8000 Added @WebFilter annotation for Router by kaisteel · Pull Request #110 · metamug/mason · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Added @WebFilter annotation for Router #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

Added @WebFilter annotation for Router #110

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
79d5c8e
Added @WebFilter annotation for Router
kaisteel Dec 14, 2019
d77336e
Updated TagHandlerTest.
Dec 14, 2019
efa6640
Merge branch 'develop' into kaisteel_develop
ancode4 Dec 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
572 changes: 285 additions & 287 deletions pom.xml
View file
Open in desktop

Large diffs are not rendered by default.

453 changes: 228 additions & 225 deletions src/main/java/com/metamug/mason/Router.java
View file
Open in desktop

Large diffs are not rendered by default.

203 changes: 102 additions & 101 deletions src/main/java/com/metamug/mason/entity/auth/JWebToken.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -506,6 +506,10 @@
*/
package com.metamug.mason.entity.auth;

import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
Expand All @@ -517,131 +521,128 @@
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/**
*
* @author user
*/
public class JWebToken {

private static final String SECRET_KEY = "FREE_MASON"; //@TODO Add Signature here
private static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
private static final String ISSUER = "mason.metamug.net";
private static final String JWT_HEADER = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
private JSONObject payload = new JSONObject();
private String signature;
private String encodedHeader;
private static final String SECRET_KEY = "FREE_MASON"; // @TODO Add Signature here
private static final String ISSUER = "mason.metamug.net";
private static final String JWT_HEADER = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
private JSONObject payload = new JSONObject();
private String signature;
private String encodedHeader;

private JWebToken() {
encodedHeader = encode(new JSONObject(JWT_HEADER));
}
private JWebToken() {
encodedHeader = encode(new JSONObject(JWT_HEADER));
}

public JWebToken(JSONObject payload) {
this(payload.getString("sub"), payload.getJSONArray("aud"), payload.getLong("exp"));
}
public JWebToken(JSONObject payload) {
this(payload.getString("sub"), payload.getJSONArray("aud"), payload.getLong("exp"));
}

public JWebToken(String sub, JSONArray aud, long expires) {
this();
payload.put("sub", sub);
payload.put("aud", aud);
payload.put("exp", expires);
payload.put("iat", LocalDateTime.now().toEpochSecond(ZoneOffset.UTC));
payload.put("iss", ISSUER);
payload.put("jti", UUID.randomUUID().toString()); //how do we use this?
signature = hmacSha256(encodedHeader + "." + encode(payload), SECRET_KEY);
}
public JWebToken(String sub, JSONArray aud, long expires) {
this();
payload.put("sub", sub);
payload.put("aud", aud);
payload.put("exp", expires);
payload.put("iat", LocalDateTime.now().toEpochSecond(ZoneOffset.UTC));
payload.put("iss", ISSUER);
payload.put("jti", UUID.randomUUID().toString()); // how do we use this?
signature = hmacSha256(encodedHeader + "." + encode(payload), SECRET_KEY);
}

/**
* For verification
*
* @param token
* @throws java.security.NoSuchAlgorithmException
*/
public JWebToken(String token) throws NoSuchAlgorithmException {
this();
String[] parts = token.split("\\.");
if (parts.length != 3) {
throw new IllegalArgumentException("Invalid Token format");
}
if (encodedHeader.equals(parts[0])) {
encodedHeader = parts[0];
} else {
throw new NoSuchAlgorithmException("JWT Header is Incorrect: " + parts[0]);
}
/**
* For verification
*
* @param token
* @throws java.security.NoSuchAlgorithmException
*/
public JWebToken(String token) throws NoSuchAlgorithmException {
this();
String[] parts = token.split("\\.");
if (parts.length != 3) {
throw new IllegalArgumentException("Invalid Token format");
}
if (encodedHeader.equals(parts[0])) {
encodedHeader = parts[0];
} else {
throw new NoSuchAlgorithmException("JWT Header is Incorrect: " + parts[0]);
}

payload = new JSONObject(decode(parts[1]));
if (payload.isEmpty()) {
throw new JSONException("Payload is Empty: ");
}
if (!payload.has("exp")) {
throw new JSONException("Payload doesn't contain expiry " + payload);
}
signature = parts[2];
}
payload = new JSONObject(decode(parts[1]));
if (payload.isEmpty()) {
throw new JSONException("Payload is Empty: ");
}
if (!payload.has("exp")) {
throw new JSONException("Payload doesn't contain expiry " + payload);
}
signature = parts[2];
}

