java.lang.Object
org.elasticsearch.xpack.security.authc.jwt.JwtUtil
Utilities for JWT realm.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classHelper class to consolidate multiple trace level statements to a single trace statement with lazy evaluation. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic org.apache.http.impl.nio.client.CloseableHttpAsyncClientcreateHttpClient(RealmConfig realmConfig, SSLService sslService) Creates aCloseableHttpAsyncClientthat uses aPoolingNHttpClientConnectionManagerstatic SecureStringgetHeaderValue(ThreadContext threadContext, String headerName, String schemeName, boolean ignoreSchemeNameCase) Get header from threadContext, look for the scheme name, and extract the value after it.static SecureStringjoin(CharSequence delimiter, CharSequence... secureStrings) Concatenate values with separator strings.static URIparseHttpsUri(String uriString) static com.nimbusds.jwt.SignedJWTparseSignedJWT(SecureString token) static voidreadBytes(org.apache.http.impl.nio.client.CloseableHttpAsyncClient httpClient, URI uri, ActionListener<byte[]> listener) Use the HTTP Client to get URL content bytes.static byte[]readFileContents(String jwkSetConfigKeyPkc, String jwkSetPathPkc, Environment environment) static voidreadUriContents(String jwkSetConfigKeyPkc, URI jwkSetPathPkcUri, org.apache.http.impl.nio.client.CloseableHttpAsyncClient httpClient, ActionListener<byte[]> listener) static PathresolvePath(Environment environment, String jwkSetPath) static StringserializeJwkHmacOidc(com.nimbusds.jose.jwk.JWK key) static StringserializeJwkSet(com.nimbusds.jose.jwk.JWKSet jwkSet, boolean publicKeysOnly) static byte[]sha256(CharSequence charSequence) toStringRedactSignature(com.nimbusds.jwt.JWT jwt) static voidvalidateClientAuthentication(JwtRealmSettings.ClientAuthenticationType type, RotatableSecret expectedSecret, SecureString actualSecret, String tokenPrincipal) static voidvalidateClientAuthenticationSettings(String clientAuthenticationTypeConfigKey, JwtRealmSettings.ClientAuthenticationType clientAuthenticationType, String clientAuthenticationSharedSecretConfigKey, RotatableSecret clientAuthenticationSharedSecret)
-
Constructor Details
-
JwtUtil
public JwtUtil()
-
-
Method Details
-
getHeaderValue
public static SecureString getHeaderValue(ThreadContext threadContext, String headerName, String schemeName, boolean ignoreSchemeNameCase) Get header from threadContext, look for the scheme name, and extract the value after it.- Parameters:
threadContext- Contains the request parameters.headerName- Header name to look for.schemeName- Scheme name to look forignoreSchemeNameCase- Ignore case of scheme name.- Returns:
- If found, the trimmed value after the scheme name. Null if parameter not found, or scheme mismatch.
-
validateClientAuthenticationSettings
public static void validateClientAuthenticationSettings(String clientAuthenticationTypeConfigKey, JwtRealmSettings.ClientAuthenticationType clientAuthenticationType, String clientAuthenticationSharedSecretConfigKey, RotatableSecret clientAuthenticationSharedSecret) throws SettingsException - Throws:
SettingsException
-
validateClientAuthentication
public static void validateClientAuthentication(JwtRealmSettings.ClientAuthenticationType type, RotatableSecret expectedSecret, SecureString actualSecret, String tokenPrincipal) throws Exception - Throws:
Exception
-
parseHttpsUri
-
readUriContents
public static void readUriContents(String jwkSetConfigKeyPkc, URI jwkSetPathPkcUri, org.apache.http.impl.nio.client.CloseableHttpAsyncClient httpClient, ActionListener<byte[]> listener) -
readFileContents
public static byte[] readFileContents(String jwkSetConfigKeyPkc, String jwkSetPathPkc, Environment environment) throws SettingsException - Throws:
SettingsException
-
serializeJwkSet
-
serializeJwkHmacOidc
-
createHttpClient
public static org.apache.http.impl.nio.client.CloseableHttpAsyncClient createHttpClient(RealmConfig realmConfig, SSLService sslService) Creates aCloseableHttpAsyncClientthat uses aPoolingNHttpClientConnectionManager- Parameters:
realmConfig- Realm config for a JWT realm.sslService- Realm config for SSL.- Returns:
- Initialized HTTPS client.
-
readBytes
public static void readBytes(org.apache.http.impl.nio.client.CloseableHttpAsyncClient httpClient, URI uri, ActionListener<byte[]> listener) Use the HTTP Client to get URL content bytes.- Parameters:
httpClient- Configured HTTP/HTTPS client.uri- URI to download.
-
resolvePath
-
join
Concatenate values with separator strings. Same method signature asString.join(CharSequence, CharSequence...).- Parameters:
delimiter- Separator string between the concatenated values.secureStrings- SecureString values to concatenate.- Returns:
- SecureString of the concatenated values with separator strings.
-
sha256
-
parseSignedJWT
-
toStringRedactSignature
- Parameters:
jwt- The signed JWT- Returns:
- A print safe supplier to describe a JWT that redacts the signature. While the signature is not generally sensitive, we don't want to leak the entire JWT to the log to avoid a possible replay.
-