Package io.micronaut.security.token.jwt.signature.jwks

Class JwksSignature

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      int getRefreshJwksAttempts()
      Returns the number of attempts to refresh the cached JWKS.
      protected com.nimbusds.jose.jwk.JWKSet loadJwkSet​(java.lang.String url)
      Instantiates a JWKSet for a give url.
      protected java.util.List<com.nimbusds.jose.jwk.JWK> matches​(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.jwk.JWKSet jwkSet, int refreshKeysAttempts)
      Calculates a list of JWK matches for a JWT.
      java.lang.String supportedAlgorithmsMessage()  
      boolean supports​(com.nimbusds.jose.JWSAlgorithm algorithm)
      Whether this signature configuration supports this algorithm.
      boolean verify​(com.nimbusds.jwt.SignedJWT jwt)
      Verify a signed JWT.
      protected boolean verify​(java.util.List<com.nimbusds.jose.jwk.JWK> matches, com.nimbusds.jwt.SignedJWT jwt)
      returns true if any JWK match is able to verify the JWT signature.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • DEFAULT_REFRESH_JWKS_ATTEMPTS

        public static final int DEFAULT_REFRESH_JWKS_ATTEMPTS
        See Also:
        Constant Field Values

    • Constructor Detail

      • JwksSignature

        public JwksSignature​(JwksSignatureConfiguration jwksSignatureConfiguration,
                     JwkValidator jwkValidator)
        Parameters:
        jwksSignatureConfiguration - JSON Web Key Set configuration.
        jwkValidator - JWK Validator to be used.

    • Method Detail

      • supports

        public boolean supports​(com.nimbusds.jose.JWSAlgorithm algorithm)
        Whether this signature configuration supports this algorithm.
        Specified by:
        supports in interface SignatureConfiguration
        Parameters:
        algorithm - the signature algorithm
        Returns:
        whether this signature configuration supports this algorithm

      • verify

        public boolean verify​(com.nimbusds.jwt.SignedJWT jwt)
               throws com.nimbusds.jose.JOSEException
        Verify a signed JWT.
        Specified by:
        verify in interface SignatureConfiguration
        Parameters:
        jwt - the signed JWT
        Returns:
        whether the signed JWT is verified
        Throws:
        com.nimbusds.jose.JOSEException - exception when verifying the JWT

      • loadJwkSet

        protected com.nimbusds.jose.jwk.JWKSet loadJwkSet​(java.lang.String url)
        Instantiates a JWKSet for a give url.
        Parameters:
        url - JSON Web Key Set Url.
        Returns:
        a JWKSet or null if there was an error.

      • matches

        protected java.util.List<com.nimbusds.jose.jwk.JWK> matches​(com.nimbusds.jwt.SignedJWT jwt,
                                                            @Nullable
                                                            com.nimbusds.jose.jwk.JWKSet jwkSet,
                                                            int refreshKeysAttempts)
        Calculates a list of JWK matches for a JWT. Since the JWTSet is cached it attempts to refresh it (by calling its self recursive) if the {@param refreshKeysAttempts} is > 0.
        Parameters:
        jwt - A Signed JWT
        jwkSet - A JSON Web Key Set
        refreshKeysAttempts - Number of times to attempt refreshing the JWK Set
        Returns:
        a List of JSON Web Keys

      • verify

        protected boolean verify​(java.util.List<com.nimbusds.jose.jwk.JWK> matches,
                         com.nimbusds.jwt.SignedJWT jwt)
        returns true if any JWK match is able to verify the JWT signature.
        Parameters:
        matches - A List of JSON Web key matches.
        jwt - A JWT to be verified.
        Returns:
        true if the JWT signature could be verified.

      • getRefreshJwksAttempts

        public int getRefreshJwksAttempts()
        Returns the number of attempts to refresh the cached JWKS.
        Returns:
        Number of attempts to refresh the cached JWKS.