ref: extract pricingSecretKey field and add javadocs

Pedro González Marcos · Pedro González Marcos · commit 8781ffd5c1f3 · 2025-05-16T12:10:49.000+02:00
diff --git a/src/main/java/io/github/isagroup/PricingContext.java b/src/main/java/io/github/isagroup/PricingContext.java
@@ -29,23 +29,44 @@ public abstract class PricingContext {
     private static final Logger logger = LoggerFactory.getLogger(PricingContext.class);
 
     /**
-     * Returns path of the pricing configuration YAML file.
-     * This file should be located in the resources folder, and the path should be
-     * relative to it.
+     * Returns the path to the Pricing2Yaml configuration file. The {@link String}
+     * path given to the implementation of this method should point to a
+     * Pricing2Yaml file under {@code resources} folder.
      * 
-     * @return Configuration file path
+     * @return a path as {@link String} to a Pricing2Yaml configuration file
+     *         relative to the {@code resources} folder
      */
     public abstract String getConfigFilePath();
 
     /**
-     * Returns the secret used to encode the pricing JWT.
-     * * @return JWT secret String
+     * Returns the secret used to sign the pricing JWT. The secret key needs to be
+     * encoded in {@code base64}. Internally JWT library will choose the best
+     * algorithm to sign the JWT ({@code HS256}, {@code HS384} or {@code HS512}), if
+     * the secret key bit length does not conform to the minimun stated by these
+     * algorithms will throw a {@link io.jsonwebtoken.security.WeakKeyException}
+     *
+     * @return a pricing secret encoded in {@code base64}
+     * @see <a href=
+     *      "https://github.com/jwtk/jjwt#signature-algorithms-keys">Signature
+     *      Algorithm Keys</a>
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-3.2">HMAC
+     *      with SHA-2 Functions</a>
      */
     public abstract String getJwtSecret();
 
     /**
-     * Returns the secret used to encode the authorization JWT.
-     * * @return JWT secret String
+     * Returns the secret used to sign the authorization JWT. The secret key needs
+     * to be encoded in {@code base64}. Internally JWT library will choose the best
+     * algorithm to sign the JWT ({@code HS256}, {@code HS384} or {@code HS512}), if
+     * the secret key bit length does not conform to the minimun stated by these
+     * algorithms will throw a {@link io.jsonwebtoken.security.WeakKeyException}
+     *
+     * @return a pricing secret encoded in {@code base64}
+     * @see <a href=
+     *      "https://github.com/jwtk/jjwt#signature-algorithms-keys">Signature
+     *      Algorithm Keys</a>
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-3.2">HMAC
+     *      with SHA-2 Functions</a>
      */
     public String getAuthJwtSecret() {
         return this.getJwtSecret();
@@ -66,7 +87,8 @@ public int getJwtExpiration() {
      * for them.
      * 
      * @return A {@link Boolean} indicating the condition to include, or not,
-     *         the pricing evaluation context in the JWT.
+     *         the pricing evaluation context in the JWT. Set to {@code true} by
+     *         default
      * 
      * @see PricingEvaluatorUtil#generateUserToken
      * 
@@ -77,9 +99,8 @@ public Boolean userAffectedByPricing() {
 
     /**
      * This method should return the user context that will be used to evaluate the
-     * pricing plan.
-     * It should be considered which users has accessed the service and what
-     * information is available.
+     * pricing plan. It should be considered which users has accessed the service
+     * and what information is available.
      * 
      * @return Map with the user context
      */
@@ -90,30 +111,35 @@ public Boolean userAffectedByPricing() {
      * With this information, the library will be able to build the {@link Plan}
      * object of the user from the configuration.
      * 
-     * @return String with the current user's plan name
+     * @return a {@link String} with the current user's plan name
      */
     public abstract String getUserPlan();
 
