@ThreadSafe public class DefaultJOSEProcessor<C extends SecurityContext> extends Object implements ConfigurableJOSEProcessor<C>
unsecured
(plain), JWS
and
JWE
objects.
Must be configured with the following:
JWS key selector
using the header to suggest key candidate(s) for the signature
verification. The key selection procedure is application-specific and
may involve key ID lookup, a certificate check and / or some
context
.JWE key
selector
using the header to suggest key candidate(s) for decryption.
The key selection procedure is application-specific and may involve key
ID lookup, a certificate check and / or some context
.An optional context
parameter is available to
facilitate passing of additional data between the caller and the underlying
selector of key candidates (in both directions).
See sections 6 of RFC 7515 (JWS) and RFC 7516 (JWE) for guidelines on key selection.
This processor is configured with a standard header "typ" (type)
parameter verifier
which expects
the JWS, JWE and plain (unsecured) objects to have the type header omitted
or set to JOSE
. To accept other "typ" values
pass an appropriately configured JWS and / or JWE
type verifier
.
This processor comes with the default JWS verifier factory
and the default JWE decrypter factory
; they can construct verifiers / decrypters for all
standard JOSE algorithms implemented by the library.
Note that for security reasons this processor is hardwired to reject
unsecured (plain) JOSE objects. Override the process(PlainObject,
SecurityContext)
method if you need to handle unsecured JOSE objects.
To process JSON Web Tokens (JWTs) use the
DefaultJWTProcessor
class.
Constructor and Description |
---|
DefaultJOSEProcessor() |
Modifier and Type | Method and Description |
---|---|
JWEDecrypterFactory |
getJWEDecrypterFactory()
Gets the factory for creating JWE decrypter instances.
|
JWEKeySelector<C> |
getJWEKeySelector()
Gets the JWE key selector.
|
JOSEObjectTypeVerifier<C> |
getJWETypeVerifier()
Gets the JWE header "typ" (type) parameter verifier.
|
JWSKeySelector<C> |
getJWSKeySelector()
Gets the JWS key selector.
|
JOSEObjectTypeVerifier<C> |
getJWSTypeVerifier()
Gets the JWS header "typ" (type) parameter verifier.
|
JWSVerifierFactory |
getJWSVerifierFactory()
Gets the factory for creating JWS verifier instances.
|
Payload |
process(JOSEObject joseObject,
C context)
Processes the specified JOSE object (unsecured, JWS or JWE).
|
Payload |
process(JWEObject jweObject,
C context)
Processes the specified JWE object by decrypting it.
|
Payload |
process(JWSObject jwsObject,
C context)
Processes the specified JWS object by verifying its signature.
|
Payload |
process(PlainObject plainObject,
C context)
Processes the specified unsecured (plain) JOSE object, typically by
checking its context.
|
Payload |
process(String compactJOSE,
C context)
Parses and processes the specified JOSE object (unsecured, JWS or
JWE).
|
void |
setJWEDecrypterFactory(JWEDecrypterFactory factory)
Sets the factory for creating JWE decrypter instances.
|
void |
setJWEKeySelector(JWEKeySelector<C> jweKeySelector)
Sets the JWE key selector.
|
void |
setJWETypeVerifier(JOSEObjectTypeVerifier<C> jweTypeVerifier)
Sets the JWE header "typ" (type) parameter verifier.
|
void |
setJWSKeySelector(JWSKeySelector<C> jwsKeySelector)
Sets the JWS key selector.
|
void |
setJWSTypeVerifier(JOSEObjectTypeVerifier<C> jwsTypeVerifier)
Sets the JWS header "typ" (type) parameter verifier.
|
void |
setJWSVerifierFactory(JWSVerifierFactory factory)
Sets the factory for creating JWS verifier instances.
