pass jwt token

shared/src/main/java/org/pac4j/lagom/jwt/JwtAuthenticatorHelper.java

@@ -34,7 +34,7 @@
  */
 public final class JwtAuthenticatorHelper {
 
-    private static SignatureConfiguration parseSignature(Config conf) throws ParseException, JOSEException {
+    public static SignatureConfiguration parseSignature(Config conf) throws ParseException, JOSEException {
         if (!conf.hasPath("jwk")) return null;
         AbstractSignatureConfiguration signature = null;
         JWK jwk = JWK.parse(conf.getConfig("jwk").root().render(ConfigRenderOptions.concise()));
@@ -51,7 +51,7 @@ private static SignatureConfiguration parseSignature(Config conf) throws ParseEx
         return signature;
     }
 
-    private static EncryptionConfiguration parseEncryption(Config conf) throws ParseException, JOSEException {
+    public static EncryptionConfiguration parseEncryption(Config conf) throws ParseException, JOSEException {
         if (!conf.hasPath("jwk")) return null;
         AbstractEncryptionConfiguration encryption = null;
         JWK jwk = JWK.parse(conf.getConfig("jwk").root().render(ConfigRenderOptions.concise()));

shared/src/main/java/org/pac4j/lagom/jwt/JwtGenerationException.java

@@ -0,0 +1,11 @@
+package org.pac4j.lagom.jwt;
+
+/**
+ * @author Irina Lebedeva.
+ */
+public class JwtGenerationException extends RuntimeException {
+
+    public JwtGenerationException(String message) {
+        super(message);
+    }
+}

shared/src/main/java/org/pac4j/lagom/jwt/JwtHeaderHandlerHelper.java

@@ -0,0 +1,89 @@
+package org.pac4j.lagom.jwt;
+
+import com.lightbend.lagom.javadsl.api.transport.RequestHeader;
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.PlainJWT;
+import com.typesafe.config.Config;
+import org.pac4j.jwt.config.encryption.EncryptionConfiguration;
+import org.pac4j.jwt.config.signature.SignatureConfiguration;
+
+import javax.inject.Inject;
+import java.text.ParseException;
+import java.util.Date;
+import java.util.Map;
+import java.util.function.Function;
+
+import static org.apache.commons.lang3.StringUtils.join;
+import static org.pac4j.core.context.HttpConstants.AUTHORIZATION_HEADER;
+import static org.pac4j.core.context.HttpConstants.BEARER_HEADER_PREFIX;
+import static org.pac4j.lagom.jwt.JwtAuthenticatorHelper.parseEncryption;
+import static org.pac4j.lagom.jwt.JwtAuthenticatorHelper.parseSignature;
+
+/**
+ * @author Irina Lebedeva.
+ */
+@SuppressWarnings("PMD.TooManyStaticImports")
+public class JwtHeaderHandlerHelper {
+
+    private Config config;
+
+    @Inject
+    public JwtHeaderHandlerHelper(Config config) {
+        this.config = config;
+    }
+
+    public String generate(Map<String, Object> claims) {
+        try {
+            JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
+            claims.forEach(builder::claim);
+
+            if (config.hasPath("life-in-millis")) {
+                builder.expirationTime(new Date(System.currentTimeMillis() + config.getLong("life-in-millis")));
+            }
+
+            return internalGenerate(builder.build());
+        } catch (ParseException | JOSEException e) {
+            throw new JwtGenerationException("Exception while parsing jwk");
+        }
+    }
+
+    private String internalGenerate(JWTClaimsSet claimsSet) throws ParseException, JOSEException {
+        SignatureConfiguration signatureConfiguration = null;
+        EncryptionConfiguration encryptionConfiguration = null;
+        if (config.hasPath("private-key")) {
+            Config privateKeyConf = config.getConfig("private-key");
+            signatureConfiguration = parseSignature(privateKeyConf);
+        }
+        if (config.hasPath("encryption")) {
+            Config encryptionConf = config.getConfig("encryption");
+            encryptionConfiguration = parseEncryption(encryptionConf);
+        }
+        JWT jwt;
+        if (signatureConfiguration == null) {
+            jwt = new PlainJWT(claimsSet);
+        } else {
+            jwt = signatureConfiguration.sign(claimsSet);
+        }
+        return encryptionConfiguration != null ? encryptionConfiguration.encrypt(jwt) : jwt.serialize();
+    }
+
+    /**
+     * Генерация заголовка с хедером авторизации.
+     * @param jwt jwt токен
+     * @return {@link Function}
+     */
+    public static Function<RequestHeader, RequestHeader> buildJwtHeader(String jwt) {
+        return header -> header.withHeader(AUTHORIZATION_HEADER, join(BEARER_HEADER_PREFIX, jwt));
+    }
+
+    /**
+     * Генерация заголовка с хедером авторизации.
+     * @param claims параметры для заполнения токена
+     * @return {@link Function}
+     */
+    public Function<RequestHeader, RequestHeader> buildJwtHeader(Map<String, Object> claims) {
+        return header -> header.withHeader(AUTHORIZATION_HEADER, join(BEARER_HEADER_PREFIX, generate(claims)));
+    }
+}

shared/src/test/java/org/pac4j/lagom/javadsl/test/HeaderJwtClientTest.java

@@ -1,12 +1,19 @@
 package org.pac4j.lagom.javadsl.test;
 
 import com.lightbend.lagom.javadsl.testkit.ServiceTest;
+import com.typesafe.config.Config;
+import com.typesafe.config.ConfigFactory;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.pac4j.lagom.javadsl.TestService;
+import org.pac4j.lagom.jwt.JwtHeaderHandlerHelper;
+import org.pcollections.HashTreePMap;
 