     /**
      * This method should return a list with the name of the add-ons contracted by
-     * the current user. If the pricing don't include add-ons, then just return an empty array.
-     * With this information, the library will be able to build the subscription of
-     * the user from the configuration.
+     * the current user. If the pricing does not include add-ons, then just return
+     * an empty {@link List}. With this information, the library will be able to
+     * build the subscription of the user from the configuration.
      * 
-     * @return {@code List<String>} with the current user's contracted add-ons. Add-on names
-     *         should be the same as in the pricing configuration file.
+     * @return a list with the current user's contracted add-ons.
+     *         Add-on names should be the same as in the pricing configuration file.
      * 
      */
     public abstract List<String> getUserAddOns();
 
     /**
      * Returns a list with the full subscription contracted by the current user
      * (including plans and add-ons).
+     * <p>
+     * There are two keys inside this {@link Map}:
+     * <ul>
+     * <li>Key {@code plans} contains the plan name of the user
+     * <li>Key {@code addOns} contains a list with the add-ons contracted by the
+     * user
+     * </ul>
      * 
-     * Key "plan" contains the plan name of the user.
-     * Key "addOns" contains a list with the add-ons contracted by the user.
-     * 
-     * @return {@code Map<String, Object>} with the current user's contracted subscription.
+     * @return {@code Map<String, Object>} with the current user's contracted
+     *         subscription.
      */
     public final Map<String, Object> getUserSubscription() {
         Map<String, Object> userSubscription = new HashMap<>();
@@ -164,7 +190,7 @@ public final Map<String, Object> getPlanContext() {
      * This method returns the {@link PricingManager} object that is being used to
      * evaluate the pricing plan.
      * 
-     * @return PricingManager object
+     * @return {@link PricingManager} object
      */
     public final PricingManager getPricingManager() {
         try {
diff --git a/src/main/java/io/github/isagroup/services/jwt/PricingJwtUtils.java b/src/main/java/io/github/isagroup/services/jwt/PricingJwtUtils.java
@@ -3,6 +3,8 @@
 import java.util.Date;
 import java.util.Map;
 
+import javax.crypto.SecretKey;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -25,16 +27,33 @@ public class PricingJwtUtils {
     @Autowired
     private PricingContext pricingContext;
 
+    private final SecretKey pricingSecretKey;
+
     public PricingJwtUtils(PricingContext pricingContext) {
         this.pricingContext = pricingContext;
+        this.pricingSecretKey = createKeyForBase64String(pricingContext.getJwtSecret());
+    }
+
+    /**
+     * Given a base64 encoded {@link String} creates a {@link SecretKey} to be used
+     * when signing a JWT token. Given string must meet HMAC-SHA bit length
+     * requirements
+     *
+     * @param base64String
+     * @return {@link SecretKey}
+     * @throws {@link WeakKeyException} if the string is not strong enough to
+     *                be used with HMAC-SHA algorithms
+     */
+    private static SecretKey createKeyForBase64String(String base64String) {
+        return Keys.hmacShaKeyFor(Decoders.BASE64.decode(base64String));
     }
 
     private static final Logger LOGGER = LoggerFactory.getLogger(PricingJwtUtils.class);
 
     /**
      * Given a map claims and subject creates a JWT token given
      * {@link PricingContext} configuation
-     * 
+     *
      * @param claims  a {@link Map} of claims
      * @param subject a target of the token
      * @return The subject of the JWT
@@ -46,7 +65,7 @@ public String createJwtToken(Map<String, ?> claims, String subject) {
                 .subject(subject)
                 .issuedAt(new Date(System.currentTimeMillis()))
                 .expiration(new Date(System.currentTimeMillis() + pricingContext.getJwtExpiration()))
-                .signWith(Keys.hmacShaKeyFor(Decoders.BASE64.decode(pricingContext.getJwtSecret())))
+                .signWith(pricingSecretKey)
                 .compact();
     }
 
