Package com.nimbusds.jose.proc
Class DefaultJOSEProcessor<C extends SecurityContext>
- java.lang.Object
-
- com.nimbusds.jose.proc.DefaultJOSEProcessor<C>
-
- All Implemented Interfaces:
ConfigurableJOSEProcessor<C>,JOSEProcessor<C>,JOSEProcessorConfiguration<C>
@ThreadSafe public class DefaultJOSEProcessor<C extends SecurityContext> extends Object implements ConfigurableJOSEProcessor<C>
Default processor ofunsecured(plain),JWSandJWEobjects.Must be configured with the following:
- To verify JWS objects: A
JWS key selectorusing the header to suggest key candidate(s) for the signature verification. The key selection procedure is application-specific and may involve key ID lookup, a certificate check and / or somecontext. - To decrypt JWE objects: A
JWE key selectorusing the header to suggest key candidate(s) for decryption. The key selection procedure is application-specific and may involve key ID lookup, a certificate check and / or somecontext.
An optional
contextparameter is available to facilitate passing of additional data between the caller and the underlying selector of key candidates (in both directions).See sections 6 of RFC 7515 (JWS) and RFC 7516 (JWE) for guidelines on key selection.
This processor is configured with a standard header "typ" (type) parameter
verifierwhich expects the JWS, JWE and plain (unsecured) objects to have the type header omitted or set toJOSE. To accept other "typ" values pass an appropriately configured JWS and / or JWEtype verifier.This processor comes with the default
JWS verifier factoryand the defaultJWE decrypter factory; they can construct verifiers / decrypters for all standard JOSE algorithms implemented by the library.Note that for security reasons this processor is hardwired to reject unsecured (plain) JOSE objects. Override the
process(PlainObject, SecurityContext)method if you need to handle unsecured JOSE objects.To process JSON Web Tokens (JWTs) use the
DefaultJWTProcessorclass.- Version:
- 2019-10-15
- Author:
- Vladimir Dzhuvinov
-
-
Constructor Summary
Constructors Constructor Description DefaultJOSEProcessor()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description JWEDecrypterFactorygetJWEDecrypterFactory()Gets the factory for creating JWE decrypter instances.JWEKeySelector<C>getJWEKeySelector()Gets the JWE key selector.JOSEObjectTypeVerifier<C>getJWETypeVerifier()Gets the JWE header "typ" (type) parameter verifier.JWSKeySelector<C>getJWSKeySelector()Gets the JWS key selector.JOSEObjectTypeVerifier<C>getJWSTypeVerifier()Gets the JWS header "typ" (type) parameter verifier.JWSVerifierFactorygetJWSVerifierFactory()Gets the factory for creating JWS verifier instances.Payloadprocess(JOSEObject joseObject, C context)Processes the specified JOSE object (unsecured, JWS or JWE).Payloadprocess(JWEObject jweObject, C context)Processes the specified JWE object by decrypting it.Payloadprocess(JWSObject jwsObject, C context)Processes the specified JWS object by verifying its signature.Payloadprocess(PlainObject plainObject, C context)Processes the specified unsecured (plain) JOSE object, typically by checking its context.Payloadprocess(String compactJOSE, C context)Parses and processes the specified JOSE object (unsecured, JWS or JWE).voidsetJWEDecrypterFactory(JWEDecrypterFactory factory)Sets the factory for creating JWE decrypter instances.voidsetJWEKeySelector(JWEKeySelector<C> jweKeySelector)Sets the JWE key selector.voidsetJWETypeVerifier(JOSEObjectTypeVerifier<C> jweTypeVerifier)Sets the JWE header "typ" (type) parameter verifier.voidsetJWSKeySelector(JWSKeySelector<C> jwsKeySelector)Sets the JWS key selector.voidsetJWSTypeVerifier(JOSEObjectTypeVerifier<C> jwsTypeVerifier)Sets the JWS header "typ" (type) parameter verifier.voidsetJWSVerifierFactory(JWSVerifierFactory factory)Sets the factory for creating JWS verifier instances.
-
-
-
Constructor Detail
-
DefaultJOSEProcessor
public DefaultJOSEProcessor()
-
-
Method Detail
-
getJWSTypeVerifier
public JOSEObjectTypeVerifier<C> getJWSTypeVerifier()
Description copied from interface:JOSEProcessorConfigurationGets the JWS header "typ" (type) parameter verifier. This verifier is also applied to plain (unsecured) JOSE objects. If none JWS and plain objects will be rejected.- Specified by:
getJWSTypeVerifierin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Returns:
- The JWS type verifier,
nullif not specified.
-
setJWSTypeVerifier
public void setJWSTypeVerifier(JOSEObjectTypeVerifier<C> jwsTypeVerifier)
Description copied from interface:JOSEProcessorConfigurationSets the JWS header "typ" (type) parameter verifier. This verifier is also applied to plain (unsecured) JOSE objects. If none JWS and plain objects will be rejected.- Specified by:
setJWSTypeVerifierin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Parameters:
jwsTypeVerifier- The JWS type verifier,nullif not specified.
-
getJWSKeySelector
public JWSKeySelector<C> getJWSKeySelector()
Description copied from interface:JOSEProcessorConfigurationGets the JWS key selector. If none JWS objects will be rejected.- Specified by:
getJWSKeySelectorin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Returns:
- The JWS key selector,
nullif not specified.
-
setJWSKeySelector
public void setJWSKeySelector(JWSKeySelector<C> jwsKeySelector)
Description copied from interface:JOSEProcessorConfigurationSets the JWS key selector. If none JWS objects will be rejected.- Specified by:
setJWSKeySelectorin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Parameters:
jwsKeySelector- The JWS key selector,nullif not specified.
