darelf/UserAuth.java

## UserAuth.java
import java.util.Calendar;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;

import com.eclipsesource.json.Json;
import com.eclipsesource.json.JsonObject;

public class UserAuth {
    /* This secret can be negotiated, obviously, but should be the same everywhere you
       expect the tokens to be accepted if you are using it for single-sign-on type funcationality */
    public static String SECRET = "totallysecretyouwillnotguessit";
    public static String JWT_ALGO = "HS256";
    public static String ALGO = "HmacSHA256";

    public static String getSignature(String s) {
        String signature = "";
        try {
            SecretKeySpec signing = new SecretKeySpec(SECRET.getBytes(), ALGO);
            Mac mac = Mac.getInstance(ALGO);
            mac.init(signing);
            signature = Base64.encodeBase64URLSafeString(mac.doFinal(s.getBytes()));
        } catch (Exception e) {
            System.err.println("Problem: " + e.getMessage());
        }
        return signature;
    }

    public static String generateToken(String user_data) {
        JsonObject header = Json.object().add("alg", JWT_ALGO).add("typ", "JWT");
        String header_string = Base64.encodeBase64URLSafeString(header.toString().getBytes());

        String payload_string = Base64.encodeBase64URLSafeString(user_data.getBytes());

        String signed_string = header_string + "." + payload_string;

        String signature_string = getSignature(signed_string);

        return header_string + "." + payload_string + "." + signature_string;
    }

    public static JsonObject validateToken(String token) {
        JsonObject obj = Json.object();
        if (StringUtils.isBlank(token)) {
        	obj.add("verified", false);
        	return obj;
        }
        String[] parts = token.split("\\.");
        String header_string = parts[0];
        String payload_string = parts[1];
        String signature_string = parts[2];

        if (getSignature(header_string + "." + payload_string).equals(signature_string)) {
            String payload_decoded_string = new String(Base64.decodeBase64(payload_string));
            JsonObject payload = Json.parse(payload_decoded_string).asObject();
            long exp_time = payload.getLong("exp", 0);
            Calendar now = Calendar.getInstance();
            obj.add("verified", true);
            obj.add("payload", payload);
            if (exp_time > now.getTimeInMillis()) {
                obj.add("expired", false);
            } else {
                obj.add("expired", true);
            }
        } else {
            obj.add("verified", false);
        }
        return obj;
    }
}
	import java.util.Calendar;

	import javax.crypto.Mac;
	import javax.crypto.spec.SecretKeySpec;

	import org.apache.commons.codec.binary.Base64;
	import org.apache.commons.lang.StringUtils;

	import com.eclipsesource.json.Json;
	import com.eclipsesource.json.JsonObject;

	public class UserAuth {
	/* This secret can be negotiated, obviously, but should be the same everywhere you
	expect the tokens to be accepted if you are using it for single-sign-on type funcationality */
	public static String SECRET = "totallysecretyouwillnotguessit";
	public static String JWT_ALGO = "HS256";
	public static String ALGO = "HmacSHA256";

	public static String getSignature(String s) {
	String signature = "";
	try {
	SecretKeySpec signing = new SecretKeySpec(SECRET.getBytes(), ALGO);
	Mac mac = Mac.getInstance(ALGO);
	mac.init(signing);
	signature = Base64.encodeBase64URLSafeString(mac.doFinal(s.getBytes()));
	} catch (Exception e) {
	System.err.println("Problem: " + e.getMessage());
	}
	return signature;
	}

	public static String generateToken(String user_data) {
	JsonObject header = Json.object().add("alg", JWT_ALGO).add("typ", "JWT");
	String header_string = Base64.encodeBase64URLSafeString(header.toString().getBytes());

	String payload_string = Base64.encodeBase64URLSafeString(user_data.getBytes());

	String signed_string = header_string + "." + payload_string;

	String signature_string = getSignature(signed_string);

	return header_string + "." + payload_string + "." + signature_string;
	}

	public static JsonObject validateToken(String token) {
	JsonObject obj = Json.object();
	if (StringUtils.isBlank(token)) {
	obj.add("verified", false);
	return obj;
	}
	String[] parts = token.split("\\.");
	String header_string = parts[0];
	String payload_string = parts[1];
	String signature_string = parts[2];

	if (getSignature(header_string + "." + payload_string).equals(signature_string)) {
	String payload_decoded_string = new String(Base64.decodeBase64(payload_string));
	JsonObject payload = Json.parse(payload_decoded_string).asObject();
	long exp_time = payload.getLong("exp", 0);
	Calendar now = Calendar.getInstance();
	obj.add("verified", true);
	obj.add("payload", payload);
	if (exp_time > now.getTimeInMillis()) {
	obj.add("expired", false);
	} else {
	obj.add("expired", true);
	}
	} else {
	obj.add("verified", false);
	}
	return obj;
	}
	}