@ThreadSafe public class JWSVerificationKeySelector<C extends SecurityContext> extends Object implements JWSKeySelector<C>
JSON Web Key (JWK) source
.Constructor and Description |
---|
JWSVerificationKeySelector(JWSAlgorithm jwsAlg,
JWKSource<C> jwkSource)
Creates a new JWS verification key selector.
|
JWSVerificationKeySelector(Set<JWSAlgorithm> jwsAlgs,
JWKSource<C> jwkSource)
Creates a new JWS verification key selector.
|
Modifier and Type | Method and Description |
---|---|
protected JWKMatcher |
createJWKMatcher(JWSHeader jwsHeader)
Creates a JWK matcher for the expected JWS algorithm and the
specified JWS header.
|
JWSAlgorithm |
getExpectedJWSAlgorithm()
Deprecated.
Use
isAllowed(JWSAlgorithm) instead |
JWKSource<C> |
getJWKSource()
Returns the JWK source.
|
boolean |
isAllowed(JWSAlgorithm jwsAlg)
Checks if a JWS algorithm is allowed for key selection.
|
List<Key> |
selectJWSKeys(JWSHeader jwsHeader,
C context)
Selects key candidates for verifying a JWS object.
|
public JWSVerificationKeySelector(JWSAlgorithm jwsAlg, JWKSource<C> jwkSource)
jwsAlg
- The allowed JWS algorithm for the objects to be
verified. Must not be null
.jwkSource
- The JWK source. Must not be null
.public JWSVerificationKeySelector(Set<JWSAlgorithm> jwsAlgs, JWKSource<C> jwkSource)
jwsAlgs
- The allowed JWS algorithms for the objects to be
verified. Must not be empty or null
.jwkSource
- The JWK source. Must not be null
.public boolean isAllowed(JWSAlgorithm jwsAlg)
jwsAlg
- The JWS algorithm to check.true
if allowed, else false
.@Deprecated public JWSAlgorithm getExpectedJWSAlgorithm()
isAllowed(JWSAlgorithm)
insteadprotected JWKMatcher createJWKMatcher(JWSHeader jwsHeader)
jwsHeader
- The JWS header. Must not be null
.null
if none could be created.public List<Key> selectJWSKeys(JWSHeader jwsHeader, C context) throws KeySourceException
JWSKeySelector
selectJWSKeys
in interface JWSKeySelector<C extends SecurityContext>
jwsHeader
- The header of the JWS object. Must not be
null
.context
- Optional context of the JWS object, null
if
not required.KeySourceException
- If a key sourcing exception is
encountered, e.g. on remote JWK
retrieval.public JWKSource<C> getJWKSource()
Copyright © 2020 Connect2id Ltd.. All rights reserved.