soar_authentication_token 3.0.9 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 943763e03572585973f8183ec30b991724885a5b
-  data.tar.gz: bc1494d9165b7b8fb09a16707be3c799afa562ed
+  metadata.gz: 4020cefab79d1ffcef0ea47c4787412cf4c520e4
+  data.tar.gz: dff3cc2d0e722cfbfbd9ae761694417350bfe9ba
 SHA512:
-  metadata.gz: 7de47b8886a50cb1b39710af98a80ea8f1e748aa6ba233f2859cbd30dccf8065b341c633f60f8bbd81e9ede872854be13e725d8b5559059e20d78df06cdd6041
-  data.tar.gz: 768f6724ca6f208abd04af1d27ff3918b3ed668e623e32505a2099e09d1b4c15a368207a389572f5cdd11e31c6d01dce23709f823ec2c1b8415983a70329fe29
+  metadata.gz: a9f8caae8f97bc3b7954b9c70848f605b6b7c6ba32b90800e42955811ccdfb34cc2d9bc7632aca2ec1c5b0872146a4a2ca761340fd228afe44a238f37b2998fd
+  data.tar.gz: 2a9aaf075ccae76090499d7bca7a7d88b663f75aecbd40393c783071a48591c2bcf842c64b86e9b04c436e6c5c36947442eadd34b0314ced9660030a5f5dc55b

data/README.md

@@ -24,16 +24,16 @@ gem install soar_authentication_token
 
 ## Configuration of generators and validators
 
-There are three modes of operation: local, remote or static
+There are three provider groups for operation: JwtToken, RemoteToken or StaticToken
 
-### Local
-In local mode the tokens are decoded, verified and meta extracted locally using configured key material. In practice the the token generation and validation services run in this mode since their roles are to generate and validate tokens.
+### JwtTokenGenerator/JwtTokenValidator
+With the JwtTokenValidator provider the tokens are decoded, verified and meta extracted locally using configured key material. In practice the the token generation and validation services run in this mode since their roles are to generate and validate tokens.
 
-### Remote
-In remote mode the tokens are passed to a token validation service for validation. This allows for a centralized management of tokens. The key material are therefore managed on the validation service and .  In this mode you only have to provide the url of the validation service.
+### RemoteTokenGenerator/RemoteTokenValidator
+With the RemoteTokenValidator provider the tokens are passed to a token validation service for validation. This allows for a centralized management of tokens. The key material are therefore managed on the validation service and .  In this mode you only have to provide the url of the validation service.
 
-### Static
-In this mode the validator is configured with a list of preconfigured static tokens.  Incoming tokens are simply checked against this list.  No extraction of meta is performed on the tokens but retrieved from the configuration.  Rotation of tokens is simple since many tokens can be configured. This mode is to be used in only two scenarios:
+### StaticTokenValidator
+In this mode the StaticTokenValidator is configured with a list of preconfigured static tokens.  Incoming tokens are simply checked against this list.  No extraction of meta is performed on the tokens but retrieved from the configuration.  Rotation of tokens is simple since many tokens can be configured. This mode is to be used in only two scenarios:
 * Between the various authentication token services that requires authentication between themselves.  These services themselves do not the benefit of another centralized authentication service to rely on.
 * In test scenarios where you do not want to pull in the authentication services to perform testing of your services.
 
@@ -77,7 +77,7 @@ First step is to configure the middleware. Actually you are not configuring the
 
 ```ruby
 @iut_configuration = {
-  'mode' => 'remote',
+  'provider' => 'RemoteTokenValidator',
   'validator-url' => 'http://authentication-token-validator-service:9393/validate'
 }
 @iut = SoarAuthenticationToken::RackMiddleware.new(@test_app, @iut_configuration)
@@ -94,7 +94,7 @@ The class generates tokens or requests a token from a generator service as confi
 For remote token generation, configure as such:
 ```ruby
 @configuration_remote = {
-  'mode' => 'remote',
+  'provider' => 'RemoteTokenGenerator',
   'generator-url' => 'http://authentication-token-generator-service:9393/generate',
   'generator-client-auth-token' => 'xxxx'
 }
@@ -105,7 +105,7 @@ For local token generation, configure as such:
 generator = SoarAuthenticationToken::KeypairGenerator.new
 private_key, public_key = generator.generate
 @configuration_local = {
-  'mode' => 'local',
+  'provider' => 'JwtTokenGenerator',
   'private_key' => private_key
 }
 ```
@@ -131,7 +131,7 @@ The class validates tokens or requests validation of a token from a validation s
 For remote token validation, configure as such:
 ```ruby
 @configuration_remote = {
-  'mode' => 'remote',
+  'provider' => 'RemoteTokenGenerator',
   'validator-url' => 'http://authentication-token-validator-service:9393/validate',
 }
 ```
@@ -141,7 +141,7 @@ For local token validation, configure as such:
 generator = SoarAuthenticationToken::KeypairGenerator.new
 private_key, public_key = generator.generate
 @configuration_local = {
-  'mode' => 'local',
+  'provider' => 'JwtTokenValidator',
   'public_key' => public_key
 }
 ```

