/* (non-Javadoc)
* @see org.json.JSONString#toJSONString()
*/
@Override
public final String toJSONString() {
try {
final JSONObject jsonObj = new JSONObject();
jsonObj.put(KEY_TOKENDATA, Base64.encode(tokendata));
jsonObj.put(KEY_SIGNATURE, Base64.encode(signature));
return jsonObj.toString();
} catch (final JSONException e) {
throw new MslInternalException("Error encoding " + this.getClass().getName() + " JSON.", e);
}
}
/* (non-Javadoc)
* @see com.netflix.msl.entityauth.EntityAuthenticationData#getAuthData()
*/
@Override
public JSONObject getAuthData() throws MslEncodingException {
final JSONObject jsonObj = new JSONObject();
try {
jsonObj.put(KEY_X509_CERT, Base64.encode(x509cert.getEncoded()));
} catch (final JSONException e) {
throw new MslEncodingException(MslError.JSON_ENCODE_ERROR, "X.509 authdata", e);
} catch (final CertificateEncodingException e) {
throw new MslEncodingException(MslError.X509CERT_ENCODE_ERROR, "X.509 authdata", e);
}
return jsonObj;
}
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
try {
final JSONObject tokendataJO = new JSONObject();
tokendataJO.put(KEY_RENEWAL_WINDOW, renewalWindow);
tokendataJO.put(KEY_EXPIRATION, expiration);
tokendataJO.put(KEY_MASTER_TOKEN_SERIAL_NUMBER, mtSerialNumber);
tokendataJO.put(KEY_SERIAL_NUMBER, serialNumber);
tokendataJO.put(KEY_USERDATA, "(redacted)");
final JSONObject jsonObj = new JSONObject();
jsonObj.put(KEY_TOKENDATA, tokendataJO);
jsonObj.put(KEY_SIGNATURE, Base64.encode(signature));
return jsonObj.toString();
} catch (final JSONException e) {
throw new MslInternalException("Error encoding " + this.getClass().getName() + " JSON.", e);
}
}
/**
* Create a new user ID token with the specified user.
*
* @param ctx MSL context.
* @param renewalWindow the renewal window.
* @param expiration the expiration.
* @param masterToken the master token.
* @param serialNumber the user ID token serial number.
* @param issuerData the issuer data. May be null.
* @param user the MSL user.
* @throws MslEncodingException if there is an error encoding the JSON data.
* @throws MslCryptoException if there is an error encrypting or signing the token data.
*/
public UserIdToken(
final MslContext ctx,
final Date renewalWindow,
final Date expiration,
final MasterToken masterToken,
final long serialNumber,
final JSONObject issuerData,
final MslUser user)
throws MslEncodingException, MslCryptoException {
// The expiration must appear after the renewal window.
if (expiration.before(renewalWindow))
throw new MslInternalException(
"Cannot construct a user ID token that expires before its renewal window opens.");
// A master token must be provided.
if (masterToken == null)
throw new MslInternalException("Cannot construct a user ID token without a master token.");
// The serial number must be within range.
if (serialNumber < 0 || serialNumber > MslConstants.MAX_LONG_VALUE)
throw new MslInternalException(
"Serial number " + serialNumber + " is outside the valid range.");
this.ctx = ctx;
this.renewalWindow = renewalWindow.getTime() / MILLISECONDS_PER_SECOND;
this.expiration = expiration.getTime() / MILLISECONDS_PER_SECOND;
this.mtSerialNumber = masterToken.getSerialNumber();
this.serialNumber = serialNumber;
this.issuerData = issuerData;
this.user = user;
// Construct the user data.
final JSONObject userData = new JSONObject();
try {
if (this.issuerData != null) userData.put(KEY_ISSUER_DATA, this.issuerData);
userData.put(KEY_IDENTITY, user.getEncoded());
this.userdata = userData.toString().getBytes(MslConstants.DEFAULT_CHARSET);
} catch (final JSONException e) {
throw new MslEncodingException(MslError.JSON_ENCODE_ERROR, "userdata", e);
}
try {
// Encrypt the user data.
final ICryptoContext cryptoContext = ctx.getMslCryptoContext();
final byte[] ciphertext = cryptoContext.encrypt(this.userdata);
// Construct the token data.
try {
final JSONObject tokenDataJO = new JSONObject();
tokenDataJO.put(KEY_RENEWAL_WINDOW, this.renewalWindow);
tokenDataJO.put(KEY_EXPIRATION, this.expiration);
tokenDataJO.put(KEY_MASTER_TOKEN_SERIAL_NUMBER, this.mtSerialNumber);
tokenDataJO.put(KEY_SERIAL_NUMBER, this.serialNumber);
tokenDataJO.put(KEY_USERDATA, Base64.encode(ciphertext));
this.tokendata = tokenDataJO.toString().getBytes(MslConstants.DEFAULT_CHARSET);
} catch (final JSONException e) {
throw new MslEncodingException(MslError.JSON_ENCODE_ERROR, "usertokendata", e)
.setMasterToken(masterToken);
}
// Sign the token data.
this.signature = cryptoContext.sign(this.tokendata);
this.verified = true;
} catch (final MslCryptoException e) {
e.setMasterToken(masterToken);
throw e;
}
}
