Class JwksSignature

java.lang.Object
io.micronaut.security.token.jwt.signature.jwks.JwksSignature
All Implemented Interfaces:
JwksCache, SignatureConfiguration

@EachBean(JwksSignatureConfiguration.class) public class JwksSignature extends Object implements JwksCache, SignatureConfiguration
Signature configuration which enables verification of remote JSON Web Key Set. A bean of this class is created for each JwksSignatureConfiguration.
Since:
1.1.0
Author:
Sergio del Amo
  • Constructor Details

    • JwksSignature

      public JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration, JwkValidator jwkValidator, JwkSetFetcher<com.nimbusds.jose.jwk.JWKSet> jwkSetFetcher)
      Parameters:
      jwksSignatureConfiguration - JSON Web Key Set configuration.
      jwkValidator - JWK Validator to be used.
      jwkSetFetcher - Json Web Key Set fetcher
  • Method Details

    • isExpired

      public boolean isExpired()
      Specified by:
      isExpired in interface JwksCache
      Returns:
      Whether the cache is expired or empty optional if JWKS still not cached
    • clear

      public void clear()
      Description copied from interface: JwksCache
      Clears the JWK Set cache.
      Specified by:
      clear in interface JwksCache
    • isPresent

      public boolean isPresent()
      Specified by:
      isPresent in interface JwksCache
      Returns:
      Whether the cache has been populated.
    • getKeyIds

      @NonNull public @NonNull Optional<List<String>> getKeyIds()
      Specified by:
      getKeyIds in interface JwksCache
    • supportedAlgorithmsMessage

      public String supportedAlgorithmsMessage()
      Specified by:
      supportedAlgorithmsMessage in interface SignatureConfiguration
      Returns:
      A message indicating the supported algorithms.
    • supports

      public boolean supports(com.nimbusds.jose.JWSAlgorithm algorithm)
      Whether this signature configuration supports this algorithm.
      Specified by:
      supports in interface SignatureConfiguration
      Parameters:
      algorithm - the signature algorithm
      Returns:
      whether this signature configuration supports this algorithm
    • verify

      public boolean verify(com.nimbusds.jwt.SignedJWT jwt) throws com.nimbusds.jose.JOSEException
      Verify a signed JWT.
      Specified by:
      verify in interface SignatureConfiguration
      Parameters:
      jwt - the signed JWT
      Returns:
      whether the signed JWT is verified
      Throws:
      com.nimbusds.jose.JOSEException - exception when verifying the JWT
    • loadJwkSet

      @Nullable @Deprecated(forRemoval=true, since="4.5.0") protected @Nullable com.nimbusds.jose.jwk.JWKSet loadJwkSet(String url)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Instantiates a JWKSet for a given url.
      Parameters:
      url - JSON Web Key Set Url.
      Returns:
      a JWKSet or null if there was an error.
    • loadJwkSet

      @Nullable protected @Nullable com.nimbusds.jose.jwk.JWKSet loadJwkSet(@Nullable @Nullable String providerName, String url)
      Instantiates a JWKSet for a given url.
      Parameters:
      providerName - The name of the JWKS configuration.
      url - JSON Web Key Set Url.
      Returns:
      a JWKSet or null if there was an error.
    • matches

      @Deprecated protected List<com.nimbusds.jose.jwk.JWK> matches(com.nimbusds.jwt.SignedJWT jwt, @Nullable @Nullable com.nimbusds.jose.jwk.JWKSet jwkSet)
      Calculates a list of JWK matches for a JWT.
      Parameters:
      jwt - A Signed JWT
      jwkSet - A JSON Web Key Set
      Returns:
      a List of JSON Web Keys
    • verify

      protected boolean verify(List<com.nimbusds.jose.jwk.JWK> matches, com.nimbusds.jwt.SignedJWT jwt)
      returns true if any JWK match is able to verify the JWT signature.
      Parameters:
      matches - A List of JSON Web key matches.
      jwt - A JWT to be verified.
      Returns:
      true if the JWT signature could be verified.