class SoarAuthenticationToken::JwtTokenValidator

Public Class Methods

new(configuration) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 5
def initialize(configuration)
  @configuration = configuration
  set_configuration_defaults
  validate_configuration
end

Public Instance Methods

inject_store_provider(store_provider) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 11
def inject_store_provider(store_provider)
  @store_provider = store_provider
end
validate(authentication_token:,flow_identifier:, request_information:) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 15
def validate(authentication_token:,flow_identifier:, request_information:)
  decoded_token_payload = decode(authentication_token)
  return rejection_result(reason: 'Token decode/verification failure') if decoded_token_payload.nil?
  meta = compile_meta_from_payload(decoded_token_payload)
  return rejection_result(reason: "Expired token <#{meta['token_expiry_time']}> for <#{meta['authenticated_identifier']}>") if token_expired?(meta)
  return rejection_result(reason: "Unknown token for <#{meta['authenticated_identifier']}>") unless token_exist_in_store?(meta,flow_identifier)
  success_result(token_meta: meta)
end

Private Instance Methods

attempt_decode_using_a_key(authentication_token,key_data) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 58
def attempt_decode_using_a_key(authentication_token,key_data)
  public_key = OpenSSL::PKey::EC.new(key_data['public_key'])
  public_key.private_key = nil
  JWT.decode(authentication_token.to_s, public_key, true, { :algorithm => 'ES512' })
rescue JWT::VerificationError, JWT::DecodeError
  nil
end
compile_meta_from_payload(decoded_token_payload) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 30
def compile_meta_from_payload(decoded_token_payload)
  {
    'token_identifier' =>         decoded_token_payload[0]['token_identifier'],
    'authenticated_identifier' => decoded_token_payload[0]['authenticated_identifier'],
    'token_issue_time' =>         decoded_token_payload[0]['token_issue_time'],
    'token_expiry_time' =>        decoded_token_payload[0]['token_expiry_time'],
    'token_age' =>                token_age(decoded_token_payload[0]['token_issue_time'])
  }
end
decode(authentication_token) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 50
def decode(authentication_token)
  @configuration['keys'].sort.reverse_each do |key_name, key_data|
    payload = attempt_decode_using_a_key(authentication_token,key_data)
    return payload if payload
  end
  nil
end
rejection_result(reason:) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 79
def rejection_result(reason:)
  [false, nil, reason]
end
set_configuration_defaults() click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 26
def set_configuration_defaults
  @configuration['expiry'] ||= 86400
end
success_result(token_meta:) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 83
def success_result(token_meta:)
  [true, token_meta, "Valid token for <#{token_meta['authenticated_identifier']}>" ]
end
token_age(token_issue_time) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 40
def token_age(token_issue_time)
  Time.now - Time.parse(token_issue_time.to_s)
end
token_exist_in_store?(meta,flow_identifier) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 70
def token_exist_in_store?(meta,flow_identifier)
  @store_provider.token_exist?(
    token_identifier:         meta['token_identifier'],
    authenticated_identifier: meta['authenticated_identifier'],
    token_issue_time:         meta['token_issue_time'],
    token_expiry_time:        meta['token_expiry_time'],
    flow_identifier:          flow_identifier)
end
token_expired?(meta) click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 66
def token_expired?(meta)
  Time.parse(meta['token_expiry_time'].to_s) < Time.now
end
validate_configuration() click to toggle source
# File lib/soar_authentication_token/providers/jwt_token_validator.rb, line 44
def validate_configuration
  raise "'keys' must be configured" unless @configuration['keys']
  raise "'expiry' must be configured" unless @configuration['expiry']
  raise "'expiry' must be an integer" unless Integer(@configuration['expiry'])
end