Untitled

 avatar
unknown
java
2 years ago
7.6 kB
10
Indexable
package com.example.demo.service;

import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import org.springframework.stereotype.Service;

import java.net.MalformedURLException;
import java.net.URL;
import java.time.Instant;
import java.util.Date;
import java.util.UUID;
import java.util.logging.Logger;

@Service
public class JwtService {
    public static final String JWKS = """
            {"p":"7GfE-geqXY4S_7MDiykbum8fQTdySCmBd8a53q2_zeXIOQj7SkJp8mhxyBU2woOIUkLWlN0XImDFk7v2dvi91upQUW62Bxcn8ES6CUPp_KSGgX0l-bU1W-jiKp_vPUfrat9e8GPg8ioKg1R_-JaZtXcNmvUJa7r0wn9BJVjdWps","kty":"RSA","q":"7YA7ACV6onSWmzY6Exb2ap8pYL5EVYdHx0e993BwTfaY6rz4uypw1NJfV-_AyBVKGQAcrNhen5l0--f7eTVZphn3xemJNTGfXshAvGif9gP6i3YuHQEUzTkF1h9C9X09MYS9p81CQHtlOKTI9z2CX7yoq6w5-21kuq6pijbN4ns","d":"J0scUqOraDoiTZOKNWG4nf__UjaUiSic8pV18iiNBQX6Dc-Lrhgam3wiBCJ4rEag_Rr67vHznZ9Oym0DBdigr9Umd7EV6BEmrvRAHqxneIvksm7pTbBcHC8kw-067S6V8C0ECqZnnFyVylRu4fyHF74Xmf4AmpCr02EmhNiPv_rgz4T_i-xiMPtNtV5NIj0oJBr6Tmd_-kxU79Rvrw4U9hczTS3xACG068d_ADaxrG7UbOtclCwcj3fUCHeF1lYdUTEye78hD7bw7QGGv-12Vh_jB81F-3Bo4G6irSO6pxOXj-QoI_MsLdmCWiVlcITlPvMujwn_wN1_FEDlbpj4Bw","e":"AQAB","kid":"ff7f1e38-78ef-40cf-8552-56dc0b86c612","qi":"wTvXi0IeGND6B91UBFQ_8HoV1XPl24FfoFzRtzT9bi8TEVHnvZFVMiAs2vQzcZasQSoxGB1ZDSfsWFKC7Y22F5hriL8pyVB2VwNSXnGdmYzsjfgy-BLDFPR0K0zXWDKiXjrt2rfOhhj9wCNQnDgI3HPcQml8MY1-OjX-gDhIFRI","dp":"hGjev_g5KOthosw-aNxehn6k799BaD-vH0o0Yw_IRWe1TJTGQuKN-tMbH6kaIbqQSRrcm0Z2JbA0GboGor5RfiWBVQsAc1o56W5lELl0Pihcmfxhn8oqF8-Jlbw8wIMezZ5My7H1lU2M0-ApSS_46dXDzg3-99MgMiwabfOnD48","dq":"d4nlKGu0z_PSoginLliOapf1oaXiixHuBNWNPe-v9u25hdzbbIkuBVBlgMNByvM8Ol0eEblN1xLMGMZogldh6gKD_W9QCiAR0QkF3E7kxFS4VF2FVD_pEmozD9ToRNtmY3gmZUEgqYfyKJJ4PEkPR9STKOUkwfILkxK6bsCq2-U","n":"21J7ugMebIDpMtoiZ0eAwGczXJAA3c4jiw69TqS0K7cG6vZXUC0ERnvDyTKntAXqFQoKh3s7XwbYIJztD50-dvm3ZH3AQFeIm-lvfO6HLXTQnkgCdHxyekbb0ccMHtzHpRot41a6JiNCPx_kO2wRfe1jQpEcrCQG7zjZYDq06VAm8ee71v_UEwwgS3PaaqL9iybx8QsUCGtNYnYgCnN7AIV-cD1vkyJhZgSK7JLaR2B7-p02CLgLP4m_6GWWheQzOyvF3ZuIyaJmPK76xjHZAkWedPyWqurEvK-iNEEeMdzkX5IPEz3SdndLHSgBWG21SYY7sIxn4pMRy0pRXHZeeQ"}""";
    public static final String JWKS2 = """
            {"p":"vNX318dE-ir6uU_YNZlvcT4lfRl-Y2vVX0epPx-dwGxDK0rpLsyo5VhUp06cblaiiQA7xZKJOJ-PiRAjqiowIR5Y0UOsOea-HBbYIkBo7yCiPMh7lESYMC_q0ZVpKZSdJnZgZtoDqD6t_NPWKV5j4g5Fm4slDYaDL7A9HUMlfA8","kty":"RSA","q":"9WMx9rbnXPXck_-ng1ofYNm9-cCf-5-giMhVj5E0eLhm0XOf7usIrRFnp1fzzQ5rbYuAM7Y2jpFG8dwNDZfZ00mLFjjbTmNkesQ8NCjvW1vB2347P5XlU5ny9PO02jItkyRRPqNYaEXXMMXfknjDBF3vWbR1T6UNJ9oW3ezTf4k","d":"AZYVHAv6JbU0btlSKZ-MRgsUrZ5cqLKXyMpPmLtCOdkcehP_l6not7iMEvMrUxXlZfF-gJjAua4Pf49WAWtZCsQRHGl1oGZCRQ9cSugRFocS9iNAEtYC6pXtD5-cbUsJbgJLuxAvXMQw1ls8EPTzJFx_T4WV7U0-VCL4MF4U5kO4LVPIAMxIkfVBCpoWq2C4RErFEAKsTkCoCGBXLWZ4BKY-XC4OcyFKTuaJbEY1wal8jDWYG49PaLHu3LYEhxb0rhJsoKYcWnmaxSxT35VJaNzQBl6l6oBct3DeQiLH5aiymyrZVt_9s_J9tJHiQEziQtS3Hx8I1GORVy7jInom8Q","e":"AQAB","kid":"2e453d02-04c5-48f2-aa34-58cba5e4bcb5","qi":"QcW5LMPU_aYmk6Gu1dSb_g5X4qqrv4Kaw8omWMCWy36BeM3Iwiw3UfcwkEKF_SzPFVGQlcUxwYo1VcapMdlAmCbmfLRuYulIPj0yPWKJCz_LfBU4UtZgqCKdewlDVJCoNXFnMBGD8x3QfJyiw7rBmoG5aDvUFUUZhSE87wpKB9I","dp":"fQxYZszv0ZZ6mBLWw4_K67vSyYgDWUVEdCcZXdLK_Wz0AgxGZJZk1hNrY6u8DZlTYtQDwO8r7ZJEU-ibJYlwe84D1PgyadlyVVmPYQc0Nf5vUT8WDvZpraddodKGZGGku56ycgm3WEfBoeaKMLTwAfefgsRfEhjccM0Ne35GqWM","dq":"eJpCKjGG0Kd9u7eAywv2NBGQTzme53py2gcsFh2VnmdzESo0xqX5Y6YUPaj6iCO4JOTVI5VAhx1bsu8l8zJYuoGAvHFBR-uNrNDZjgE4crxMMOZ_lCbFySr2v_EvR7Y1tAW7cH-zqbv5oVz_Huv_XRwV0Q7iQTyrlJSZfIUzBZE","n":"tQHxy0seUW3cqZEEbrXQRddQZTMWBB-2n-mWrVN7Xg04PzV9ZdnWO7Kl4tarRoY7qCRzolxpFskbBUZhgbezFlXSv59xAUlAB9vBa0jzCp8MRx1dMmfk7YGNGNCgRePLkoYy0z2NbLViwErGSdm1_4rGNi9MnbegVijbAXUy0ccOXM2v2Mj1BpzpGs_HRjE05yvUzdFAZ4_i4HfZH8zDhadRLUNqnZObHZgyyEaNDj6kPyGYCL_pqcjDHxlZT2dOwO9cARfNfaxIKK5I_-0DrkOBjP6RzYoXrzv9EMlXBxgakMshbef8SJTFxYGAydcRFgVkT94X-RNqcoIum_fVBw"}""";

