UTMStack/backend/src/main/java/com/park/utmstack/security/jwt/TokenProvider.java at 0ffc970bc119ec80417220dc8cfdd7566e79d64f · utmstack/UTMStack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package com.park.utmstack.security.jwt;


import com.park.utmstack.config.Constants;
import com.park.utmstack.security.AuthoritiesConstants;
import com.park.utmstack.util.CipherUtil;
import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;
import tech.jhipster.config.JHipsterProperties;

import javax.servlet.http.HttpServletRequest;
import java.security.Key;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Optional;
import java.util.stream.Collectors;

@Component
public class TokenProvider {

    private static final String CLASSNAME = "TokenProvider";
    private final Logger log = LoggerFactory.getLogger(TokenProvider.class);

    private static final String AUTHORITIES_KEY = "auth";
    private static final String AUTHENTICATED = "authenticated";
    private static final String SECRET = CipherUtil.generateSafeToken();
    public static final long TEMP_TOKEN_VALIDITY_IN_MILLIS = 300000;

    private final Key key;
    private final JwtParser jwtParser;
    private final long tokenValidityInMilliseconds;
    private final long tokenValidityInMillisecondsForRememberMe;

    public TokenProvider(JHipsterProperties jHipsterProperties) {
        this.key = Keys.hmacShaKeyFor(Decoders.BASE64.decode(SECRET));
        jwtParser = Jwts.parserBuilder().setSigningKey(key).build();
        this.tokenValidityInMilliseconds =
            1000 * jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSeconds();
        this.tokenValidityInMillisecondsForRememberMe =
            1000 * jHipsterProperties.getSecurity().getAuthentication().getJwt()
                .getTokenValidityInSecondsForRememberMe();
    }

    /**
     * @param authentication
     * @param rememberMe
     * @param authenticated
     * @return
     */
    public String createToken(Authentication authentication, boolean rememberMe, boolean authenticated) {
        final String ctx = CLASSNAME + ".createToken";

        try {
            String authorities = !authenticated ? AuthoritiesConstants.PRE_VERIFICATION_USER : authentication.getAuthorities().stream()
                .map(GrantedAuthority::getAuthority).collect(Collectors.joining(","));

            long now = (new Date()).getTime();
            Date validity;

            if (!authenticated) {
                validity = new Date(now + TEMP_TOKEN_VALIDITY_IN_MILLIS);
            } else {
                if (rememberMe) {
                    validity = new Date(now + this.tokenValidityInMillisecondsForRememberMe);
                } else {
                    validity = new Date(now + this.tokenValidityInMilliseconds);
                }
            }
            return Jwts.builder().setSubject(authentication.getName()).claim(AUTHORITIES_KEY, authorities)
                .claim(AUTHENTICATED, authenticated).signWith(key, SignatureAlgorithm.HS512).setExpiration(validity)
                .compact();
        } catch (Exception e) {
            throw new RuntimeException(ctx + ": " + e.getMessage());
        }
    }

    /**
     * @param token
     * @return
     */
    public UsernamePasswordAuthenticationToken getAuthentication(String token) {
        Claims claims = jwtParser.parseClaimsJws(token).getBody();
        Collection<? extends GrantedAuthority> authorities = Arrays
            .stream(claims.get(AUTHORITIES_KEY).toString().split(","))
            .filter(auth -> !auth.trim().isEmpty())
            .map(SimpleGrantedAuthority::new)
            .collect(Collectors.toList());
        User principal = new User(claims.getSubject(), "", authorities);
        return new UsernamePasswordAuthenticationToken(principal, token, authorities);
    }

    public Boolean isAuthenticated(String token) {
        Claims claims = jwtParser.parseClaimsJws(token).getBody();
        return claims.get(AUTHENTICATED, Boolean.class);
    }

    public String getUserLoginFromToken(String token) {
        Claims claims = jwtParser.parseClaimsJws(token).getBody();
        return claims.getSubject();
    }

    public boolean validateToken(String authToken) {
        try {
            jwtParser.parseClaimsJws(authToken);
            return true;
        } catch (JwtException | IllegalArgumentException e) {
            log.info("Invalid JWT token.");
            log.trace("Invalid JWT token trace.", e);
        }
        return false;
    }

    public boolean canBypassTwoFactorAuth(HttpServletRequest request) {
        boolean tfaExemptionRequested = Boolean.parseBoolean(request.getHeader(Constants.TFA_EXEMPTION_HEADER));

        boolean forceTfaAuth = Boolean.parseBoolean(
                Optional.ofNullable(System.getenv(Constants.PROP_TFA_ENABLE)).orElse("true")
        );

        return tfaExemptionRequested || !forceTfaAuth;
    }


}