@Override
public String makeJwt(HttpServletRequest res) throws Exception {
String secretKey = PropertiesService.getPropertiesValue(Constants.PROP_KEY_JWT_SECRET);
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
Date expireTime = new Date();
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(secretKey);
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
Map<String, Object> headerMap = new HashMap<String, Object>();
headerMap.put("typ","JWT");
headerMap.put("alg","HS256");
expireTime.setTime(expireTime.getTime() + 1000 * 60 * 1);
String name = res.getParameter("name");
String email = res.getParameter("email");
Map<String, Object> map= new HashMap<String, Object>();
map.put("name", name);
map.put("email", email);
JwtBuilder builder = Jwts.builder().setHeader(headerMap)
.setClaims(map)
.setExpiration(expireTime)
.signWith(signatureAlgorithm, signingKey);
return builder.compact();
}
@Override
public HashMap<String, String> checkJwt(String jwt) throws Exception {
HashMap<String, String> jwtInfo = new HashMap<String, String>();
try {
String secretKey = PropertiesService.getPropertiesValue(Constants.PROP_KEY_JWT_SECRET);
logger.info("- token: "+ jwt);
// base64 none
byte[] token = secretKey.getBytes("UTF-8");
// base64 check
// byte[] token = DatatypeConverter.parseBase64Binary(secretKey);
Claims claims = Jwts.parser().setSigningKey(token)
.parseClaimsJws(jwt).getBody(); // 정상 수행된다면 해당 토큰은 정상토큰
jwtInfo.put("exp", claims.getExpiration().toString());
jwtInfo.put("sno", claims.get("sno").toString());
jwtInfo.put("result", "OK");
logger.info("- expireTime :" + claims.getExpiration());
logger.info("- sno: "+ claims.get("sno").toString());
} catch (ExpiredJwtException exception) {
logger.info("token expired");
jwtInfo.put("result", "False");
} catch (JwtException exception) {
logger.info("token falsified");
jwtInfo.put("result", "False");
}
return jwtInfo;
}