Added access token

Author: Justin Dahmubed

lib/src/main/java/com/auth0/jwt/creators/AccessJwtCreator.java

@@ -0,0 +1,237 @@
+package com.auth0.jwt.creators;
+
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.JWTCreationException;
+import com.auth0.jwt.impl.PublicClaims;
+import com.auth0.jwt.jwts.JWT;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * The AccessJwtCreator class holds the sign method to generate a complete Access JWT (with Signature) from a given Header and Payload content.
+ */
+public class AccessJwtCreator {
+
+    protected JWTCreator.Builder jwt;
+    protected HashMap<String, Boolean> addedClaims;
+    protected Set<String> publicClaims;
+
+    public AccessJwtCreator() {
+        jwt = JWT.create();
+        addedClaims = new HashMap<String, Boolean>() {{
+            put("Issuer", false);
+            put("Subject", false);
+            put("Iat", false);
+        }};
+        publicClaims = new HashSet<String>() {{
+            add(PublicClaims.ISSUER);
+            add(PublicClaims.SUBJECT);
+            add(PublicClaims.EXPIRES_AT);
+            add(PublicClaims.NOT_BEFORE);
+            add(PublicClaims.ISSUED_AT);
+            add(PublicClaims.JWT_ID);
+            add(PublicClaims.AUDIENCE);
+        }};
+    }
+
+    /**
+     * Add a specific Issuer ("issuer") claim to the Payload.
+     * Allows for multiple issuers
+     *
+     * @param issuer the Issuer value.
+     * @return this same Builder instance.
+     */
+    public AccessJwtCreator withIssuer(String... issuer) {
+        jwt.withIssuer(issuer);
+        addedClaims.put("Issuer", true);
+        return this;
+    }
+
+    /**
+     * Add a specific Subject ("subject") claim to the Payload.
+     * Allows for multiple subjects
+     *
+     * @param subject the Subject value.
+     * @return this same Builder instance.
+     */
+    public AccessJwtCreator withSubject(String... subject) {
+        jwt.withSubject(subject);
+        addedClaims.put("Subject", true);
+        return this;
+    }
+
+    /**
+     * Add a specific Audience ("audience") claim to the Payload.
+     * Allows for multiple audience
+     *
+     * @param audience the Audience value.
+     * @return this same Builder instance.
+     */
+    public AccessJwtCreator withAudience(String... audience) {
+        jwt.withAudience(audience);
+        return this;
+    }
+
+    /**
+     * Add a specific Issued At ("iat") claim to the Payload.
+     *
+     * @param iat the Issued At value.
+     * @return this same Builder instance.
+     */
+    public AccessJwtCreator withIat(Date iat) {
+        jwt.withIssuedAt(iat);
+        addedClaims.put("Iat", true);
+        return this;
+    }
+
+    /**
+     * Add a specific Expires At ("exp") claim to the Payload.
+     *
+     * @param exp the Expires At value.
+     * @return this same Builder instance.
+     */
+    public AccessJwtCreator withExp(Date exp) {
+        jwt.withExpiresAt(exp);
+        return this;
+    }
+
+    /**
+     * Require a specific Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Verification instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public AccessJwtCreator withNonStandardClaim(String name, String value) {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public AccessJwtCreator withNonStandardClaim(String name, Boolean value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public AccessJwtCreator withNonStandardClaim(String name, Integer value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public AccessJwtCreator withNonStandardClaim(String name, Long value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public AccessJwtCreator withNonStandardClaim(String name, Double value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public AccessJwtCreator withNonStandardClaim(String name, Date value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Require a specific Array Claim to contain at least the given items.
+     *
+     * @param name  the Claim's name.
+     * @param items the items the Claim must contain.
+     * @return this same Verification instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public AccessJwtCreator withArrayClaim(String name, String... items) throws IllegalArgumentException {
+        jwt.withArrayClaim(name, items);
+        if(publicClaims.contains(name))
+            addedClaims.put(name, true);
+        return this;
+    }
+
+    /**
+     * Developer explicitly specifies whether they want to accept
+     * NONE algorithms or not.
+     *
+     * @param isNoneAlgorithmAllowed
+     * @return
+     */
+    public AccessJwtCreator setIsNoneAlgorithmAllowed(boolean isNoneAlgorithmAllowed) {
+        jwt.setIsNoneAlgorithmAllowed(isNoneAlgorithmAllowed);
+        return this;
+    }
+
+    /**
+     * Creates a new JWT and signs it with the given algorithm.
+     *
+     * @param algorithm used to sign the JWT
+     * @return a new JWT token
+     * @throws IllegalAccessException   if the developer didn't want NONE algorithm to be allowed and it was passed in
+     * @throws IllegalArgumentException if the provided algorithm is null.
+     * @throws JWTCreationException     if the claims could not be converted to a valid JSON or there was a problem with the signing key.
+     */
+    public String sign(Algorithm algorithm) throws Exception {
+        if(!jwt.getIsNoneAlgorithmAllowed() && algorithm.equals(Algorithm.none())) {
+            throw new IllegalAccessException("None algorithm isn't allowed");
+        }
+        String JWS = jwt.sign(algorithm);
+        verifyClaims();
+        return JWS;
+    }
+
+    /**
+     * Verifies that all the standard claims were provided
+     * @throws Exception if all the standard claims weren't provided
+     */
+    private void verifyClaims() throws Exception {
+        for(String claim : addedClaims.keySet())
+            if(!addedClaims.get(claim))
+                throw new Exception("Standard claim: " + claim + " has not been set");
+    }
+
+    public static AccessJwtCreator build() {
+        return new AccessJwtCreator();
+    }
+}