data/lib/soar_authentication_token.rb

@@ -1,6 +1,11 @@
 module SoarAuthenticationToken
 end
 
+require 'soar_authentication_token/providers/jwt_token_generator'
+require 'soar_authentication_token/providers/jwt_token_validator'
+require 'soar_authentication_token/providers/remote_token_generator'
+require 'soar_authentication_token/providers/remote_token_validator'
+require 'soar_authentication_token/providers/static_token_validator'
 require 'soar_authentication_token/keypair_generator'
 require 'soar_authentication_token/token_generator'
 require 'soar_authentication_token/token_validator'

data/lib/soar_authentication_token/providers/jwt_token_generator.rb

@@ -0,0 +1,66 @@
+require 'soar_xt'
+require 'jwt'
+require 'securerandom'
+require 'time'
+require 'json'
+require 'authenticated_client'
+
+module SoarAuthenticationToken
+  class JwtTokenGenerator
+    DEFAULT_CONFIGURATION = {
+      'expiry' => 604800 #a days worth of seconds
+    } unless defined? DEFAULT_CONFIGURATION; DEFAULT_CONFIGURATION.freeze
+
+    def initialize(configuration)
+      @configuration = merge_with_default_configuration(configuration)
+      validate_local_mode_configuration
+      @private_key = OpenSSL::PKey::EC.new(@configuration['private_key'])
+    end
+
+    def inject_store_provider(store_provider)
+      @store_provider = store_provider
+    end
+
+    def generate(authenticated_identifier:, flow_identifier: nil)
+      token_meta = generate_meta(authenticated_identifier)
+      token = encode(token_meta)
+      add_token_to_store(token_meta,flow_identifier)
+      [token, token_meta]
+    end
+
+    private
+
+    def generate_meta(authenticated_identifier)
+      current_time = Time.now
+      { 'authenticated_identifier' => authenticated_identifier,
+        'token_issue_time'         => current_time.utc.iso8601(3),
+        'token_expiry_time'        => (current_time + @configuration['expiry']).utc.iso8601(3),
+        'token_identifier'         => SecureRandom.hex(32)
+      }
+    end
+
+    def encode(meta)
+      JWT.encode(meta, @private_key, 'ES512')
+    end
+
+    def validate_local_mode_configuration
+      raise "'private_key' must be configured in local mode" unless @configuration['private_key']
+      raise "'expiry' must be configured in local mode" unless @configuration['expiry']
+      raise "'expiry' must be an integer" unless Integer(@configuration['expiry'])
+    end
+
+    def merge_with_default_configuration(configuration)
+      configuration = {} unless configuration
+      Hash.deep_merge(DEFAULT_CONFIGURATION,configuration)
+    end
+
+    def add_token_to_store(meta,flow_identifier)
+      @store_provider.add(
+        token_identifier:         meta['token_identifier'],
+        authenticated_identifier: meta['authenticated_identifier'],
+        token_issue_time:         meta['token_issue_time'],
+        token_expiry_time:        meta['token_expiry_time'],
+        flow_identifier:          flow_identifier)
+    end
+  end
+end