@Override
public String toString() {
return encodedHeader + "." + encode(payload) + "." + signature;
}
@Override
public String toString() {
return encodedHeader + "." + encode(payload) + "." + signature;
}

public boolean isValid() {
return payload.getLong("exp") > (LocalDateTime.now().toEpochSecond(ZoneOffset.UTC)) //token not expired
&& signature.equals(hmacSha256(encodedHeader + "." + encode(payload), SECRET_KEY)); //signature matched
}
public boolean isValid() {
return payload.getLong("exp") > (LocalDateTime.now().toEpochSecond(ZoneOffset.UTC)) // token not expired
&& signature.equals(hmacSha256(encodedHeader + "." + encode(payload), SECRET_KEY)); // signature matched
}

public String getSubject() {
return payload.getString("sub");
}
public String getSubject() {
return payload.getString("sub");
}

public List<String> getAudience() {
JSONArray arr = payload.getJSONArray("aud");
List<String> list = new ArrayList<>();
for (int i = 0; i < arr.length(); i++) {
list.add(arr.getString(i));
}
return list;
}
public List<String> getAudience() {
JSONArray arr = payload.getJSONArray("aud");
List<String> list = new ArrayList<>();
for (int i = 0; i < arr.length(); i++) {
list.add(arr.getString(i));
}
return list;
}

private static String encode(JSONObject obj) {
return encode(obj.toString().getBytes(StandardCharsets.UTF_8));
}
private static String encode(JSONObject obj) {
return encode(obj.toString().getBytes(StandardCharsets.UTF_8));
}

private static String encode(byte[] bytes) {
return Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);
}
private static String encode(byte[] bytes) {
return Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);
}

private static String decode(String encodedString) {
return new String(Base64.getUrlDecoder().decode(encodedString));
}
private static String decode(String encodedString) {
return new String(Base64.getUrlDecoder().decode(encodedString));
}

/**
* Sign with HMAC SHA256 (HS256)
*
* @param data
* @return
* @throws Exception
*/
private String hmacSha256(String data, String secret) {
try {
/**
* Sign with HMAC SHA256 (HS256)
*
* @param data
* @return
* @throws Exception
*/
private String hmacSha256(String data, String secret) {
try {

//MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = secret.getBytes(StandardCharsets.UTF_8);//digest.digest(secret.getBytes(StandardCharsets.UTF_8));
// MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = secret.getBytes(StandardCharsets.UTF_8);// digest.digest(secret.getBytes(StandardCharsets.UTF_8));

Mac sha256Hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(hash, "HmacSHA256");
sha256Hmac.init(secretKey);
Mac sha256Hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(hash, "HmacSHA256");
sha256Hmac.init(secretKey);

byte[] signedBytes = sha256Hmac.doFinal(data.getBytes(StandardCharsets.UTF_8));
return encode(signedBytes);
} catch (NoSuchAlgorithmException | InvalidKeyException ex) {
Logger.getLogger(JWebToken.class.getName()).log(Level.SEVERE, ex.getMessage(), ex);
return null;
}
}
byte[] signedBytes = sha256Hmac.doFinal(data.getBytes(StandardCharsets.UTF_8));
return encode(signedBytes);
} catch (NoSuchAlgorithmException | InvalidKeyException ex) {
Logger.getLogger(JWebToken.class.getName()).log(Level.SEVERE, ex.getMessage(), ex);
return null;
}
}

}
Loading
0