1 /*
2 * Copyright (c) 2002-2021, City of Paris
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice
10 * and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright notice
13 * and the following disclaimer in the documentation and/or other materials
14 * provided with the distribution.
15 *
16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 *
32 * License 1.0
33 */
34 package fr.paris.lutece.util.signrequest;
35
36 import java.security.KeyPair;
37 import java.util.List;
38 import java.util.Map;
39
40 import javax.servlet.http.HttpServletRequest;
41
42 import fr.paris.lutece.util.jwt.service.JWTUtil;
43
44 public abstract class AbstractJWTRSAAuthenticator extends AbstractJWTAuthenticator
45 {
46 private String _strEncryptionAlgorythmName;
47 private final String DEFAULT_ENC_ALGO_NAME = "RS256";
48
49 /**
50 * Constructor
51 *
52 * @param mapClaimsToCheck
53 * The map of claims key/values to check in the JWT
54 * @param strJWTHttpHeader
55 * The name of the header which contains the JWT
56 * @param lValidityPeriod
57 * The validity period
58 * @param strEncryptionAlgorythmName
59 * The name of the algorithm.
60 */
61 public AbstractJWTRSAAuthenticator( Map<String, String> mapClaimsToCheck, String strJWTHttpHeader, long lValidityPeriod, String strEncryptionAlgorythmName )
62 {
63 super( mapClaimsToCheck, strJWTHttpHeader, lValidityPeriod );
64 _strEncryptionAlgorythmName = strEncryptionAlgorythmName;
65
66 if ( _strEncryptionAlgorythmName == null )
67 {
68 _strEncryptionAlgorythmName = DEFAULT_ENC_ALGO_NAME;
69 }
70 }
71
72 /**
73 * {@inheritDoc }
74 */
75 @Override
76 public boolean isRequestAuthenticated( HttpServletRequest request )
77 {
78 boolean isAuthenticated = super.isRequestAuthenticated( request );
79
80 if ( isAuthenticated )
81 {
82 return JWTUtil.checkSignature( request, _strJWTHttpHeader, getKeyPair( ).getPublic( ) );
83 }
84 return false;
85 }
86
87 /**
88 * {@inheritDoc }
89 */
90 @Override
91 public AuthenticateRequestInformations getSecurityInformations( List<String> elements )
92 {
93 return new AuthenticateRequestInformations().addSecurityHeader(_strJWTHttpHeader,JWTUtil.buildBase64JWT( _mapClaimsToCheck, getExpirationDate( ), _strEncryptionAlgorythmName, getKeyPair( ).getPublic( )));
94
95 }
96
97 /**
98 * Get the RSA public/private key pair
99 *
100 * @return the RSA public/private key pair
101 */
102 protected abstract KeyPair getKeyPair( );
103
104 }