data/lib/soar_authentication_token/providers/jwt_token_validator.rb

@@ -0,0 +1,89 @@
+require 'jwt'
+require 'authenticated_client'
+
+module SoarAuthenticationToken
+  class JwtTokenValidator
+    def initialize(configuration)
+      @configuration = configuration
+      set_configuration_defaults
+      validate_configuration
+      @public_key = OpenSSL::PKey::EC.new(@configuration['public_key'])
+      @public_key.private_key = nil
+    end
+
+    def inject_store_provider(store_provider)
+      @store_provider = store_provider
+    end
+
+    def validate(authentication_token:,flow_identifier: nil)
+      meta = decode_token_meta(authentication_token)
+      return rejection_result(reason: "Expired token <#{meta['token_expiry_time']}> for <#{meta['authenticated_identifier']}>") if token_expired?(meta)
+      return rejection_result(reason: "Unknown token for <#{meta['authenticated_identifier']}>") unless token_exist_in_store?(meta,flow_identifier)
+      success_result(token_meta: meta)
+    rescue JWT::VerificationError, JWT::DecodeError
+      rejection_result(reason: 'Token decode/verification failure')
+    end
+
+    private
+
+    def set_configuration_defaults
+      @configuration['expiry'] ||= 86400
+    end
+
+    def decode_token_meta(authentication_token)
+      decoded_token_payload = decode(authentication_token)
+      compile_meta(token_identifier:         decoded_token_payload[0]['token_identifier'],
+                   authenticated_identifier: decoded_token_payload[0]['authenticated_identifier'],
+                   token_issue_time:         decoded_token_payload[0]['token_issue_time'],
+                   token_expiry_time:        decoded_token_payload[0]['token_expiry_time'])
+    end
+
+    def compile_meta(token_identifier:,
+                     authenticated_identifier:,
+                     token_issue_time:,
+                     token_expiry_time:)
+      {
+        'token_identifier' =>         token_identifier,
+        'authenticated_identifier' => authenticated_identifier,
+        'token_issue_time' =>         token_issue_time,
+        'token_expiry_time' =>        token_expiry_time,
+        'token_age' =>                token_age(token_issue_time)
+      }
+    end
+
+    def token_age(token_issue_time)
+      Time.now - Time.parse(token_issue_time.to_s)
+    end
+
+    def validate_configuration
+      raise "'public_key' must be configured in local mode" unless @configuration['public_key']
+      raise "'expiry' must be configured in local mode" unless @configuration['expiry']
+      raise "'expiry' must be an integer" unless Integer(@configuration['expiry'])
+    end
+
+    def decode(authentication_token)
+      JWT.decode(authentication_token, @public_key, true, { :algorithm => 'ES512' })
+    end
+
+    def token_expired?(meta)
+      Time.parse(meta['token_expiry_time'].to_s) < Time.now
+    end
+
+    def token_exist_in_store?(meta,flow_identifier)
+      @store_provider.token_exist?(
+        token_identifier:         meta['token_identifier'],
+        authenticated_identifier: meta['authenticated_identifier'],
+        token_issue_time:         meta['token_issue_time'],
+        token_expiry_time:        meta['token_expiry_time'],
+        flow_identifier:          flow_identifier)
+    end
+
+    def rejection_result(reason:)
+      [false, nil, reason]
+    end
+
+    def success_result(token_meta:)
+      [true, token_meta, "Valid token for <#{token_meta['authenticated_identifier']}>" ]
+    end
+  end
+end

data/lib/soar_authentication_token/providers/remote_token_generator.rb

@@ -0,0 +1,44 @@
+require 'json'
+require 'authenticated_client'
+
+module SoarAuthenticationToken
+  class RemoteTokenGenerator
+    def initialize(configuration)
+      @configuration = configuration
+      validate_configuration
+    end
+
+    def inject_store_provider(store_provider)
+      #ignore the store provider since this generator does not use a store
+    end
+
+    def generate(authenticated_identifier:, flow_identifier: nil)
+      client = authenticated_client(authenticated_identifier,flow_identifier)
+      validate_and_extract_token_from_response(client.request)
+    end
+
+    private
+
+    def authenticated_client(authenticated_identifier,flow_identifier)
+      client = AuthenticatedClient::Client.new
+      client.url = @configuration['generator-url']
+      client.token = @configuration['generator-client-auth-token']
+      client.verb = :post
+      client.parameters = {'flow_identifier' => flow_identifier}
+      client.body = { 'authenticated_identifier' => authenticated_identifier }
+      client
+    end
+
+    def validate_and_extract_token_from_response(response)
+      raise "Failure generating token with token generation service. Code #{response.code}" if '200' != response.code
+      body = JSON.parse(response.body)
+      raise 'Failure generating token by token service' if 'success' != body['status']
+      raise 'Token service did not provide token' if body['data'].nil? or body['data']['token'].nil?
+      body['data']['token']
+    end
+
+    def validate_configuration
+      raise "'generator-url' must be configured" if @configuration['generator-url'].nil?
+    end
+  end
+end

