public class DefaultJWSMinter<C extends SecurityContext> extends Object implements ConfigurableJWSMinter<C>
JSON Web Signature (JWS) objects
and
signed JSON Web Tokens
(JWTs).
Must be configured with the following:
setJWKSource(com.nimbusds.jose.jwk.source.JWKSource<C>)
JSON Web Key (JWK) source} to select a
signing key. The default key selection procedure is based on the
JWSHeader
. To customise it pass a suitable
context
.An optional context
parameter is available to
facilitate passing of additional data between the caller and the underlying
selector of key candidates (in both directions).
See sections 6 of RFC 7515 (JWS) for guidelines on key selection.
This minter adds any key-identifying header based on the JWK that it selects.
Constructor and Description |
---|
DefaultJWSMinter() |
Modifier and Type | Method and Description |
---|---|
JWKSource<C> |
getJWKSource()
Gets the source for looking up JWKs.
|
JWSSignerFactory |
getJWSSignerFactory()
Gets the factory for generating
JWSSigner s. |
JWSObject |
mint(JWSHeader header,
Payload payload,
C context)
|
void |
setJWKSource(JWKSource<C> jwkSource)
Sets the source for to look up JWKs from.
|
void |
setJWSSignerFactory(JWSSignerFactory jwsSignerFactory)
Sets the factory for generating
JWSSigner s. |
public DefaultJWSMinter()
public JWSObject mint(JWSHeader header, Payload payload, C context) throws JOSEException
JWSHeader
and Payload
. To create a signed JSON Web
Token (JWT) use the JWTClaimsSet.toPayload()
method to
obtain a Payload
representation of the JWT claims.
Derives the signing key from the JWSHeader
as well as any
application-specific context
.
If multiple keys are matched against the header's criteria, the
first will be used to sign the object. To customise the key
selection you can set a custom JWKSource
like so:
public static class MyJWKSource implements JWKSource<SecurityContext> { private final JWKSource<SecurityContext> delegate; public List<JWK> get(final JWKSelector jwkSelector, final SecurityContext context) throws KeySourceException { List<JWK> jwks = this.delegate.get(jwkSelector, context); return jwks.get(jwks.size() - 1); // get last one instead } } minter.setJWKSource(new MyJWKSource(jwkSource));
or you can select your own JWK
and do:
JWK jwk = findJWK(); minter.mint(header, claims, new JWKSecurityContext(jwks));
Once the key is discovered, adds any headers related to the
discovered signing key, including kid
, x5u
,
x5c
, and x5t#256
.
All other headers and claims remain as-is. This method expects
the caller to add the typ
, alg
, and any other needed
headers.
mint
in interface JWSMinter<C extends SecurityContext>
header
- The JWSHeader
to use, less any
key-identifying headers, which this method will
derive.payload
- The Payload
.context
- A SecurityContext
, null
if not
specified.JOSEException
- If the instance is improperly configured, if
no appropriate JWK could be found, or if signing failed.public JWKSource<C> getJWKSource()
JWSMinterConfiguration
getJWKSource
in interface JWSMinterConfiguration<C extends SecurityContext>
JWKSource
in use.public void setJWKSource(JWKSource<C> jwkSource)
JWSMinterConfiguration
setJWKSource
in interface JWSMinterConfiguration<C extends SecurityContext>
jwkSource
- The JWK source to use.public JWSSignerFactory getJWSSignerFactory()
JWSMinterConfiguration
JWSSigner
s.getJWSSignerFactory
in interface JWSMinterConfiguration<C extends SecurityContext>
JWSSignerFactory
in use.public void setJWSSignerFactory(JWSSignerFactory jwsSignerFactory)
JWSMinterConfiguration
JWSSigner
s.setJWSSignerFactory
in interface JWSMinterConfiguration<C extends SecurityContext>
jwsSignerFactory
- The JWS signer factory to use.Copyright © 2021 Connect2id Ltd.. All rights reserved.