001package com.nimbusds.jose.proc; 002 003 004import java.security.Key; 005import java.util.List; 006 007import com.nimbusds.jose.JWSHeader; 008 009 010/** 011 * Interface for selecting key candidates for verifying a JSON Web Signature 012 * (JWS) object. Applications should utilise this interface or a similar 013 * framework to determine whether a received JWS object (or signed JWT) is 014 * eligible for {@link com.nimbusds.jose.JWSVerifier verification} and further 015 * processing. 016 * 017 * <p>The key selection should be based on application specific criteria, such 018 * as recognised header parameters referencing the key (e.g. {@code kid}, 019 * {@code x5t}) and / or the JWS object {@link SecurityContext}. 020 * 021 * <p>See JSON Web Signature (JWS), Appendix D. Notes on Key Selection for 022 * suggestions. 023 * 024 * <p>Possible key types: 025 * 026 * <ul> 027 * <li>{@link javax.crypto.SecretKey} for HMAC keys. 028 * <li>{@link java.security.interfaces.RSAPublicKey} public RSA keys. 029 * <li>{@link java.security.interfaces.ECPublicKey} public EC keys. 030 * </ul> 031 * 032 * @author Vladimir Dzhuvinov 033 * @version 2015-06-08 034 */ 035public interface JWSKeySelector<C extends SecurityContext> { 036 037 038 /** 039 * Selects key candidates for verifying a JWS object. 040 * 041 * @param header The header of the JWS object. Must not be 042 * {@code null}. 043 * @param context Optional context of the JWS object, {@code null} if 044 * not required. 045 * 046 * @return The key candidates in trial order, empty list if none. 047 */ 048 List<? extends Key> selectJWSKeys(final JWSHeader header, final C context); 049}