data/lib/soar_authentication_token/providers/remote_token_validator.rb

@@ -0,0 +1,57 @@
+require 'authenticated_client'
+
+module SoarAuthenticationToken
+  class RemoteTokenValidator
+    def initialize(configuration)
+      @configuration = configuration
+      validate_configuration
+    end
+
+    def inject_store_provider(store_provider)
+      #ignore the store provider since this validator does not use a store
+    end
+
+    def validate(authentication_token:,flow_identifier: nil)
+      response = send_request(authentication_token,flow_identifier)
+      validate_and_extract_information_from_response(response)
+    end
+
+    private
+
+    def send_request(authentication_token,flow_identifier)
+      uri = URI.parse(@configuration['validator-url'])
+      uri.query = URI.encode_www_form( {'flow_identifier' => flow_identifier} )
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true if uri.is_a?(URI::HTTPS)
+      request = Net::HTTP::Post.new(uri.request_uri)
+      request.body = { 'authentication_token' => authentication_token }.to_json
+      http.request(request)
+    end
+
+    def validate_and_extract_information_from_response(response)
+      raise "Failure validating token with token validation service. Code #{response.code} received" if '200' != response.code
+      body = JSON.parse(response.body)
+      if ('success' == body['status']) and body['data']
+        token_validity = body['data']['token_validity']
+        token_meta = body['data']['token_meta']
+        message = body['data']['message']
+        raise 'Token validation service did not provide token_validity' if token_validity.nil?
+        raise 'Token validation service did not provide token_meta' if token_validity and token_meta.nil?
+        raise 'Token validation service did not provide message' if message.nil?
+        return [token_validity, token_meta, message]
+      end
+      if 'fail' == body['status']
+        return rejection_result(reason: 'remote validation failed')
+      end
+      raise "Failure validating token with token validation service. Status '#{body['status']}' received"
+    end
+
+    def validate_configuration
+      raise "'validator-url' must be configured in remote mode" unless @configuration['validator-url']
+    end
+
+    def rejection_result(reason:)
+      [false, nil, reason]
+    end
+  end
+end

data/lib/soar_authentication_token/providers/static_token_validator.rb

@@ -0,0 +1,64 @@
+module SoarAuthenticationToken
+  class StaticTokenValidator
+    def initialize(configuration)
+      @configuration = configuration
+      validate_configuration
+    end
+
+    def inject_store_provider(store_provider)
+      #ignore the store provider since this validator does not use a store
+    end
+
+    def validate(authentication_token:,flow_identifier: nil)
+      found_static_token = find_configured_static_token(authentication_token)
+      return rejection_result(reason: 'Unknown static token') if found_static_token.nil?
+      meta = compile_meta(token_identifier:         'static_token',
+                          authenticated_identifier: found_static_token['authenticated_identifier'],
+                          token_issue_time:         found_static_token['token_issue_time'],
+                          token_expiry_time:        found_static_token['token_expiry_time'])
+      return rejection_result(reason: "Expired token <#{meta['token_expiry_time']}> for <#{meta['authenticated_identifier']}>") if token_expired?(meta)
+      return success_result(token_meta: meta)
+    end
+
+    private
+
+    def find_configured_static_token(authentication_token)
+      @configuration['static_tokens'].each { |static_token|
+        return static_token if authentication_token == static_token['token']
+      }
+      nil
+    end
+
+    def compile_meta(token_identifier:,
+                     authenticated_identifier:,
+                     token_issue_time:,
+                     token_expiry_time:)
+      {
+        'token_identifier' =>         token_identifier,
+        'authenticated_identifier' => authenticated_identifier,
+        'token_issue_time' =>         token_issue_time,
+        'token_expiry_time' =>        token_expiry_time,
+        'token_age' =>                token_age(token_issue_time)
+      }
+    end
+
+    def token_age(token_issue_time)
+      Time.now - Time.parse(token_issue_time.to_s)
+    end
+
+    def validate_configuration
+      raise "array of 'static_tokens' must be configured" unless @configuration['static_tokens']
+    end
+
+    def token_expired?(meta)
+      Time.parse(meta['token_expiry_time'].to_s) < Time.now
+    end
+
+    def rejection_result(reason:)
+      [false, nil, reason]
+    end
+    def success_result(token_meta:)
+      [true, token_meta, "Valid token for <#{token_meta['authenticated_identifier']}>" ]
+    end
+  end
+end

data/lib/soar_authentication_token/token_generator.rb

@@ -1,107 +1,28 @@
-require 'soar_xt'
-require 'jwt'
-require 'securerandom'
-require 'time'
-require 'net/http'
-require 'uri'
-require 'json'
-require 'authenticated_client'
-
 module SoarAuthenticationToken
   class TokenGenerator
-    DEFAULT_CONFIGURATION = {
-      'expiry' => 604800 #a days worth of seconds
-    } unless defined? DEFAULT_CONFIGURATION; DEFAULT_CONFIGURATION.freeze
-
     def initialize(configuration)
-      @configuration = merge_with_default_configuration(configuration)
+      @configuration = configuration
       validate_configuration
-      @private_key = OpenSSL::PKey::EC.new(@configuration['private_key'])
+      instantiate_provider
     end
 
