diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2020-02-28 08:26:15 +0100 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2020-03-06 09:04:30 +0100 |
commit | 9449498ebd0f809c6c69de92eb0f4388114bd6fd (patch) | |
tree | c1c33f85f1b01413f495a91df7df245f0e5de5fd | |
parent | dfc02bdeed09a021229feb01d8f910bcd230a387 (diff) |
Add expiry time
3 files changed, 23 insertions, 2 deletions
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java index 1fe8d73eb44..74d09234902 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java @@ -1,6 +1,8 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.jdisc.http.filter.security.athenz; +import com.auth0.jwt.JWT; +import com.auth0.jwt.algorithms.Algorithm; import com.yahoo.container.jdisc.RequestHandlerTestDriver.MockResponseHandler; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; @@ -48,7 +50,7 @@ public class AthenzAuthorizationFilterTest { private static final AthenzResourceName RESOURCE_NAME = new AthenzResourceName("domain", "my-resource-name"); private static final ZToken ROLE_TOKEN = new ZToken("v=Z1;d=domain;r=my-role;p=my-domain.my-service"); - private static final AthenzAccessToken ACCESS_TOKEN = new AthenzAccessToken("access-token"); + private static final AthenzAccessToken ACCESS_TOKEN = new AthenzAccessToken(JWT.create().sign(Algorithm.none())); private static final AthenzIdentity IDENTITY = AthenzIdentities.from("user.john"); private static final AthenzRole ROLE = new AthenzRole("my.domain", "my-role"); private static final X509Certificate IDENTITY_CERTIFICATE = createDummyIdentityCertificate(IDENTITY); diff --git a/vespa-athenz/pom.xml b/vespa-athenz/pom.xml index 0f23eaed964..7d2ad924ae3 100644 --- a/vespa-athenz/pom.xml +++ b/vespa-athenz/pom.xml @@ -131,7 +131,17 @@ <artifactId>jackson-annotations</artifactId> </exclusion> </exclusions> - </dependency> + </dependency> + <dependency> + <groupId>com.auth0</groupId> + <artifactId>java-jwt</artifactId> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + </exclusion> + </exclusions> + </dependency> </dependencies> <build> diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzAccessToken.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzAccessToken.java index 49b10a37329..7ad97f8ac3c 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzAccessToken.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzAccessToken.java @@ -1,6 +1,10 @@ // Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.api; +import com.auth0.jwt.JWT; +import com.auth0.jwt.interfaces.DecodedJWT; + +import java.time.Instant; import java.util.Objects; /** @@ -15,9 +19,11 @@ public class AthenzAccessToken { private static final String BEARER_TOKEN_PREFIX = "Bearer "; private final String value; + private final DecodedJWT jwt; public AthenzAccessToken(String value) { this.value = stripBearerTokenPrefix(value); + this.jwt = JWT.decode(this.value); } private static String stripBearerTokenPrefix(String rawValue) { @@ -33,6 +39,9 @@ public class AthenzAccessToken { public String value() { return value; } public String valueWithBearerPrefix() { return BEARER_TOKEN_PREFIX + value; } + public Instant getExpiryTime () { + return jwt.getExpiresAt().toInstant(); + } @Override public String toString() { return "AthenzAccessToken{value='" + value + "'}"; } |