Class JwksSignature
java.lang.Object
io.micronaut.security.token.jwt.signature.jwks.JwksSignature
- All Implemented Interfaces:
JwksCache
,SignatureConfiguration
@EachBean(JwksSignatureConfiguration.class)
public class JwksSignature
extends Object
implements JwksCache, SignatureConfiguration
Signature configuration which enables verification of remote JSON Web Key Set.
A bean of this class is created for each
JwksSignatureConfiguration
.- Since:
- 1.1.0
- Author:
- Sergio del Amo
-
Constructor Summary
ConstructorDescriptionJwksSignature
(JwksSignatureConfiguration jwksSignatureConfiguration, JwkValidator jwkValidator, JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher) -
Method Summary
Modifier and TypeMethodDescriptionvoid
clear()
Clears the JWK Set cache.boolean
boolean
protected @Nullable com.nimbusds.jose.jwk.JWKSet
loadJwkSet
(@Nullable String providerName, String url) Instantiates a JWKSet for a given url.protected @Nullable com.nimbusds.jose.jwk.JWKSet
loadJwkSet
(String url) Deprecated, for removal: This API element is subject to removal in a future version.protected List<com.nimbusds.jose.jwk.JWK>
matches
(com.nimbusds.jwt.SignedJWT jwt, @Nullable com.nimbusds.jose.jwk.JWKSet jwkSet) Deprecated.boolean
supports
(com.nimbusds.jose.JWSAlgorithm algorithm) Whether this signature configuration supports this algorithm.boolean
verify
(com.nimbusds.jwt.SignedJWT jwt) Verify a signed JWT.protected boolean
returns true if any JWK match is able to verify the JWT signature.
-
Constructor Details
-
JwksSignature
public JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration, JwkValidator jwkValidator, JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher) - Parameters:
jwksSignatureConfiguration
- JSON Web Key Set configuration.jwkValidator
- JWK Validator to be used.jwkSetFetcher
- Json Web Key Set fetcher
-
-
Method Details
-
isExpired
public boolean isExpired() -
clear
public void clear()Description copied from interface:JwksCache
Clears the JWK Set cache. -
isPresent
public boolean isPresent() -
getKeyIds
-
supportedAlgorithmsMessage
- Specified by:
supportedAlgorithmsMessage
in interfaceSignatureConfiguration
- Returns:
- A message indicating the supported algorithms.
-
supports
public boolean supports(com.nimbusds.jose.JWSAlgorithm algorithm) Whether this signature configuration supports this algorithm.- Specified by:
supports
in interfaceSignatureConfiguration
- Parameters:
algorithm
- the signature algorithm- Returns:
- whether this signature configuration supports this algorithm
-
verify
public boolean verify(com.nimbusds.jwt.SignedJWT jwt) throws com.nimbusds.jose.JOSEException Verify a signed JWT.- Specified by:
verify
in interfaceSignatureConfiguration
- Parameters:
jwt
- the signed JWT- Returns:
- whether the signed JWT is verified
- Throws:
com.nimbusds.jose.JOSEException
- exception when verifying the JWT
-
loadJwkSet
@Nullable @Deprecated(forRemoval=true, since="4.5.0") protected @Nullable com.nimbusds.jose.jwk.JWKSet loadJwkSet(String url) Deprecated, for removal: This API element is subject to removal in a future version.UseloadJwkSet(String, String)
instead.Instantiates a JWKSet for a given url.- Parameters:
url
- JSON Web Key Set Url.- Returns:
- a JWKSet or null if there was an error.
-
loadJwkSet
@Nullable protected @Nullable com.nimbusds.jose.jwk.JWKSet loadJwkSet(@Nullable @Nullable String providerName, String url) Instantiates a JWKSet for a given url.- Parameters:
providerName
- The name of the JWKS configuration.url
- JSON Web Key Set Url.- Returns:
- a JWKSet or null if there was an error.
-
matches
@Deprecated protected List<com.nimbusds.jose.jwk.JWK> matches(com.nimbusds.jwt.SignedJWT jwt, @Nullable @Nullable com.nimbusds.jose.jwk.JWKSet jwkSet) Deprecated.Calculates a list of JWK matches for a JWT.- Parameters:
jwt
- A Signed JWTjwkSet
- A JSON Web Key Set- Returns:
- a List of JSON Web Keys
-
verify
returns true if any JWK match is able to verify the JWT signature.- Parameters:
matches
- A List of JSON Web key matches.jwt
- A JWT to be verified.- Returns:
- true if the JWT signature could be verified.
-
loadJwkSet(String, String)
instead.