Added Risc token

Justin Dahmubed · Justin Dahmubed · commit 085a46f986dc · 2017-11-20T16:17:22.000-08:00
diff --git a/lib/src/main/java/com/auth0/jwt/creators/RiscJwtCreator.java b/lib/src/main/java/com/auth0/jwt/creators/RiscJwtCreator.java
@@ -0,0 +1,262 @@
+package com.auth0.jwt.creators;
+
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.JWTCreationException;
+import com.auth0.jwt.impl.PublicClaims;
+import com.auth0.jwt.interfaces.Verification;
+import com.auth0.jwt.jwts.JWT;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * The RiscJwtCreator class holds the sign method to generate a complete Risc JWT (with Signature) from a given Header and Payload content.
+ */
+public class RiscJwtCreator {
+
+    protected JWTCreator.Builder jwt;
+    protected HashMap<String, Boolean> addedClaims;
+    protected Set<String> publicClaims;
+
+    public RiscJwtCreator() {
+        jwt = JWT.create();
+        addedClaims = new HashMap<String, Boolean>() {{
+            put("Jti", false);
+            put("Issuer", false);
+            put("Subject", false);
+            put("Iat", false);
+        }};
+        publicClaims = new HashSet<String>() {{
+            add(PublicClaims.ISSUER);
+            add(PublicClaims.SUBJECT);
+            add(PublicClaims.EXPIRES_AT);
+            add(PublicClaims.NOT_BEFORE);
+            add(PublicClaims.ISSUED_AT);
+            add(PublicClaims.JWT_ID);
+            add(PublicClaims.AUDIENCE);
+        }};
+    }
+
+    /**
+     * Require a specific JWT Id ("jti") claim.
+     *
+     * @param jwtId the required Id value
+     * @return this same Verification instance.
+     */
+    public RiscJwtCreator withJWTId(String jwtId) {
+        jwt.withJWTId(jwtId);
+        addedClaims.put("Jti", true);
+        return this;
+    }
+
+    /**
+     * Add a specific Issuer ("issuer") claim to the Payload.
+     * Allows for multiple issuers
+     *
+     * @param issuer the Issuer value.
+     * @return this same Builder instance.
+     */
+    public RiscJwtCreator withIssuer(String... issuer) {
+        jwt.withIssuer(issuer);
+        addedClaims.put("Issuer", true);
+        return this;
+    }
+
+    /**
+     * Add a specific Subject ("subject") claim to the Payload.
+     * Allows for multiple subjects
+     *
+     * @param subject the Subject value.
+     * @return this same Builder instance.
+     */
+    public RiscJwtCreator withSubject(String... subject) {
+        jwt.withSubject(subject);
+        addedClaims.put("Subject", true);
+        return this;
+    }
+
+    /**
+     * Add a specific Audience ("audience") claim to the Payload.
+     * Allows for multiple audience
+     *
+     * @param audience the Audience value.
+     * @return this same Builder instance.
+     */
+    public RiscJwtCreator withAudience(String... audience) {
+        jwt.withAudience(audience);
+        return this;
+    }
+
+    /**
+     * Add a specific Issued At ("iat") claim to the Payload.
+     *
+     * @param iat the Issued At value.
+     * @return this same Builder instance.
+     */
+    public RiscJwtCreator withIat(Date iat) {
+        jwt.withIssuedAt(iat);
+        addedClaims.put("Iat", true);
+        return this;
+    }
+
+    /**
+     * Add a specific Expires At ("exp") claim to the Payload.
+     *
+     * @param exp the Expires At value.
+     * @return this same Builder instance.
+     */
+    public RiscJwtCreator withExp(Date exp) {
+        jwt.withExpiresAt(exp);
+        return this;
+    }
+
+    /**
+     * Add a specific Note Before ("nbf") claim to the Payload.
+     *
+     * @param nbf the nbf value.
+     * @return this same Builder instance.
+     */
+    public RiscJwtCreator withNbf(Date nbf) {
+        jwt.withNotBefore(nbf);
+        return this;