-
getJWETypeVerifier
public JOSEObjectTypeVerifier<C> getJWETypeVerifier()
Description copied from interface:JOSEProcessorConfigurationGets the JWE header "typ" (type) parameter verifier. If none JWE objects will be rejected.- Specified by:
getJWETypeVerifierin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Returns:
- The JWE verifier,
nullif not specified.
-
setJWETypeVerifier
public void setJWETypeVerifier(JOSEObjectTypeVerifier<C> jweTypeVerifier)
Description copied from interface:JOSEProcessorConfigurationSets the JWE header "typ" (type) parameter verifier. If none JWE objects will be rejected.- Specified by:
setJWETypeVerifierin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Parameters:
jweTypeVerifier- The JWE type verifier,nullif not specified.
-
getJWEKeySelector
public JWEKeySelector<C> getJWEKeySelector()
Description copied from interface:JOSEProcessorConfigurationGets the JWE key selector. If none JWE objects will be rejected.- Specified by:
getJWEKeySelectorin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Returns:
- The JWE key selector,
nullif not specified.
-
setJWEKeySelector
public void setJWEKeySelector(JWEKeySelector<C> jweKeySelector)
Description copied from interface:JOSEProcessorConfigurationSets the JWE key selector. If none JWE objects will be rejected.- Specified by:
setJWEKeySelectorin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Parameters:
jweKeySelector- The JWE key selector,nullif not specified.
-
getJWSVerifierFactory
public JWSVerifierFactory getJWSVerifierFactory()
Description copied from interface:JOSEProcessorConfigurationGets the factory for creating JWS verifier instances. If none JWS objects will be rejected.- Specified by:
getJWSVerifierFactoryin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Returns:
- The JWS verifier factory,
nullif not specified.
-
setJWSVerifierFactory
public void setJWSVerifierFactory(JWSVerifierFactory factory)
Description copied from interface:JOSEProcessorConfigurationSets the factory for creating JWS verifier instances. If none JWS objects will be rejected.- Specified by:
setJWSVerifierFactoryin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Parameters:
factory- The JWS verifier factory,nullif not specified.
-
getJWEDecrypterFactory
public JWEDecrypterFactory getJWEDecrypterFactory()
Description copied from interface:JOSEProcessorConfigurationGets the factory for creating JWE decrypter instances. If none JWE objects will be rejected.- Specified by:
getJWEDecrypterFactoryin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Returns:
- The JWE decrypter factory,
nullif not specified.
-
setJWEDecrypterFactory
public void setJWEDecrypterFactory(JWEDecrypterFactory factory)
Description copied from interface:JOSEProcessorConfigurationSets the factory for creating JWE decrypter instances. If none JWE objects will be rejected.- Specified by:
setJWEDecrypterFactoryin interfaceJOSEProcessorConfiguration<C extends SecurityContext>- Parameters:
factory- The JWE decrypter factory,nullif not specified.
-
process
public Payload process(String compactJOSE, C context) throws ParseException, BadJOSEException, JOSEException
Description copied from interface:JOSEProcessorParses and processes the specified JOSE object (unsecured, JWS or JWE).- Specified by:
processin interfaceJOSEProcessor<C extends SecurityContext>- Parameters:
compactJOSE- The JOSE object, compact-encoded to a URL-safe string. Must not benull.context- Optional context,nullif not required.- Returns:
- The payload on success.
- Throws:
ParseException- If the string couldn't be parsed to a valid JOSE object.BadJOSEException- If the JOSE object is rejected.JOSEException- If an internal processing exception is encountered.
-
process
public Payload process(JOSEObject joseObject, C context) throws BadJOSEException, JOSEException
Description copied from interface:JOSEProcessorProcesses the specified JOSE object (unsecured, JWS or JWE).- Specified by:
processin interfaceJOSEProcessor<C extends SecurityContext>- Parameters:
joseObject- The JOSE object. Must not benull.context- Optional context,nullif not required.- Returns:
- The payload on success.
- Throws:
BadJOSEException- If the JOSE object is rejected.JOSEException- If an internal processing exception is encountered.
-
process
public Payload process(PlainObject plainObject, C context) throws BadJOSEException
Description copied from interface:JOSEProcessorProcesses the specified unsecured (plain) JOSE object, typically by checking its context.- Specified by:
processin interfaceJOSEProcessor<C extends SecurityContext>- Parameters:
plainObject- The unsecured (plain) JOSE object. Notnull.context- Optional context,nullif not required.- Returns:
- The payload on success.
- Throws:
BadJOSEException- If the unsecured (plain) JOSE object is rejected.
-
process
public Payload process(JWSObject jwsObject, C context) throws BadJOSEException, JOSEException
Description copied from interface:JOSEProcessorProcesses the specified JWS object by verifying its signature. The key candidate(s) are selected by examining the JWS header and / or the message context.- Specified by:
processin interfaceJOSEProcessor<C extends SecurityContext>- Parameters:
jwsObject- The JWS object. Notnull.context- Optional context,nullif not required.- Returns:
- The payload on success.
- Throws:
BadJOSEException- If the JWS object is rejected, typically due to a bad signature.JOSEException- If an internal processing exception is encountered.
-
process
public Payload process(JWEObject jweObject, C context) throws BadJOSEException, JOSEException
Description copied from interface:JOSEProcessorProcesses the specified JWE object by decrypting it. The key candidate(s) are selected by examining the JWS header and / or the message context.- Specified by:
processin interfaceJOSEProcessor<C extends SecurityContext>- Parameters:
jweObject- The JWE object. Notnull.context- Optional context of the JWE object,nullif not required.- Returns:
- The payload on success.
- Throws:
BadJOSEException- If the JWE object is rejected, typically due to failed decryption.JOSEException- If an internal processing exception is encountered.
-
-