Package com.nimbusds.jose.jwk.source

Class RemoteJWKSet<C extends SecurityContext>

  • All Implemented Interfaces:
    JWKSource<C>
    @ThreadSafe
public class RemoteJWKSet<C extends SecurityContext>
extends Object
implements JWKSource<C>
    Remote JSON Web Key (JWK) source specified by a JWK set URL. The retrieved JWK set is cached to minimise network calls. The cache is updated whenever the key selector tries to get a key with an unknown ID or the cache expires.

    If no ResourceRetriever is specified when creating a remote JWK set source the default one will be used, with the following HTTP timeouts and limits:

    • HTTP connect timeout, in milliseconds: Determined by the DEFAULT_HTTP_CONNECT_TIMEOUT constant which can be overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpConnectTimeout Java system property.
    • HTTP read timeout, in milliseconds: Determined by the DEFAULT_HTTP_READ_TIMEOUT constant which can be overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpReadTimeout Java system property.
    • HTTP entity size limit: Determined by the DEFAULT_HTTP_SIZE_LIMIT constant which can be overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpSizeLimit Java system property.

    A failover JWK source can be configured in case the JWK set URL becomes unavailable (HTTP 404) or times out. The failover JWK source can be another URL or some other object.

    Version:
    2022-01-30
    Author:
    Vladimir Dzhuvinov, Andreas Huber

    • Constructor Detail

      • RemoteJWKSet

        public RemoteJWKSet​(URL jwkSetURL)
        Creates a new remote JWK set using the default HTTP resource retriever with the default HTTP timeouts and entity size limit.
        Parameters:
        jwkSetURL - The JWK set URL. Must not be null.

      • RemoteJWKSet

        public RemoteJWKSet​(URL jwkSetURL,
                    JWKSource<C> failoverJWKSource)
        Creates a new remote JWK set using the default HTTP resource retriever with the default HTTP timeouts and entity size limit.
        Parameters:
        jwkSetURL - The JWK set URL. Must not be null.
        failoverJWKSource - Optional failover JWK source in case retrieval from the JWK set URL fails, null if no failover is specified.

      • RemoteJWKSet

        public RemoteJWKSet​(URL jwkSetURL,
                    ResourceRetriever resourceRetriever)
        Creates a new remote JWK set.
        Parameters:
        jwkSetURL - The JWK set URL. Must not be null.
        resourceRetriever - The HTTP resource retriever to use, null to use the default one with the default HTTP timeouts and entity size limit.

      • RemoteJWKSet

        public RemoteJWKSet​(URL jwkSetURL,
                    ResourceRetriever resourceRetriever,
                    JWKSetCache jwkSetCache)
        Creates a new remote JWK set.
        Parameters:
        jwkSetURL - The JWK set URL. Must not be null.
        resourceRetriever - The HTTP resource retriever to use, null to use the default one with the default HTTP timeouts and entity size limit.
        jwkSetCache - The JWK set cache to use, null to use the default one.

      • RemoteJWKSet

        public RemoteJWKSet​(URL jwkSetURL,
                    JWKSource<C> failoverJWKSource,
                    ResourceRetriever resourceRetriever,
                    JWKSetCache jwkSetCache)
        Creates a new remote JWK set.
        Parameters:
        jwkSetURL - The JWK set URL. Must not be null.
        failoverJWKSource - Optional failover JWK source in case retrieval from the JWK set URL fails, null if no failover is specified.
        resourceRetriever - The HTTP resource retriever to use, null to use the default one with the default HTTP timeouts and entity size limit.
        jwkSetCache - The JWK set cache to use, null to use the default one.

    • Method Detail

      • resolveDefaultHTTPConnectTimeout

        public static int resolveDefaultHTTPConnectTimeout()
        Resolves the default HTTP connect timeout for JWK set retrieval, in milliseconds.
        Returns:
        The static constant, overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpConnectTimeout Java system property.

      • resolveDefaultHTTPReadTimeout

        public static int resolveDefaultHTTPReadTimeout()
        Resolves the default HTTP read timeout for JWK set retrieval, in milliseconds.
        Returns:
        The static constant, overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpReadTimeout Java system property.

      • resolveDefaultHTTPSizeLimit

        public static int resolveDefaultHTTPSizeLimit()
        Resolves default HTTP entity size limit for JWK set retrieval, in bytes.
        Returns:
        The static constant, overridden by setting the com.nimbusds.jose.jwk.source.RemoteJWKSet.defaultHttpSizeLimit Java system property.

      • getJWKSetURL

        public URL getJWKSetURL()
        Returns the JWK set URL.
        Returns:
        The JWK set URL.

      • getFailoverJWKSource

        public JWKSource<CgetFailoverJWKSource()
        Returns the optional failover JWK source.
        Returns:
        The failover JWK source, null if not specified.

      • getCachedJWKSet

        public JWKSet getCachedJWKSet()
        Returns the cached JWK set.
        Returns:
        The cached JWK set, null if none or expired.

      • getFirstSpecifiedKeyID

        protected static String getFirstSpecifiedKeyID​(JWKMatcher jwkMatcher)
        Returns the first specified key ID (kid) for a JWK matcher.
        Parameters:
        jwkMatcher - The JWK matcher. Must not be null.
        Returns:
        The first key ID, null if none.