+import java.util.Date;
+import java.util.Map;
+import java.util.UUID;
 import java.util.concurrent.ExecutionException;
 
 import static com.lightbend.lagom.javadsl.testkit.ServiceTest.defaultSetup;
@@ -99,4 +106,31 @@ void testJwtECEncryption() throws ExecutionException, InterruptedException {
         assertThat(result).isEqualTo("Alice");
     }
 
+    @Test
+    @DisplayName("authenticate by JWT with RSA signature passing jwt by JwtHeaderHandlerHelper")
+    void testJwtRsaGeneration() throws ExecutionException, InterruptedException {
+        String jwt = "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.ZtHvEPrARdBqYUIYHtK8KGrAU9-Fc6G3r5VJOTow2Rdg5e7jqjJD0TJrcH9VMNELunEB4ldWOc8ynx1eflU8kMAOG6nk95YxEFeNh2erZobQ1GHTxJIgAo6Kq4nvTA_B8EzZWZ_xK9s4nD9Cs048-WsmQ0x6D7Sfh15aeDiT0hu962u5Q5lVxk4IjoGIHH6mRJmLioafBf_B6rEniLgYQ604uCh-AZv31VimFfNT8SS64sbSfAumUYv82yujY1CS8fWG4fQtwTWdtxCW8Odey9t8_Po96H59pgNoQasX_vIqPNfQDeEjm-l4eQWh7g-zAOqU27CPTyypOiuPayOUSg.dFG4GHhr2Pwdf3-l.rM8Fj80yrDRvPyawHzrCg4C6tkklcTOfhYreFriJSBFmrlm2xDCdWuguiKL5MYXIhkW2aHQcah0goh1Twmtpydzv69H1G-YvJF29neSCZ75HsdSw0pEWZ1rDWvksZgLs-kFt8pQcJ08HaZmIbLKX6-c8IYLIvIlFYH4.CQHTjX-wk-XMWQhPnB2WVA";
+        String result = service.headerJwtAuthenticate()
+            .handleRequestHeader(JwtHeaderHandlerHelper.buildJwtHeader(jwt))
+            .invoke().toCompletableFuture().get();
+        assertThat(result).isEqualTo("Alice");
+    }
+
+    @Test
+    @DisplayName("authenticate by JWT with RSA signature generated")
+    void testJwtRsaGenerationWithClaims() throws ExecutionException, InterruptedException {
+        com.typesafe.config.Config config = ConfigFactory.load("application.conf");
+        Config genConfig = config.getConfig("pac4j.lagom.jwt.generator");
+        JwtHeaderHandlerHelper helper = new JwtHeaderHandlerHelper(genConfig);
+        Map<String, Object> claims = HashTreePMap.<String, Object>empty()
+            .plus("sub", "Alice")
+            .plus("iss", "https://pac4j.org")
+            .plus("jti", UUID.randomUUID().toString())
+            .plus("iat", new Date());
+        String result = service.headerJwtAuthenticate()
+            .handleRequestHeader(helper.buildJwtHeader(claims))
+            .invoke().toCompletableFuture().get();
+        assertThat(result).isEqualTo("Alice");
+    }
+
 }