+    }
+
+    /**
+     * Require a specific Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Verification instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public RiscJwtCreator withNonStandardClaim(String name, String value) {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public RiscJwtCreator withNonStandardClaim(String name, Boolean value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public RiscJwtCreator withNonStandardClaim(String name, Integer value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public RiscJwtCreator withNonStandardClaim(String name, Long value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public RiscJwtCreator withNonStandardClaim(String name, Double value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Add a custom Claim value.
+     *
+     * @param name  the Claim's name.
+     * @param value the Claim's value.
+     * @return this same Builder instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public RiscJwtCreator withNonStandardClaim(String name, Date value) throws IllegalArgumentException {
+        jwt.withNonStandardClaim(name, value);
+        return this;
+    }
+
+    /**
+     * Require a specific Array Claim to contain at least the given items.
+     *
+     * @param name  the Claim's name.
+     * @param items the items the Claim must contain.
+     * @return this same Verification instance.
+     * @throws IllegalArgumentException if the name is null.
+     */
+    public RiscJwtCreator withArrayClaim(String name, String... items) throws IllegalArgumentException {
+        jwt.withArrayClaim(name, items);
+        if(publicClaims.contains(name))
+            addedClaims.put(name, true);
+        return this;
+    }
+
+    /**
+     * Developer explicitly specifies whether they want to accept
+     * NONE algorithms or not.
+     *
+     * @param isNoneAlgorithmAllowed
+     * @return
+     */
+    public RiscJwtCreator setIsNoneAlgorithmAllowed(boolean isNoneAlgorithmAllowed) {
+        jwt.setIsNoneAlgorithmAllowed(isNoneAlgorithmAllowed);
+        return this;
+    }
+
+    /**
+     * Creates a new JWT and signs it with the given algorithm.
+     *
+     * @param algorithm used to sign the JWT
+     * @return a new JWT token
+     * @throws IllegalAccessException   if the developer didn't want NONE algorithm to be allowed and it was passed in
+     * @throws IllegalArgumentException if the provided algorithm is null.
+     * @throws JWTCreationException     if the claims could not be converted to a valid JSON or there was a problem with the signing key.
+     */
+    public String sign(Algorithm algorithm) throws Exception {
+        if(!jwt.getIsNoneAlgorithmAllowed() && algorithm.equals(Algorithm.none())) {
+            throw new IllegalAccessException("None algorithm isn't allowed");
+        }
+        String JWS = jwt.sign(algorithm);
+        verifyClaims();
+        return JWS;
+    }
+
+    /**
+     * Verifies that all the standard claims were provided
+     * @throws Exception if all the standard claims weren't provided
+     */
+    private void verifyClaims() throws Exception {
+        for(String claim : addedClaims.keySet())
+            if(!addedClaims.get(claim))
+                throw new Exception("Standard claim: " + claim + " has not been set");
+    }
+
+    public static RiscJwtCreator build() {
+        return new RiscJwtCreator();
+    }
+}
diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/Verification.java b/lib/src/main/java/com/auth0/jwt/interfaces/Verification.java
@@ -55,5 +55,8 @@ Verification createVerifierForImplicit(List<String> issuer,
     Verification createVerifierForAccess(List<String> issuer,
                                          List<String> audience, long expLeeway, long iatLeeway);
 
