io.micronaut.security.token.jwt.signature.jwks

Class JwksSignature

java.lang.Object

io.micronaut.security.token.jwt.signature.jwks.JwksSignature

All Implemented Interfaces:

JwksCache, SignatureConfiguration

@EachBean(value=JwksSignatureConfiguration.class)
public class JwksSignature
extends java.lang.Object
implements JwksCache, SignatureConfiguration

Signature configuration which enables verification of remote JSON Web Key Set. A bean of this class is created for each JwksSignatureConfiguration.

Since:

1.1.0

Author:

Sergio del Amo

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_REFRESH_JWKS_ATTEMPTS Deprecated.

Constructor Summary

Constructors

Constructor and Description
JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration, JwkValidator jwkValidator) Deprecated. Use JwksSignature(JwksSignatureConfiguration, JwkValidator, JwkSetFetcher) instead.
JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration, JwkValidator jwkValidator, JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher)
JwksSignature(java.lang.String url, com.nimbusds.jose.jwk.KeyType keyType, JwkValidator jwkValidator) Deprecated. Use JwksSignature(JwksSignatureConfiguration, JwkValidator, JwkSetFetcher) instead.

Method Summary

Modifier and Type	Method and Description
void	clear() Clears the JWK Set cache.
com.nimbusds.jose.jwk.JWKSet	getJwkSet() Deprecated.
JwkValidator	getJwkValidator() Deprecated.
java.util.Optional<java.util.List<java.lang.String>>	getKeyIds()
com.nimbusds.jose.jwk.KeyType	getKeyType() Deprecated.
int	getRefreshJwksAttempts() Deprecated.
java.lang.String	getUrl() Deprecated.
boolean	isExpired()
boolean	isPresent()
protected com.nimbusds.jose.jwk.JWKSet	loadJwkSet(java.lang.String url) Instantiates a JWKSet for a given url.
protected java.util.List<com.nimbusds.jose.jwk.JWK>	matches(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.jwk.JWKSet jwkSet) Calculates a list of JWK matches for a JWT.
protected java.util.List<com.nimbusds.jose.jwk.JWK>	matches(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.jwk.JWKSet jwkSet, int refreshKeysAttempts) Deprecated. Use matches(SignedJWT, JWKSet) instead
java.lang.String	supportedAlgorithmsMessage()
boolean	supports(com.nimbusds.jose.JWSAlgorithm algorithm) Whether this signature configuration supports this algorithm.
protected boolean	verify(java.util.List<com.nimbusds.jose.jwk.JWK> matches, com.nimbusds.jwt.SignedJWT jwt) returns true if any JWK match is able to verify the JWT signature.
boolean	verify(com.nimbusds.jwt.SignedJWT jwt) Verify a signed JWT.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_REFRESH_JWKS_ATTEMPTS

@Deprecated
public static final int DEFAULT_REFRESH_JWKS_ATTEMPTS

Deprecated.

See Also:

Constant Field Values

Constructor Detail

JwksSignature

@Inject
public JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration,
                             JwkValidator jwkValidator,
                             JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher)

Parameters:

jwksSignatureConfiguration - JSON Web Key Set configuration.

jwkValidator - JWK Validator to be used.

jwkSetFetcher - Json Web Key Set fetcher

JwksSignature

@Deprecated
public JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration,
                                 JwkValidator jwkValidator)

Deprecated. Use JwksSignature(JwksSignatureConfiguration, JwkValidator, JwkSetFetcher) instead.

Parameters:

jwksSignatureConfiguration - JSON Web Key Set configuration.

jwkValidator - JWK Validator to be used.

JwksSignature

@Deprecated
public JwksSignature(java.lang.String url,
                                 @Nullable
                                 com.nimbusds.jose.jwk.KeyType keyType,
                                 JwkValidator jwkValidator)

Deprecated. Use JwksSignature(JwksSignatureConfiguration, JwkValidator, JwkSetFetcher) instead.

Parameters:

url - The JWK url

keyType - The JWK key type

jwkValidator - JWK Validator to be used.

