Created JWT standalone java demo

Author: jveverka

build.gradle

@@ -24,6 +24,12 @@ project(':rxjava-demo') {}
 project(':elastic-demo') {}
 project(':rabbitmq-demo') {}
 project(':google-apis') {}
-project(':jce-demo') {}
 project(':jackson-fasterxml-demo') {}
 project(':cached-model-demo') {}
+
+project(':jce-demo') {}
+project(':jwt-demo') {
+    dependencies {
+        implementation project(":jce-demo");
+    }
+}

jwt-demo/.gitignore

@@ -0,0 +1,12 @@
+.gradle
+.settings
+bin
+out
+build
+build_gradle
+target
+.classpath
+.project
+.idea
+*.iml
+

jwt-demo/README.md

@@ -0,0 +1,3 @@
+# JWT -demo
+
+Issue and validate JWT using [nimbus-jose-jwt](https://connect2id.com/products/nimbus-jose-jwt) java library.

jwt-demo/build.gradle

@@ -0,0 +1,29 @@
+
+apply plugin: 'java'
+apply plugin: 'maven'
+apply plugin: 'maven-publish'
+
+sourceCompatibility = 11
+targetCompatibility = 11
+        
+repositories {
+   mavenCentral()
+   mavenLocal()
+}
+
+dependencies {
+   implementation 'org.slf4j:slf4j-api:1.7.30'
+   implementation 'org.slf4j:slf4j-simple:1.7.30'
+   implementation 'org.bouncycastle:bcpg-jdk15on:1.65'
+   implementation 'org.bouncycastle:bcpkix-jdk15on:1.65'
+   implementation 'com.nimbusds:nimbus-jose-jwt:8.9'
+   testImplementation 'org.junit.jupiter:junit-jupiter:5.6.2'
+}
+
+test {
+   useJUnitPlatform()
+   testLogging {
+      events "passed", "skipped", "failed"
+   }
+}
+

jwt-demo/src/main/java/itx/examples/jwt/JWTUtils.java

@@ -0,0 +1,48 @@
+package itx.examples.jwt;
+
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JOSEObjectType;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.Payload;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jose.crypto.RSASSAVerifier;
+import com.nimbusds.jwt.SignedJWT;
+import net.minidev.json.JSONObject;
+
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
+import java.util.Date;
+
+public class JWTUtils {
+
+    private JWTUtils()  {
+    }
+
+    public static JWToken issue(String subject, String keyId, PrivateKey privateKey, Long expires) throws JOSEException {
+
+        JSONObject payload = new JSONObject();
+        JWSHeader header = new JWSHeader(JWSAlgorithm.RS256, JOSEObjectType.JWT, null, null, null, null, null, null, null, null, keyId, null, null);
+        payload.put("sub", subject);
+        payload.put("exp", expires);
+        JWSObject jwsObject = new JWSObject(header, new Payload(payload));
+        jwsObject.sign(new RSASSASigner(privateKey));
+        return new JWToken(jwsObject.serialize());
+    }
+
+    public static boolean validate(JWToken jwToken, String subject, String keyId, X509Certificate certificate) throws ParseException, JOSEException {
+        RSASSAVerifier verifier = new RSASSAVerifier((RSAPublicKey)certificate.getPublicKey());
+        SignedJWT signedJWT = SignedJWT.parse(jwToken.getToken());
+        boolean verified = signedJWT.verify(verifier);
+        String sub = signedJWT.getJWTClaimsSet().getSubject();
+        String kid = signedJWT.getHeader().getKeyID();
+        Date expires = signedJWT.getJWTClaimsSet().getExpirationTime();
+        Date nowDate = new Date();
+        boolean expired = nowDate.getTime() > expires.getTime();
+        return verified && subject.equals(sub) && keyId.equals(kid) && !expired;
+    }
+
+}

jwt-demo/src/main/java/itx/examples/jwt/JWToken.java

@@ -0,0 +1,15 @@
+package itx.examples.jwt;
+
+public class JWToken {
+
+    private final String token;
+
+    public JWToken(String token) {
+        this.token = token;
+    }
+
+    public String getToken() {
+        return token;
+    }
+
+}

jwt-demo/src/test/java/itx/examples/jwt/tests/JWTTests.java

@@ -0,0 +1,80 @@
+package itx.examples.jwt.tests;
+
+import com.nimbusds.jose.JOSEException;
+import itx.examples.jce.JCEUtils;
+import itx.examples.jce.KeyPairHolder;
+import itx.examples.jce.PKIException;
+import itx.examples.jwt.JWTUtils;
+import itx.examples.jwt.JWToken;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+
+import java.security.Security;
+import java.text.ParseException;
+import java.time.Instant;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+public class JWTTests {
+
+    private static Map<String, KeyPairHolder> keyCache;
+    private static JWToken validJWToken;
+
+    @BeforeAll
+    public static void init() throws PKIException {
+        Security.addProvider(new BouncyCastleProvider());
+        keyCache = new HashMap<>();
+        keyCache.put("key-001", JCEUtils.generateSelfSignedKeyPairHolder("issuer", new Date(), 1L, TimeUnit.HOURS));
+        keyCache.put("key-002", JCEUtils.generateSelfSignedKeyPairHolder("issuer", new Date(), 1L, TimeUnit.HOURS));
+    }
+
+    @Test
+    @Order(1)
+    public void issueValidToken() throws JOSEException {
+        KeyPairHolder keyPairHolder = keyCache.get("key-001");
+        Long expires = Instant.now().getEpochSecond() + 3600L;
+        validJWToken = JWTUtils.issue("user", "key-001", keyPairHolder.getPrivateKey(), expires);
+        assertNotNull(validJWToken);
+        assertNotNull(validJWToken.getToken());
+    }
+
+    @Test
+    @Order(2)
+    public void validateValidToken() throws ParseException, JOSEException {
+        KeyPairHolder keyPairHolder = keyCache.get("key-001");
+        boolean result = JWTUtils.validate(validJWToken, "user", "key-001", keyPairHolder.getCertificate());
+        assertTrue(result);
+    }
+
+    @Test
+    @Order(3)
+    public void validateValidTokenUsingIncorrectCertificate() throws ParseException, JOSEException {
+        KeyPairHolder keyPairHolder = keyCache.get("key-002");
+        boolean result = JWTUtils.validate(validJWToken, "user", "key-002", keyPairHolder.getCertificate());
+        assertFalse(result);
+    }
+
+    @Test
+    @Order(4)
+    public void issueAndTestExpiredToken() throws ParseException, JOSEException {
+        KeyPairHolder keyPairHolder = keyCache.get("key-001");
+        Long expires = Instant.now().getEpochSecond() - 3600L;
+        validJWToken = JWTUtils.issue("user", "key-001", keyPairHolder.getPrivateKey(), expires);
+        assertNotNull(validJWToken);
+        assertNotNull(validJWToken.getToken());
+        boolean result = JWTUtils.validate(validJWToken, "user", "key-001", keyPairHolder.getCertificate());
+        assertFalse(result);
+    }
+
+}

settings.gradle

@@ -62,4 +62,6 @@ project(":rmq-data-client").projectDir = new File("rabbitmq-demo/rmq-data-client
 include "google-apis"
 include "jce-demo"
 include "jackson-fasterxml-demo"
-include "cached-model-demo"
+include "cached-model-demo"
+
+include "jwt-demo"