io.nats.client.support

Class JwtUtils

java.lang.Object

io.nats.client.support.JwtUtils

public abstract class JwtUtils
extends java.lang.Object

Implements https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-14.md

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	NATS_USER_JWT_FORMAT Format string with `%s` place holder for the JWT token followed by the user NKey seed.

Method Summary

Modifier and Type	Method and Description
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String accountId, java.lang.String publicUserKey) Issue a user JWT from a scoped signing key.
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String accountId, java.lang.String publicUserKey, java.lang.String name) Issue a user JWT from a scoped signing key.
static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String accountId, java.lang.String publicUserKey, java.lang.String name, java.time.Duration expiration, java.lang.String... tags) Issue a user JWT from a scoped signing key.
protected static java.lang.String	issueUserJWT(NKey signingKey, java.lang.String accountId, java.lang.String publicUserKey, java.lang.String name, java.time.Duration expiration, java.lang.String[] tags, long issuedAt) Method used for testing.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NATS_USER_JWT_FORMAT

public static final java.lang.String NATS_USER_JWT_FORMAT

Format string with `%s` place holder for the JWT token followed by the user NKey seed. This can be directly used as such:

 NKey userKey = NKey.createUser(new SecureRandom());
 NKey signingKey = loadFromSecretStore();
 String jwt = issueUserJWT(signingKey, accountId, new String(userKey.getPublicKey()));
 String.format(JwtUtils.NATS_USER_JWT_FORMAT, jwt, new String(userKey.getSeed()));
 

See Also:

Constant Field Values

Method Detail

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String accountId,
                                            java.lang.String publicUserKey)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Issue a user JWT from a scoped signing key. See https://docs.nats.io/nats-tools/nsc/signing_keys

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

accountId - a mandatory public account nkey. Will throw error when not set or not account nkey.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String accountId,
                                            java.lang.String publicUserKey,
                                            java.lang.String name)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Issue a user JWT from a scoped signing key. See https://docs.nats.io/nats-tools/nsc/signing_keys

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

accountId - a mandatory public account nkey. Will throw error when not set or not account nkey.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

name - optional human readable name. When absent, default to publicUserKey.

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueUserJWT

public static java.lang.String issueUserJWT(NKey signingKey,
                                            java.lang.String accountId,
                                            java.lang.String publicUserKey,
                                            java.lang.String name,
                                            java.time.Duration expiration,
                                            java.lang.String... tags)
                                     throws java.security.GeneralSecurityException,
                                            java.io.IOException

Issue a user JWT from a scoped signing key. See https://docs.nats.io/nats-tools/nsc/signing_keys

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

accountId - a mandatory public account nkey. Will throw error when not set or not account nkey.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

name - optional human readable name. When absent, default to publicUserKey.

expiration - optional but recommended duration, when the generated jwt needs to expire. If not set, JWT will not expire.

tags - optional list of tags to be included in the JWT.

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.

issueUserJWT

protected static java.lang.String issueUserJWT(NKey signingKey,
                                               java.lang.String accountId,
                                               java.lang.String publicUserKey,
                                               java.lang.String name,
                                               java.time.Duration expiration,
                                               java.lang.String[] tags,
                                               long issuedAt)
                                        throws java.security.GeneralSecurityException,
                                               java.io.IOException

Method used for testing.

Parameters:

signingKey - a mandatory account nkey pair to sign the generated jwt.

accountId - a mandatory public account nkey. Will throw error when not set or not account nkey.

publicUserKey - a mandatory public user nkey. Will throw error when not set or not user nkey.

name - optional human readable name. When absent, default to publicUserKey.

expiration - optional but recommended duration, when the generated jwt needs to expire. If not set, JWT will not expire.

tags - optional list of tags to be included in the JWT.

issuedAt - the current epoch seconds.

Returns:

a JWT

Throws:

java.lang.IllegalArgumentException - if the accountId or publicUserKey is not a valid public key of the proper type

java.lang.NullPointerException - if signingKey, accountId, or publicUserKey are null.

java.security.GeneralSecurityException - if SHA-256 MessageDigest is missing, or if the signingKey can not be used for signing.

java.io.IOException - if signingKey sign method throws this exception.