     def inject_store_provider(store_provider)
-      @store_provider = store_provider
+      @provider.inject_store_provider(store_provider)
     end
 
     def generate(authenticated_identifier:, flow_identifier: nil)
-      return generate_locally(authenticated_identifier,flow_identifier) if 'local' == @configuration['mode']
-      return generate_remotely(authenticated_identifier,flow_identifier)
+      @provider.generate(authenticated_identifier: authenticated_identifier,
+                         flow_identifier:          flow_identifier)
     end
 
     private
 
-    def generate_locally(authenticated_identifier,flow_identifier)
-      token_meta = generate_meta(authenticated_identifier)
-      token = encode(token_meta)
-      add_token_to_store(token_meta,flow_identifier)
-      [token, token_meta]
-    end
-
-    def generate_remotely(authenticated_identifier,flow_identifier)
-      client = authenticated_client(authenticated_identifier,flow_identifier)
-      validate_and_extract_token_from_response(client.request)
-    end
-
-    def authenticated_client(authenticated_identifier,flow_identifier)
-      client = AuthenticatedClient::Client.new
-      client.url = @configuration['generator-url']
-      client.token = @configuration['generator-client-auth-token']
-      client.verb = :post
-      client.parameters = {'flow_identifier' => flow_identifier}
-      client.body = { 'authenticated_identifier' => authenticated_identifier }
-      client
-    end
-
-    def validate_and_extract_token_from_response(response)
-      raise "Failure generating token with token generation service. Code #{response.code}" if '200' != response.code
-      body = JSON.parse(response.body)
-      raise 'Failure generating token by token service' if 'success' != body['status']
-      raise 'Token service did not provide token' if body['data'].nil? or body['data']['token'].nil?
-      body['data']['token']
-    end
-
-    def generate_meta(authenticated_identifier)
-      current_time = Time.now
-      { 'authenticated_identifier' => authenticated_identifier,
-        'token_issue_time'         => current_time.utc.iso8601(3),
-        'token_expiry_time'        => (current_time + @configuration['expiry']).utc.iso8601(3),
-        'token_identifier'         => SecureRandom.hex(32)
-      }
-    end
-
-    def encode(meta)
-      JWT.encode(meta, @private_key, 'ES512')
+    def instantiate_provider
+      @provider = Object::const_get("SoarAuthenticationToken::#{@configuration['provider']}").new(@configuration)
     end
 
     def validate_configuration
-      raise "'mode' must be configured" unless @configuration['mode']
-      raise "'mode' must be configured as either 'local' or 'remote'" unless ['local','remote'].include?(@configuration['mode'])
-      validate_local_mode_configuration if 'local' == @configuration['mode']
-      validate_remote_mode_configuration if 'remote' == @configuration['mode']
-    end
-
-    def validate_remote_mode_configuration
-      raise "'generator-url' must be configured in remote mode" if @configuration['generator-url'].nil?
-    end
-
-    def validate_local_mode_configuration
-      raise "'private_key' must be configured in local mode" unless @configuration['private_key']
-      raise "'expiry' must be configured in local mode" unless @configuration['expiry']
-      raise "'expiry' must be an integer" unless Integer(@configuration['expiry'])
-    end
-
-    def merge_with_default_configuration(configuration)
-      configuration = {} unless configuration
-      Hash.deep_merge(DEFAULT_CONFIGURATION,configuration)
-    end
-
-    def add_token_to_store(meta,flow_identifier)
-      @store_provider.add(
-        token_identifier:         meta['token_identifier'],
-        authenticated_identifier: meta['authenticated_identifier'],
-        token_issue_time:         meta['token_issue_time'],
-        token_expiry_time:        meta['token_expiry_time'],
-        flow_identifier:          flow_identifier)
+      raise "'provider' must be configured" unless @configuration['provider']
     end
   end
 end

data/lib/soar_authentication_token/token_validator.rb

@@ -1,169 +1,28 @@
-require 'soar_xt'
-require 'jwt'
-require 'authenticated_client'
-
 module SoarAuthenticationToken
   class TokenValidator
-    DEFAULT_CONFIGURATION = {
-      'expiry' => 604800 #a days worth of seconds
-    } unless defined? DEFAULT_CONFIGURATION; DEFAULT_CONFIGURATION.freeze
-
     def initialize(configuration)
-      @configuration = merge_with_default_configuration(configuration)
+      @configuration = configuration
       validate_configuration
-      @public_key = OpenSSL::PKey::EC.new(@configuration['public_key'])
-      @public_key.private_key = nil
+      instantiate_provider
     end
 
