com.turo.pushy.apns.auth

Class AuthenticationToken

java.lang.Object

com.turo.pushy.apns.auth.AuthenticationToken

public class AuthenticationToken
extends Object

An authentication token (or "provider authentication token" or "provider token" in Apple's terminology) is a JSON Web Token (JWT) that contains cryptographically-signed claims about the identity of the sender that can be used by APNs clients in lieu of mutual TLS authentication to authenticate with an APNs server. Authentication tokens contain "claims" that identify the development team sending push notifications as well as the specific key used to sign the token.

When clients use token-based authentication, they send an authentication token with each push notification. Tokens may expire, in which case clients must discard the old token and generate a new one. Callers generally do not need to interact with authentication tokens directly; ApnsClient instances using token-based authentication will manage authentication tokens automatically.

Tokens may be constructed from an ApnsSigningKey (for clients sending notifications) or from a Base64-encoded JWT string (for servers verifying a token from a client).

See Also:

Local and Remote Notification Programming Guide - Communicating with APNs, RFC 7519 - JSON Web Token (JWT), ApnsClientBuilder.setSigningKey(ApnsSigningKey)

Constructor Summary

Constructors

Constructor and Description
AuthenticationToken(ApnsSigningKey signingKey, Date issuedAt) Constructs a new authentication token using the given signing key (and associated metadata) issued at the given date.
AuthenticationToken(String base64EncodedToken) Constructs a new authentication token from a Base64-encoded JWT string.

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
AsciiString	getAuthorizationHeader() Returns a complete APNs authorization header value (i.e.
Date	getIssuedAt() Returns the time at which this token was issued.
String	getKeyId() Returns the Apple-issued ID of the key used to sign this token.
String	getTeamId() Returns the Apple-issued ID of the team to which this authentication token's key pair belongs.
int	hashCode()
String	toString() Returns a Base64-encoded JWT representation of this authentication token.
boolean	verifySignature(ApnsVerificationKey verificationKey) Verifies the cryptographic signature of this authentication token.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

AuthenticationToken

public AuthenticationToken(ApnsSigningKey signingKey,
                           Date issuedAt)
                    throws NoSuchAlgorithmException,
                           InvalidKeyException,
                           SignatureException

Constructs a new authentication token using the given signing key (and associated metadata) issued at the given date.

Parameters:

signingKey - the signing key from which to derive metadata and with which to sign the token

issuedAt - the time at which the token was issued

Throws:

NoSuchAlgorithmException - if the JVM doesn't support the "SHA256withECDSA" algorithm

InvalidKeyException - if the given key was invalid for any reason

SignatureException - if the given key could not be used to sign the token

AuthenticationToken

public AuthenticationToken(String base64EncodedToken)

Constructs a new authentication token from a Base64-encoded JWT string. Note that successfully creating a token from an encoded string does not imply that the token is valid.

Parameters:

base64EncodedToken - a Base64-encoded JWT string

Method Detail

getIssuedAt

public Date getIssuedAt()

Returns the time at which this token was issued.

Returns:

the time at which this token was issued

getKeyId

public String getKeyId()

Returns the Apple-issued ID of the key used to sign this token.

Returns:

the Apple-issued ID of the key used to sign this token

getTeamId

public String getTeamId()

Returns the Apple-issued ID of the team to which this authentication token's key pair belongs.

Returns:

the Apple-issued ID of the team to which this authentication token's key pair belongs

verifySignature

public boolean verifySignature(ApnsVerificationKey verificationKey)
                        throws NoSuchAlgorithmException,
                               InvalidKeyException,
                               SignatureException

Verifies the cryptographic signature of this authentication token.

Parameters:

verificationKey - the verification key (public key) to be used to verify this token's signature

Returns:

true if this token's signature was verified or false otherwise

Throws:

NoSuchAlgorithmException - if the JVM doesn't support the "SHA256withECDSA" algorithm

InvalidKeyException - if the given key was invalid for any reason

SignatureException - if the given key could not be used to verify the token's signature

getAuthorizationHeader

public AsciiString getAuthorizationHeader()

Returns a complete APNs authorization header value (i.e. "bearer [token]") for this authentication token.

Returns:

a complete APNs authorization header value for this authentication token

toString

public String toString()

Returns a Base64-encoded JWT representation of this authentication token.

Overrides:

toString in class Object

Returns:

a Base64-encoded JWT representation of this authentication token

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object