com.netflix.msl.tokens
Class UserIdToken

java.lang.Object
  com.netflix.msl.tokens.UserIdToken

public class UserIdToken
extends Object

A user ID token provides proof of user identity. While there can be multiple versions of a user ID token, this class should encapsulate support for all of those versions.

User ID tokens are bound to a specific master token by the master token's serial number.

The renewal window indicates the time after which the user ID token will be renewed if requested by the entity. The expiration is the time after which the user ID token will be renewed no matter what.

User ID tokens are represented as useridtoken = { "#mandatory" : [ "tokendata", "signature" ], "tokendata" : "base64", "signature" : "base64" } where:

• tokendata is the Base64-encoded user ID token data (usertokendata)
• signature is the Base64-encoded verification data of the user ID token data

The token data is represented as usertokendata = { "#mandatory" : [ "renewalwindow", "expiration", "mtserialnumber", "serialnumber", "userdata" ], "renewalwindow" : "int64(0,-)", "expiration" : "int64(0,-)", "mtserialnumber" : "int64(0,2^53^)", "serialnumber" : "int64(0,2^53^)", "userdata" : "base64" } where:

• renewalwindow is when the renewal window opens in seconds since the epoch
• expiration is the expiration timestamp in seconds since the epoch
• mtserialnumber is the master token serial number
• serialnumber is the user ID token serial number
• userdata is the Base64-encoded encrypted user data (userdata)

The decrypted user data is represented as userdata = { "#mandatory" : [ "user" ], "issuerdata" : object, "identity" : "string" } where:

• issuerdata is the user ID token issuer data
• identity is the encoded user identity data

Field Summary

private MslContext	ctx MSL context.
private long	expiration User ID token expiration in seconds since the epoch.
private JSONObject	issuerData Issuer data.
private static String	KEY_EXPIRATION JSON key expiration timestamp.
private static String	KEY_IDENTITY JSON key identity.
private static String	KEY_ISSUER_DATA JSON key issuer data.
private static String	KEY_MASTER_TOKEN_SERIAL_NUMBER JSON key master token serial number.
private static String	KEY_RENEWAL_WINDOW JSON key renewal window timestamp.
private static String	KEY_SERIAL_NUMBER JSON key user ID token serial number.
private static String	KEY_SIGNATURE JSON key signature.
private static String	KEY_TOKENDATA JSON key token data.
private static String	KEY_USERDATA JSON key token user data.
private static long	MILLISECONDS_PER_SECOND Milliseconds per second.
private long	mtSerialNumber Master token serial number.
private long	renewalWindow User ID token renewal window in seconds since the epoch.
private long	serialNumber Serial number.
private byte[]	signature Encrypted token data signature.
private byte[]	tokendata Token data.
private MslUser	user MSL user.
private byte[]	userdata User data.
private boolean	verified Token is verified.

Constructor Summary

UserIdToken(MslContext ctx, Date renewalWindow, Date expiration, MasterToken masterToken, long serialNumber, JSONObject issuerData, MslUser user)
Create a new user ID token with the specified user.

UserIdToken(MslContext ctx, JSONObject userIdTokenJO, MasterToken masterToken)
Create a new user ID token from the provided JSON object.

Method Summary

boolean	equals(Object obj)
Date	getExpiration()
JSONObject	getIssuerData()
long	getMasterTokenSerialNumber() Return the serial number of the master token this user ID token is bound to.
Date	getRenewalWindow()
long	getSerialNumber()
MslUser	getUser()
int	hashCode()
boolean	isBoundTo(MasterToken masterToken)
boolean	isDecrypted()
boolean	isExpired()
boolean	isRenewable()
boolean	isVerified()
String	toJSONString()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

MILLISECONDS_PER_SECOND

private static final long MILLISECONDS_PER_SECOND

Milliseconds per second.

See Also:

Constant Field Values

KEY_TOKENDATA

private static final String KEY_TOKENDATA

JSON key token data.

See Also:

Constant Field Values

KEY_SIGNATURE

private static final String KEY_SIGNATURE

JSON key signature.

See Also:

Constant Field Values

KEY_RENEWAL_WINDOW

private static final String KEY_RENEWAL_WINDOW

JSON key renewal window timestamp.

See Also:

Constant Field Values

KEY_EXPIRATION

private static final String KEY_EXPIRATION

JSON key expiration timestamp.