     def inject_store_provider(store_provider)
-      @store_provider = store_provider
+      @provider.inject_store_provider(store_provider)
     end
 
     def validate(authentication_token:,flow_identifier: nil)
-      return validate_locally(authentication_token,flow_identifier)    if 'local' == @configuration['mode']
-      return validate_statically(authentication_token) if 'static' == @configuration['mode']
-      return validate_remotely(authentication_token,flow_identifier) if 'remote' == @configuration['mode']
-      raise 'invalid validation mode configured'
+      @provider.validate(authentication_token: authentication_token,
+                         flow_identifier:      flow_identifier)
     end
 
     private
 
-    def validate_statically(authentication_token)
-      found_static_token = find_configured_static_token(authentication_token)
-      return rejection_result(reason: 'Unknown static token') if found_static_token.nil?
-      meta = compile_meta(token_identifier:         'static_token',
-                          authenticated_identifier: found_static_token['authenticated_identifier'],
-                          token_issue_time:         found_static_token['token_issue_time'],
-                          token_expiry_time:        found_static_token['token_expiry_time'])
-      return rejection_result(reason: "Expired token <#{meta['token_expiry_time']}> for <#{meta['authenticated_identifier']}>") if token_expired?(meta)
-      return success_result(token_meta: meta)
-    end
-
-    def find_configured_static_token(authentication_token)
-      @configuration['static_tokens'].each { |static_token|
-        if authentication_token == static_token['token']
-          return static_token
-        end
-      }
-      nil
-    end
-
-    def validate_locally(authentication_token,flow_identifier)
-      meta = decode_token_meta(authentication_token)
-      return rejection_result(reason: "Expired token <#{meta['token_expiry_time']}> for <#{meta['authenticated_identifier']}>") if token_expired?(meta)
-      return rejection_result(reason: "Unknown token for <#{meta['authenticated_identifier']}>") unless token_exist_in_store?(meta,flow_identifier)
-      success_result(token_meta: meta)
-    rescue JWT::VerificationError, JWT::DecodeError
-      rejection_result(reason: 'Token decode/verification failure')
-    end
-
-    def decode_token_meta(authentication_token)
-      decoded_token_payload = decode(authentication_token)
-      compile_meta(token_identifier:         decoded_token_payload[0]['token_identifier'],
-                   authenticated_identifier: decoded_token_payload[0]['authenticated_identifier'],
-                   token_issue_time:         decoded_token_payload[0]['token_issue_time'],
-                   token_expiry_time:        decoded_token_payload[0]['token_expiry_time'])
-    end
-
-    def compile_meta(token_identifier:,
-                     authenticated_identifier:,
-                     token_issue_time:,
-                     token_expiry_time:)
-      {
-        'token_identifier' =>         token_identifier,
-        'authenticated_identifier' => authenticated_identifier,
-        'token_issue_time' =>         token_issue_time,
-        'token_expiry_time' =>        token_expiry_time,
-        'token_age' =>                token_age(token_issue_time)
-      }
-    end
-
-    def token_age(token_issue_time)
-      Time.now - Time.parse(token_issue_time.to_s)
-    end
-
-    def validate_remotely(authentication_token,flow_identifier)
-      response = send_request(authentication_token,flow_identifier)
-      validate_and_extract_information_from_response(response)
-    end
-
-    def send_request(authentication_token,flow_identifier)
-      uri = URI.parse(@configuration['validator-url'])
-      uri.query = URI.encode_www_form( {'flow_identifier' => flow_identifier} )
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = true if uri.is_a?(URI::HTTPS)
-      request = Net::HTTP::Post.new(uri.request_uri)
-      request.body = { 'authentication_token' => authentication_token }.to_json
-      http.request(request)
-    end
-
-    def validate_and_extract_information_from_response(response)
-      raise "Failure validating token with token validation service. Code #{response.code} received" if '200' != response.code
-      body = JSON.parse(response.body)
-      if ('success' == body['status']) and body['data']
-        token_validity = body['data']['token_validity']
-        token_meta = body['data']['token_meta']
-        message = body['data']['message']
-        raise 'Token validation service did not provide token_validity' if token_validity.nil?
-        raise 'Token validation service did not provide token_meta' if token_validity and token_meta.nil?
-        raise 'Token validation service did not provide message' if message.nil?
-        return [token_validity, token_meta, message]
-      end
-      if 'fail' == body['status']
-        return rejection_result(reason: 'remote validation failed')
-      end
-      raise "Failure validating token with token validation service. Status '#{body['status']}' received"
+    def instantiate_provider
+      @provider = Object::const_get("SoarAuthenticationToken::#{@configuration['provider']}").new(@configuration)
     end
 