lib/src/main/java/com/auth0/jwt/interfaces/GoogleVerification.java

@@ -14,7 +14,7 @@ Verification createVerifierForGoogle(String picture, String email, List<String>
 
     GoogleVerification withName(String name);
 
-     Verification createVerifierForExtended(String picture, String email, List<String> issuer,
+    Verification createVerifierForExtended(String picture, String email, List<String> issuer,
                                            List<String> audience, String name, long nbf, long expLeeway, long iatLeeway);
 
 }

lib/src/main/java/com/auth0/jwt/interfaces/Verification.java

@@ -52,5 +52,8 @@ Verification createVerifierForImplicit(List<String> issuer,
 
     Verification withAppId(String appId);
 
+    Verification createVerifierForAccess(List<String> issuer,
+                                         List<String> audience, long expLeeway, long iatLeeway);
+
     JWT build();
 }

lib/src/main/java/com/auth0/jwt/jwts/AccessJWT.java

@@ -0,0 +1,73 @@
+package com.auth0.jwt.jwts;
+
+import com.auth0.jwt.ClockImpl;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.interfaces.Clock;
+import com.auth0.jwt.interfaces.Verification;
+
+import java.util.List;
+
+public class AccessJWT extends JWT.BaseVerification implements Verification {
+
+    AccessJWT(Algorithm algorithm) throws IllegalArgumentException {
+        super(algorithm);
+    }
+
+    /**
+     * Create Verification object for verification purposes
+     * @param issuer
+     * @param audience
+     * @param expLeeway
+     * @param iatLeeway
+     * @return
+     */
+    public Verification createVerifierForAccess(List<String> issuer,
+                                                List<String> audience, long expLeeway, long iatLeeway) {
+        return withIssuer(issuer.toArray(new String[issuer.size()])).withAudience(audience.toArray(new String[audience.size()]))
+                .acceptExpiresAt(expLeeway).acceptIssuedAt(iatLeeway);
+    }
+
+    /**
+     * Returns a {Verification} to be used to validate token signature.
+     *
+     * @param algorithm that will be used to verify the token's signature.
+     * @return Verification
+     * @throws IllegalArgumentException if the provided algorithm is null.
+     */
+    public static Verification require(Algorithm algorithm) {
+        return AccessJWT.init(algorithm);
+    }
+
+    /**
+     * Initialize a Verification instance using the given Algorithm.
+     *
+     * @param algorithm the Algorithm to use on the JWT verification.
+     * @return a AccessJWT instance to configure.
+     * @throws IllegalArgumentException if the provided algorithm is null.
+     */
+    static Verification init(Algorithm algorithm) throws IllegalArgumentException {
+        return new AccessJWT(algorithm);
+    }
+
+    /**
+     * Creates a new and reusable instance of the JWT with the configuration already provided.
+     *
+     * @return a new JWT instance.
+     */
+    @Override
+    public JWT build() {
+        return this.build(new ClockImpl());
+    }
+
+    /**
+     * Creates a new and reusable instance of the JWT the configuration already provided.
+     * ONLY FOR TEST PURPOSES.
+     *
+     * @param clock the instance that will handle the current time.
+     * @return a new JWT instance with a custom Clock.
+     */
+    public JWT build(Clock clock) {
+        addLeewayToDateClaims();
+        return new JWT(algorithm, claims, clock);
+    }
+}

lib/src/main/java/com/auth0/jwt/jwts/JWT.java

@@ -127,6 +127,11 @@ public Verification withAppId(String appId) {
             throw new UnsupportedOperationException("you shouldn't be calling this method");
         }
 
+        @Override
+        public Verification createVerifierForAccess(List<String> issuer, List<String> audience, long expLeeway, long iatLeeway) {
+            throw new UnsupportedOperationException("you shouldn't be calling this method");
+        }
+
         /**
          * Require a specific Issuer ("iss") claim.
          * Allows for multiple issuers

lib/src/test/java/com/auth0/jwt/JWTTest.java

@@ -54,6 +54,13 @@ public void testCreateVerifierForFB() {
         JWT.require(Algorithm.none()).createVerifierForFb(null, null);
     }
 
+    @Test
+    public void testCreateVerifierForAccess() {
+        thrown.expect(UnsupportedOperationException.class);
+        thrown.expectMessage("you shouldn't be calling this method");
+        JWT.require(Algorithm.none()).createVerifierForAccess(null, null, 5, 5);
+    }
+
     @Test
     public void testWithUserId() {
         thrown.expect(UnsupportedOperationException.class);