Class JwksSignature
- java.lang.Object
-
- io.micronaut.security.token.jwt.signature.jwks.JwksSignature
-
- All Implemented Interfaces:
SignatureConfiguration
@EachBean(JwksSignatureConfiguration.class) public class JwksSignature extends java.lang.Object implements SignatureConfiguration
Signature configuration which enables verification of remote JSON Web Key Set. A bean of this class is created for eachJwksSignatureConfiguration
.- Since:
- 1.1.0
- Author:
- Sergio del Amo
-
-
Field Summary
Fields Modifier and Type Field Description static int
DEFAULT_REFRESH_JWKS_ATTEMPTS
-
Constructor Summary
Constructors Constructor Description JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration, JwkValidator jwkValidator)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description int
getRefreshJwksAttempts()
Returns the number of attempts to refresh the cached JWKS.protected com.nimbusds.jose.jwk.JWKSet
loadJwkSet(java.lang.String url)
Instantiates a JWKSet for a give url.protected java.util.List<com.nimbusds.jose.jwk.JWK>
matches(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.jwk.JWKSet jwkSet, int refreshKeysAttempts)
Calculates a list of JWK matches for a JWT.java.lang.String
supportedAlgorithmsMessage()
boolean
supports(com.nimbusds.jose.JWSAlgorithm algorithm)
Whether this signature configuration supports this algorithm.boolean
verify(com.nimbusds.jwt.SignedJWT jwt)
Verify a signed JWT.protected boolean
verify(java.util.List<com.nimbusds.jose.jwk.JWK> matches, com.nimbusds.jwt.SignedJWT jwt)
returns true if any JWK match is able to verify the JWT signature.
-
-
-
Field Detail
-
DEFAULT_REFRESH_JWKS_ATTEMPTS
public static final int DEFAULT_REFRESH_JWKS_ATTEMPTS
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
JwksSignature
public JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration, JwkValidator jwkValidator)
- Parameters:
jwksSignatureConfiguration
- JSON Web Key Set configuration.jwkValidator
- JWK Validator to be used.
-
-
Method Detail
-
supportedAlgorithmsMessage
public java.lang.String supportedAlgorithmsMessage()
- Specified by:
supportedAlgorithmsMessage
in interfaceSignatureConfiguration
- Returns:
- A message indicating the supported algorithms.
-
supports
public boolean supports(com.nimbusds.jose.JWSAlgorithm algorithm)
Whether this signature configuration supports this algorithm.- Specified by:
supports
in interfaceSignatureConfiguration
- Parameters:
algorithm
- the signature algorithm- Returns:
- whether this signature configuration supports this algorithm
-
verify
public boolean verify(com.nimbusds.jwt.SignedJWT jwt) throws com.nimbusds.jose.JOSEException
Verify a signed JWT.- Specified by:
verify
in interfaceSignatureConfiguration
- Parameters:
jwt
- the signed JWT- Returns:
- whether the signed JWT is verified
- Throws:
com.nimbusds.jose.JOSEException
- exception when verifying the JWT
-
loadJwkSet
protected com.nimbusds.jose.jwk.JWKSet loadJwkSet(java.lang.String url)
Instantiates a JWKSet for a give url.- Parameters:
url
- JSON Web Key Set Url.- Returns:
- a JWKSet or null if there was an error.
-
matches
protected java.util.List<com.nimbusds.jose.jwk.JWK> matches(com.nimbusds.jwt.SignedJWT jwt, @Nullable com.nimbusds.jose.jwk.JWKSet jwkSet, int refreshKeysAttempts)
Calculates a list of JWK matches for a JWT. Since the JWTSet is cached it attempts to refresh it (by calling its self recursive) if the {@param refreshKeysAttempts} is > 0.- Parameters:
jwt
- A Signed JWTjwkSet
- A JSON Web Key SetrefreshKeysAttempts
- Number of times to attempt refreshing the JWK Set- Returns:
- a List of JSON Web Keys
-
verify
protected boolean verify(java.util.List<com.nimbusds.jose.jwk.JWK> matches, com.nimbusds.jwt.SignedJWT jwt)
returns true if any JWK match is able to verify the JWT signature.- Parameters:
matches
- A List of JSON Web key matches.jwt
- A JWT to be verified.- Returns:
- true if the JWT signature could be verified.
-
getRefreshJwksAttempts
public int getRefreshJwksAttempts()
Returns the number of attempts to refresh the cached JWKS.- Returns:
- Number of attempts to refresh the cached JWKS.
-
-