shared/src/test/resources/application.conf

@@ -13,6 +13,10 @@ pac4j.lagom.jwt.authenticator {
     {
       algorithm = "ES256"
       jwk = {"kty":"EC","crv":"P-256","x":"8FGKDk1_pp0GvrL6zKvYSpKUnI-3Z6_peJzK9PT5DtQ","y":"xAYLPsEpALre9wZdubuIaJ3F8zDACd97cOKUsB1Aqw8"}
+    },
+    {
+      algorithm = "RS256"
+      jwk = {"kty":"RSA","e":"AQAB","use":"sig","kid":"e1e492b7-70de-4e11-bc39-6f5a03147d87","alg":"RS256","n":"nkNMmvQNrF-sPpWdWEamFrgov1yWmxn-W1bhRQ4TbwStN0ntrQNwnuDT3sZnQurfqTb6cHNes71l6zBkOJjirgNS9--hzISVvWYYS1pB6_OSPFqVT0Pbr87F2T4uX8wcEnlxYeOrutTf5jhHn-3hxiG0unrj4k6GVY2_IXhzguritY8aSL46XfGgiwIFQ8ajqhk7N2Eo8qoGlKIEPxqc7ycWF4GSNcpjBlGRdDY9XCEtqdeW7nbiSE1olFrwoknAljUmJwKmFkfF73vdlhvgO1RgL_RevFkvCeoxiqhfgNTwW3DhRybyscct_WD2p8K6gBRTuMWHCWIiRwpgvEMDIw"}
     }
   ]
   encryptions = [
@@ -32,4 +36,31 @@ pac4j.lagom.jwt.authenticator {
       jwk = {"kty":"EC","d":"wg0N5aILmjO2XE9yZ0q5YkbqKhh1PJtQUck3yL75yfg","crv":"P-256","x":"8FGKDk1_pp0GvrL6zKvYSpKUnI-3Z6_peJzK9PT5DtQ","y":"xAYLPsEpALre9wZdubuIaJ3F8zDACd97cOKUsB1Aqw8"}
     }
   ]
+}
+
+pac4j.lagom.jwt.generator {
+  private-key {
+    life-in-millis = 120000
+    algorithm = "RS256"
+    jwk =
+    {
+      "p": "4D3EMrvyIITTEk1E0tNQD846SuwiRrQClXfSXE-UhHp1AJtv18IQmex30l3OYV81osz-uK31vBEU_Qs8BvuULciDzd_JVZUS0nSqk245wIxCZvzPKGZYy3XsOBpsht4peSvsyeubmK4FFSqa4anW1mnO3FlRlABckVe1qU5uDYk",
+      "kty": "RSA",
+      "q": "tK1g8Fk0ftFkvtOZRUBhqatbjwm0B26RRm-NCVy7vsnRzntEX0Ni7GhtJmFkw6JJ7-G7QwAoYekvtVJTp5CiXGKTeTz7hTZRZ-GVp3iaWy-zzrCgW24skvApqttWxgHhZhx2gdbxiqftAAHCFNqgzlu01cP6aiTiG_AumhNFrEs",
+      "d": "Ss2EZ7jyvYZ64xnUROUfm51vpQMeLDEdCA8Iaps8lDyhooBO1nfJw06A1crxA7AABvr1ZDEjkdDzWzaEKDwa6CSqEoYw83m3TM30raj7f4qgk-Y8rDpmm7If0Y6SXLUcj57W-G2jvargKPBw6iaFkCBeS8XJ8C0tUUKuFCPadQXQvttW_AusOvqYDpLsiM1Z45Q1Y8U9pxzTDxFt4fPCbgGTjc2CTFbB-RpbEzNjT3MSzZ4wwzkxj7COb1ei5Mwv7HEx-qU6cSsb0FFfk3lYZtsbPJWO4gQ7mTO_8KBVLapUZ60D_qi0WbNfB2vcpNHYc1XpDJNlIG-h3Pcm6KbR",
+      "e": "AQAB",
+      "use": "sig",
+      "kid": "e1e492b7-70de-4e11-bc39-6f5a03147d87",
+      "qi": "moIhg6Jdt8w6Pri_zrD5Y9HQ-llVgB2VlIGob_qEYcN4ldljEqCmKnxHXxcpi7COUSrxGvNiAoPGIt-vCn2hNUHTn30dKJ5rMNzVW-PC5csy0xqoPqxT5Qz1fWpFlqPK-HJtQZJ1Q_CEsLEF9jp2Nioa7HbSC48nBSpQFh6S1jI",
+      "dp": "n5HUh_XOeu2J9cAedZgBpP2v5ZjbW0zFee9mNmI64Xryv5fcosBqZ94p9fzi28-Qr2UI7gp8j3PoZ5kTAjUMYPgLMvlIoCoQ1spGh9ssJaSpq_fCwpDyJvanPdUv3VlCUgO74IRUmPVckI9c37CoPLPWjF7S-mq3dIXhs7UoA2E",
+      "alg": "RS256",
+      "dq": "o65en99wu2MfjfFMbXyB_aAL9m2n9wOoANOWReEJBTL5K8JokpUNzXZdS-P30XP436T0bSJ7cxg57F6FAsz5ChET4UXp5yjqXt3zIiEUVX_FuX4yCCKrpwKD_RFwbznM5SDsC3yani67esIc_Z-DBu_1x6Mf_YEkhoL09Qh4mjk",
+      "n": "nkNMmvQNrF-sPpWdWEamFrgov1yWmxn-W1bhRQ4TbwStN0ntrQNwnuDT3sZnQurfqTb6cHNes71l6zBkOJjirgNS9--hzISVvWYYS1pB6_OSPFqVT0Pbr87F2T4uX8wcEnlxYeOrutTf5jhHn-3hxiG0unrj4k6GVY2_IXhzguritY8aSL46XfGgiwIFQ8ajqhk7N2Eo8qoGlKIEPxqc7ycWF4GSNcpjBlGRdDY9XCEtqdeW7nbiSE1olFrwoknAljUmJwKmFkfF73vdlhvgO1RgL_RevFkvCeoxiqhfgNTwW3DhRybyscct_WD2p8K6gBRTuMWHCWIiRwpgvEMDIw"
+    }
+  }
+}
+
+authorization {
+  enabled = true
+  client-ids = ["digital-suite", "suz-web-app"]
 }