Method Detail

isExpired

public boolean isExpired()

Specified by:

isExpired in interface JwksCache

Returns:

Whether the cache is expired or empty optional if JWKS still not cached

clear

public void clear()

Description copied from interface: JwksCache

Clears the JWK Set cache.

Specified by:

clear in interface JwksCache

isPresent

public boolean isPresent()

Specified by:

isPresent in interface JwksCache

Returns:

Whether the cache has been populated.

getKeyIds

@NonNull
public java.util.Optional<java.util.List<java.lang.String>> getKeyIds()

Specified by:

getKeyIds in interface JwksCache

supportedAlgorithmsMessage

public java.lang.String supportedAlgorithmsMessage()

Specified by:

supportedAlgorithmsMessage in interface SignatureConfiguration

Returns:

A message indicating the supported algorithms.

supports

public boolean supports(com.nimbusds.jose.JWSAlgorithm algorithm)

Whether this signature configuration supports this algorithm.

Specified by:

supports in interface SignatureConfiguration

Parameters:

algorithm - the signature algorithm

Returns:

whether this signature configuration supports this algorithm

verify

public boolean verify(com.nimbusds.jwt.SignedJWT jwt)
               throws com.nimbusds.jose.JOSEException

Verify a signed JWT.

Specified by:

verify in interface SignatureConfiguration

Parameters:

jwt - the signed JWT

Returns:

whether the signed JWT is verified

Throws:

com.nimbusds.jose.JOSEException - exception when verifying the JWT

loadJwkSet

@Nullable
protected com.nimbusds.jose.jwk.JWKSet loadJwkSet(java.lang.String url)

Instantiates a JWKSet for a given url.

Parameters:

url - JSON Web Key Set Url.

Returns:

a JWKSet or null if there was an error.

matches

@Deprecated
protected java.util.List<com.nimbusds.jose.jwk.JWK> matches(com.nimbusds.jwt.SignedJWT jwt,
                                                                        @Nullable
                                                                        com.nimbusds.jose.jwk.JWKSet jwkSet,
                                                                        int refreshKeysAttempts)

Deprecated. Use matches(SignedJWT, JWKSet) instead

Calculates a list of JWK matches for a JWT.

Parameters:

jwt - A Signed JWT

jwkSet - A JSON Web Key Set

refreshKeysAttempts - Number of times to attempt refreshing the JWK Set

Returns:

a List of JSON Web Keys

matches

protected java.util.List<com.nimbusds.jose.jwk.JWK> matches(com.nimbusds.jwt.SignedJWT jwt,
                                                            @Nullable
                                                            com.nimbusds.jose.jwk.JWKSet jwkSet)

Calculates a list of JWK matches for a JWT.

Parameters:

jwt - A Signed JWT

jwkSet - A JSON Web Key Set

Returns:

a List of JSON Web Keys

verify

protected boolean verify(java.util.List<com.nimbusds.jose.jwk.JWK> matches,
                         com.nimbusds.jwt.SignedJWT jwt)

returns true if any JWK match is able to verify the JWT signature.

Parameters:

matches - A List of JSON Web key matches.

jwt - A JWT to be verified.

Returns:

true if the JWT signature could be verified.

getRefreshJwksAttempts

@Deprecated
public int getRefreshJwksAttempts()

Deprecated.

Returns the number of attempts to refresh the cached JWKS.

Returns:

Number of attempts to refresh the cached JWKS.

getJwkValidator

@Deprecated
public JwkValidator getJwkValidator()

Deprecated.

Returns:

A JSON Web Key Validator.

getJwkSet

@Deprecated
public com.nimbusds.jose.jwk.JWKSet getJwkSet()

Deprecated.

Returns:

a JSON Web Key Set.

getKeyType

@Deprecated
public com.nimbusds.jose.jwk.KeyType getKeyType()

Deprecated.

Returns:

the Key Type.

getUrl

@Deprecated
public java.lang.String getUrl()

Deprecated.

Returns:

The JSON Web Key Set (JWKS) URL.