75 |
|
|
logger.info("fullName: " + authOIDC.getUserInfo().getName());
|
76 |
|
|
logger.info("firstName: " + authOIDC.getUserInfo().getGivenName());
|
77 |
|
|
logger.info("lastName: " + authOIDC.getUserInfo().getFamilyName());
|
78 |
|
|
logger.info("email: " + authOIDC.getUserInfo().getEmail());
|
79 |
|
|
//logger.info("Check everything");
|
80 |
|
|
logger.info("locale: " + authOIDC.getUserInfo().getSource());
|
81 |
|
|
//logger.info("edu_person_scoped_affiliations: " + authOIDC.getUserInfo().getSub());
|
82 |
|
|
logger.info("eduPersonScopedAffiliations: " + "faculty");
|
83 |
|
|
logger.info("expirationTime: " + exp);
|
84 |
|
|
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
85 |
|
|
|
86 |
|
|
return Jwts.builder()
|
87 |
|
|
.setClaims(claims)
|
88 |
|
|
.setExpiration(exp)
|
89 |
|
|
.signWith(SignatureAlgorithm.HS512, secret)
|
90 |
|
|
.compact();
|
91 |
|
|
|
92 |
|
|
} catch (ParseException e) {
|
93 |
|
|
e.printStackTrace();
|
94 |
|
|
logger.error("JWT Parse Exception from getting Expiration Time ", e);
|
95 |
|
|
return "error";
|
96 |
|
|
} catch (UnsupportedEncodingException e) {
|
97 |
|
|
e.printStackTrace();
|
98 |
|
|
logger.error("UnsupportedEncodingException UTF-8 ", e);
|
99 |
|
|
return "error";
|
100 |
|
|
}
|
101 |
|
|
}
|
102 |
|
|
|
103 |
|
|
//TODO DELETE IF IT IS NOT NECESSARY
|
104 |
|
|
public static String generateAccessToken(OIDCAuthenticationToken authOIDC, String secret) {
|
105 |
|
|
Claims claims = Jwts.claims().setId(authOIDC.getAccessTokenValue());
|
106 |
|
|
|
107 |
|
|
//TODO DELETE LOGS
|
108 |
|
|
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
109 |
|
|
logger.info("access token: " + authOIDC.getAccessTokenValue());
|
110 |
|
|
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
111 |
|
|
|
112 |
|
|
return Jwts.builder()
|
113 |
|
|
.setClaims(claims)
|
114 |
|
|
.signWith(SignatureAlgorithm.HS512, secret)
|
115 |
|
|
.compact();
|
116 |
|
|
}
|
117 |
|
|
|
118 |
|
|
|
119 |
|
|
public static String generateToken(UserInfo user, String secret) {
|
120 |
|
|
|
121 |
|
|
Claims claims = Jwts.claims().setSubject(user.getSub());
|
122 |
|
|
claims.put("email", user.getEmail() + "");
|
123 |
|
|
claims.put("role", "2");
|
124 |
|
|
|
125 |
|
|
return Jwts.builder()
|
126 |
|
|
.setClaims(claims)
|
127 |
|
|
.signWith(SignatureAlgorithm.HS512, secret)
|
128 |
|
|
.compact();
|
129 |
|
|
}
|
130 |
|
|
|
131 |
46632
|
katerina.i
|
}
|
132 |
46872
|
sofia.balt
|
|
133 |
47620
|
sofia.balt
|
|
134 |
|
|
|
135 |
46872
|
sofia.balt
|
// How to add it manually
|
136 |
|
|
// long nowMillis = System.currentTimeMillis();
|
137 |
|
|
// //This is my token
|
138 |
|
|
// try {
|
139 |
|
|
// String jwt = Jwts.builder()
|
140 |
|
|
// .setSubject("Argiro")
|
141 |
|
|
// .setExpiration(new Date(nowMillis+1800000))
|
142 |
|
|
// .claim("fullname", "Argiro Kokogianaki")
|
143 |
|
|
// .claim("id", "8")
|
144 |
|
|
// .claim("email", "argiro@gmail.com")
|
145 |
|
|
// .claim("role","2")
|
146 |
|
|
// .signWith(
|
147 |
|
|
// SignatureAlgorithm.HS512,
|
148 |
|
|
// "my-very-secret".getBytes("UTF-8")
|
149 |
|
|
// )
|
150 |
|
|
// .compact();
|