io.micronaut.security.token.jwt.signature.jwks

Class JwksSignature

java.lang.Object

io.micronaut.security.token.jwt.signature.jwks.JwksSignature

All Implemented Interfaces:

SignatureConfiguration

@EachBean(value=JwksSignatureConfiguration.class)
public class JwksSignature
extends java.lang.Object
implements SignatureConfiguration

Signature configuration which enables verification of remote JSON Web Key Set. A bean of this class is created for each JwksSignatureConfiguration.

Since:

1.1.0

Author:

Sergio del Amo

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_REFRESH_JWKS_ATTEMPTS

Constructor Summary

Constructors

Constructor and Description
JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration, JwkValidator jwkValidator)
JwksSignature(java.lang.String url, com.nimbusds.jose.jwk.KeyType keyType, JwkValidator jwkValidator)

Method Summary

Modifier and Type	Method and Description
com.nimbusds.jose.jwk.JWKSet	getJwkSet()
JwkValidator	getJwkValidator()
com.nimbusds.jose.jwk.KeyType	getKeyType()
int	getRefreshJwksAttempts() Returns the number of attempts to refresh the cached JWKS.
java.lang.String	getUrl()
protected com.nimbusds.jose.jwk.JWKSet	loadJwkSet(java.lang.String url) Instantiates a JWKSet for a give url.
protected java.util.List<com.nimbusds.jose.jwk.JWK>	matches(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.jwk.JWKSet jwkSet, int refreshKeysAttempts) Calculates a list of JWK matches for a JWT.
java.lang.String	supportedAlgorithmsMessage()
boolean	supports(com.nimbusds.jose.JWSAlgorithm algorithm) Whether this signature configuration supports this algorithm.
protected boolean	verify(java.util.List<com.nimbusds.jose.jwk.JWK> matches, com.nimbusds.jwt.SignedJWT jwt) returns true if any JWK match is able to verify the JWT signature.
boolean	verify(com.nimbusds.jwt.SignedJWT jwt) Verify a signed JWT.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_REFRESH_JWKS_ATTEMPTS

public static final int DEFAULT_REFRESH_JWKS_ATTEMPTS

See Also:

Constant Field Values

Constructor Detail

JwksSignature

@Inject
public JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration,
                             JwkValidator jwkValidator)

Parameters:

jwksSignatureConfiguration - JSON Web Key Set configuration.

jwkValidator - JWK Validator to be used.

JwksSignature

public JwksSignature(java.lang.String url,
                     @Nullable
                     com.nimbusds.jose.jwk.KeyType keyType,
                     JwkValidator jwkValidator)

Parameters:

url - The JWK url

keyType - The JWK key type

jwkValidator - JWK Validator to be used.

Method Detail

supportedAlgorithmsMessage

public java.lang.String supportedAlgorithmsMessage()

Specified by:

supportedAlgorithmsMessage in interface SignatureConfiguration

Returns:

A message indicating the supported algorithms.

supports

public boolean supports(com.nimbusds.jose.JWSAlgorithm algorithm)

Whether this signature configuration supports this algorithm.

Specified by:

supports in interface SignatureConfiguration

Parameters:

algorithm - the signature algorithm

Returns:

whether this signature configuration supports this algorithm

verify

public boolean verify(com.nimbusds.jwt.SignedJWT jwt)
               throws com.nimbusds.jose.JOSEException

Verify a signed JWT.

Specified by:

verify in interface SignatureConfiguration

Parameters:

jwt - the signed JWT

Returns:

whether the signed JWT is verified

Throws:

com.nimbusds.jose.JOSEException - exception when verifying the JWT

loadJwkSet

@Nullable
protected com.nimbusds.jose.jwk.JWKSet loadJwkSet(java.lang.String url)

Instantiates a JWKSet for a give url.

Parameters:

url - JSON Web Key Set Url.

Returns:

a JWKSet or null if there was an error.

matches

protected java.util.List<com.nimbusds.jose.jwk.JWK> matches(com.nimbusds.jwt.SignedJWT jwt,
                                                            @Nullable
                                                            com.nimbusds.jose.jwk.JWKSet jwkSet,
                                                            int refreshKeysAttempts)

Calculates a list of JWK matches for a JWT. Since the JWTSet is cached it attempts to refresh it (by calling its self recursive) if the refreshKeysAttempts is greater than 0.

Parameters:

jwt - A Signed JWT

jwkSet - A JSON Web Key Set

refreshKeysAttempts - Number of times to attempt refreshing the JWK Set

Returns:

a List of JSON Web Keys

verify

protected boolean verify(java.util.List<com.nimbusds.jose.jwk.JWK> matches,
                         com.nimbusds.jwt.SignedJWT jwt)

returns true if any JWK match is able to verify the JWT signature.

Parameters:

matches - A List of JSON Web key matches.

jwt - A JWT to be verified.

Returns:

true if the JWT signature could be verified.

getRefreshJwksAttempts

public int getRefreshJwksAttempts()

Returns the number of attempts to refresh the cached JWKS.

Returns:

Number of attempts to refresh the cached JWKS.

getJwkValidator

public JwkValidator getJwkValidator()

Returns:

A JSON Web Key Validator.

getJwkSet

public com.nimbusds.jose.jwk.JWKSet getJwkSet()

Returns:

a JSON Web Key Set.

getKeyType

public com.nimbusds.jose.jwk.KeyType getKeyType()

Returns:

the Key Type.

getUrl

public java.lang.String getUrl()

Returns:

The JSON Web Key Set (JWKS) URL.