@@ -57,7 +76,7 @@ public String createJwtToken(Map<String, ?> claims, String subject) {
      * @return The subject of the JWT
      */
     public String getSubjectFromJwtToken(String token) {
-        return Jwts.parser().verifyWith(Keys.hmacShaKeyFor(Decoders.BASE64.decode((pricingContext.getJwtSecret()))))
+        return Jwts.parser().verifyWith(pricingSecretKey)
                 .build()
                 .parseSignedClaims(token).getPayload().getSubject();
     }
@@ -73,7 +92,7 @@ public String getSubjectFromJwtToken(String token) {
      */
     public Map<String, Map<String, Object>> getFeaturesFromJwtToken(String token) {
         return (Map<String, Map<String, Object>>) Jwts.parser()
-                .verifyWith(Keys.hmacShaKeyFor(Decoders.BASE64.decode((pricingContext.getJwtSecret())))).build()
+                .verifyWith(pricingSecretKey).build()
                 .parseSignedClaims(token)
                 .getPayload().get("features");
     }
@@ -89,7 +108,7 @@ public Map<String, Map<String, Object>> getFeaturesFromJwtToken(String token) {
      */
     public Map<String, Object> getPlanContextFromJwtToken(String token) {
         return (Map<String, Object>) Jwts.parser()
-                .verifyWith(Keys.hmacShaKeyFor(Decoders.BASE64.decode((pricingContext.getJwtSecret())))).build()
+                .verifyWith(pricingSecretKey).build()
                 .parseSignedClaims(token)
                 .getPayload().get("planContext");
     }
@@ -105,7 +124,7 @@ public Map<String, Object> getPlanContextFromJwtToken(String token) {
      */
     public Map<String, Object> getUserContextFromJwtToken(String token) {
         return (Map<String, Object>) Jwts.parser()
-                .verifyWith(Keys.hmacShaKeyFor(Decoders.BASE64.decode((pricingContext.getJwtSecret())))).build()
+                .verifyWith(pricingSecretKey).build()
                 .parseSignedClaims(token)
                 .getPayload().get("userContext");
     }
@@ -119,7 +138,7 @@ public Map<String, Object> getUserContextFromJwtToken(String token) {
      */
     public boolean validateJwtToken(String authToken) {
         try {
-            Jwts.parser().verifyWith(Keys.hmacShaKeyFor(Decoders.BASE64.decode((pricingContext.getAuthJwtSecret()))))
+            Jwts.parser().verifyWith(createKeyForBase64String(pricingContext.getAuthJwtSecret()))
                     .build()
                     .parseSignedClaims(authToken);
             return true;
diff --git a/src/test/java/io/github/isagroup/PricingContextTestImpl.java b/src/test/java/io/github/isagroup/PricingContextTestImpl.java
@@ -4,8 +4,13 @@
 import java.util.List;
 import java.util.Map;
 
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.io.Encoders;
+
 public class PricingContextTestImpl extends PricingContext {
 
+    static final String JWT_SUBJECT_TEST = "admin1";
+
     private String path;
     private String secret;
     private Integer jwtExpiration;
@@ -14,12 +19,12 @@ public class PricingContextTestImpl extends PricingContext {
     private Map<String, Object> userContext;
 
     public PricingContextTestImpl() {
-        this.path = null;
-        this.secret = "defualtSecret";
+        this.path = "pricing/petclinic.yml";
+        this.secret = Encoders.BASE64.encode(Jwts.SIG.HS256.key().build().getEncoded());
         this.jwtExpiration = 86400;
-        this.userPlan = null;
+        this.userPlan = "ADVANCED";
         this.userAddOns = new ArrayList<>();
-        this.userContext = null;
+        this.userContext = Map.of("username", JWT_SUBJECT_TEST, "pets", 2);
     }
 
     @Override
diff --git a/src/test/java/io/github/isagroup/PricingEvaluatorUtilTests.java b/src/test/java/io/github/isagroup/PricingEvaluatorUtilTests.java
@@ -1,9 +1,7 @@
 package io.github.isagroup;
 
-import java.util.HashMap;
 import java.util.Map;
 
-import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
 import io.github.isagroup.services.jwt.PricingJwtUtils;
@@ -12,39 +10,11 @@
 
 public class PricingEvaluatorUtilTests {
 
-    private static final String JWT_SECRET_TEST = "qfqj73ZGIN1XxPvI5mG6dVaXqpY4XVeOOBjp4zf0yNE=";
-    private static final Integer JWT_EXPIRATION_TEST = 86400;
-    private static final String JWT_SUBJECT_TEST = "admin1";
-    private static final String JWT_EXPRESSION_TEST = "userContext['pets']*4 < planContext['usageLimits']['pets']";
+    private PricingContext pricingContext = new PricingContextTestImpl();
 
