Package com.nimbusds.jose.jwk.source

Class RemoteJWKSet<C extends SecurityContext>

  • All Implemented Interfaces:
    JWKSource<C>
    @ThreadSafe
public class RemoteJWKSet<C extends SecurityContext>
extends Object
implements JWKSource<C>
    Remote JSON Web Key (JWK) source specified by a JWK set URL. The retrieved JWK set is cached to minimise network calls. The cache is updated whenever the key selector tries to get a key with an unknown ID.

    If no ResourceRetriever is specified when creating a remote JWK set source the default one will be used, with the following HTTP timeouts and limits:

    • HTTP connect timeout, in milliseconds: Determined by the DEFAULT_HTTP_CONNECT_TIMEOUT constant which can be overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpConnectTimeout Java system property.
    • HTTP read timeout, in milliseconds: Determined by the DEFAULT_HTTP_READ_TIMEOUT constant which can be overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpReadTimeout Java system property.
    • HTTP entity size limit: Determined by the DEFAULT_HTTP_SIZE_LIMIT constant which can be overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpSizeLimit Java system property.
    Version:
    2022-01-24
    Author:
    Vladimir Dzhuvinov

    • Constructor Detail

      • RemoteJWKSet

        public RemoteJWKSet​(URL jwkSetURL)
        Creates a new remote JWK set using the default HTTP resource retriever with the default HTTP timeouts and entity size limit.
        Parameters:
        jwkSetURL - The JWK set URL. Must not be null.

      • RemoteJWKSet

        public RemoteJWKSet​(URL jwkSetURL,
                    ResourceRetriever resourceRetriever)
        Creates a new remote JWK set.
        Parameters:
        jwkSetURL - The JWK set URL. Must not be null.
        resourceRetriever - The HTTP resource retriever to use, null to use the default one with the default HTTP timeouts and entity size limit.

      • RemoteJWKSet

        public RemoteJWKSet​(URL jwkSetURL,
                    ResourceRetriever resourceRetriever,
                    JWKSetCache jwkSetCache)
        Creates a new remote JWK set.
        Parameters:
        jwkSetURL - The JWK set URL. Must not be null.
        resourceRetriever - The HTTP resource retriever to use, null to use the default one with the default HTTP timeouts and entity size limit.
        jwkSetCache - The JWK set cache to use, null to use the default one.

    • Method Detail

      • resolveDefaultHTTPConnectTimeout

        public static int resolveDefaultHTTPConnectTimeout()
        Resolves the default HTTP connect timeout for JWK set retrieval, in milliseconds.
        Returns:
        The static constant, overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpConnectTimeout Java system property.

      • resolveDefaultHTTPReadTimeout

        public static int resolveDefaultHTTPReadTimeout()
        Resolves the default HTTP read timeout for JWK set retrieval, in milliseconds.
        Returns:
        The static constant, overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpReadTimeout Java system property.

      • resolveDefaultHTTPSizeLimit

        public static int resolveDefaultHTTPSizeLimit()
        Resolves default HTTP entity size limit for JWK set retrieval, in bytes.
        Returns:
        The static constant, overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpSizeLimit Java system property.

      • getJWKSetURL

        public URL getJWKSetURL()
        Returns the JWK set URL.
        Returns:
        The JWK set URL.

      • getCachedJWKSet

        public JWKSet getCachedJWKSet()
        Returns the cached JWK set.
        Returns:
        The cached JWK set, null if none or expired.

      • getFirstSpecifiedKeyID

        protected static String getFirstSpecifiedKeyID​(JWKMatcher jwkMatcher)
        Returns the first specified key ID (kid) for a JWK matcher.
        Parameters:
        jwkMatcher - The JWK matcher. Must not be null.
        Returns:
        The first key ID, null if none.