Class DefaultJWSMinter<C extends SecurityContext>
- java.lang.Object
-
- com.nimbusds.jose.mint.DefaultJWSMinter<C>
-
- All Implemented Interfaces:
ConfigurableJWSMinter<C>
,JWSMinter<C>
,JWSMinterConfiguration<C>
public class DefaultJWSMinter<C extends SecurityContext> extends Object implements ConfigurableJWSMinter<C>
Default minter ofJSON Web Signature (JWS) objects
andsigned JSON Web Tokens
(JWTs).Must be configured with the following:
- A
setJWKSource(com.nimbusds.jose.jwk.source.JWKSource<C>)
JSON Web Key (JWK) source} to select a signing key. The default key selection procedure is based on theJWSHeader
. To customise it pass a suitablecontext
.
An optional
context
parameter is available to facilitate passing of additional data between the caller and the underlying selector of key candidates (in both directions).See sections 6 of RFC 7515 (JWS) for guidelines on key selection.
This minter adds any key-identifying header based on the JWK that it selects.
- Version:
- 2021-01-14
- Author:
- Josh Cummings
-
-
Constructor Summary
Constructors Constructor Description DefaultJWSMinter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description JWKSource<C>
getJWKSource()
Gets the source for looking up JWKs.JWSSignerFactory
getJWSSignerFactory()
Gets the factory for generatingJWSSigner
s.JWSObject
mint(JWSHeader header, Payload payload, C context)
void
setJWKSource(JWKSource<C> jwkSource)
Sets the source for to look up JWKs from.void
setJWSSignerFactory(JWSSignerFactory jwsSignerFactory)
Sets the factory for generatingJWSSigner
s.
-
-
-
Constructor Detail
-
DefaultJWSMinter
public DefaultJWSMinter()
-
-
Method Detail
-
mint
public JWSObject mint(JWSHeader header, Payload payload, C context) throws JOSEException
Creates a new JSON Web Signature (JWS) object using the providedJWSHeader
andPayload
. To create a signed JSON Web Token (JWT) use theJWTClaimsSet.toPayload()
method to obtain aPayload
representation of the JWT claims.Derives the signing key from the
JWSHeader
as well as any application-specificcontext
.If multiple keys are matched against the header's criteria, the first will be used to sign the object. To customise the key selection you can set a custom
JWKSource
like so:public static class MyJWKSource implements JWKSource<SecurityContext> { private final JWKSource<SecurityContext> delegate; public List<JWK> get(final JWKSelector jwkSelector, final SecurityContext context) throws KeySourceException { List<JWK> jwks = this.delegate.get(jwkSelector, context); return jwks.get(jwks.size() - 1); // get last one instead } } minter.setJWKSource(new MyJWKSource(jwkSource));
or you can select your own
JWK
and do:JWK jwk = findJWK(); minter.mint(header, claims, new JWKSecurityContext(jwks));
Once the key is discovered, adds any headers related to the discovered signing key, including
kid
,x5u
,x5c
, andx5t#256
.All other headers and claims remain as-is. This method expects the caller to add the
typ
,alg
, and any other needed headers.- Specified by:
mint
in interfaceJWSMinter<C extends SecurityContext>
- Parameters:
header
- TheJWSHeader
to use, less any key-identifying headers, which this method will derive.payload
- ThePayload
.context
- ASecurityContext
,null
if not specified.- Returns:
- The signed JWS object.
- Throws:
JOSEException
- If the instance is improperly configured, if no appropriate JWK could be found, or if signing failed.
-
getJWKSource
public JWKSource<C> getJWKSource()
Description copied from interface:JWSMinterConfiguration
Gets the source for looking up JWKs.- Specified by:
getJWKSource
in interfaceJWSMinterConfiguration<C extends SecurityContext>
- Returns:
- The
JWKSource
in use.
-
setJWKSource
public void setJWKSource(JWKSource<C> jwkSource)
Description copied from interface:JWSMinterConfiguration
Sets the source for to look up JWKs from.- Specified by:
setJWKSource
in interfaceJWSMinterConfiguration<C extends SecurityContext>
- Parameters:
jwkSource
- The JWK source to use.
-
getJWSSignerFactory
public JWSSignerFactory getJWSSignerFactory()
Description copied from interface:JWSMinterConfiguration
Gets the factory for generatingJWSSigner
s.- Specified by:
getJWSSignerFactory
in interfaceJWSMinterConfiguration<C extends SecurityContext>
- Returns:
- The
JWSSignerFactory
in use.
-
setJWSSignerFactory
public void setJWSSignerFactory(JWSSignerFactory jwsSignerFactory)
Description copied from interface:JWSMinterConfiguration
Sets the factory for generatingJWSSigner
s.- Specified by:
setJWSSignerFactory
in interfaceJWSMinterConfiguration<C extends SecurityContext>
- Parameters:
jwsSignerFactory
- The JWS signer factory to use.
-
-