     def validate_configuration
-      raise "'mode' must be configured" unless @configuration['mode']
-      raise "'mode' must be configured as either 'local', 'remote' or 'static'" unless ['local','remote', 'static'].include?(@configuration['mode'])
-      validate_remote_configuration if 'remote' == @configuration['mode']
-      validate_local_configuration  if 'local' == @configuration['mode']
-      validate_static_configuration if 'static' == @configuration['mode']
-    end
-
-    def validate_remote_configuration
-      raise "'validator-url' must be configured in remote mode" unless @configuration['validator-url']
-    end
-
-    def validate_local_configuration
-      raise "'public_key' must be configured in local mode" unless @configuration['public_key']
-      raise "'expiry' must be configured in local mode" unless @configuration['expiry']
-      raise "'expiry' must be an integer" unless Integer(@configuration['expiry'])
-    end
-
-    def validate_static_configuration
-      raise "'static_tokens' must be configured in local mode" unless @configuration['static_tokens']
-    end
-
-    def merge_with_default_configuration(configuration)
-      Hash.deep_merge(DEFAULT_CONFIGURATION,configuration)
-    end
-
-    def decode(authentication_token)
-      JWT.decode(authentication_token, @public_key, true, { :algorithm => 'ES512' })
-    end
-
-    def token_expired?(meta)
-      Time.parse(meta['token_expiry_time'].to_s) < Time.now
-    end
-
-    def token_exist_in_store?(meta,flow_identifier)
-      @store_provider.token_exist?(
-        token_identifier:         meta['token_identifier'],
-        authenticated_identifier: meta['authenticated_identifier'],
-        token_issue_time:         meta['token_issue_time'],
-        token_expiry_time:        meta['token_expiry_time'],
-        flow_identifier:          flow_identifier)
-    end
-
-    def rejection_result(reason:)
-      [false, nil, reason]
-    end
-
-    def success_result(token_meta:)
-      [true, token_meta, "Valid token for <#{token_meta['authenticated_identifier']}>" ]
+      raise "'provider' must be configured" unless @configuration['provider']
     end
   end
 end

data/lib/soar_authentication_token/version.rb

@@ -1,3 +1,3 @@
 module SoarAuthenticationToken
-  VERSION = '3.0.9'
+  VERSION = '4.0.0'
 end

data/spec/rack_middleware_spec.rb

@@ -9,7 +9,7 @@ describe SoarAuthenticationToken::RackMiddleware do
     keypair_generator = SoarAuthenticationToken::KeypairGenerator.new
     private_key, public_key = keypair_generator.generate
     configuration = {
-      'mode' => 'remote',
+      'provider' => 'RemoteTokenGenerator',
       'generator-url' => 'http://authentication-token-generator-service:9393/generate',
       'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
     }
@@ -22,7 +22,7 @@ describe SoarAuthenticationToken::RackMiddleware do
     keypair_generator = SoarAuthenticationToken::KeypairGenerator.new
     private_key, public_key = keypair_generator.generate
     configuration = {
-      'mode' => 'local',
+      'provider' => 'JwtTokenGenerator',
       'private_key' => private_key,
       'public_key' => public_key
     }
@@ -52,8 +52,7 @@ describe SoarAuthenticationToken::RackMiddleware do
       [200, {"Content-Type"=>"text/html"}, test_app_response_data ]
     end
     @iut_configuration = {
-      'mode' => 'remote',
-      'generator-url' => 'http://authentication-token-generator-service:9393/generate',
+      'provider' => 'RemoteTokenValidator',
       'validator-url' => 'http://authentication-token-validator-service:9393/validate'
     }
     @iut = SoarAuthenticationToken::RackMiddleware.new(@test_app, @iut_configuration)

data/spec/token_generator_spec.rb

@@ -9,19 +9,22 @@ describe SoarAuthenticationToken::TokenGenerator do
 
   before :each do
     @generator_configuration_local = {
-      'mode' => 'local',
+      'provider' => 'JwtTokenGenerator',
       'private_key' => @private_key
     }
     @validator_configuration_local = {
-      'mode' => 'local',
+      'provider' => 'JwtTokenValidator',
       'public_key' => @public_key
     }
-    @configuration_remote = {
-      'mode' => 'remote',
+    @configuration_remote_generator = {
+      'provider' => 'RemoteTokenGenerator',
       'generator-url' => 'http://authentication-token-generator-service:9393/generate',
-      'validator-url' => 'http://authentication-token-validator-service:9393/validate',
       'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
     }
+    @configuration_remote_validator = {
+      'provider' => 'RemoteTokenValidator',
+      'validator-url' => 'http://authentication-token-validator-service:9393/validate',
+    }
 
