Last active
December 6, 2016 13:45
-
-
Save darelf/b3020fdcea5c2d9c6e6660931ce2bf9c to your computer and use it in GitHub Desktop.
Example of JWT tokens with Apache Commons and EclipseSource JSON libraries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.util.Calendar; | |
import javax.crypto.Mac; | |
import javax.crypto.spec.SecretKeySpec; | |
import org.apache.commons.codec.binary.Base64; | |
import org.apache.commons.lang.StringUtils; | |
import com.eclipsesource.json.Json; | |
import com.eclipsesource.json.JsonObject; | |
public class UserAuth { | |
/* This secret can be negotiated, obviously, but should be the same everywhere you | |
expect the tokens to be accepted if you are using it for single-sign-on type funcationality */ | |
public static String SECRET = "totallysecretyouwillnotguessit"; | |
public static String JWT_ALGO = "HS256"; | |
public static String ALGO = "HmacSHA256"; | |
public static String getSignature(String s) { | |
String signature = ""; | |
try { | |
SecretKeySpec signing = new SecretKeySpec(SECRET.getBytes(), ALGO); | |
Mac mac = Mac.getInstance(ALGO); | |
mac.init(signing); | |
signature = Base64.encodeBase64URLSafeString(mac.doFinal(s.getBytes())); | |
} catch (Exception e) { | |
System.err.println("Problem: " + e.getMessage()); | |
} | |
return signature; | |
} | |
public static String generateToken(String user_data) { | |
JsonObject header = Json.object().add("alg", JWT_ALGO).add("typ", "JWT"); | |
String header_string = Base64.encodeBase64URLSafeString(header.toString().getBytes()); | |
String payload_string = Base64.encodeBase64URLSafeString(user_data.getBytes()); | |
String signed_string = header_string + "." + payload_string; | |
String signature_string = getSignature(signed_string); | |
return header_string + "." + payload_string + "." + signature_string; | |
} | |
public static JsonObject validateToken(String token) { | |
JsonObject obj = Json.object(); | |
if (StringUtils.isBlank(token)) { | |
obj.add("verified", false); | |
return obj; | |
} | |
String[] parts = token.split("\\."); | |
String header_string = parts[0]; | |
String payload_string = parts[1]; | |
String signature_string = parts[2]; | |
if (getSignature(header_string + "." + payload_string).equals(signature_string)) { | |
String payload_decoded_string = new String(Base64.decodeBase64(payload_string)); | |
JsonObject payload = Json.parse(payload_decoded_string).asObject(); | |
long exp_time = payload.getLong("exp", 0); | |
Calendar now = Calendar.getInstance(); | |
obj.add("verified", true); | |
obj.add("payload", payload); | |
if (exp_time > now.getTimeInMillis()) { | |
obj.add("expired", false); | |
} else { | |
obj.add("expired", true); | |
} | |
} else { | |
obj.add("verified", false); | |
} | |
return obj; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment