Move to new server

src/main/java/nl/connectedit/swiss/authentication/JwtTokenService.java

@@ -0,0 +1,51 @@
+package nl.connectedit.swiss.authentication;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.JWTVerificationException;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Service;
+
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.time.Duration;
+import java.time.Instant;
+
+@Service
+@ConditionalOnExpression("${security}")
+public class JwtTokenService {
+
+  private static final Duration JWT_TOKEN_VALIDITY = Duration.ofDays(7);
+
+  private final Algorithm rsa256;
+  private final JWTVerifier verifier;
+
+  public JwtTokenService(@Value("classpath:certs/public.pem") final RSAPublicKey publicKey,
+                         @Value("classpath:certs/private.pem") final RSAPrivateKey privateKey) {
+    this.rsa256 = Algorithm.RSA256(publicKey, privateKey);
+    this.verifier = JWT.require(this.rsa256).build();
+  }
+
+  public String generateToken(final UserDetails userDetails) {
+    final Instant now = Instant.now();
+    return JWT.create()
+      .withSubject(userDetails.getUsername())
+      .withIssuer("app")
+      .withIssuedAt(now)
+      .withExpiresAt(now.plusMillis(JWT_TOKEN_VALIDITY.toMillis()))
+      .sign(this.rsa256);
+  }
+
+  public String validateTokenAndGetUsername(final String token) {
+    try {
+      return verifier.verify(token).getSubject();
+    } catch (final JWTVerificationException verificationEx) {
+//      log.warn("token invalid: {}", verificationEx.getMessage());
+      return null;
+    }
+  }
+
+}