JWTValidator

public class JWTValidator

Class JWTValidator. Provides jwtvalidator functionality for the Hytale server.

java.lang.Object > JWTValidator

Field Summary

signedJWT

final SignedJWT signedJWT

Field signedJWT.

algorithm

final JWSAlgorithm algorithm

Field algorithm.

claimsSet

final JWTClaimsSet claimsSet

Field claimsSet.

claims

final JWTClaims claims

Field claims.

nowSeconds

final long nowSeconds

Field nowSeconds.

clockSkewSeconds

final long clockSkewSeconds

Field clockSkewSeconds.

keyId

final String keyId

Field keyId.

verifier

final Ed25519Verifier verifier

Field verifier.

valid

final boolean valid

Field valid.

now

final long now

Field now.

existing

final CompletableFuture existing

Field existing.

jwksResponse

final SessionServiceClient.JwksResponse jwksResponse

Field jwksResponse.

jwkList

final ArrayList jwkList

Field jwkList.

jwk

final JWK jwk

Field jwk.

newSet

final JWKSet newSet

Field newSet.

jwkSet

final JWKSet jwkSet

Field jwkSet.

freshJwkSet

final JWKSet freshJwkSet

Field freshJwkSet.

json

final String json

Field json.

issuer

public String issuer

Field issuer.

subject

public String subject

Field subject.

issuedAt

public Long issuedAt

Field issuedAt.

expiresAt

public Long expiresAt

Field expiresAt.

notBefore

public Long notBefore

Field notBefore.

username

public String username

Field username.

scope

public String scope

Field scope.

audience

public String audience

Field audience.

ipAddress

public String ipAddress

Field ipAddress.

certificateFingerprint

public String certificateFingerprint

Field certificateFingerprint.

Method Detail

JWTValidator

public public JWTValidator (@Nonnull final SessionServiceClient sessionServiceClient, @Nonnull final String expectedIssuer, @Nonnull final String expectedAudience)

Method JWTValidator.

Parameters:
@Nonnull final SessionServiceClient sessionServiceClient
@Nonnull final String expectedIssuer
@Nonnull final String expectedAudience

validateToken

public JWTClaims validateToken (@Nonnull final String accessToken, @Nullable final X509Certificate clientCert)

Method validateToken.

Parameters:
@Nonnull final String accessToken
@Nullable final X509Certificate clientCert

expired

public Token expired (exp: %d, now: %d)

Method expired.

Parameters:
now: %d

valid

public yet valid (nbf: %d, now: %d)

Method valid.

Parameters:
now: %d

verifySignature

private boolean verifySignature (final SignedJWT signedJWT, final JWKSet jwkSet)

Method verifySignature.

Parameters:
final SignedJWT signedJWT
final JWKSet jwkSet

getJwkSet

private JWKSet getJwkSet ()

Method getJwkSet.

cache

public JWKS cache (key rotation or verification failure)

Method cache.

Parameters:
key rotation or verification failure

fetchJwksFromService

private JWKSet fetchJwksFromService ()

Method fetchJwksFromService.

verifySignatureWithRetry

private boolean verifySignatureWithRetry (final SignedJWT signedJWT)

Method verifySignatureWithRetry.

Parameters:
final SignedJWT signedJWT

convertToJWK

private JWK convertToJWK (final SessionServiceClient.JwkKey key)

Method convertToJWK.

Parameters:
final SessionServiceClient.JwkKey key

invalidateJwksCache

public void invalidateJwksCache ()

Method invalidateJwksCache.

validateIdentityToken

public IdentityTokenClaims validateIdentityToken (@Nonnull final String identityToken)

Method validateIdentityToken.

Parameters:
@Nonnull final String identityToken

future

public the future (iat: %d, now: %d)

Method future.

Parameters:
now: %d

validateSessionToken

public SessionTokenClaims validateSessionToken (@Nonnull final String sessionToken)

Method validateSessionToken.

Parameters:
@Nonnull final String sessionToken

getSubjectAsUUID

public UUID getSubjectAsUUID ()

Method getSubjectAsUUID.

getScopes

public String[] getScopes ()

Method getScopes.

hasScope

public boolean hasScope (@Nonnull final String targetScope)

Method hasScope.

Parameters:
@Nonnull final String targetScope