Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-18 11:11:07 +01:00
Code Issues Packages Projects Releases Activity
Files
a2c9ed67a3c1a2833bc839b5a58e7eb9c67022c3
SCM-Manager/scm-webapp/src/main/java/sonia/scm/security/SecureKeyResolver.java
Thomas Zerr a2c9ed67a3 User jwt sessions can now be endless 
Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: tzerr <thomas.zerr@cloudogu.com>

Reviewed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
2023-07-27 13:03:35 +02:00

175 lines
4.9 KiB
Java
Raw Blame History

/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SigningKeyResolverAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.lifecycle.jwt.JwtSettings;
import sonia.scm.lifecycle.jwt.JwtSettingsStore;
import sonia.scm.store.ConfigurationEntryStore;
import sonia.scm.store.ConfigurationEntryStoreFactory;
import static com.google.common.base.Preconditions.*;
//~--- JDK imports ------------------------------------------------------------
import java.security.SecureRandom;
import java.util.Random;
import javax.inject.Inject;
import javax.inject.Singleton;
/**
* Resolve secure keys which can be used for signing token and messages.
*
* @author Sebastian Sdorra
* @since 2.0.0
*/
@Singleton
public class SecureKeyResolver extends SigningKeyResolverAdapter
{
/** key length */
private static final int KEY_LENGTH = 64;
/** name of the configuration store */
@VisibleForTesting
static final String STORE_NAME = "keys";
/**
* the logger for SecureKeyResolver
*/
private static final Logger logger =
LoggerFactory.getLogger(SecureKeyResolver.class);
//~--- constructors ---------------------------------------------------------
/**
* Constructs a new SecureKeyResolver
*
*
* @param storeFactory store factory
*/
@Inject
@SuppressWarnings("unchecked")
public SecureKeyResolver(ConfigurationEntryStoreFactory storeFactory, JwtSettingsStore jwtSettingsStore) {
this(storeFactory, jwtSettingsStore, new SecureRandom());
}
SecureKeyResolver(ConfigurationEntryStoreFactory storeFactory, JwtSettingsStore jwtSettingsStore, Random random)
{
store = storeFactory
.withType(SecureKey.class)
.withName(STORE_NAME)
.build();
this.jwtSettingsStore = jwtSettingsStore;
this.random = random;
}
//~--- methods --------------------------------------------------------------
/**
* {@inheritDoc}
*/
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims)
{
checkNotNull(claims, "claims is required");
String subject = claims.getSubject();
checkArgument(!Strings.isNullOrEmpty(subject), "subject is required");
return getSecureKey(subject).getBytes();
}
//~--- get methods ----------------------------------------------------------
/**
* Returns the secure key for the given subject, if there is no key for the
* subject a new key is generated.
*
* @param subject subject
*
* @return secure key
*/
public SecureKey getSecureKey(String subject)
{
SecureKey key = store.get(subject);
if (key == null || isKeyExpired(key))
{
logger.trace("create new key for subject");
key = createNewKey();
store.put(subject, key);
}
return key;
}
private boolean isKeyExpired(SecureKey key) {
JwtSettings settings = jwtSettingsStore.get();
return key.getCreationDate() < settings.getKeysValidAfterTimestampInMs();
}
//~--- methods --------------------------------------------------------------
/**
* Creates a new secure key.
*
*
* @return new secure key
*/
private SecureKey createNewKey()
{
byte[] bytes = new byte[KEY_LENGTH];
random.nextBytes(bytes);
return new SecureKey(bytes, System.currentTimeMillis());
}
//~--- fields ---------------------------------------------------------------
/** secure randon */
private final Random random;
/** configuration entry store */
private final ConfigurationEntryStore<SecureKey> store;
private final JwtSettingsStore jwtSettingsStore;
}
Reference in New Issue View Git Blame Copy Permalink