+    Verification createVerifierForRisc(String jti, List<String> issuer,
+                                       List<String> audience, long iatLeeway, long expLeeway, long nbf);
+
     JWT build();
 }
diff --git a/lib/src/main/java/com/auth0/jwt/jwts/JWT.java b/lib/src/main/java/com/auth0/jwt/jwts/JWT.java
@@ -102,6 +102,12 @@ public Verification withNbf(long nbf) {
             throw new UnsupportedOperationException("you shouldn't be calling this method");
         }
 
+        @Override
+        public Verification createVerifierForRisc(String jti, List<String> issuer,
+                                                  List<String> audience, long iatLeeway, long expLeeway, long nbf) {
+            throw new UnsupportedOperationException("you shouldn't be calling this method");
+        }
+
         @Override
         public Verification createVerifierForScoped(String scope, List<String> issuer, List<String> audience, long expLeeway, long iatLeeway) {
             throw new UnsupportedOperationException("you shouldn't be calling this method");
diff --git a/lib/src/main/java/com/auth0/jwt/jwts/RiscJWT.java b/lib/src/main/java/com/auth0/jwt/jwts/RiscJWT.java
@@ -0,0 +1,87 @@
+package com.auth0.jwt.jwts;
+
+import com.auth0.jwt.ClockImpl;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.interfaces.Clock;
+import com.auth0.jwt.interfaces.Verification;
+
+import java.util.List;
+
+public class RiscJWT extends JWT.BaseVerification implements Verification {
+
+    RiscJWT(Algorithm algorithm) throws IllegalArgumentException {
+        super(algorithm);
+    }
+
+    /**
+     * Create Verification object for verification purposes
+     * @param jti
+     * @param issuer
+     * @param audience
+     * @param iatLeeway
+     * @param expLeeway
+     * @return
+     */
+    public Verification createVerifierForRisc(String jti, List<String> issuer,
+                                              List<String> audience, long iatLeeway, long expLeeway, long nbf) {
+        Verification verification = withJWTId(jti).withIssuer(issuer.toArray(new String[issuer.size()])).acceptIssuedAt(iatLeeway);
+
+        if(audience != null && !audience.isEmpty()) {
+            verification.withAudience(audience.toArray(new String[audience.size()]));
+        }
+
+        if(nbf >= 0) {
+            verification.acceptNotBefore(iatLeeway);
+        }
+
+        if(expLeeway >= 0) {
+            verification.acceptExpiresAt(expLeeway);
+        }
+
+        return verification;
+    }
+
+    /**
+     * Returns a {Verification} to be used to validate token signature.
+     *
+     * @param algorithm that will be used to verify the token's signature.
+     * @return Verification
+     * @throws IllegalArgumentException if the provided algorithm is null.
+     */
+    public static Verification require(Algorithm algorithm) {
+        return RiscJWT.init(algorithm);
+    }
+
+    /**
+     * Initialize a Verification instance using the given Algorithm.
+     *
+     * @param algorithm the Algorithm to use on the JWT verification.
+     * @return a RiscJWT instance to configure.
+     * @throws IllegalArgumentException if the provided algorithm is null.
+     */
+    static Verification init(Algorithm algorithm) throws IllegalArgumentException {
+        return new RiscJWT(algorithm);
+    }
+
+    /**
+     * Creates a new and reusable instance of the JWT with the configuration already provided.
+     *
+     * @return a new JWT instance.
+     */
+    @Override
+    public JWT build() {
+        return this.build(new ClockImpl());
+    }
+
+    /**
+     * Creates a new and reusable instance of the JWT the configuration already provided.
+     * ONLY FOR TEST PURPOSES.
+     *
+     * @param clock the instance that will handle the current time.
+     * @return a new JWT instance with a custom Clock.
+     */
+    public JWT build(Clock clock) {
+        addLeewayToDateClaims();
+        return new JWT(algorithm, claims, clock);
+    }
+}
diff --git a/lib/src/test/java/com/auth0/jwt/JWTTest.java b/lib/src/test/java/com/auth0/jwt/JWTTest.java
@@ -33,6 +33,13 @@ public void testWithNbf() {
         JWT.require(Algorithm.none()).withNbf(5);
     }
 
+    @Test
+    public void testCreateVerifierForRisc() {
+        thrown.expect(UnsupportedOperationException.class);
+        thrown.expectMessage("you shouldn't be calling this method");
+        JWT.require(Algorithm.none()).createVerifierForRisc(null, null, null, 5, 5, 5);
+    }
+
     @Test
     public void testCreateVerifierForScoped() {
         thrown.expect(UnsupportedOperationException.class);
diff --git a/lib/src/test/java/com/auth0/jwt/creators/RiscJwtCreatorTest.java b/lib/src/test/java/com/auth0/jwt/creators/RiscJwtCreatorTest.java

Original file line number	Diff line number	Diff line change
`@@ -55,5 +55,8 @@ Verification createVerifierForImplicit(List<String> issuer,`
`55`	`55`	`Verification createVerifierForAccess(List<String> issuer,`
`56`	`56`	`List<String> audience, long expLeeway, long iatLeeway);`
`57`	`57`
	`58`	`+ Verification createVerifierForRisc(String jti, List<String> issuer,`
	`59`	`+ List<String> audience, long iatLeeway, long expLeeway, long nbf);`
	`60`	`+`
`58`	`61`	`JWT build();`
`59`	`62`	`}`