See Also:

Constant Field Values

KEY_MASTER_TOKEN_SERIAL_NUMBER

private static final String KEY_MASTER_TOKEN_SERIAL_NUMBER

JSON key master token serial number.

See Also:

Constant Field Values

KEY_SERIAL_NUMBER

private static final String KEY_SERIAL_NUMBER

JSON key user ID token serial number.

See Also:

Constant Field Values

KEY_USERDATA

private static final String KEY_USERDATA

JSON key token user data.

See Also:

Constant Field Values

KEY_ISSUER_DATA

private static final String KEY_ISSUER_DATA

JSON key issuer data.

See Also:

Constant Field Values

KEY_IDENTITY

private static final String KEY_IDENTITY

JSON key identity.

See Also:

Constant Field Values

ctx

private final MslContext ctx

MSL context.

tokendata

private final byte[] tokendata

Token data.

signature

private final byte[] signature

Encrypted token data signature.

renewalWindow

private final long renewalWindow

User ID token renewal window in seconds since the epoch.

expiration

private final long expiration

User ID token expiration in seconds since the epoch.

mtSerialNumber

private final long mtSerialNumber

Master token serial number.

serialNumber

private final long serialNumber

Serial number.

userdata

private final byte[] userdata

User data.

issuerData

private final JSONObject issuerData

Issuer data.

user

private final MslUser user

MSL user.

verified

private final boolean verified

Token is verified.

Constructor Detail

UserIdToken

public UserIdToken(MslContext ctx,
                   Date renewalWindow,
                   Date expiration,
                   MasterToken masterToken,
                   long serialNumber,
                   JSONObject issuerData,
                   MslUser user)
            throws MslEncodingException,
                   MslCryptoException

Create a new user ID token with the specified user.

Parameters:

ctx - MSL context.

renewalWindow - the renewal window.

expiration - the expiration.

masterToken - the master token.

serialNumber - the user ID token serial number.

issuerData - the issuer data. May be null.

user - the MSL user.

Throws:

MslEncodingException - if there is an error encoding the JSON data.

MslCryptoException - if there is an error encrypting or signing the token data.

UserIdToken

public UserIdToken(MslContext ctx,
                   JSONObject userIdTokenJO,
                   MasterToken masterToken)
            throws MslEncodingException,
                   MslCryptoException,
                   MslException

Create a new user ID token from the provided JSON object. The associated master token must be provided to verify the user ID token.

Parameters:

ctx - MSL context.

userIdTokenJO - user ID token JSON object.

masterToken - the master token.

Throws:

MslEncodingException - if there is an error parsing the JSON, the token data is missing or invalid, or the signature is invalid.

MslCryptoException - if there is an error verifying the token data.

MslException - if the user ID token master token serial number does not match the master token serial number, or the expiration timestamp occurs before the renewal window, or the user data is missing or invalid, or the user ID token master token serial number is out of range, or the user ID token serial number is out of range.

Method Detail

isDecrypted

public boolean isDecrypted()

Returns:

true if the decrypted content is available. (Implies verified.)

isVerified

public boolean isVerified()

Returns:

true if the token has been verified.

getRenewalWindow

public Date getRenewalWindow()

Returns:

the start of the renewal window.

isRenewable

public boolean isRenewable()

Returns:

true if the renewal window has been entered.

getExpiration

public Date getExpiration()

Returns:

the expiration.

isExpired

public boolean isExpired()

Returns:

true if expired.

getIssuerData

public JSONObject getIssuerData()

Returns:

the user ID token issuer data or null if there is none or it is unknown (user data could not be decrypted).

getUser

public MslUser getUser()

Returns:

the MSL user, or null if unknown (user data could not be decrypted).

getSerialNumber

public long getSerialNumber()

Returns:

the user ID token serial number.

getMasterTokenSerialNumber

public long getMasterTokenSerialNumber()

Return the serial number of the master token this user ID token is bound to.

Returns:

the master token serial number.

isBoundTo

public boolean isBoundTo(MasterToken masterToken)

Parameters:

masterToken - master token. May be null.

Returns:

true if this token is bound to the provided master token.

toJSONString

public final String toJSONString()

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

Parameters:

obj - the reference object with which to compare.

Returns:

true if the other object is a user ID token with the same serial number bound to the same master token.

See Also:

Object.equals(java.lang.Object)

hashCode

public int hashCode()

Overrides:

hashCode in class Object