    private ConfigurableJWTProcessor<SecurityContext> jwtProcessor;
    public JwtService() {
        initCachedJWKS();
    }

    private void initStandardJWKS() {
        // Create a JWT processor for the access tokens
        jwtProcessor = new DefaultJWTProcessor<>();
        JWKSource<SecurityContext> keySource =
                null;
        try {
            keySource = new RemoteJWKSet<>(new URL("http://localhost:8080/jwks"));
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        }

        JWSKeySelector keySelector= new JWSVerificationKeySelector(JWSAlgorithm.RS256, keySource);
        jwtProcessor.setJWSKeySelector(keySelector);
    }
    private void initCachedJWKS() {
        // Create a JWT processor for the access tokens
        jwtProcessor = new DefaultJWTProcessor<>();
        JWKSource<SecurityContext> keySource =
                null;
        try {
            long ttl = 5 * 60* 1000;
            long refreshTimeout = 30*1000;
            URL url = new URL("http://localhost:8000/jwks.json");
            keySource = JWKSourceBuilder.create(url)
                    .cache(ttl, refreshTimeout)
                    .rateLimited(100*1000)
                    .refreshAheadCache(false)
                    .build();
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        }

        JWSKeySelector keySelector= new JWSVerificationKeySelector(JWSAlgorithm.RS256, keySource);
        jwtProcessor.setJWSKeySelector(keySelector);
    }

    public boolean validateToken(String token) {
//        String token = "";

        try {
            JWTClaimsSet claimsSet = jwtProcessor.process(token, null);
        } catch (Exception e) {
            return false;
        }
        return true;
    }

    public String generatetoken() throws JOSEException {
        RSAKey rsaJWK = new RSAKeyGenerator(2048)
                .keyID(UUID.randomUUID().toString())
                .generate();


//        RSAKey rsaJWK = null;
//        try {
//            rsaJWK = RSAKey.parse(JWKS);
//        } catch (ParseException e) {
//            throw new RuntimeException(e);
//        }
        RSAKey rsaPublicJWK = rsaJWK.toPublicJWK();
        String string = rsaPublicJWK.toString();

        Logger.getLogger("JwtService").info("private_key:" + rsaJWK.toString());

        Logger.getLogger("JwtService").info("public_key:" + string);
        // Create RSA-signer with the private key
        JWSSigner signer = new RSASSASigner(rsaJWK);

        // Prepare JWS object with simple string as payload
        JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
                .issuer("me")
                .audience("you")
                .subject("bob")
                .expirationTime(Date.from(Instant.now().plusSeconds(360000)))
                .build();
        JWSObject jwsObject = new JWSObject(
                new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(rsaJWK.getKeyID()).build(),
                claimsSet.toPayload());

        // Compute the RSA signature
        jwsObject.sign(signer);
        String s = jwsObject.serialize();
        return s;
    }
}
Editor is loading...