Source code

001/*******************************************************************************
002 * Copyright 2017 The MIT Internet Trust Consortium
003 *
004 * Portions copyright 2011-2013 The MITRE Corporation
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License");
007 * you may not use this file except in compliance with the License.
008 * You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 *******************************************************************************/
018package org.mitre.jwt.signer.service;
019
020import java.security.NoSuchAlgorithmException;
021import java.util.Collection;
022import java.util.Map;
023
024import com.nimbusds.jose.JWSAlgorithm;
025import com.nimbusds.jose.jwk.JWK;
026import com.nimbusds.jwt.SignedJWT;
027
028public interface JWTSigningAndValidationService {
029
030        /**
031         * Get all public keys for this service, mapped by their Key ID
032         */
033        public Map<String, JWK> getAllPublicKeys();
034
035        /**
036         * Checks the signature of the given JWT against all configured signers,
037         * returns true if at least one of the signers validates it.
038         *
039         * @param jwtString
040         *            the string representation of the JWT as sent on the wire
041         * @return true if the signature is valid, false if not
042         * @throws NoSuchAlgorithmException
043         */
044        public boolean validateSignature(SignedJWT jwtString);
045
046        /**
047         * Called to sign a jwt in place for a client that hasn't registered a preferred signing algorithm.
048         * Use the default algorithm to sign.
049         *
050         * @param jwt the jwt to sign
051         * @return the signed jwt
052         * @throws NoSuchAlgorithmException
053         */
054        public void signJwt(SignedJWT jwt);
055
056        /**
057         * Get the default signing algorithm for use when nothing else has been specified.
058         * @return
059         */
060        public JWSAlgorithm getDefaultSigningAlgorithm();
061
062        /**
063         * Get the list of all signing algorithms supported by this service.
064         * @return
065         */
066        public Collection<JWSAlgorithm> getAllSigningAlgsSupported();
067
068        /**
069         * Sign a jwt using the selected algorithm. The algorithm is selected using the String parameter values specified
070         * in the JWT spec, section 6. I.E., "HS256" means HMAC with SHA-256 and corresponds to our HmacSigner class.
071         *
072         * @param jwt the jwt to sign
073         * @param alg the name of the algorithm to use, as specified in JWS s.6
074         * @return the signed jwt
075         */
076        public void signJwt(SignedJWT jwt, JWSAlgorithm alg);
077
078        public String getDefaultSignerKeyId();
079
080        /**
081         * TODO: method to sign a jwt using a specified algorithm and a key id
082         */
083}