X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=datafilecollector%2Fsrc%2Fmain%2Fjava%2Forg%2Foran%2Fdatafile%2Foauth2%2FOAuthBearerTokenJwt.java;fp=datafilecollector%2Fsrc%2Fmain%2Fjava%2Forg%2Foran%2Fdatafile%2Foauth2%2FOAuthBearerTokenJwt.java;h=f6da196f2fc0050420c3b6a983c9e5c42d6aa0cd;hb=f0af18429aec79a590835103fedd753ee5ea93a9;hp=0000000000000000000000000000000000000000;hpb=54c8fecebbb5e19010e56eddf3aba8e127e0abc3;p=nonrtric%2Fplt%2Franpm.git diff --git a/datafilecollector/src/main/java/org/oran/datafile/oauth2/OAuthBearerTokenJwt.java b/datafilecollector/src/main/java/org/oran/datafile/oauth2/OAuthBearerTokenJwt.java new file mode 100644 index 0000000..f6da196 --- /dev/null +++ b/datafilecollector/src/main/java/org/oran/datafile/oauth2/OAuthBearerTokenJwt.java @@ -0,0 +1,101 @@ +// ============LICENSE_START=============================================== +// Copyright (C) 2023 Nordix Foundation. All rights reserved. +// ======================================================================== +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ============LICENSE_END================================================= +// + +package org.oran.datafile.oauth2; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonMappingException; + +import java.util.Base64; +import java.util.HashSet; +import java.util.Set; + +import lombok.ToString; + +import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken; +import org.oran.datafile.exceptions.DatafileTaskException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class OAuthBearerTokenJwt implements OAuthBearerToken { + private static final Logger logger = LoggerFactory.getLogger(OAuthBearerTokenJwt.class); + private static final com.google.gson.Gson gson = new com.google.gson.GsonBuilder().disableHtmlEscaping().create(); + + private final String jwtTokenRaw; + private final JwtTokenBody tokenBody; + + @ToString + private static class JwtTokenBody { + String sub = ""; // principalName + long exp = 0; // expirationTime + long iat = 0; // startTime + String scope = ""; + } + + public static OAuthBearerTokenJwt create(String tokenRaw) + throws DatafileTaskException, JsonMappingException, JsonProcessingException { + String[] chunks = tokenRaw.split("\\."); + Base64.Decoder decoder = Base64.getUrlDecoder(); + if (chunks.length < 2) { + throw new DatafileTaskException("Could not parse JWT token: " + tokenRaw); + + } + String payloadStr = new String(decoder.decode(chunks[1])); + JwtTokenBody token = gson.fromJson(payloadStr, JwtTokenBody.class); + logger.error("Token: {}", token); + return new OAuthBearerTokenJwt(token, tokenRaw); + } + + private OAuthBearerTokenJwt(JwtTokenBody jwtTokenBody, String accessToken) { + super(); + this.jwtTokenRaw = accessToken; + this.tokenBody = jwtTokenBody; + } + + @Override + public String value() { + return jwtTokenRaw; + } + + @Override + public Set scope() { + Set res = new HashSet<>(); + if (!this.tokenBody.scope.isEmpty()) { + res.add(this.tokenBody.scope); + } + return res; + } + + @Override + public long lifetimeMs() { + if (this.tokenBody.exp == 0) { + return Long.MAX_VALUE; + } + return this.tokenBody.exp * 1000; + } + + @Override + public String principalName() { + return this.tokenBody.sub; + } + + @Override + public Long startTimeMs() { + return this.tokenBody.iat; + } + +}