-    private static final String USER_PLAN = "ADVANCED";
-    private static final String YAML_CONFIG_PATH = "pricing/petclinic.yml";
+    private PricingEvaluatorUtil pricingEvaluatorUtil = new PricingEvaluatorUtil(pricingContext);
 
-    private PricingContext pricingContext;
-
-    private PricingEvaluatorUtil pricingEvaluatorUtil;
-
-    private PricingJwtUtils jwtUtils;
-
-    @BeforeEach
-    public void setUp() {
-
-        Map<String, Object> userContext = new HashMap<>();
-        userContext.put("username", JWT_SUBJECT_TEST);
-        userContext.put("pets", 2);
-
-        PricingContextTestImpl pricingContext = new PricingContextTestImpl();
-
-        pricingContext.setJwtExpiration(JWT_EXPIRATION_TEST);
-        pricingContext.setJwtSecret(JWT_SECRET_TEST);
-        pricingContext.setUserContext(userContext);
-        pricingContext.setUserPlan(USER_PLAN);
-        pricingContext.setConfigFilePath(YAML_CONFIG_PATH);
-
-        this.pricingContext = pricingContext;
-        this.pricingEvaluatorUtil = new PricingEvaluatorUtil(pricingContext);
-        this.jwtUtils = new PricingJwtUtils(pricingContext);
-    }
+    private PricingJwtUtils jwtUtils = new PricingJwtUtils(pricingContext);
 
     @Test
     void simpleTokenGenerationTest() {
@@ -71,22 +41,23 @@ void checkTokenSubjectTest() {
         String jwtSubject = jwtUtils.getSubjectFromJwtToken(token);
 
         assertTrue(jwtUtils.validateJwtToken(token), "Token is not valid");
-        assertEquals(JWT_SUBJECT_TEST, jwtSubject, "The subject has not being correctly set");
+        assertEquals(PricingContextTestImpl.JWT_SUBJECT_TEST, jwtSubject, "The subject has not being correctly set");
 
     }
 
     @Test
     void tokenExpressionsTest() {
 
         String firstToken = pricingEvaluatorUtil.generateUserToken();
+        String jwtExpressionTest = "userContext['pets']*4 < planContext['usageLimits']['pets']";
 
         String newToken = pricingEvaluatorUtil.addExpressionToToken(firstToken, "visits",
-                JWT_EXPRESSION_TEST);
+                jwtExpressionTest);
 
         Map<String, Map<String, Object>> features = jwtUtils.getFeaturesFromJwtToken(newToken);
 
         assertTrue(jwtUtils.validateJwtToken(newToken), "Token is not valid");
-        assertEquals(JWT_EXPRESSION_TEST, (String) features.get("visits").get("eval"),
+        assertEquals(jwtExpressionTest, (String) features.get("visits").get("eval"),
                 "The expression for the feature visits has not being correctly set");
 
     }
diff --git a/src/test/java/io/github/isagroup/pricingcontext/PricingConfigExpirationTest.java b/src/test/java/io/github/isagroup/pricingcontext/PricingConfigExpirationTest.java
@@ -13,6 +13,8 @@
 import io.github.isagroup.PricingContext;
 import io.github.isagroup.PricingEvaluatorUtil;
 import io.github.isagroup.services.jwt.PricingJwtUtils;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.io.Encoders;
 
 public class PricingConfigExpirationTest {
 
@@ -38,7 +40,7 @@ public String getConfigFilePath() {
 
         @Override
         public String getJwtSecret() {
-            return "qfqj73ZGIN1XxPvI5mG6dVaXqpY4XVeOOBjp4zf0yNE=";
+            return Encoders.BASE64.encode(Jwts.SIG.HS256.key().build().getEncoded());
         }
 
         @Override
