Ether Framework
Unified API docs for Ether modules
Loading...
Searching...
No Matches
TokenValidator.java
Go to the documentation of this file.
1package dev.rafex.ether.jwt.internal;
2
3import java.time.Instant;
4
5/*-
6 * #%L
7 * ether-jwt
8 * %%
9 * Copyright (C) 2025 - 2026 Raúl Eduardo González Argote
10 * %%
11 * Permission is hereby granted, free of charge, to any person obtaining a copy
12 * of this software and associated documentation files (the "Software"), to deal
13 * in the Software without restriction, including without limitation the rights
14 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15 * copies of the Software, and to permit persons to whom the Software is
16 * furnished to do so, subject to the following conditions:
17 *
18 * The above copyright notice and this permission notice shall be included in
19 * all copies or substantial portions of the Software.
20 *
21 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 * THE SOFTWARE.
28 * #L%
29 */
30
31import com.fasterxml.jackson.databind.JsonNode;
32
33import dev.rafex.ether.jwt.JwtConfig;
34import dev.rafex.ether.jwt.TokenClaims;
35import dev.rafex.ether.jwt.TokenType;
36import dev.rafex.ether.jwt.VerificationCode;
37
38/**
39 * Valida tokens JWT contra las reglas de configuración.
40 * <p>
41 * Esta clase contiene la lógica de validación de claims, fechas de expiración,
42 * y reglas específicas de aplicación. Es una clase utilitaria con métodos estáticos.
43 * </p>
44 */
45public final class TokenValidator {
46
47 private TokenValidator() {
48 }
49
50 /**
51 * Valida las reclamaciones (claims) del token según la configuración.
52 *
53 * @param claims Las reclamaciones extraídas del token
54 * @param payload El payload JSON original (para compatibilidad)
55 * @param config La configuración de validación JWT
56 * @param now La hora actual para validaciones de tiempo
57 * @param tokenTypeRaw El tipo de token crudo (puede ser null)
58 * @return El código de verificación indicando el resultado
59 */
60 public static VerificationCode validate(final TokenClaims claims, final JsonNode payload, final JwtConfig config,
61 final Instant now, final String tokenTypeRaw) {
62
63 if (config.requireSubject() && isBlank(claims.subject())) {
64 return VerificationCode.MISSING_SUB;
65 }
66
67 if (config.validateExpiration()) {
68 if (claims.expiresAt() == null) {
69 return VerificationCode.BAD_FORMAT;
70 }
71 if (now.isAfter(claims.expiresAt().plus(config.clockSkew()))) {
72 return VerificationCode.TOKEN_EXPIRED;
73 }
74 } else if (config.requireExpiration() && claims.expiresAt() == null) {
75 return VerificationCode.BAD_FORMAT;
76 }
77
78 if (config.validateNotBefore() && claims.notBefore() != null) {
79 if (now.plus(config.clockSkew()).isBefore(claims.notBefore())) {
80 return VerificationCode.TOKEN_NOT_BEFORE;
81 }
82 }
83
84 final String expectedIssuer = config.expectedIssuer();
85 if (expectedIssuer != null && !expectedIssuer.equals(claims.issuer())) {
86 return VerificationCode.BAD_ISS;
87 }
88
89 if (!config.expectedAudience().isEmpty()) {
90 boolean matches = false;
91 for (final String value : claims.audience()) {
92 if (config.expectedAudience().contains(value)) {
93 matches = true;
94 break;
95 }
96 }
97 if (!matches) {
98 return VerificationCode.BAD_AUD;
99 }
100 }
101
102 if (tokenTypeRaw != null && claims.tokenType() == null) {
103 return VerificationCode.BAD_TOKEN_TYPE;
104 }
105
106 if (claims.tokenType() == TokenType.APP && config.requireClientIdForAppTokens() && isBlank(claims.clientId())) {
107 return VerificationCode.MISSING_CLIENT_ID;
108 }
109
110 return VerificationCode.OK;
111 }
112
113 private static boolean isBlank(final String value) {
114 return value == null || value.isBlank();
115 }
116}
dev.rafex.ether.jwt.JwtConfig
Configures JWT signing and verification behavior.
Definition JwtConfig.java:37
dev.rafex.ether.jwt.TokenClaims
Normalized claims extracted from a JWT token.
Definition TokenClaims.java:37
dev.rafex.ether.jwt.internal.TokenValidator.validate
static VerificationCode validate(final TokenClaims claims, final JsonNode payload, final JwtConfig config, final Instant now, final String tokenTypeRaw)
Valida las reclamaciones (claims) del token según la configuración.
Definition TokenValidator.java:60
dev.rafex.ether.jwt.TokenType
Supported business token types.
Definition TokenType.java:30
dev.rafex.ether.jwt.VerificationCode
Stable verification error/success codes.
Definition VerificationCode.java:30
dev.rafex.ether.config
Typed configuration entry points and composition APIs for Ether applications.
Generated by  doxygen 1.16.1