This is an automated email from the ASF dual-hosted git repository. ndipiazza pushed a commit to branch TIKA-4237-Add-JWT-authentication-ability-to-the-http-fetcher in repository https://gitbox.apache.org/repos/asf/tika.git
commit 31cbfecc89d84fee15b318c7b576bb9a8c5085fa Author: Nicholas DiPiazza <[email protected]> AuthorDate: Thu Apr 4 07:43:23 2024 -0500 jwt fetcher initial commit --- tika-pipes/tika-fetchers/tika-fetcher-http/pom.xml | 7 ++- .../tika/pipes/fetcher/http/JwtGenerator.java | 63 ++++++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) diff --git a/tika-pipes/tika-fetchers/tika-fetcher-http/pom.xml b/tika-pipes/tika-fetchers/tika-fetcher-http/pom.xml index e759879c1..5f664108c 100644 --- a/tika-pipes/tika-fetchers/tika-fetcher-http/pom.xml +++ b/tika-pipes/tika-fetchers/tika-fetcher-http/pom.xml @@ -45,6 +45,11 @@ <artifactId>tika-httpclient-commons</artifactId> <version>${project.version}</version> </dependency> + <dependency> + <groupId>com.nimbusds</groupId> + <artifactId>nimbus-jose-jwt</artifactId> + <version>9.5</version> + </dependency> <dependency> <groupId>${project.groupId}</groupId> <artifactId>tika-core</artifactId> @@ -127,4 +132,4 @@ <scm> <tag>3.0.0-BETA-rc1</tag> </scm> -</project> \ No newline at end of file +</project> diff --git a/tika-pipes/tika-fetchers/tika-fetcher-http/src/main/java/org/apache/tika/pipes/fetcher/http/JwtGenerator.java b/tika-pipes/tika-fetchers/tika-fetcher-http/src/main/java/org/apache/tika/pipes/fetcher/http/JwtGenerator.java new file mode 100644 index 000000000..13e936270 --- /dev/null +++ b/tika-pipes/tika-fetchers/tika-fetcher-http/src/main/java/org/apache/tika/pipes/fetcher/http/JwtGenerator.java @@ -0,0 +1,63 @@ +package org.apache.tika.pipes.fetcher.http; + +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.SecureRandom; +import java.time.Instant; +import java.time.temporal.ChronoUnit; +import java.util.Date; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.crypto.MACSigner; +import com.nimbusds.jose.crypto.RSASSASigner; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.SignedJWT; + +public class JwtGenerator { + public static void main(String[] args) throws Exception { + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); + keyPairGenerator.initialize(2048); + byte[] randomBytes = new byte[32]; + new SecureRandom().nextBytes(randomBytes); + System.out.println(jwt(randomBytes, "nick", "subject", 120)); + System.out.println(jwt(keyPairGenerator.generateKeyPair().getPrivate(), "nick", "subject", 120)); + } + + public static String jwt(byte[] secret, String issuer, String subject, + int expiresInSeconds) + throws JOSEException { + JWSSigner signer = new MACSigner(secret); + + JWTClaimsSet claimsSet = getJwtClaimsSet(issuer, subject, expiresInSeconds); + + SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet); + signedJWT.sign(signer); + + return signedJWT.serialize(); + } + + private static JWTClaimsSet getJwtClaimsSet(String issuer, String subject, int expiresInSeconds) { + return new JWTClaimsSet.Builder() + .subject(subject) + .issuer(issuer) + .expirationTime(Date.from(Instant.now().plus(expiresInSeconds, ChronoUnit.SECONDS))) + .build(); + } + + public static String jwt(PrivateKey privateKey, String issuer, String subject, + int expiresInSeconds) + throws JOSEException { + JWSSigner signer = new RSASSASigner(privateKey); + + JWTClaimsSet claimsSet = getJwtClaimsSet(issuer, subject, expiresInSeconds); + + SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet); + + signedJWT.sign(signer); + + return signedJWT.serialize(); + } +}