     @test_store = AuthTokenStoreProvider::StubClient.new
   end
@@ -52,12 +55,12 @@ describe SoarAuthenticationToken::TokenGenerator do
 
   context "when generating a new token remotely" do
     it 'should request the token from the configured remote service' do
-      @iut = SoarAuthenticationToken::TokenGenerator.new(@configuration_remote)
+      @iut = SoarAuthenticationToken::TokenGenerator.new(@configuration_remote_generator)
       @iut.inject_store_provider(@test_store)
 
       token, token_generator_meta = @iut.generate(authenticated_identifier: @test_authenticated_identifier, flow_identifier: 'test-flow-id')
 
-      @validator = SoarAuthenticationToken::TokenValidator.new(@configuration_remote)
+      @validator = SoarAuthenticationToken::TokenValidator.new(@configuration_remote_validator)
       @iut.inject_store_provider(@test_store)
       token_validity, token_validator_meta, messages = @validator.validate(authentication_token: token, flow_identifier: 'test-flow-id')
 

data/spec/token_validator_spec.rb

@@ -10,11 +10,11 @@ describe SoarAuthenticationToken::TokenValidator do
     @invalid_private_key, @invalid_public_key = keypair_generator.generate
     @test_identifier = 'a@b.co.za'
     @local_valid_generator_configuration = {
-      'mode' => 'local',
+      'provider' => 'JwtTokenGenerator',
       'private_key' => @valid_private_key
     }
     @local_invalid_generator_configuration = {
-      'mode' => 'local',
+      'provider' => 'JwtTokenGenerator',
       'private_key' => @invalid_private_key
     }
 
@@ -25,7 +25,7 @@ describe SoarAuthenticationToken::TokenValidator do
 
     current_time = Time.now
     @static_validator_configuration = {
-      'mode' => 'static',
+      'provider' => 'StaticTokenValidator',
       'static_tokens' => [
         {
           'token'                    => 'some_secret_token_string_1111',
@@ -48,16 +48,16 @@ describe SoarAuthenticationToken::TokenValidator do
       ]
     }
     @local_validator_configuration = {
-      'mode' => 'local',
+      'provider' => 'JwtTokenValidator',
       'public_key' => @valid_public_key
     }
     @remote_generator_configuration = {
-      'mode' => 'remote',
+      'provider' => 'RemoteTokenGenerator',
       'generator-url' => 'http://authentication-token-generator-service:9393/generate',
       'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
     }
     @remote_validator_configuration = {
-      'mode' => 'remote',
+      'provider' => 'RemoteTokenValidator',
       'validator-url' => 'http://authentication-token-validator-service:9393/validate',
       'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
     }
@@ -97,7 +97,7 @@ describe SoarAuthenticationToken::TokenValidator do
         it 'indicate token is valid' do
           expect(token_validity).to eq true
         end
-        
+
         it 'provide the token meta' do
           expect(token_meta['authenticated_identifier']).to eq @test_identifier
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: soar_authentication_token
 version: !ruby/object:Gem::Version
-  version: 3.0.9
+  version: 4.0.0
 platform: ruby
 authors:
 - Barney de Villiers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-31 00:00:00.000000000 Z
+date: 2017-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: soar_xt
@@ -223,6 +223,11 @@ files:
 - docker-compose.yml
 - lib/soar_authentication_token.rb
 - lib/soar_authentication_token/keypair_generator.rb
+- lib/soar_authentication_token/providers/jwt_token_generator.rb
+- lib/soar_authentication_token/providers/jwt_token_validator.rb
+- lib/soar_authentication_token/providers/remote_token_generator.rb
+- lib/soar_authentication_token/providers/remote_token_validator.rb
+- lib/soar_authentication_token/providers/static_token_validator.rb
 - lib/soar_authentication_token/rack_middleware.rb
 - lib/soar_authentication_token/token_generator.rb
 - lib/soar_authentication_token/token_validator.rb