Class: GenerateJwtToken

Inherits:
Object
  • Object
show all
Defined in:
lib/AuthenticationSDK/authentication/jwt/JwtToken.rb

Instance Method Summary collapse

Instance Method Details

#getToken(merchantconfig_obj, gmtDatetime, isResponseMLEForApi) ⇒ Object

JWT Token generation for JWTv2 specification



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/AuthenticationSDK/authentication/jwt/JwtToken.rb', line 21

def getToken(merchantconfig_obj, gmtDatetime, isResponseMLEForApi)
  @log_obj = Log.new merchantconfig_obj.log_config, "JwtToken"

  begin
    # Get payload claim set for JWTv2 (identical for both key types)
    payload_claim_set = getPayloadClaimSet(merchantconfig_obj, isResponseMLEForApi)
    token = ''
    if merchantconfig_obj.is_shared_secret_key_type?
      # Shared Secret (HMAC-SHA256) signing
      @log_obj.logger.debug('Generating JWT token using shared secret (HS256)')

      secret_key = merchantconfig_obj.merchantSecretKey
      begin
        secret_key_decoded = Base64.strict_decode64(secret_key)
        rescue ArgumentError => e
        raise StandardError.new("Invalid base64-encoded secret key: #{e.message}")
      end

      # Get header claim set with merchantKeyId as kid
      header_claim_set = getHeaderClaimSet(merchant_key_id: merchantconfig_obj.merchantKeyId)

      # Generate JWT token using HS256 algorithm
      token = JWT.encode(payload_claim_set, secret_key_decoded, 'HS256', header_claim_set)
    else
      # P12 Certificate (RSA-SHA256) signing — existing behavior
      @log_obj.logger.debug('Generating JWT token using P12 certificate (RS256)')

      # Get cached certificate and private key
      cache_value = Cache.new.fetchCachedP12Certificate(merchantconfig_obj)
      private_key = cache_value.private_key
      jwt_cert_obj = cache_value.cert

      # Get header claim set with certificate serial number as kid
      header_claim_set = getHeaderClaimSet(certificate: jwt_cert_obj)

      # Generate JWT token using RS256 algorithm
      token = JWT.encode(payload_claim_set, private_key, 'RS256', header_claim_set)
    end

    return token
  rescue StandardError => err
    if err.message.include? 'PKCS12_parse: mac verify failure'
      @log_obj.logger.error(ExceptionHandler.new.new_custom_error Constants::ERROR_PREFIX + Constants::INCORRECT_KEY_PASS)
    else
      @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
    end
    raise err
  end
end