org.mitre.jwt.signer.service.impl

Class DefaultJWTSigningAndValidationService

java.lang.Object

org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService

All Implemented Interfaces:

JWTSigningAndValidationService

public class DefaultJWTSigningAndValidationService
extends Object
implements JWTSigningAndValidationService

Constructor Summary

Constructors

Constructor and Description
DefaultJWTSigningAndValidationService(JWKSetKeyStore keyStore) Build this service based on the given keystore.
DefaultJWTSigningAndValidationService(Map<String,com.nimbusds.jose.jwk.JWK> keys) Build this service based on the keys given.

Method Summary

Modifier and Type	Method and Description
Map<String,com.nimbusds.jose.jwk.JWK>	getAllPublicKeys() Get all public keys for this service, mapped by their Key ID
Collection<com.nimbusds.jose.JWSAlgorithm>	getAllSigningAlgsSupported() Get the list of all signing algorithms supported by this service.
String	getDefaultSignerKeyId()
com.nimbusds.jose.JWSAlgorithm	getDefaultSigningAlgorithm() Get the default signing algorithm for use when nothing else has been specified.
String	getDefaultSigningAlgorithmName()
void	setDefaultSignerKeyId(String defaultSignerId)
void	setDefaultSigningAlgorithmName(String algName)
void	signJwt(com.nimbusds.jwt.SignedJWT jwt) Sign a jwt in place using the configured default signer.
void	signJwt(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.JWSAlgorithm alg) Sign a jwt using the selected algorithm.
boolean	validateSignature(com.nimbusds.jwt.SignedJWT jwt) Checks the signature of the given JWT against all configured signers, returns true if at least one of the signers validates it.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultJWTSigningAndValidationService

public DefaultJWTSigningAndValidationService(Map<String,com.nimbusds.jose.jwk.JWK> keys)
                                      throws NoSuchAlgorithmException,
                                             InvalidKeySpecException

Build this service based on the keys given. All public keys will be used to make verifiers, all private keys will be used to make signers.

Parameters:

keys - A map of key identifier to key

Throws:

InvalidKeySpecException - If the keys in the JWKs are not valid

NoSuchAlgorithmException - If there is no appropriate algorithm to tie the keys to.

DefaultJWTSigningAndValidationService

public DefaultJWTSigningAndValidationService(JWKSetKeyStore keyStore)
                                      throws NoSuchAlgorithmException,
                                             InvalidKeySpecException

Build this service based on the given keystore. All keys must have a key id (kid) field in order to be used.

Parameters:

keyStore - the keystore to load all keys from

Throws:

InvalidKeySpecException - If the keys in the JWKs are not valid

NoSuchAlgorithmException - If there is no appropriate algorithm to tie the keys to.

Method Detail

getDefaultSignerKeyId

public String getDefaultSignerKeyId()

Specified by:

getDefaultSignerKeyId in interface JWTSigningAndValidationService

Returns:

the defaultSignerKeyId

setDefaultSignerKeyId

public void setDefaultSignerKeyId(String defaultSignerId)

Parameters:

defaultSignerKeyId - the defaultSignerKeyId to set

getDefaultSigningAlgorithm

public com.nimbusds.jose.JWSAlgorithm getDefaultSigningAlgorithm()

Description copied from interface: JWTSigningAndValidationService

Get the default signing algorithm for use when nothing else has been specified.

Specified by:

getDefaultSigningAlgorithm in interface JWTSigningAndValidationService

Returns:

setDefaultSigningAlgorithmName

public void setDefaultSigningAlgorithmName(String algName)

getDefaultSigningAlgorithmName

public String getDefaultSigningAlgorithmName()

signJwt

public void signJwt(com.nimbusds.jwt.SignedJWT jwt)

Sign a jwt in place using the configured default signer.

Specified by:

signJwt in interface JWTSigningAndValidationService

Parameters:

jwt - the jwt to sign

signJwt

public void signJwt(com.nimbusds.jwt.SignedJWT jwt,
                    com.nimbusds.jose.JWSAlgorithm alg)

Description copied from interface: JWTSigningAndValidationService

Sign a jwt using the selected algorithm. The algorithm is selected using the String parameter values specified in the JWT spec, section 6. I.E., "HS256" means HMAC with SHA-256 and corresponds to our HmacSigner class.

Specified by:

signJwt in interface JWTSigningAndValidationService

Parameters:

jwt - the jwt to sign

alg - the name of the algorithm to use, as specified in JWS s.6

validateSignature

public boolean validateSignature(com.nimbusds.jwt.SignedJWT jwt)

Description copied from interface: JWTSigningAndValidationService

Checks the signature of the given JWT against all configured signers, returns true if at least one of the signers validates it.

Specified by:

validateSignature in interface JWTSigningAndValidationService

Parameters:

jwt - the string representation of the JWT as sent on the wire

Returns:

true if the signature is valid, false if not

getAllPublicKeys

public Map<String,com.nimbusds.jose.jwk.JWK> getAllPublicKeys()

Description copied from interface: JWTSigningAndValidationService

Get all public keys for this service, mapped by their Key ID

Specified by:

getAllPublicKeys in interface JWTSigningAndValidationService

getAllSigningAlgsSupported

public Collection<com.nimbusds.jose.JWSAlgorithm> getAllSigningAlgsSupported()

Description copied from interface: JWTSigningAndValidationService

Get the list of all signing algorithms supported by this service.

Specified by:

getAllSigningAlgsSupported in interface JWTSigningAndValidationService

Returns: