2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2023 Nordix Foundation.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.oran.datafile.oauth2;
23 import java.util.Base64;
24 import java.util.HashSet;
26 import lombok.ToString;
27 import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
28 import org.oran.datafile.exceptions.DatafileTaskException;
30 public class OAuthBearerTokenJwt implements OAuthBearerToken {
31 private static final com.google.gson.Gson gson = new com.google.gson.GsonBuilder().disableHtmlEscaping().create();
33 private final String jwtTokenRaw;
34 private final JwtTokenBody tokenBody;
37 private static class JwtTokenBody {
38 String sub = ""; // principalName
39 long exp = 0; // expirationTime
40 long iat = 0; // startTime
44 public static OAuthBearerTokenJwt create(String tokenRaw) throws DatafileTaskException {
45 String[] chunks = tokenRaw.split("\\.");
46 Base64.Decoder decoder = Base64.getUrlDecoder();
47 if (chunks.length < 2) {
48 throw new DatafileTaskException("Could not parse JWT token: " + tokenRaw);
51 String payloadStr = new String(decoder.decode(chunks[1]));
52 JwtTokenBody token = gson.fromJson(payloadStr, JwtTokenBody.class);
53 return new OAuthBearerTokenJwt(token, tokenRaw);
56 private OAuthBearerTokenJwt(JwtTokenBody jwtTokenBody, String accessToken) {
58 this.jwtTokenRaw = accessToken;
59 this.tokenBody = jwtTokenBody;
63 public String value() {
68 public Set<String> scope() {
69 Set<String> res = new HashSet<>();
70 if (!this.tokenBody.scope.isEmpty()) {
71 res.add(this.tokenBody.scope);
77 public long lifetimeMs() {
78 if (this.tokenBody.exp == 0) {
79 return Long.MAX_VALUE;
81 return this.tokenBody.exp * 1000;
85 public String principalName() {
86 return this.tokenBody.sub;
90 public Long startTimeMs() {
91 return this.tokenBody.iat;