JwtSessionMapper.java revision d78764efc954da87cd81023cc846a6a5af360d95
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015-2016 ForgeRock AS.
*/
/**
* Responsible for converting {@link SessionInfo} objects to/from JWT with optional signing &/or encryption.
*
* @since 13.0.0
*/
public final class JwtSessionMapper {
private final JwsAlgorithm jwsAlgorithm;
private final SigningHandler signingHandler;
private final SigningHandler verificationHandler;
private final KeyPair encryptionKeyPair;
/**
* Constructs a fully-configured, immutable instance of JwtSessionMapper.
*
* @param jwsAlgorithm Non-null, JwtAlgorithm to use for signing and verification.
* @param signingHandler Non-null, delegate to call for signing.
* @param verificationHandler Non-null, delegate to call for signature verification.
* @param encryptionKeyPair Nullable, public-private key-pair to use for encryption.
* If null, no encryption is applied.
*/
this.jwsAlgorithm = jwsAlgorithm;
this.signingHandler = signingHandler;
this.encryptionKeyPair = encryptionKeyPair;
}
/**
* Store the SessionInfo as a serialized_session claim in a JWT.
*
* The returned JWT will be signed using the specified {@link JwsAlgorithm}.
*
* @param sessionInfo Non-null, SessionInfo state to be stored in the returned JWT.
*
* @return String JWT with SessionInfo stored in serialized_session claim.
*/
// TODO: Make serialized_session value actual JSON rather than a String
if (encryptionKeyPair != null) {
.build();
} else {
.build();
}
}
/**
* Extract the SessionInfo stored in the provided JWT's serialized_session claim.
*
* @param jwtString Non-null, String which represents a JWT with SessionInfo state assigned to a serialized_session claim.
*
* @return SessionInfo A correctly parsed SessionInfo for the given JWT String.
*
* @throws JwtRuntimeException If there was a problem reconstructing the JWT
*/
if (encryptionKeyPair != null) {
// could throw JwtRuntimeException
SignedEncryptedJwt signedEncryptedJwt = jwtBuilderFactory.reconstruct(jwtString, SignedEncryptedJwt.class);
} else {
// could throw JwtRuntimeException
}
throw new JwtRuntimeException("Invalid JWT!");
}
return fromJson(serializedSession);
}
/**
* @param inputSessionInfo Non-null, SessionInfo to convert to JSON.
*
* @return JSON representation of the provided SessionInfo state.
*/
try {
} catch (IOException e) {
throw new RuntimeException(e);
}
}
/**
* @param jsonString Non-null, JSON representation of SessionInfo state.
*
* @return SessionInfo deserialized from JSON.
*/
try {
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}