|
public DefaultJOSEProcessor()
public JOSEObjectTypeVerifier<C> getJWSTypeVerifier()
JOSEProcessorConfiguration
getJWSTypeVerifier
in interface JOSEProcessorConfiguration<C extends SecurityContext>
null
if not specified.public void setJWSTypeVerifier(JOSEObjectTypeVerifier<C> jwsTypeVerifier)
JOSEProcessorConfiguration
setJWSTypeVerifier
in interface JOSEProcessorConfiguration<C extends SecurityContext>
jwsTypeVerifier
- The JWS type verifier, null
if not
specified.public JWSKeySelector<C> getJWSKeySelector()
JOSEProcessorConfiguration
getJWSKeySelector
in interface JOSEProcessorConfiguration<C extends SecurityContext>
null
if not specified.public void setJWSKeySelector(JWSKeySelector<C> jwsKeySelector)
JOSEProcessorConfiguration
setJWSKeySelector
in interface JOSEProcessorConfiguration<C extends SecurityContext>
jwsKeySelector
- The JWS key selector, null
if not
specified.public JOSEObjectTypeVerifier<C> getJWETypeVerifier()
JOSEProcessorConfiguration
getJWETypeVerifier
in interface JOSEProcessorConfiguration<C extends SecurityContext>
null
if not specified.public void setJWETypeVerifier(JOSEObjectTypeVerifier<C> jweTypeVerifier)
JOSEProcessorConfiguration
setJWETypeVerifier
in interface JOSEProcessorConfiguration<C extends SecurityContext>
jweTypeVerifier
- The JWE type verifier, null
if not
specified.public JWEKeySelector<C> getJWEKeySelector()
JOSEProcessorConfiguration
getJWEKeySelector
in interface JOSEProcessorConfiguration<C extends SecurityContext>
null
if not specified.public void setJWEKeySelector(JWEKeySelector<C> jweKeySelector)
JOSEProcessorConfiguration
setJWEKeySelector
in interface JOSEProcessorConfiguration<C extends SecurityContext>
jweKeySelector
- The JWE key selector, null
if not
specified.public JWSVerifierFactory getJWSVerifierFactory()
JOSEProcessorConfiguration
getJWSVerifierFactory
in interface JOSEProcessorConfiguration<C extends SecurityContext>
null
if not specified.public void setJWSVerifierFactory(JWSVerifierFactory factory)
JOSEProcessorConfiguration
setJWSVerifierFactory
in interface JOSEProcessorConfiguration<C extends SecurityContext>
factory
- The JWS verifier factory, null
if not
specified.public JWEDecrypterFactory getJWEDecrypterFactory()
JOSEProcessorConfiguration
getJWEDecrypterFactory
in interface JOSEProcessorConfiguration<C extends SecurityContext>
null
if not specified.public void setJWEDecrypterFactory(JWEDecrypterFactory factory)
JOSEProcessorConfiguration
setJWEDecrypterFactory
in interface JOSEProcessorConfiguration<C extends SecurityContext>
factory
- The JWE decrypter factory, null
if not
specified.public Payload process(String compactJOSE, C context) throws ParseException, BadJOSEException, JOSEException
JOSEProcessor
process
in interface JOSEProcessor<C extends SecurityContext>
compactJOSE
- The JOSE object, compact-encoded to a
URL-safe string. Must not be null
.context
- Optional context, null
if not
required.ParseException
- If the string couldn't be parsed to a valid
JOSE object.BadJOSEException
- If the JOSE object is rejected.JOSEException
- If an internal processing exception is
encountered.public Payload process(JOSEObject joseObject, C context) throws BadJOSEException, JOSEException
JOSEProcessor
process
in interface JOSEProcessor<C extends SecurityContext>
joseObject
- The JOSE object. Must not be null
.context
- Optional context, null
if not required.BadJOSEException
- If the JOSE object is rejected.JOSEException
- If an internal processing exception is
encountered.public Payload process(PlainObject plainObject, C context) throws BadJOSEException
JOSEProcessor
process
in interface JOSEProcessor<C extends SecurityContext>
plainObject
- The unsecured (plain) JOSE object. Not
null
.context
- Optional context, null
if not required.BadJOSEException
- If the unsecured (plain) JOSE object is
rejected.public Payload process(JWSObject jwsObject, C context) throws BadJOSEException, JOSEException
JOSEProcessor
process
in interface JOSEProcessor<C extends SecurityContext>
jwsObject
- The JWS object. Not null
.context
- Optional context, null
if not required.BadJOSEException
- If the JWS object is rejected, typically
due to a bad signature.JOSEException
- If an internal processing exception is
encountered.public Payload process(JWEObject jweObject, C context) throws BadJOSEException, JOSEException
JOSEProcessor
process
in interface JOSEProcessor<C extends SecurityContext>
jweObject
- The JWE object. Not null
.context
- Optional context of the JWE object, null
if
not required.BadJOSEException
- If the JWE object is rejected, typically
due to failed decryption.JOSEException
- If an internal processing exception is
encountered.Copyright © 2020 Connect2id Ltd.. All rights reserved.