Package io.micronaut.security.token.jwt.signature.jwks

Class JwksSignature

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.nimbusds.jose.jwk.JWKSet getJwkSet()  
      JwkValidator getJwkValidator()  
      com.nimbusds.jose.jwk.KeyType getKeyType()  
      int getRefreshJwksAttempts()
      Returns the number of attempts to refresh the cached JWKS.
      java.lang.String getUrl()  
      protected com.nimbusds.jose.jwk.JWKSet loadJwkSet​(java.lang.String url)
      Instantiates a JWKSet for a give url.
      protected java.util.List<com.nimbusds.jose.jwk.JWK> matches​(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.jwk.JWKSet jwkSet, int refreshKeysAttempts)
      Calculates a list of JWK matches for a JWT.
      java.lang.String supportedAlgorithmsMessage()  
      boolean supports​(com.nimbusds.jose.JWSAlgorithm algorithm)
      Whether this signature configuration supports this algorithm.
      boolean verify​(com.nimbusds.jwt.SignedJWT jwt)
      Verify a signed JWT.
      protected boolean verify​(java.util.List<com.nimbusds.jose.jwk.JWK> matches, com.nimbusds.jwt.SignedJWT jwt)
      returns true if any JWK match is able to verify the JWT signature.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • DEFAULT_REFRESH_JWKS_ATTEMPTS

        public static final int DEFAULT_REFRESH_JWKS_ATTEMPTS
        See Also:
        Constant Field Values

    • Constructor Detail

      • JwksSignature

        @Inject
public JwksSignature​(JwksSignatureConfiguration jwksSignatureConfiguration,
                     JwkValidator jwkValidator)
        Parameters:
        jwksSignatureConfiguration - JSON Web Key Set configuration.
        jwkValidator - JWK Validator to be used.

      • JwksSignature

        @Inject
public JwksSignature​(java.lang.String url,
                     @Nullable
                     com.nimbusds.jose.jwk.KeyType keyType,
                     JwkValidator jwkValidator)
        Parameters:
        url - The JWK url
        keyType - The JWK key type
        jwkValidator - JWK Validator to be used.

    • Method Detail

      • supports

        public boolean supports​(com.nimbusds.jose.JWSAlgorithm algorithm)
        Whether this signature configuration supports this algorithm.
        Specified by:
        supports in interface SignatureConfiguration
        Parameters:
        algorithm - the signature algorithm
        Returns:
        whether this signature configuration supports this algorithm

      • verify

        public boolean verify​(com.nimbusds.jwt.SignedJWT jwt)
               throws com.nimbusds.jose.JOSEException
        Verify a signed JWT.
        Specified by:
        verify in interface SignatureConfiguration
        Parameters:
        jwt - the signed JWT
        Returns:
        whether the signed JWT is verified
        Throws:
        com.nimbusds.jose.JOSEException - exception when verifying the JWT

      • loadJwkSet

        protected com.nimbusds.jose.jwk.JWKSet loadJwkSet​(java.lang.String url)
        Instantiates a JWKSet for a give url.
        Parameters:
        url - JSON Web Key Set Url.
        Returns:
        a JWKSet or null if there was an error.

      • matches

        protected java.util.List<com.nimbusds.jose.jwk.JWK> matches​(com.nimbusds.jwt.SignedJWT jwt,
                                                            @Nullable
                                                            com.nimbusds.jose.jwk.JWKSet jwkSet,
                                                            int refreshKeysAttempts)
        Calculates a list of JWK matches for a JWT. Since the JWTSet is cached it attempts to refresh it (by calling its self recursive) if the refreshKeysAttempts is > 0.
        Parameters:
        jwt - A Signed JWT
        jwkSet - A JSON Web Key Set
        refreshKeysAttempts - Number of times to attempt refreshing the JWK Set
        Returns:
        a List of JSON Web Keys

      • verify

        protected boolean verify​(java.util.List<com.nimbusds.jose.jwk.JWK> matches,
                         com.nimbusds.jwt.SignedJWT jwt)
        returns true if any JWK match is able to verify the JWT signature.
        Parameters:
        matches - A List of JSON Web key matches.
        jwt - A JWT to be verified.
        Returns:
        true if the JWT signature could be verified.

      • getRefreshJwksAttempts

        public int getRefreshJwksAttempts()
        Returns the number of attempts to refresh the cached JWKS.
        Returns:
        Number of attempts to refresh the cached JWKS.

      • getJwkValidator

        public JwkValidator getJwkValidator()
        Returns:
        A JSON Web Key Validator.

      • getJwkSet

        public com.nimbusds.jose.jwk.JWKSet getJwkSet()
        Returns:
        a JSON Web Key Set.

      • getKeyType

        public com.nimbusds.jose.jwk.KeyType getKeyType()
        Returns:
        the Key Type.

      • getUrl

        public java.lang.String getUrl()
        Returns:
        The JSON Web Key Set (JWKS) URL.