Class DefaultJWSMinter<C extends SecurityContext>
- All Implemented Interfaces:
ConfigurableJWSMinter<C>,JWSMinter<C>,JWSMinterConfiguration<C>
JSON Web Signature (JWS) objects and
signed JSON Web Tokens (JWTs).
Must be configured with the following:
- A
setJWKSource(com.nimbusds.jose.jwk.source.JWKSource<C>)JSON Web Key (JWK) source} to select a signing key. The default key selection procedure is based on theJWSHeader. To customise it pass a suitablecontext.
An optional context parameter is available to
facilitate passing of additional data between the caller and the underlying
selector of key candidates (in both directions).
See sections 6 of RFC 7515 (JWS) for guidelines on key selection.
This minter adds any key-identifying header based on the JWK that it selects.
- Version:
- 2021-01-14
- Author:
- Josh Cummings
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionGets the source for looking up JWKs.Gets the factory for generatingJWSSigners.voidsetJWKSource(JWKSource<C> jwkSource) Sets the source for to look up JWKs from.voidsetJWSSignerFactory(JWSSignerFactory jwsSignerFactory) Sets the factory for generatingJWSSigners.
-
Constructor Details
-
DefaultJWSMinter
public DefaultJWSMinter()
-
-
Method Details
-
mint
Creates a new JSON Web Signature (JWS) object using the providedJWSHeaderandPayload. To create a signed JSON Web Token (JWT) use theJWTClaimsSet.toPayload()method to obtain aPayloadrepresentation of the JWT claims.Derives the signing key from the
JWSHeaderas well as any application-specificcontext.If multiple keys are matched against the header's criteria, the first will be used to sign the object. To customise the key selection you can set a custom
JWKSourcelike so:public static class MyJWKSource implements JWKSource<SecurityContext> { private final JWKSource<SecurityContext> delegate; public List<JWK> get(final JWKSelector jwkSelector, final SecurityContext context) throws KeySourceException { List<JWK> jwks = this.delegate.get(jwkSelector, context); return jwks.get(jwks.size() - 1); // get last one instead } } minter.setJWKSource(new MyJWKSource(jwkSource));or you can select your own
JWKand do:JWK jwk = findJWK(); minter.mint(header, claims, new JWKSecurityContext(jwks));
Once the key is discovered, adds any headers related to the discovered signing key, including
kid,x5u,x5c, andx5t#256.All other headers and claims remain as-is. This method expects the caller to add the
typ,alg, and any other needed headers.- Specified by:
mintin interfaceJWSMinter<C extends SecurityContext>- Parameters:
header- TheJWSHeaderto use, less any key-identifying headers, which this method will derive.payload- ThePayload.context- ASecurityContext,nullif not required.- Returns:
- The signed JWS object.
- Throws:
JOSEException- If the instance is improperly configured, if no appropriate JWK could be found, or if signing failed.
-
getJWKSource
Description copied from interface:JWSMinterConfigurationGets the source for looking up JWKs.- Specified by:
getJWKSourcein interfaceJWSMinterConfiguration<C extends SecurityContext>- Returns:
- The
JWKSourcein use.
-
setJWKSource
Description copied from interface:JWSMinterConfigurationSets the source for to look up JWKs from.- Specified by:
setJWKSourcein interfaceJWSMinterConfiguration<C extends SecurityContext>- Parameters:
jwkSource- The JWK source to use.
-
getJWSSignerFactory
Description copied from interface:JWSMinterConfigurationGets the factory for generatingJWSSigners.- Specified by:
getJWSSignerFactoryin interfaceJWSMinterConfiguration<C extends SecurityContext>- Returns:
- The
JWSSignerFactoryin use.
-
setJWSSignerFactory
Description copied from interface:JWSMinterConfigurationSets the factory for generatingJWSSigners.- Specified by:
setJWSSignerFactoryin interfaceJWSMinterConfiguration<C extends SecurityContext>- Parameters:
jwsSignerFactory- The JWS signer factory to use.
-